Key cyber points of the week in this weekly on time ! Oct 7th

As we're about to head to favorite's attacker time of the week, Friday night and weekend, with a long one in Canada as it is Thanksgiving here, I'm sharing with you the cyber tips, events and incident of the week you shouldn't have missed.

I can't believe that EVERY week, there is so much happening ! It's crazy ! Also, because I made a mess, it start from the middle, because, well, it's like that ok ! :D

43 - CIOs Still Waiting for Cloud Investments to Pay Off?

44 - The danger of subsidiary sprawl and unknown unknowns in external attack surface management

45 - Cyberdefense.AI team decided to release a quick overview of the latest zero-day for Microsoft Exchange. This post contains all the details about how to secure your own server and a friendly reminder that our clients behind?CYBERWALL.AI?are already protected by their virtual patch

46 - Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer

47 - AICPA SOC 2 Mapping: Best Practices

48 - It’s?#cybersecurity?Awareness Month, an opportunity for business leaders to take responsibility for the important issues of cybersecurity and information governance by calling on?VARS Corporation (Cyber Securité - Cyber Security), a division of Raymond Chabot Grant Thornton, and its vast array of solutions.

49 - Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast

50 - Avast releases free decryptor for Hades ransomware variants

51 - You are hacked, because hope based security is not security, oh, cloud isn't either - Hundreds of Microsoft SQL servers backdoored with new malware

52 - Uber Breach Key Takeaways: Why MFA, Service Account Protection & PAM Must Work Together to Protect Against Compromised Credentials

53 - US Election data stored in China !!! You have NO IDEA about what happens to your data in SAAS and cloud in general. A cute interface that serves BS, but when you look underneath, it's a mess

54 - Meta sues app dev for stealing over 1 million WhatsApp accounts - Do you really think criminals give a f.... fancy look at this request ? :D

55 - Urgent fortinet, fortigate, fortiproxi, fortihacked, fortifail patch time ! Patch Now: Fortinet FortiGate & FortiProxy Contain Critical Vuln

56 - Hackers exploiting unpatched RCE bug in Zimbra Collaboration Suite

57 - Criminal hacker steals $566 million worth of crypto from Binance Bridge

58 - Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline

This is where the trail collapses in an unexplained entanglement of the forces and where anti-gravity kicks in ! Continue below at your own peril, knowing you might end in an endless loop, and with the weekend ahead, it would be too sad !

1 - Some AWS S3 good practice not to end on grayhatwarfare - Keep Your S3 Safe from CloudTrail Auditors

2 - The Worldwide Cyber Security Industry is Projected to Reach $266 Billion by 2027

3 - Erbium initially cost $9 per week, but since its popularity rose in late August, the price went up to $100 per month or $1000 for a full-year license - New Erbium password-stealing malware spreads as game cracks, cheats

4 - Criminal Hackers use PowerPoint files for 'mouseover' malware delivery

5 - A Cautionary Tale: The Untold Story of the GitLab CVE Backdoor (CVE-2022-1162)

6 - Researchers Identify 3 Hacktivist Groups Supporting Russian Interests

7 - What Are Immutable Tags And Can They Protect You From Supply Chain Attacks?

8 - A cesspool - Adware on Google Play and Apple Store installed 13 million times

9 - Ransomware data theft tool may show a shift in extortion tactics

10 - True, it's the same as public cloud, a threat - We're Thinking About SaaS the Wrong Way

11 - Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor

12 - Beware of Fake Indian Rewards Apps That Installs Malware on Your Devices

13 - Destroying privacy continuously - Google to Make Account Login Mandatory for New Fitbit Users in 2023

14 - Getting Control Owners to Stay Responsible - 3 Do’s and 3 Don'ts

15 - New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely

16 - I don't know why there is a question here, when you work on your CISSP and many security frameworks, there is a simple rule : Safety first, the whole purpose of security, at first, is to protect individuals - Security vs. Safety: Should We Reframe Cybersecurity to Make It More Recession-Proof?

17 - Always ahead - Adversaries Continue Cyberattacks with Greater Precision and Innovative Attack Methods

18 - Windows 11 22H2 blocked due to blue screens on some Intel systems

19 - Vulnerability and patch management - MS SQL servers are getting hacked to deliver ransomware to orgs

20 - The Storage Manager’s Quick-Guide to Ransomware Resiliency

21 - How we reduced our annual server costs by 80% — from $1M to $200k — by moving away from AWS

22 - Advanced innovation on cyber crime won't allow you to lag on security ! Sophisticated Covert Cyberattack Campaign Targets Military Contractors

23 - Auth0 warns that some source code repos may have been stolen

24 - Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules

25 - AWS Resource Provisioning with Attribute Based Access Control (ABAC) – What You Need To Know

26 - Dangerous New Attack Technique Compromising VMware ESXi Hypervisors

27 - Matrix: Install security update to fix end-to-end encryption flaws

28 - Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware

29 - New Royal Ransomware emerges in multi-million dollar attacks

30 - XSS Flaw in Prevalent Media Imaging Tool Exposes Trove of Patient Data

31 - A great take showing that the cloud, actually the SAAS can inherit a good security posture from the ISO 27001 controls and annexes - Ensuring SaaS Security in ISO Compliance

32 - Worried About the Exchange Zero-Day? Here's What to Do

33 - Join Michael Morell and Norman Menz to get insight on?critical topics?like: The cyber dimensions of the Ukraine-Russian conflict & potential fallout for U.S. and Canadian organizations or Iranian cyber capabilities, motivations & where things are headed with the Iran-U.S. Relationship - The New Front in Warfare: Cyber Warfare & Security in the 21st century

34 - Grayshift filed a series of documents with the FCC that reveal the looks of the new cellphone unlocking device - This Is the ‘GrayKey 2.0,’ the Tool Cops Use to Hack Phones

35 - (we can't say its name) is a huge mess that can't be fixed - Security teams lack the skills to manage cloud environments, most IT pros say

36 - If you manage anything Azure, it is YOUR responsibility to know all of this by heart and 100% master it ! Deconstructing Azure Access Management using RBAC

37 - Lazarus hackers abuse Dell driver bug using new FudModule rootkit

38 - Why You Can Still Get Hacked Even After Signing Your Software Artifacts

39 - For Cybersecurity Awareness Month (and Halloween) – Some Scary Cyber Threat Stats

40 - RansomEXX hacked Ferrari and leaked car manufacturer internal document, datasheets, repair manuals and more (check for details in comments)

41 - GitHub Security Best Practices Your Team Should Be Following (I'm so insightful on my article pick these days ! )

42 - was supposed to be the answer to everything but then I send you to the top of the article to find 43..... will this keep some busy ? Who knows ! :D