NEWS: Setembro (12/09 - 18/09) - 37 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!!

18/09

Exploit for Recently Discovered Azure Flaw Already Added to Mirai Botnet - TechNadu

KASLR can be broken via an AMD CPU driver flaw, exposing passwords - TDH

New DNA-Based Processor Technology Proposed by Researchers - TDH

‘Solana’ Was Overwhelmed by a Sudden Influx of Transactions and Went Offline for Hours - TechNadu

What Does a Digital Forensics Investigator Do in an Investigation? - CISO Mag

17/09

Admin of DDoS service behind 200,000 attacks faces 35yrs in prison - Bleeping Computer

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M - Threatpost

Australians ‘struggle’ up against network security breaches - IT Wire

Bad Apples: How CNA Attacks Put Everyone At Risk - Security Boulevard

CISA: Patch Zoho Bug Being Exploited by APT Groups - InfoSecurity Magazine

CISA warns of APT actors exploiting newly identified vulnerability in ManageEngine ADSelfService Plus - ZDNet

Class Action Filed After Hospital Ransomware Attack - Legal Reader

Council secrets for sale on dark web, says Darlington IT firm - The Northern Echo

Crooks hijack bank OTPs to make fraudulent card payments - Finextra

Cyberattacks against the aviation industry linked to Nigerian threat actor - ZDNet

Data and AI professionals prioritize learning new skills amid labor shortage - Help Net Security

Data protection and security: Crucial to business sustainability - New Age Tech

Despite Huge Budgets, Cyber-Rich Banks Are Not Paying It Forward In Cybersecurity - Forbes

Experts Concerned Over New Digital Secretary's Lack of Cyber Knowledge - InfoSecurity Magazine

Five pharma cybersecurity breaches to know and learn from - Pharmaceutical Technology

Free REvil Decryptor Launched - InfoSecurity Magazine

Germans See Russian Meddling in Tight Election Intensifying - Bloomberg

How insurers can approach cybersecurity risk - Digital Insurance

How surveillance capitalism will totally transform the domain name system - ZDNet

How to fix printers asking for admins creds after PrintNightmare patch - Bleeping Computer

Key Differences Between PHI and PII, How They Impact HIPAA Compliance - Health IT Security

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years - The Hacker News

Mankato Clinic notifies patients of health data breach - KEYC News

Modern security strategies key to support remote workforce demands - Help Net Security

Microsoft asks Azure Linux admins to manually patch OMIGOD bugs - Bleeping Computer

No business is too small to be a target of cyberattacks - New Haven Register

NSW to trial geolocation and facial recognition app for home-based quarantine - ZDNet

Open source cyberattacks increasing by 650%, popular projects more vulnerable - Help Net Security

Over 500,000 Records Belonging to Offrea.be Were Leaked Online - TechNadu

Ransomware Attack Encrypts South Africa’s Department of Justice, System Still Being Restored - Gadgets 360

Romance Scammers Make $133m in First Half of 2021 - InfoSecurity Magazine

The digital identity imperative - Help Net Security

This banking Trojan abuses YouTube to manage remote settings - ZDNet

Trend Micro blocks 41bn threats in 1H 2021 - Gadget

US govt sites showing porn, viagra ads share a common software vendor - Bleeping Computer

Zero-day attacks are putting the squeeze on Apple, Google, and Windows devices - Tech HQ

16/09

7 tips for building a strong security culture - Tech Target

15% of the Nasdaq 100 Is Highly Susceptible to a Ransomware Attack, New Black Kite Research Finds - Dark Reading

61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data Breach - Health IT Security

87% of Indian cos victims of security breach last year: Report - The Siasat Daily

Airline Credential-Theft Takes Off in Widening Campaign - Threatpost

APT-C-23 Using New Android Spyware in the Middle East - TechNadu

Attacks reach record highs in 2021 - IT Online

Bitdefender offers free decryptor for REvil ransomware victims - Tech Republic

Bot attack volumes growing 41% year over year, human-initiated attacks down 29% - Help Net Security

Chinook School Division student information exposed during accidental data breach - Prairie Post

Cybercriminals Use Pandemic To Attack Schools and Colleges, Two Texas Schools Pay Over Half A Million in Ransom - RA News

Data breach in networks of Indonesian ministries and agencies - Telecom

Dutch education administrators underestimate threat of cyber crime - Computer Weekly

Fake TeamViewer download ads distributing new ZLoader variant - HackRead

Ford Faces Class Action Lawsuit for Storing and Sharing Private Conversations - TechNadu

FTC says it will fine digital health companies that don't disclose data breaches - Mobi Health News

Hackers steal Covid test data of 1.4 million people from Paris hospital system - Modern Ghana

Household Names Hit with £500K Fine for Spamming Consumers - InfiSecurity Magazine

HP Omen Hub Exposes Millions of Gamers to Cyberattack - Threatpost

Making the Cybersecurity Grade: How Schools Can Protect Data and IT Resources - Ed Tech

Microsoft announces passwordless authentication option for consumers - Help Net Security

MSHTML Zero Day Exploits Used Shared Infrastructure With Ransomware Group - Decipher

New Go malware Capoae targets WordPress installs, Linux systems - ZDNet

One-in-seven Nasdaq-100 companies ranked as highly susceptible to a ransomware attack - IT Pro

Phishing thru your QR or Qrishing: that is how this rip-off works that the Police in Spain warn about - News Trace

Popular slot machine chain Dotty's reveals data breach exposing SSNs, financial account numbers, biometric data, medical records and more - ZDNet

Puma has also been added to the victim list of Marketo Gang - TDH

Ransomware attackers targeted app developers with malicious Office docs, says Microsoft - ZDNet

Ransomware-as-a-service pandemic must be interrupted, says Cambridge cybersecurity specialist Darktrace - Cambridge Independent

REvil Ransomware Victims Get A Reprieve As Master Decryption Key Is Released - Forbes

T-Mobile US presses to consolidate class action suits - Mobile World Live

The 8 Most Notorious Malware Attacks of All Time - Make Use Of

The Massachusetts Attorney General conducts probe in the T-Mobile data breach - TDH

There Is No Evidence Russia-based Ransomware Is Slowing Down - My Tech Decisions

Tourist warning- Popular holiday scam 'exploiting' travellers is on the rise - Express

United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies - CPO Magazine

15/09

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company - The Hacker News

46% of all on-prem databases are vulnerable to attack, breaches expected to grow - Help Net Security

An Anonymous ‘Kik Messenger’ User Was Identified and Arrested for Child Exploitation - TechNadu

Cybercriminals recreate Cobalt Strike in Linux - ZDNet

DOJ fines NSA hackers who assisted UAE in attacks on dissidents - ZDNet

Execs concerned about software supply chain security, but not taking action - Help Net Security

Google Chromebook bug causes black screens after login - Bleeping Computer

Meris botnet assaults KrebsOnSecurity - ZDNet

Microsoft fixes remaining Windows PrintNightmare vulnerabilities - Bleeping Computer

Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug - Bleeping Computer

Millions of HP OMEN gaming PCs impacted by driver vulnerability - Bleeping Computer

Most Fortune 500 companies’ external IT infrastructure considered at risk - Help Net Security

Multiple Flaws in Microsoft Azure Put Half of All Deployments at Risk - TechNadu

New Zloader attacks disable Windows Defender to evade detection - Bleeping Computer

OMIGOD: Azure users running Linux VMs need to update now - ZDNet

Ransomware preparedness is low despite executives’ concerns - Help Net Security

Rare bright cyber spot: ACSC reports total incidents down 28% - ZDNet

This Month’s ‘Patch Tuesday’ Plugs Dozens of Security Holes in Windows - TechNadu

Three formers NSA employees fined for providing hacker-for-hire services to UAE firm - Security Affairs

Two-thirds of cloud attacks could be stopped by checking configurations, research finds - ZDNet

US CISA appointed Kiersten Todt as new chief of staff - Security Affairs

U.S. Operatives Responsible for “KARMA” Deployment in the U.A.E. Offered Costly Resolution - TechNadu

14/09

Apple fixes iOS zero-day used to deploy NSO iPhone spyware - Bleeping Computer

Apple Fixes Pegasus-Exploited Zero-Day Through iOS 14.8 and macOS 11.6 - TechNadu

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860) - Help Net Security

ExpressVPN sells to Kape Technologies for $936 million - ZDNet

Fitness Tracking Platform Exposed 61 Million User Records - TechNadu

Google addresses a new Chrome zero-day flaw actively exploited in the wild - Security Affairs

Google patches 10th Chrome zero-day exploited in the wild this year - Bleeping Computer

Google patches two Chrome zero-days - ZDNet

Healthcare cybersecurity: How to prevent the compromise of patient records? - Help Net Security

How to evaluate the security risk of your databases - Help Net Security

IT teams forced into compromising security for business continuity during pandemic - Help Net Security

Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more! - Help Net Security

Mēris Bot infects MikroTik routers compromised in 2018 - Security Affairs

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability - The Hacker News

Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw - Security Affairs

Networking issues enterprises must address to improve business and operational efficiency - Help Net Security

OSI Layer 1: The soft underbelly of cybersecurity - Help Net Security

Quantum cryptography: This air-filled fiber optic cable can transport un-hackable keys, say researchers - ZDNet

REvil: Ransomware gang active again in a new line-up - Market Research Telecast

Singapore, India to link national payment systems for cross-border transfers - ZDNet

Three ways to keep your organization safe from cyberattacks - Help Net Security

Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks - Security Affairs

Whitepaper: Cobalt Strike – a toolkit for pentesters - Help Net Security

13/09

5 ways to better prepare your organization for a ransomware attack - TechRepublic

5 ways to improve cyber resilience against ransomware, supply chain attacks - GCN

A Third of Industrial Control Systems Attacked in H1 2021 - InfoSecurity Magazine

Apple releases update fixing NSO spyware vulnerability affecting Macs, iPhones, iPads and Watches - ZDNet

Beware of these 5 common scams you can encounter on Instagram - We Live Security (eset)

BlackMatter ransomware gang hit Technology giant Olympus - Security Affairs

BlackMatter ransomware hits medical technology giant Olympus - Bleeping Computer

Camera giant Olympus hit by ransomware attack - TechRadar Pro

Class action targets Georgia health system over ransomware attack that exposed 1.4 million patients' info - Becker's Health IT

Costly DNS Attacks on the Rise - Security Boulevard

Department of Justice and Constitutional Development of South Africa hit by a ransomware attack - Security Affairs

Elevated Cyber-risk as Companies Choose Speed Over Security - InfoSecurity Magazine

Enterprise automation adoption surging, security and compliance area jump by 171% - Help Net Security

FTC warns of extortionists targeting LGBTQ+ community on dating apps - Bleeping Computer

Hackers leak California hospital patients' data online after ransomware attack - Becker's Health IT

Hackers Leak Schoolkids’ Data—ID Theft of Minors Ensues - Security Boulevard

Hacker-made Linux Cobalt Strike beacon used in ongoing attacks - Bleeping Computer

How Likely Is Your Employee To Cause A Data Breach? - Forbes

IoT device attacks double in the first half of 2021, and remote work may shoulder some of the blame - TechRepublic

‘MskHost’ Taken Down by Hacktivists Who Will Now Pass Stolen Clientele to the Police - TechNadu

Mobile app creation: Why data privacy and compliance should be at the forefront - Help Net Security

Network security market growth driven by remote work popularity and security needs - Help Net Security

New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection - The Hacker News

Olympus Admitted the ‘BlackMatter’ Ransomware Gang Got Them - TechNadu

Only 30% of enterprises use cloud services with E2E encryption for external file sharing - Help Net Security

OWASP Working Group Releases Draft of Top 10 Web Application Risks for 2021 - Security Boulevard

Phishing attacks vs employees skyrocketed during the pandemic - Back End News

REvil is back - and wants to rebuild its reputation - TechRadar Pro

SEC Probe into Russian Hacking of SolarWinds has corporate America worried - Technowize

Security Experts Witnessed a 55,239% Increase in Ransomware Activity in Q2 - PR Newswire

Singapore moots 'foreign interference' law with powers to issue online platforms take-down order - ZDNet

The new maxtrilha trojan is being disseminated and targeting several banks - Security Affairs

The Rise of Developer-First Security Tooling - Security Boulevard

The Three Pillars of Unified Risk Management for Product Security - InfoSecurity Magazine

The top cyber security risks of 2022 - Charity Digital

Third-party cloud providers: Expanding the attack surface - Help Net Security

Top 5 Enterprise Security Threats and How To Avoid Them - CPO Magazine

UAE: Moorfields Eye Hospital in Dubai sees more staff and patient data dumped - Data Breaches Net

UK Man Gets Five Years for Online Abuse Campaign - InfoSecurity Magazine

WhatsApp details plans to offer encrypted backups - ZDNet

WhatsApp to Roll Out Encrypted Backups - InfoSecurity Magazine

12/09

Crypto Miners in Africa at Risk from Cyber Criminals with East Africa the Largest Target Market in 2021 - BitcoinKE

Cyber in the boardroom - Professional Security Magazine Online

Experts concerned over emergence of new Android banking trojan S.O.V.A. - HackRead

Google implements new Private Compute Services for Android - Security Affairs

How to Avoid Paying Ransoms - SDXCentral

How to shut down a phishing operation in 48 hours - TechRadar Pro

How to Talk to Stakeholders About Cybersecurity - Security Boulevard

New cybersecurity report from HP reveals 91% of IT teams feel pressure to compromise security - Zawya

‘Please Provide Your Credit Card and Code’: New Israeli Facebook Scam Is a Lesson in Online Fraud - Haaretz

Pysa Ransomware Gang Targets Linux - Bank Info Security

Qatar: Communications Regulatory Authority (CRA) raises awareness against online fraud, hacking - The Peninsula

Revil ransomware operators are targeting new victims - Security Affairs

Scamming activity intensifies ahead of world famous auto racing event - MenaFN

SME breach response - Professional Security Magazine Online

State of Cybersecurity: We Can Do More to Protect Our Supply Chain and Critical Infrastructure - Homeland Security

Windows MSHTML zero-day exploits shared on hacking forums - Bleeping Computer

NEWS: Setembro (05/09 - 11/09) - 36 Semana de 2021