NEWS: Setembro (26/09 - 02/10) - 39 Semana de 2021

Cyber Security and Information Security News - Daily Updates !!!

02/10

Australia: Top tips to help you avoid the latest scams - WA Today

Banking fraud: tips to avoid becoming a victim - Fin24

Criminals using NHS Covid Pass to scam money out of Warwickshire residents - Rugby Observer

FCC Unveils New Plans to Stop SIM Swapping and Robocalls Fraud - TechNadu

Federal lawsuit filed against Paxton Media Group after data breach of nearly 21k employees - The Owensboro Times

Fortinet reveals two-thirds of organizations hit by ransomware - Back End News

Here are ransomware groups that businesses need to watch our for - AME Info

How SIM-Swapping Scams Work, And How To Protect Yourself - Screen Rant

Instagram account hacked? Here’s what to do - Wired

Over 55s issued fresh warning as fraudsters become ‘more sophisticated’ – how to stay safe - Express

Passwords Leaked in Data Breach 2021: Study Reveals Shocking Superhero Passcodes Used! - ITech Post

Watch out - that Android security update may be malware - TechRadar Pro

Why trying to watch James Bond No Time to Die free online could end up being costly - Express

01/10

3.1M Neiman Marcus Customer Card Details Breached - ThreatPost

4.6 Million Neiman Marcus Customers Linked to Data Breach - Sourcing Journal

Anonymous leaks more EPIK host data; ‘larger than previous leak’ - HackRead

Apple AirTags can be used as trojan for credential hacking - HackRead

Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones - The Hacker News

Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware - The Hacker News

Business Leaders Admit Willingness to Pay Five-Figure Ransoms - InfoSecurity

Chief exec of cybersecurity Group-IB arrested on treason charge - ZDNet

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users - The Hacker News

Coinbase Discloses That 6,000 Customers Got Hacked This Spring - PC Magazine

Coinbase sends out breach notification letters after 6,000 accounts had cryptocurrency stolen - ZDNet

“Combo File” Merging 3.8 Billion Phone Numbers from Clubhouse With Scraped Facebook Users Could Cause Surge in Phishing, Account Takeover Attacks - CPO Magazine

Content sprawl is increasing the risk of data breaches and leaks - Help Net Security

Crypto platform mistakenly gives $90M to users, asks for refund - Bleeping Computer

Cybercrime awareness heightened, yet people still engage in risky online behaviors - Help Net Security

‘Declined’: 18.8 million Telstra customers ‘at risk’ - Yahoo! Finance

DeepMind faces legal action over NHS data use - BBC News

Elon Musk Crypto-Phishing Scam Puts Emails at Risk - TechRound

ESET Threat Report: Trending Vulns and Configuration Flaws - My Tech Decisions

Eskenazi Health now says some patient, employee information stolen in cyber attack - IndyStar

Everything You Need to Know About the MyFitnessPal Data Breach - UK Today News

Evolving beyond RBAC: Why ABAC is the future - Help Net Security

FCC aggressively moves to block spam calls - ZDNet

Federal Officials Emphasize Understanding Goals in Move to Zero Trust - Meri Talk

Flubot Android malware now spreads via fake security updates - Bleeping Computer

Fortinet survey: Two-thirds of organisations have been a target of one ransomware attack - Intelligent CIO

Google just patched these two Chrome zero-day bugs that are under attack right now - ZDNet

Hackers rob thousands of Coinbase customers using MFA flaw - Bleeping Computer

Healthcare organizations remain at risk despite proper HIPAA compliance - MedCity News

Hospital ransomware attack led to infant's death, lawsuit alleges - Healthcare IT News

How cybercrime hurts some groups more than others - Help Net Security

Hydra malware targets customers of Germany's second largest bank - Bleeping Computer

If You Get This Message From Apple, Don't Click on It - Best Life

Improper Offboarding Poses Significant Security Risks - Jumpcloud

Infant Fatality Could Be First Recorded Ransomware Death - InfoSecurity Magazine

Internet safety guide for college students - ZDNet

iOS 15: Ultimate privacy and security - ZDNet

Irish university computer systems taken offline after cyber attack - Computing

JVCKenwood hit by Conti ransomware attack - Computer Weekly

Lawsuit: Hospital's Ransomware Attack Led to Baby's Death - GovInfo Security

Lawsuit blames baby’s death on ransomware attack at Alabama hospital - Fox6 Milwaukee

Lincolnshire Police forced to pay out £10k after PC’s illegal data breach - The Lincolnite

Major Data Breach Hits Neiman Marcus - InfoSecurity Magazine

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed - Threatpost

Mozilla: Superman, Batman, Spider-Man dominate list of passwords leaked in breaches - ZDNet

Nearly 5 million customers affected in Neiman Marcus data breach - The Denver Gazette

Neiman Marcus Discloses Data Breach Impacting Millions of Online Customers - NBC DFW

Neiman Marcus says 3.1 million payment and gift cards compromised in breach - CNet

New APT ChamelGang Targets Russian Energy, Aviation Orgs - Threatpost

OFAC Ransomware Guidance: Prepare, Report, and (Preferably) Don’t Pay the Ransom! - JD Supra

Organizations need to better manage backup data to ensure effective ransomware incident response - Continuity Central

Pandemic drives rising risk of cyber attacks - The Supply Chain Quarterly

Port of Houston Prevents Data Breach: A Success Story Highlighting The Importance of Privileged Access Management (PAM) Controls - Axio

Ransomware attacks put availability of medical devices at risk: FDA cyber chief - MedTech Dive

Ransomware Expected to Increase 150% This Year - Campus Technology

Ransomware vulnerabilities will last another two years - Technology Decisions

Shadow Code From Third-Party Libraries Is a Major Cybersecurity Risk for Most Web Applications, Owners Afraid of Brand Damage and Lawsuits - CPO Magazine

Superhero passwords may be your kryptonite wherever you go online - Blog Mozilla

Swiping the page: Ebook sellers shutdown by cyberattack - Digital Journal

The FCC proposes rules to fight SIM swap and port-out fraud - Bleeping Computer

The Real Cost of a Data Breach: How Much Does the U.S. Spend? - Clearance Jobs

Three areas legal leaders should focus their technology efforts in - Help Net Security

Today’s cars are mobile data centers, and that data needs to be protected - Help Net Security

U.S. Lawmakers Seek Answers from FBI On Delayed Release of Kaseya Ransomware Decryptor - Toolbox

White House plans 30-country meeting on cyber crime and ransomware - The Jerusalem Post

30/09

API Flaw Exposes Elastic Stack Users to Data Theft and DoS - InfoSecurity Magazine

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones - ThreatPost

Are user records of 3.8 billion Clubhouse and Facebook users for sale? - Avast

Banking app fraud rockets due to phone snatching - Fin24

C-level execs confident in their software supply chain security, but challenges remain - Help Net Security

Cyber Second Only to Climate Change as Biggest Global Risk - InfoSecurity Magazine

Cybersecurity CEO Arrested in Russia on Treason Charges - InfoSecurity Magazine

Cybersecurity Firm Group-IB's CEO Arrested Over Treason Charges in Russia - The Hacker News

Easily Exploited Elastic Stack API Security Flaw Exposes Data - Security Boulevard

Fears surrounding Pegasus spyware prompt new Trojan campaign - ZDNet

Global cyber threats jump 47% y-o-y in 1H21, says Trend Micro - The Edge Markets

How much trust should we place in the security of biometric data? - Help Net Security

Incentivizing Developers is the Key to Better Security Practices - The Hacker News

IoT vulnerabilities should be a wake-up call for organisations - Information Age

Ireland a soft touch for cyber attacks, say tech leaders - Independent IE

JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data - Bleeping Computer

Nation-state attacks fears grow, execs don't trust governments to protect them from cyber threats - Help Net Security

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught - The Hacker News

New Tomiris Backdoor Found Linked to Hackers Behind SolarWinds Cyberattack - The Hacker News

NSA, CISA partner for guide on safe VPNs amid widespread exploitation by nation-states - ZDNet

OFAC Ransomware Guidance Reflects Resolve to Fight Attacks - Bloomberg Law

Pegasus spyware ramifications - Philstar Global

RansomEXX ransomware Linux encryptor may damage victims' files - Bleeping Computer

Rates of ransomware attacks continue to rise, impacting mortality rates - Medical Device Network

Remote workers “one click away” from cyberattack - The HR Director

Researchers discover bypass 'bug' in iPhone Apple Pay, Visa to make contactless payments - ZDNet

Supply Chain Emerging as Cloud Security Threat - Security Boulevard

The Shocking DDoS Attack Statistics That Prove You Need Protection - InfoSecurity Magazine

These systems are facing billions of attacks every month as hackers try to guess passwords - ZDNet

Third-party risk prevention strategies inadequate despite organizations being aware of the threats - Help Net Security

Thousands of University Wi-Fi Networks Expose Log-In Credentials - ThreatPost

Vulnerability Exposes iPhone Users to Payment Fraud - InfoSecurity Magazine

WireX DDoS botnet admin charged for attacking hotel chain - Bleeping Computer

29/09

Akamai acquires cybersecurity firm Guardicore for $600 million - ZDNet

Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users - The Hacker News

CDO role not yet recognized, expectations too high and misinformed - Help Net Security

Certificates volume growing, most enterprises considering PKI automation to reduce risks - Help Net Security

CISA and NSA Deliver New Security Guidance for VPNs - InfoSecurity Magazine

Experts observed for the first time FinFisher infections involving usage of a UEFI bootkits - Security Affairs

GriftHorse malware infected more than 10 million Android phones from 70 countries - Security Affairs

Google launches new reward program for Tsunami Security Scanner - ZDNet

Group-IB CEO was put under arrest on treason charges - Security Affairs

Hackers Targeting Brazil's PIX Payment System to Drain Users' Bank Accounts - The Hacker News

ICO Reveals 60% Rise in Nuisance Contact Reports - InfoSecurity Magazine

IT executives do not believe their business can have both a flexible and usable Kubernetes environment - Help Net Security

Leveraging threat intelligence to tackle supply chain vulnerabilities - Help Net Security

Most Third-Party Cloud Containers Have Vulnerabilities - InfoSecurity Magazine

New FinSpy Malware Variant Infects Windows Systems With UEFI Bootkit - The Hacker News

NSA, CISA release guidance on hardening remote access via VPN solutions - Security Affairs

Ransomware attacks against hospitals are having some very grim consequences - ZDNet

Ransomware attacks on healthcare organizations may have life-or-death consequences - Help Net Security

Ransomware attacks on the rise – How to counter them? - Help Net Security

SolarWinds Attackers Develop New FoggyWeb Backdoor - InfoSecurity Magazine

Telegram bots are trying to steal your one-time passwords - ZDNet

This dangerous mobile Trojan has stolen a fortune from over 10 million victims - ZDNet

28/09

1Password partners with Fastmail for 'masked email' project allowing users to generate email aliases - ZDNet

A cloud company asked security researchers to look over its systems. Here's what they found - ZDNet

Assessing subsidiary risk a top priority for most enterprises, yet they still lack proper visibility - Help Net Security

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns - The Hacker News

CNP transaction fraud costing merchants millions in revenue, fraudsters getting more sophisticated - Help Net Security

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email - ThreatPost

Crypto Developer Pleads Guilty to North Korean Plot - InfoSecurity Magazine

Cybersecurity posture validation: Fireside chat with Arkadiy Goykhberg, CISO of DMGT - Help Net Security

Enterprise security challenges and increased cloud usage fueled by remote work - Help Net Security

FCC: Applications Open Soon for Huawei/ZTE Replacement Fund - InfoSecurity Magazine

FinFisher malware hijacks Windows Boot Manager with UEFI bootkit - Bleeping Computer

FinSpy surveillance malware is now spreading through UEFI bootkits - ZDNet

Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts - ThreatPost

Half of Regulated Firms See Pandemic Spike in Financial Crime - InfoSecurity Magazine

Microsoft 365 MFA outage locks users out of their accounts - Bleeping Computer

Microsoft warning: This malware creates a 'persistent' backdoor for hackers - ZDNet

New BloodyStealer Trojan Steals Gamers' Epic Games and Steam Accounts - The Hacker News

New Emergency Fraud Hotline Launched in UK - InfoSecurity Magazine

New Microsoft Exchange service mitigates high-risk bugs automaticallys - Bleeping Computer

New Windows 11 install script bypasses TPM, system requirements - Bleeping Computer

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor - ThreatPost

The biggest problem with ransomware is not encryption, but credentials - Help Net Security

The relationship between development and security teams affects speed to market - Help Net Security

To avoid cyberattacks, companies need to think like hackers - Help Net Security

Twitter web client outage forces users to log out, blocks logins - Bleeping Computer

Working exploit released for VMware vCenter CVE-2021-22005 bug - Bleeping Computer

27/09

3 ways any company can guard against insider threats this October - Help Net Security

A multi-party data breach creates 26x the financial damage of single-party breach - Help Net Security

Consumers will abandon a brand that can’t balance convenience and privacy - Help Net Security

Corporate attack surface exploding as a result of remote work - Help Net Security

Cryptocurrency expert pleads guilty to helping North Korean government use blockchain to evade sanctions - ZDNet

Ethereum dev admits to helping North Korea evade crypto sanctions - Bleeping Computer

EU Slams Russia Over Disinformation Hacking Campaign - InfoSecurity Magazine

Expert found RCE flaw in Visual Studio Code Remote Development Extension - Security Affairs

German Federal Office for Information Security (BSI) investigates Chinese mobile phones - Security Affairs

Groove threat actors claim to have hit Robinwood Orthopaedic - Data Breach Net

How CISO roles will change as customer trust becomes imperative - ZDNet

How to avoid the pitfalls of multi-cloud strategy deployment - Help Net Security

How to find and remove spyware from your phone - ZDNet

Huawei CFO Released After Admitting She Misled Bank - InfoSecurity Magazine

Huawei CFO, US DoJ Reach Deferred Prosecution Agreement - Security Boulevard

IAM for Multi-Cloud Environments - Security Boulevard

Jupyter infostealer continues to evolve and is distributed via MSI installers - Security Affairs

Malicious Life Podcast: Should the U.S. Ban Chinese and Russian Technology? - Security Boulevard

Malicious 'Safepal Wallet' Firefox add-on stole cryptocurrency - Bleeping Computer

Mexico: El Instituto Nacional de Medicina Genómica (Inmegen) hit by cyberattack - Data Breach Net

Microsoft: Nobelium uses custom malware to backdoor Windows domains - Bleeping Computer

New Android Malware Steals Financial Data from 378 Banking and Wallet Apps - The Hacker News

New malware steals Steam, Epic Games Store, and EA Origin accounts - Bleeping Computer

Pradeo’s mobile application security suite extends its coverage with new app shielding service - Help Net Security

Proper password security falling short despite increase in online presence - Help Net Security

QNAP fixes critical bugs in QVR video surveillance solution - Bleeping Computer

Russian Turla APT Group Deploying New Backdoor on Targeted Systems - The Hacker News

Secure those Macs: Apple must step up and support older machines - ZDNet

Singapore to link up with Malaysia on cross-border payment transfers - ZDNet

Telegram is becoming the paradise of cyber criminals - Security Affairs

The iPhone 13 means the end to cheap screen repairs - ZDNet

US-Led Quad Launches New Cyber Group - InfoSecurity Magazine

Vazamento no Facebook: o que novo escândalo revela sobre práticas da empresa - G1 Globo

Your Apple Watch might not unlock your iPhone 13, but a fix is coming - ZDNet

26/09

2021 Sets the Bar for DDoS Cyber Attacks; Latest NETSCOUT Report Finds - The Fintech Times

A Brief Guide to Understanding and Preventing Cyber Attacks - Co Founder

A New Jupyter Malware Version is Being Distributed via MSI Installers - The Hacker News

Australians are losing over AU$6.6 million each month to cryptoscams - ZDNet

Desorden Group claims to have stolen 200 GB of data from ABX Express - Data Breach Net

Eighty-Six percent of Saudi organizations attribute damaging cyberattacks to vulnerabilities in technology put in place during the Pandemic - Zawya

How to Make Sure Your Business is Cyber Secure - Tech Spective

JSC GREC Makeyev and other Russian entities under attack - Security Affairs

Microsoft will disable Basic Auth in Exchange Online in October 2022 - Bleeping Computer

More than 130,000 malicious IP addresses were blocked during Census 2021: AWS - ZDNet

Port of Houston was hit by an alleged state-sponsored attack - Security Affairs

Privacy is not for sale - The Hans India

Quad countries announce slew of tech initiatives including shared cyber standards - ZDNet

Ransomware attacks are another tool in the political warfare toolbox - The Hill

Ransomware shame: More than half of business owners conceal cyber-breach - Fox Business

Scam hitting accounts 20 times had helpline ‘hopping’ on Saturday - Extra Ie

Scan QR-code menus with a side of caution, say privacy experts - CBC

SIM card registration deemed inadequate for fraud deterrence - Business World

The Ever-Growing Iranian Cyber Threat - Besa

The Top 7 Ways Cyberscammers and Malware Operators Abuse Google Forms, According to Sophos Research - Albawaba

Thief stealing thief: REvil sells security breach ransomware and scams hackers - Play Crazy Game

Tips to keep safe from scams - Times Of Malta

Tracking stolen crypto is a booming business: How blockchain sleuths recover digital loot - The Philadelphia Inquirer

US imposes sanctions against Russian cryptocurrency exchange - The Coin Republic

Why Implementing Ethical Phishing Campaigns Aren’t Enough to Protect Against Data Breaches - TechSpective

NEWS: Setembro (19/09 - 25/09) - 38 Semana de 2021