Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Tuesday 23 April 2024

Ransomware Operator Claims - Week 16 2024

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 15th April and 21st April 2024, kindly assisted by our partners.

For further analysis on these (and any historic) Ransomware Operator Claims, including the Victim Names and Industry Sectors attacked, please use our PRiSM application.

Flag Icons created by Freepik and provided by Flaticon.
Posted by at
Labels:

Monday 22 April 2024

Data Breaches Digest - Week 17 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 22nd April and 28th April 2024.


25th April

56% of cyber insurance claims originate in the email inbox

73% of SME security pros missed or ignored critical alerts

90% of company attacks start with a phishing email

Action needed amid escalating ransomware attacks, record-high payments

Alcohol sales disrupted in Sweden after reported ransomware attack

Alleged data breach exposes employee records linked to job recruitment platform Glints

Asbury Automotive Group Announces Data Breach Leaking Consumers’ Social Security Numbers

AT&T Class Action Lawsuit Alleges Security Failures Led to Release of Social Security Numbers, Customer Data on Dark Web

Beware! Zero-click RCE Exploit for iMessage Circulating on Hacker Forums

Bharat Sanchar Nigam Limited (BSNL) Leaked Data Resurfaces with 2.9 Million Records Exposed on Dark Web

Business Email Compromise (BEC) and Fund Transfer Fraud Top Insurance Claims

Central Power Systems & Services’ Website Down After Alleged Hunters Group Cyberattack

Combatting ransomware-as-a-service

Crypto Crackdown: Samourai Wallet Founders Arrested for Laundering Over $100 Million

Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Detections

Cyberattacks on the rise - key recommendations

Department of Homeland Security (DHS) asked to consider potentially 'devastating’ impact of hacks on rural water systems

Department of Justice (DOJ) Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

DragonForce Ransomware Group Uses LockBit's Leaked Builder

East Sussex Council pays out £26,000 in data breach claims amid ‘worrying’ rise

Federal Trade Commission (FTC) issues refunds to Ring customers following privacy settlement

Frontier Communications Cyber Attack Shuts Down Systems, Leaks Personal Data

Google Patches Critical Chrome Vulnerability and Additional Flaws

How a crippling cyber attack on a U.S. healthcare company is impacting Pueblo physicians

India: ICICI Bank blocks cards, assures compensation to affected customers in latest credit card data breach

India’s ICICI Bank exposed thousands of credit cards to ‘wrong’ users

"Junk gun" ransomware: the cheap new threat to small businesses

Leicester streetlights on day and night following cyber-attack

Network Detection and Response (NDR) in the Modern Cybersecurity Landscape

New Brokewell malware takes over Android devices, steals data

New DragonForce Ransomware Emerged From The Leaked LOCKBIT Builder

New Qiulong Ransomware Well-Equiped To Make Waves

North Korea hacking teams hack South Korea defence contractors

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

Oklahoma man sues EMSA after private info compromised in data breach

Online Banking Security Still Not Up to Par, Says Which?

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

Popular File Transfer Software CrushFTP Hit by Zero-Day Exploit

‘Project Melissa’ coalition reveals victims of Cactus ransomware

Psoglav Ransomware Partnership: The New Ransomware Threat Encrypting Your Files

Qiulong Ransomware Group Targets Brazilian Surgeon Dr. Willian Segalin, Citing Privacy Concerns

RansomHouse on the Move Again: Hirsh Industries Latest Target

Ransomware activity spikes 20%, hospitals now in crosshairs

Ransomware Group BlackBasta Targets TRUE Solicitors

Ransomware threats escalating in Southeast Asia

Ransomware triggers cyberinsurance claims increase

Researchers Discover Connection Between LockBit and DragonForce Ransomware Builders

Samourai Wallet founders charged for laundering over $100M

Scammers bypassing Google ad checks to impersonate real brands

Social housing provider reprimanded after data breach of antisocial behaviour case files

South Korean Defense Industry Under Siege by North Korean Hacker Groups

State Spies Exploited Cisco Zero-Days to Intrude Government Networks

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

Supplement maker hack allegedly exposes 1 Million customers

Third-party ransomware attack threatens Sweden’s liquor supply

Threat Actor Allegedly Offers Access to Source Code of 150 Companies, Priced at $7000

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

Warnings Issued on Potential Neighbourhood Watch Data Breach

WP Automatic WordPress plugin hit by millions of SQL injection attacks

24th April

2 Iranian Firms, 4 Individuals Sanctioned For Cyber Attack On US Companies

8Base Ransomware Group Launches Cyberattack on Bieler Lang GmbH, Threatens Data Leak

73% of security professionals failed to act upon security alerts

A Thorn in Attackers’ Sides: How Darktrace Uncovered a CACTUS Ransomware Infection

AI set to play key role in future phishing attacks

Analysts have identified the favorite attack method of the hacker group Lazarus Group

Anti-Trump PAC Lincoln Project scammed for $35,000 after vendor email hack

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks

AT&T facing 2nd class action lawsuit over major data breach exposing 70 million customers’ data

Attacker dwell time dips, but firms grapple with ransomware, zero day attacks

Australian organisations face surge in ransomware attacks

Bank fraud ‘call center’ gang busted in Ukraine

BlackRock: A New Hacker Collective Emerges, Threatening Digital Chaos

BlackSuit ransomware gang claims hack on Octapharma Plasma

Bugs in keyboard apps revealing what users type

Cactus Ransomware Hits Singapore Garment Giant Ghim Li Global

Carpetright shuts down network infrastructure following a ransomware attack

CISA ransomware warning program set to fully launch by end of 2024

Cisco and CrushFTP vulnerabilities need urgent patches

Coalition reveals uptick in cyber insurance claims driven by ransomware in 2023

Coast Guard Reserve deals with data breach amid cybersecurity push

Consequences of Data Breach: Understanding the Cost of Insecurity

CoralRaider Group Delivers Three Infostealers via CDN Cache

CoralRaider Hacker Evades Antivirus Detections Using Malicious LNK File

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

Dark web inundated by cheap ransomware tools

Data breach at Bega Valley Council's after-hours customer service provider

Diagnostics giant Synlab Italia shuts entire network following a ransomware attack

DirectDefense Report Sees Shifts in Cyberattack Patterns

Dutch Chipmaker Nexperia Suffers a Data Breach That Exposed Sensitive Information

Educational Computer Systems Announces Data Breach Affecting Multiple Schools and Colleges

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

ExtraHop finds 77% of Australian organisations made ransomware payments last year

Feds accuse founders of cryptocurrency mixer of ‘large-scale money laundering’

Fifth of CISOs Admit Staff Leaked Data Via GenAI

GenAI can enhance security awareness training

Glints Data Breach: Alleged Leak of Sensitive Employee Data from Singapore’s Recruitment Platform

Global attacker median dwell time continues to fall

Hacker exposes source code for El Salvador bitcoin ATMs

Hackers were inside Change Healthcare’s systems 9 days before attack

Ho Chi Minh City alerts Ransomware malware attacks

How to Avoid Phishing Attacks Within a Business

Hunt3r Kill3rs Group Allegedly Infiltrates Israeli Government and Military Systems, Threatens Further Attacks

Law Enforcement Operation Takes Down LabHost Phishing Service, UK University Students Among Suspects Arrested

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Malaysia records 69% decline in ransomware detections in 2023

March Witnessed Record-Breaking Ransomware Levels for 2024

Maximum severity Flowmon bug has a public exploit, patch now

Megazord Ransomware Attacking Healthcare And Government Entities

Microsoft: Russian APT 28 exploits Windows bug with GooseEgg tool

New Ransomware Group APT73 (Eraleign) Raises Alarms in Companies

Nigeria, Romania, Russia, U.S. Among Top Cybercrime Nations

North Korean hacker group Lazarus uses LinkedIn to steal crypto

North Korean Hackers Target Dozens of Defense Companies

North Korean Lazarus hacker group using LinkedIn to target and steal assets

Nothing Admits to 2022 Data Breach Exposing Community Emails

Nothing Community Confirms Data Breach of 2,250 Members

Nothing Confirms Data Breach But Assures Customers Don’t Have To Worry: Here’s What It Said

Personal details of 200,000 people at risk after neighbourhood watch system data breach

Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools

Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack

Proof-of-Concept (PoC) for critical Progress Flowmon vulnerability released (CVE-2024-2389)

RansomHouse Strikes Again: Banten Regional Development Bank Tbk Targeted

Ransomware Evolution - How Cheated Affiliates Are Recycling Victim Data for Profit

Ransomware Groups are Rebranding - As ‘Services’

Ransomware payments surpass $1 billion in 2023

Ransomware rampage - how to fight back against attacks

Ransomware Task Force: We Need to Disrupt Operations at Scale

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Ring customers get $5.6 million in privacy breach settlement

Russian Hackers Claim Responsibility for Cyber Attack on Indiana Water Plant

Security bugs in a popular phone-tracking app exposed users’ precise locations

Security Leaders Braced for Daily AI-Driven Attacks by Year-End

Steer Clear of the Iceberg: Navigating the Waters of New SEC Cyber Regulations

Sweden facing dry weekend as ransomware hits alcohol supplier

Sweden's liquor shelves to run empty this week due to ransomware attack

Synlab halts services over ransomware attack

The hacker group CiberInteligenciaSV brings the government of El Salvador to its knees and publicly leaks the source code of the Bitcoin Chivo wallet

The Phishing Emails Students And Teachers Are Falling For

The street lights in Leicester City cannot be turned off due to a cyber attack

This ransomware cyberattack will cost the healthcare sector more than $1 billion

Threat Actor Claims to Sell Windows 0-Day Exploit for $100,000

Threat Actor Offers MongoDB Remote Code Execution (RCE) Exploit for $100,000, Claiming Unidentified 0-Day Vulnerability

Tietoevry: conclusions on the ransomware attack

U.S. Reveals Charges Against Iranian Nationals in Extensive Cyber Attack Plot

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

University Systems of Georgia data breach, personal information compromised

US charges Samourai cryptomixer founders for laundering $100 million

US Designates Iranian Cyber Actors Targeting Companies And Government Agencies

US Sanctions Iranian "Fronts" for Cyber-Attacks on American Entities

Verizon customers need to be on red alert as a phishing campaign aims to steal their money

Volkswagen Hacked - Hackers Stolen 19,000 Documents From VW Server

Welsh Government data system infiltrated by ‘hacker’

Why Banks Should be Taking Quantum Security Very Seriously

You've been notified by a hospital that your information was stolen. Now what?

23rd April

91% of Organisations Made Ransomware Payments Last Year

A cyber attack paralyzed operations at Synlab Italia

A Massive Cyber Attack Disrupts Operations Across Numerous French Municipalities

Akira ransomware made US$42m in ransoms before its first birthday

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Are We Ready for a Cyber Attack on Food and Farming?

Attacker dwell time down, ransomware up in 2023

Authentication failure blamed for Change Healthcare ransomware attack

Behavioral patterns of ransomware groups are changing

Binance Labs-backed Velvet Capital repels potential phishing attack

Binance’s Velvet Capital Quick Reaction to Phishing Threat: Decreased Crypto Scams, Increased Ransomware and Darknet Activities

Blackbyte ransomware group hacked Kisco Senior Living, stole the data of 26k customers

Can a VPN Be Hacked?

Carpetright unable to trade after cyber attack

Catholic Medical Center Hit by Data Breach, Affecting Nearly 2,792 Patients

Change Healthcare Confirms Paying Ransomware Hackers, But Patient Data Leak Might Still End Up on Dark Web

Chinese, Russian espionage campaigns increasingly targeting edge devices

CoralRaider attacks use CDN cache to push info-stealer malware

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Cyber-attack leaves Leicester street lights permanently on

Cyberattacks are on the rise, and that includes small businesses. Here's what to know

Data breach affects thousands at Kisco Senior Living

Data theft 'on an industrial scale' is group's goal in Asia-Pacific

Democratic People's Republic of Korea (DPRK) hacking groups breach South Korean defense contractors

Details of 200k people at risk after data breach at Neighbourhood Watch system used by Lancashire Police

Discord Data Breach Exposes User Conversations

Double-extorted Change Healthcare says “a substantial proportion” of Americans exposed

End-to-End Encryption Sparks Concerns Among EU Law Enforcement

Facebook death notices: How to spot phishing attacks hitting social media users

Familiar North Korean groups cited in cyberattacks against South Korean defense firms

Four Iranian nationals charged in cyber campaign against US firms

From Caesar to Cyberspace: The Growing Menace of Obfuscated Phishing Scams

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

Hacker Groups GLORIAMIST, LAPSUS, and Anonymous Warn of Impending French Ministry of Agriculture Database Leak

Hacker leaks source code for El Salvador Chivo ATMs

Hackers Are Already Selling Change Healthcare Ransomware Data

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

Hackers hijack antivirus updates to drop GuptiMiner malware

HelloKitty ransomware rebranded and back in business, looking for employees

How Long It Would Take A Hacker To Brute Force Your Password In 2024, Ranked

Increase of nearly 60 percent in phishing attacks

Is Your Password Strong Enough? Brute Force Attack on the Rise!

'Junk gun' ransomware: New low-cost cyber threat targets SMBs

Leicester City Cyber Attack Leads to Street Light Burning All Day & Night

Leicester streetlights take ransomware attack personally, shine on 24/7

Lessons Learned from the Toronto Transit Commission (TTC) Ransomware Attack

Microsoft says a Russian hacker group has been exploiting an old Windows Print Spooler issue

Microsoft Uncovers GooseEgg Malware: A New Weapon in Russian State Hackers’ Arsenal

Millions of Americans' Data Potentially Exposed in Change Healthcare Hack

MITRE cyber attack saw threat actors exploit Ivanti Connect Secure zero-days

Modern Phishing Techniques Surge, Report Urges Zero Trust Adoption

Mozilla finds that most dating apps are not great guardians of user data

Navigating the Rising Tide of Phishing and BEC Threats

Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins

New research discovers vulnerability in an archived Apache project

New Research Shows a Continuing Increase in Ransomware Victims

NHS board apologises for 'anxiety' following major cyber attack

Nothing Community Data Leaked; Email IDs, Display Names, And More Exposed

Nothing data breach: Company says it is an old vulnerability that has resurfaced now

Nothing data breach comes to light, affecting community members

Path of Exile Developers Warn about Phishing Post That Appeared on Steam

People doubt their own ability to spot AI-generated deepfakes

Phishing attacks up 60 percent driven by AI

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

Post-ransomware disruptions continue at California county library system

Preventing Ransomware Attacks at Scale

Ransomware Attacks Hit More Small Businesses Throughout 2023, Verizon Research Says

Ransomware attacks rise in global food & agriculture sector

Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor

Ransomware menace plagues Indian businesses

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

Russian APT28 Group in New “GooseEgg” Hacking Campaign

Russian hackers claim cyberattack on Indiana water plant

Russian hackers target 20 energy facilities in Ukraine amid intense missile strikes

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites

Russian state-sponsored hacker used GooseEgg malware to steal Windows credentials

South Texas Oncology and Hematology Experiences Data Breach Following Cyberattack

‘Substantial proportion' of US had data stolen in Change Healthcare ransomware attack

SYNLAB Italia Acknowledges Potential Data Compromise Following Cyber Incident

This Website is Selling Billions of Private Messages of Discord Users

Threat Actor Offers Database of Spanish Synergym for Sale at $2600

Threat Actor Offers Extensive Database of Chinese iPhone and Huawei Users for Sale

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

U.S. Issues Visa Restrictions on Individuals Linked to Commercial Spyware

United Nations Development Programme (UNDP) says data breach at Copenhagen office compromised sensitive human resources data

United Nations investigating potential ransomware attack after data ripped from IT systems

UnitedHealth: Ransomware Attackers Stole Huge Amount of Data

UnitedHealth admits IT security breach could 'cover substantial proportion of people in America'

UnitedHealth confirms data breach at Change Healthcare impacting millions

UnitedHealth confirms it paid ransomware gang to stop data leak

UnitedHealth confirms major cyberattack, says hackers stole "substantial" amount of patient data

UnitedHealth Confirms Massive Ransomware Hack Affects ‘Substantial Proportion’ of Americans

UnitedHealth Confirms Paying Ransom to Secure Patient Data After Change Healthcare Cyberattack

UnitedHealth confirms ransom payment, reports $872 million impact from attack in Q1

UnitedHealth Data Breach: Many Americans Exposed on Dark Web

UnitedHealth Group: Patient data compromised despite paying ransomware

UnitedHealth Group admits to paying ransom after Change Healthcare cyber attack

UnitedHealth Group Faces Major Data Breach: Healthcare Information Compromised

UnitedHealth Group Ransomware Attack: Hackers Stolen Patients Data

UnitedHealth subsidiary’s data breach could impact ‘substantial proportion’ of Americans

University Systems of Georgia announces data breach, personal information compromised

Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

US accuses four Iranians of targeting defense contractors

US government sanctions Iranians linked to government cyberattacks

US imposes visa bans on 13 spyware makers and their families

US Imposes Visa Restrictions on Alleged Spyware Figures

US Pressures Iran Over Phishing Campaign Against Feds

Valley Mountain Regional Center Announces July 2023 Data Breach Affecting Patients’ SSNs

Velvet Capital Goes Offline to Allay Frontend Phishing Attack

Velvet Capital Went Offline To Stop Phishing Attack

Velvet Capital, Backed by Binance Labs, Temporarily Offline Due to Phishing Attack Risk

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

Zscaler report warns of AI’s growing role in sophisticated phishing attacks

Zscaler Research Finds 60% Increase in AI-Driven Phishing Attacks

22nd April

5 things to know about LabHost, the fallen SMS scamming empire

10 Essentials Every Anti-Phishing Course Must Have

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Akira Ransomware Gang Obtained $42 Million From Over 250 Victims

Alert! Zero-day Exploit For WhatsApp Advertised On Hacker Forums

Alleged Cyberattack on Bureau van Dijk: US Consumer Data Compromised

Alleged Luxor Data Breach: Sensitive Information from Indian Stationery Giant Leaked

Android users are at high data tracking risk, study shows

Apparent Nothing data breach exposes community member email addresses

APT28 hackers exploit Windows flaw reported by National Security Agency (NSA)

AT&T Faces Class Action Lawsuit Over 70 Million Customers’ Data Breach

AT&T, Change Healthcare, others face class actions over data breaches

Australians arrested in worldwide phishing sting

Authorities investigate LabHost users after phishing service shut down

Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime

Belgian brewery Duvel Moortgat’s data made public because company refused to pay

Brewing Trouble: How Nespresso’s Open Redirect Made Way for a Phishing Frenzy

California library IT systems go dark weeks after ransomware attack

Carpetright Pulls Plug After Cyber-Attack

Catholic Medical Center (CMC) notifies patients of potential data breach

Change Healthcare Finally Admits It Paid Ransomware Hackers - and Still Faces a Patient Data Leak

Consol Energy Targeted in Cyberattack: Russian Cyber Army Claims Responsibility

Counting the Cost: The Price of Security Neglect

CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

CrushFTP urges customers to patch file transfer tool ‘ASAP’

Cyber Army of Russia Allegedly Targets CONSOL Energy in DDoS Attack

Cybercrime insurance in South Africa remains scarce despite soaring data breach costs

Cybercriminals posed as Microsoft, Google for most attacks in Q1

Cyberpunk 2077 and The Witcher 3: HelloKitty Ransomware group has opened the source code

Dead ransomware HelloKitty reanimates in rebrand and releases CD Projekt and Cisco data

Dependency Confusion Vulnerability Found in Apache Project

Despite Increasing Ransomware Attacks, Fewer Victims Are Paying

Digi Yatra Foundation drops app maker after ‘data-breach’

Digi Yatra sidelines legacy facial recognition app maker amid data breach rumors

Discover The Dark Secret of HelloKitty Ransomware’s Transformation

Educational Computer Systems Confirms Brandeis University Students Affected by Recent Data Breach

Email still the most popular phishing technique even on mobile

Ernest Health class action claims data breach was preventable

European police chiefs target End-to-End encryption (E2EE) in latest demand for ‘lawful access’

Family-Owned Music Store Targeted: MEDUSA Ransomware Strikes Ted Brown Music

Fraudsters Exploit Telegram’s Popularity For Toncoin Scam

French hospital Simone Veil cancels patient services following a major cyber attack

Frontier Communications Confirms Recent Cyberattack and Investigates Possible Data Breach

Frontier Communications forced to take systems offline following a major cyber attack

GitLab affected by GitHub-style CDN flaw allowing malware hosting

Grindr faces UK lawsuit for 'revealing users' HIV status' with thousands affected in alleged data breach

Grindr faces lawsuit over alleged data breach involving users’ HIV status

Grindr named in UK lawsuit over sharing HIV data

Grindr sued for allegedly revealing users' HIV status

Hackers Broke Into Change Healthcare’s Systems Days Before Cyberattack

Hackers Were in Change Healthcare System 9 Days Before Ransomware Attack

Health board apologises for cyber attack 'anxiety'

HelloKitty Ransomware Actors Return Under New Name

HHS strengthens privacy protections for reproductive health patients and providers

How to prevent a data breach

Indian businesses saw 235,472 ransomware incidents from Jan-Dec 2023

Jackson County's ransomware attack is just the latest cybercrime to target local governments

Kaspersky Blocked Nearly 300K Ransomware Incidents In Southeast Asia Last Year

Kisco Senior Living data breach could affect more than 26,000

LastPass Users Hit by Major Phishing Scam: Master Passwords Breached

Leicester street lights stuck on all day due to cyber attack

LockBit-leaked DC city agency data from third party

Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor

Massive data leak conducted by HelloKitty ransomware amid rebrand

Microsoft unmasks Russia-linked ‘GooseEgg’ malware

MITRE breached by nation-state threat actor via Ivanti zero-days

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

MITRE Reveals Ivanti Breach By Nation State Actor

MITRE says nation-state hackers breached its R&D network

Multi-year Volkswagen breach points to Chinese hackers

Munich Re on the impact of cyber rate changes

New Qiulong Ransomware Group Attacks Brazilian Businesses: Rosalvo Automóveis and Dr. Lincoln Among Victims

New tool used in China-linked attacks against Asia-Pacific

North Korean Hackers Turn to AI-Fueled Cyber Espionage

Nothing Phone 3 Leak Surfaces; Data Breach Compromises User Data

Nova Scotia Health fires worker for data breach

OctaPharma Plasma Closes Donation Centers While It Deals with Suspected Ransomware Attack

Only 28% of Ransomware Victims Choose to Pay Ransom

Pandemonium 2024 has Data Breach after Line-up Changes

Pandemonium Rocks Music festival hit by new blow as more than 400 ticket holders caught up in data breach

Pandemonium Rocks music festival hit with massive data breach; Refunds & all you need to know as organizers issues statement

Path of Exile studio warns of 'malicious' phishing post that appeared on Steam, tells players 'please take immediate action to secure your account'

People’s CyberArmy Groups Allegedly DDoS Attacks on Metro Madrid and Avanza Websites

Phishers use Nespresso links, exploiting redirect vulnerability

Phishing is more prevalent via email than SMS/voice

Police take down global phishing service used by 2,000 hackers

Police warn partnership with tech industry ‘at risk’ over end-to-end encryption

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

Ransomware Payment Rate Hits Record Low in Early 2024, despite Rising Extortion Amounts

Ransomware Payments Plunge To Record Low In Q1 2024, Don't Get Complacent

Ransomware victims increasingly refuse to pay

Record low ransomware payment prevalence observed

Red Ransomware takes credit for Targus attack

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

Russian Sandworm hackers targeted 20 critical orgs in Ukraine

Scammers use Korean portals for complex phishing campaigns

Shiba Inu Team Sends Critical Phishing Warning To Users

St. Helena Public Library alerts community of potential data breach following cyberattack

Synlab Italia suspends operations following ransomware attack

TA547 Phishing Attack: German Companies Hit With Infostealer

Tesco shoppers targeted by £500 gift card scam email

The 2024 India Elections Cyber Crisis: AI, Deepfakes, and Democratic Integrity

The first steps of establishing your cloud security strategy

The Pandemonium Rocks music festival is hit hard again as more than 400 ticket holders are affected by a data breach

This Hacking Scam Uses a Free Game Cheat Tool to Hide a Ransomware Trojan from the User

Threat Actor Allegedly Offers 0-Day Exploit for iOS iMessage

ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft

Transamerica Life Insurance Company Client Information Leaked in WebTPA Employer Services Data Breach

United Nations (UN) agency ransomware attack claimed by 8Base

UnitedHealth Data Breach Could Affect 'Substantial' Number of Americans

UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’

US: City of Doral Officials Warn of Phishing Scam After Fraudulent Email Circulated to Residents

US government says security flaw in Chirp Systems’ app lets anyone remotely control smart home locks

US telco Frontier Communications reports major disruptions following cyber attack

Victorian Councils Hit by OracleCMS Breach: Multiple Australian Cities Report Data Exposure

Wave of ransomware on the cheap: junk guns still okay for small targets

Will the Change Healthcare case finally make providers do a business impact analysis?

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities

Posted by at
Labels:

Thursday 18 April 2024

Frontier Communications: US Internet Provider's Cyber Attack Results In IT Systems Disruption And Internet Outages Across 25 US States

Frontier Communications shuts down systems after cyberattack

[Update] Frontier Hit by Cyberattack, Customer Data Potentially Exposed

Posted by at
Labels: , , , , , , , , , , ,

Tuesday 16 April 2024

Ransomware Operator Claims - Week 15 2024

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 8th April and 14th April 2024, kindly assisted by our partners.

For further analysis on these (and any historic) Ransomware Operator Claims, including the Victim Names and Industry Sectors attacked, please use our PRiSM application.

Flag Icons created by Freepik and provided by Flaticon.
Posted by at
Labels:

Monday 15 April 2024

Data Breaches Digest - Week 16 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 15th April and 21st April 2024.


21st April

Akira Ransomware: FBI and Europol Sound Alarm Over $42M Loss

Akira ransomware received $42M in ransom payments from over 250 victims

Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information

Beyond 24/7: How Smart CISOs are Rethinking Threat Hunting

Cheap, independently produced 'Junk Gun' ransomware infiltrates dark web

Consumer Alert: FBI Warns of Text Scam Targeting Toll Road Users Across Multiple States

Data breach rocks troubled Pandemonium Rocks music festival

Empowering Rapid Attack Path Analysis with Generative AI

Enhancing Cybersecurity Resilience: A Guide for Safeguarding Enterprises

Federal Investigation After Data Breach at Manchester Hospital

Fraudsters pose as taxman to target victims and raid bank accounts - What to look for

iPhone Phishing Scams: Fake Find My Device Website Can Hack Your Phone - How To Spot

Jackson County operations set to return to normal following ransomware attack

Macedonia: Remediation of the consequences of the cyber attack will cost MEPSO 8,7 million denars

Malware developer lures child exploiters into honeytrap to extort them

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

Online Shops Become The Top Three Entities Most Often Imitated By Phishing Perpetrators

Pandemonium Rocks music festival is hit with massive data breach as 'hundreds ticketholders' bank details are leaked'

Ransomware payments drop to record low of 28% in Q1 2024

South African agency waits three months to reveal data breach - importers and exporters furious

South Carolina data breach suits point at the perils of hoarding personal information

Sterling Holidays warns members of phishing scam, reassures on data security

The Reality of Ransomware Attacks in Agriculture

USDoD’s Latest Attack: Exposed Personel Data of Millions, Breaching Bureau van Dijk and US Consumer Database

What to do if your personal info has been exposed in a data breach

20th April

A French hospital was forced to reschedule procedures after cyberattack

Akira swells into a bloated, grotesque metaphor for modern society. Also, the ransomware is pretty bad

AT&T data breach: Here’s what is being offered to the millions of customers impacted

Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders

'Cheap ransomware that even beginners can use' is circulating in large quantities on the dark web

Critical Forminator plugin flaw impacts over 300k WordPress sites

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Cyber attack surge is “Tip of Iceberg”, expert warns

GitHub comments abused to push malware via Microsoft repo URLs

Google Ads Unwittingly Promotes Phishing Crypto Site, Leading to Significant User Losses

Hackers stole seven million people’s DNA. What they’ll do with it is baffling

Hong Kong: Union Hospital confirms cyber attack; sources say hackers want US$10m ransom

Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack

International investigation disrupts phishing-as-a-service platform LabHost

Know what to do if your personal info has been exposed in a data breach

Microsoft and Google top the list in Q1 2024 phishing attacks

MITRE Hacked - Attackers Compromised R&D Networks Using Ivanti Zero-days

MITRE Hit in Massive Supply Chain Attack: State-Backed Hackers Exploit Zero-Days

New Mexico institutions pay out thousands to recover from ransomware

One Click Catastrophe: City Services Paralyzed by Major Cyber attack

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

Ransomware Group ‘Akira’ Hits Over 250 Organizations, Nets $42 Million in Ransoms

Renewal of surveillance law clears Congress minutes after deadline

Shiba Inu Scam Watcher Sends Critical Warning To SHIB Community

Singapore: Data breach at vendor affects 127 schools, exposing Information of parents and staff

Singapore: Personal info of parents & staff from 127 schools accessed in data breach

St. Helena warns of potential data breach after Solano County library cyberattack

Threat Actor Allegedly Offers WhatsApp 0-Day Exploit for Android and iOS with RCE Capabilities

TransparentTribe: The Elusive Threat Targeting India’s Defense Sector

Warrantless spying powers extended to 2026 with Biden’s signature

19th April

51% of enterprises experienced a breach despite large security stacks

66% of IT leaders doubt the government can defend against cyberwarfare

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

A Home Depot Third-Party Data Breach Leaks the Personal Information of 10,000 Employees

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

Akira ransomware extorted $42M from 250-plus victims

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Akira Ransomware Group Amasses $42 Million from Over 250 Global Attacks, FBI Warns

Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted

Akira Ransomware Makes a Play for VPNs Without Multi-Factor Authentication

Akira Ransomware rampage: $42 million looted from 250+ organizations

Akira Ransomware Siphons $42M from 250+ Companies

Akira’s Reign of Terror: Ransomware Gang Targets 250+ Organizations, Earns $42 Million

Alarming Decline in Cybersecurity Job Postings in the US

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

Anonymous Collective Launches #OpImmigration Against Japanese Government for Discriminatory Immigration Policies

Atlantic fisheries commission says cyber security incident disrupted email and phone communications

Attacks with CryptoChameleon phishing kit target LastPass users

Australians ‘exposed’ in smoke alarm service provider data breach

Bitcoin ransomware Akira drains $42M from more than 250 companies

BlackTech Targets Tech, Research, and Government Sectors with New 'Deuterbear' Tool

Carpetright customers hit by cyber attack as firm struggles to fill orders after hackers target company HQ

Cheap ransomware poses a massive threat to small businesses

China’s Hidden Threat: Hackers in U.S. Systems Since 2011, FBI Warns

City of Hope data breach leads to multiple class action lawsuits

CrushFTP warns users to patch exploited zero-day “immediately”

Cyber attack takes Frontier Communications systems offline, affecting millions of broadband customers

Cybercriminals targeting LastPass users

Cybersecurity agencies unite against Akira ransomware threat

Cybersecurity Alert: Akira Ransomware Strikes 250+ Companies, Drains $42M

Ernest Health faces lawsuit for failing to protect patients' data during January cyber attack

Europol teams up with state police to disrupt major phishing network

Eye care provider Cherry Health says data breach impacted close to 185,000 patients

FBI says Chinese hackers preparing to attack US infrastructure

FBI Uncovers Akira Ransomware Group behind Over 250 Business Breaches

FBI Warns of Bitcoin Ransomware Linked to $42 Million Extortion

FBI, Europol Say Akira Ransomware Has Drained $42M from 250 Firms

Fraud Alert: Beware of New Cheap Junk Gun Ransomware

Frontier Communications Shuts Down Systems Following Cyberattack

Frontier Communications Suffers Cyber Breach by Unknown Cybercrime Group

Frontier Hit by Cyberattack, Customer Data Potentially Exposed

'Gay Furries' Hacker Group Hits Far-right Media Outlet in Anti-Transphobia Crusade

Google Ads Promotes Fake Crypto Website Leading to Phishing Scam

Google Ads Used to Promote Phishing Scams in Crypto Websites

Hacker Threatens to Expose Sensitive World-Check Database

Hackers Posing as LastPass Employee to Steal Master Password & Hijack Accounts

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

HelloKitty Ransomware Takes on New Identity as HelloGookie: A Closer Look at Cyber Adaptability

How Attackers Can Own a Business Without Touching the Endpoint

How to Navigate the Risks of Generative AI

How to Protect Water Systems Against Cyber Attack

IntelBroker Allegedly Scraped Companies House Data, Exposing Data Related to Companies

International police team cracks down on phishing service 'LabHost' and arrests 37 people

Is the UK about to ban ransomware payments?

Israel: 'We broke into IDF, hold quarter of a million documents,' hacker group Anonymous claims

IT and Cybersecurity Jobs in the Age of Emerging AI Technologies

LabHost Phishing Platform is Latest Target of International Law Agencies

LabHost phishing service dismantled in international crackdown

LabHost phishing-as-a-service platform targeted thousands, with New Zealanders allegedly involved

LastPass users are being targeted via CryptoChameleon phishing kit

LastPass users targeted by vishing attackers

LastPass users tricked by hackers posing as staff to steal passwords

Latest Security Breach hits Arbitrum; Hedgey Finance Loses $1.9 Million in Hacker Attack

Le Slip Français discloses data breach, customer information compromised

Massive Data Breach as Pandemonium Rocks Exposes Hundreds of Bank Accounts

Millennials are key targets for phishing

MITRE says state hackers breached its network via Ivanti zero-days

MITRE was breached through Ivanti zero-day vulnerabilities

New Zealand caught up in worldwide phishing sting

Octopharma Plasma’s US operations shut down due to suspected ransomware attack

People’s CyberArmy Groups Allegedly Launch DDoS Attacks on Spanish Websites

Phishing Trends: Quishing and AI On the Rise

Ransomware feared in Octapharma Plasma’s US-wide shutdown

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

Red CryptoApp: New Ransomware Group Operating in the Shadows

Report finds a near 20% increase in ransomware victims year-over-year

Researchers find dozens of fake E-ZPass toll websites after FBI warning

Scammers exploit Google platform to promote phishing site

Security Alert: LastPass Users Targeted in Sophisticated Phishing Scam by Impersonating Staff

Senior citizens struck by data breach

Small Texas town foiled Russian hacker group that attacked its water systems

Students searching for scholarships the latest phishing target

Synlab victim of hacker attack: patient data compromised

Targus cyberattack claimed by ransomware group

Threat Actor Claims Breach of Spanish Online Sneaker Shop Footdistrict Database

TP-Link routers are exposed to massive bot and malware attacks

UK mulls fresh controls on ‘sensitive tech’ after China cyber attack claim

Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns

United Nations agency investigates ransomware attack, data theft

United Nations Development Programme hit by cyberattack

United Nations Development Programme (UNDP) investigates data breach

UnitedHealth Group says Change Healthcare attack cost $872 million to remediate

US Atlantic Fisheries Commission Goes Offline: Ransomware Attack or Routine Maintenance?

US firm Octapharma Plasma may have shut down US operations due to ransomware attack

Washington DC city agency says LockBit claims tied to third-party attack

18th April

92% of enterprises unprepared for AI security challenges

840-bed hospital in France postpones procedures after cyberattack

A whole new generation of ransomware makers are attempting to shake up the market

Akira ransomware gang made $42 million from 250 attacks since March 2023

Akira ransomware raked in $42 million from 250+ victims

Android could soon protect you from malicious apps by quarantining them

Asantee Games Acknowledges Security Flaw in Magic Rampage, Assures it’s Been Contained

AT&T Data Breach Lawsuits Seek Damages for 70M Customers Whose Information Was Released

Authorities take down LabHost, phishing-as-a-service platform

Black Basta Ransomware Group Targets Doyon, Compromising 700GB of Data

Bots dominate internet activity, account for nearly half of all traffic

Cannes Hospital Back to Basics: Pen and Paper Power Healthcare After Cyberattack

Caught in the Crossfire: Jordan’s Cyber Defenses Tested Amid Israel-Iran Clashes

Cheap ‘Junk-Gun Ransomware’ Emerging on the Dark Web

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate

Chinese manufacturer exposes data from surveillance devices

Cyberattack Disables Ukrainian Broadcaster 1+1 Media, Affecting 39 Channels

Cybercriminals pose as LastPass staff to hack password vaults

Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020

Dozens arrested and thousands of victims contacted after scam site taken offline

Europol-led task force shuts down LabHost phishing platform, arrests suspected hackers

Fake cheat lures gamers into spreading infostealer malware

Faulty decade-old OfflRouter virus targets organizations in Ukraine

FBI warns Chinese hacker infrastructure attack is coming

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

FIN7 cybercriminals targeted large U.S. automotive manufacturer last year

FIN7 targeted a large U.S. carmaker with phishing attacks

Five Australians among 37 arrested over global phishing scam following international investigation

France's Cannes Hospital in midst of major cyberattack

French underwear seller Le Slip Français hacked

Frontier Communications shuts down systems after cyberattack

Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide

Google ad impersonates Whales Market to push wallet drainer malware

Got a Phone Call From LastPass? Hang Up, It's a Phishing Scam

Hacker Groups Target Jordanian Companies with Cyber Attacks

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Homeowners urged to be vigilant for scams after ‘shocking’ data breach at major smoke alarm provider

International investigation disrupts phishing-as-a-service platform LabHost

Isle of Man: Medical records found in home of ex-health employee

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

LabHost: Authorities dismantle global phishing service charging $249 per month, utilized by 2,000 hackers

LabHost phishing service with 40,000 domains disrupted, 37 arrested

LabHost platform shut down by law enforcement

LastPass users targeted in phishing attacks good enough to trick even the savvy

MagicDot: A Hacker’s Magic Show of Disappearing Dots and Spaces

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

New Zealand: Three Aucklanders arrested in worldwide phishing sting

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Over 17 billion personal accounts leaked worldwide since 2004

Phishing Attack Targets LastPass Users’ Master Passwords

Phishing-as-a-service platform LabHost shut down in global operation

Police take down $249-a-month global phishing service used by 2,000 hackers

Quishing Attacks Jump Tenfold, Attachment Payloads Halve

RansomHouse Allegedly Strikes Lopesan Hotels: 650GB Data Breach Unfolds

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

R00TK1T Claims to Have Breached Confidential Information Belonging to Nestle

Russia: Ex-FSB officer sentenced to 9 years in prison for helping Russian hackers

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Saint John settles $2M cyberattack insurance claim

Students turning to cyberfraud as huge phishing site infiltrated, police revea

Telecom giant Frontier shuts down some systems after cyberattack

Threat Actor Claims Sale of E-commerce Company’s Database Containing Personal and Transaction Data

Trust in Cyber Takes a Knock as Critical National Infrastructure (CNI) Budgets Flatline

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

UK police lead global operation against phishing website platform

UK Police Take Down LabHost Phishing Service

US: Data broker provisions in draft privacy legislation too weak, lawmakers say

US: House votes in favor of curtailing government transactions with data brokers

Vast online scam platform shut down

Void Interactive Data Breach: Developer of Popular SWAT Team Game Suffers Source Code Leak

Vulnerabilities for AI and Machine Learning (ML) Applications are Skyrocketing

What is Clop Ransomware?

What to do if your personal info has been exposed in a data breach

17th April

68% of Companies are More Vulnerable to DDoS Than They Think

A Threat Actor Allegedly Offers Microsoft Office RCE 0-day for $100,000

Ahoi Attacks: A New Threat to Confidential VMs in the Cloud

Authorities investigating ransomware attack on charity that works with vulnerable children

Bridewell research reveals UK Critical National Infrastructure (CNI) ransomware risks

Cactus Ransomware Strikes DRM Arby’s: Data Breach Exposes Sensitive Information

Cherry Health hit by ransomware attack

Cisco discloses root escalation flaw with public exploit code

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Criminals want to pay T-Mobile and Verizon staff for SIM swaps. Here's what you need to know

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

'Crude' ransomware tools proliferating on the dark web for cheap, researchers find

Cyber attack on Lebanon state internet provider Ogero disrupts services

Cyberattack disclosed by East Coast fisheries org following 8Base ransomware claims

Cyberattacks Surge 325% in Philippines Amid South China Sea Standoff

CyberNiggers hacker claims breach of US geospatial intelligence firm Space-Eyes

Data Center Ransomware Attacks on Rise: Microsoft SQL Server is Prime Target

Federal Trade Commission (FTC) Fines Cerebral $7 Million for Sharing Millions of Patients’ Data

FIN7 targets American automaker’s IT staff in phishing attacks

Google's Mandiant elevates Russian threat group Sandworm to APT44

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

HHS Scrambles to Patch Security Hole After $7.5 Million Cyberattack

Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Investigation finds 18 data centers secretly mining crypto in Sweden

Ivanti Patches Two Critical Avalanche Flaws in Major Update

Linux Cerber Ransomware Variant Exploits Atlassian Servers

Malicious cyber activity spiking in Philippines, analysts say

Michigan healthcare organization says ransomware breached data of 185,000

Microsoft, Google, LinkedIn most mimicked in brand phishing attacks

Millions of Magic Rampage players at risk

Moldovan charged for operating botnet used to push ransomware

Multiple botnets exploiting one-year-old TP-Link flaw to hack routers

Nevada loses the most money to cybercrime

New York governor says cyberattack on legislative office is holding up state budget

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Patients Sue Ernest Health After Data Breach of 94,747 Exposed

Pentesting accounts for an average of 13% of total IT security budgets

Ransomware attacks against food, agriculture industry examined

Researchers warn updated Cerber ransomware is targeting critical Confluence vulnerability

Rethinking Phishing Tests: A Call For Trust And Control In Cybersecurity

Russia-linked backdoor targets Eastern European networks

Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks

Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

Russian Sandworm hackers pose as hacktivists in water utility breaches

Sandworm hackers play ‘central role’ in Russia’s cyberwar with Ukraine

SixtySixSlavs ️Group Allegedly Hacked National Energy Research Scientific Computing Center (NERSC), Selling Sensitive Data

SoumniBot malware exploits Android bugs to evade detection

Thinking outside the code: How the hacker mindset drives innovation

Threat Actor Claims Breach of T2 Tea Australia Database

Threat Group FIN7 Targets the U.S. Automotive Industry

To pay or not to pay the ransom?

Total ransomware payment ban requires more prep

United Nations (UN) agency says data stolen in ransomware attack

United Nations Development Programme (UNDP) Hit by Cyberattack: HR and Procurement Data Breached

UnitedHealth Beats Earnings Despite $1.6 Billion Cyberattack Hit

UnitedHealth says recent ransomware attack cost $872m

“We Will be Attacked”: Cybersecurity Challenges Loom Over Paris Olympics 2024

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

16th April

AI Helps Security Teams, But Boosts Threats

Atlantic fisheries body confirms cyber incident after 8Base ransomware gang claims breach

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

Blooms Today Alleged Data Breach: Threat Actor Offers 15 Million Records for Sale at $5000

Botnets continue exploiting year-old flaw in unpatched TP-Link routers

BreachForums Down, But Not Out: Hackers Claim Attack, Admins Remain Unfazed

BreachForums Website Suspended: Administrator Issues Statement and Announces Temporary Domain Amid DDoS Threats

Brute force attacks targeting VPNs on the rise, intel warning

Canadian discount retailer Giant Tiger announces customer data breach

Cerebral to pay $7 million settlement in Facebook pixel data leak case

Change Healthcare faces new ransomware threat following earlier breach

Change Healthcare’s ransomware attack costs edge toward $1 Billion so far

Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse

Cisco Duo Data Breach: Hackers Stolen VoIP & SMS for Multi-Factor Authentication (MFA)

Cisco Duo Data Breach Exposes Customer MFA Data Through Telephony Provider

Cisco Duo MFA logs exposed in third-party data breach

Cisco Duo says a third-party data breach stole MFA SMS logs

Cisco Duo warns of customer data breach through telephony provider attack

Cisco warns of large-scale brute-force attacks against VPN services

CISOs are still more worried about ransomware than AI-powered cyberattacks

Critical RCE Vulnerability in 92,000 D-Link NAS Devices

Crypto Ransomware Payments Surpassed $1 Billion, Surging 94% in 2023

Cybersecurity Pros Urge US Congress to Help NIST Restore National Vulnerability Database (NVD) Operation

Daixin Team ransomware group claims major cyber attack on Omni Hotels

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Federal Trade Commission (FTC) Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

Florida: Scammers target SunPass customers with phishing ploy

Food and agriculture sector hit with more than 160 ransomware attacks last year

Future proofing employee cyber-protections

Hackers access personal, medical info in cyber attack of southern New Mexico rehabilitation center

Hackers Customize LockBit 3.0 Ransomware To Attack Orgs Worldwide

Hackers start leaking stolen Change Healthcare data

Half of all internet traffic comes from bots, research shows

Handala Hacker Group Warns Israel: 500K Texts Sent Amid Alleged Iron Dome Security Breach

Here’s what AT&T is doing for more than 7 million customers who became data breach victims

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Hunters International ransomware group demands a $10m ransom from Hoya Corporation

Infamous BreachForums down, black hats claiming responsibility

IntelBroker Claims Channel Logistics LLC Data Breach: Space-Eyes Division Allegedly Impacted

IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data

Ivanti warns of critical flaws in its Avalanche MDM solution

LastPass Reports Voice Phishing Attempt on Employee Using Audio Deepfake of Company CEO

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Leaked LockBit builder-based ransomware impersonates employees and self-spreads

Lighttpd Bug Continues to Expose Vulnerabilities in End-of-Life Intel and Lenovo Hardware Firmware

LulzSec Muslims ️Group Allegedly Hacked Efrat Airlines, Compromising Banking and Credit Card Information

MGM files suit against Federal Trade Commission (FTC) to block cyber attack investigation

MGM sues to block Federal Trade Commission (FTC) investigation of its data security

Microsoft Most Impersonated Brand in Phishing Scams

Microsoft, Google and 8 other companies 'most frequently copied' by hackers

Navigating Personal Liability: Post–Data Breach Recommendations for Officers

New open-source project takeover attacks spotted, stymied

New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials

Nexperia Confirms Data Breach, Launches Investigation with Cybersecurity Experts

Omni Hotels confirms data compromise in apparent ransomware attack

Omni Hotels says customers’ personal data stolen in ransomware attack

Omni Hotels Says Personal Information Stolen in Ransomware Attack

Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

Over 500 people targeted by Pegasus spyware in Poland, officials say

PuTTY SSH client flaw allows recovery of cryptographic private keys

PuTTY Vulnerability (CVE-2024-31497): Immediate Action Required for Private Key Protection

Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion

Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

Ransomware attacks surge worries cybersecurity experts: 'Scattered Spider' group in focus

Ransomware gang publishes part of stolen Change Healthcare records

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Ransomware Group Posts Evidence It Holds Change Healthcare Files

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

Roku suffers second data breach with more than half a million accounts hacked

Sanggiero Allegedly Breaches Kameymall Database, Exposing Confidential User Data

Scammers stole almost $200 million from Coloradans in 2023

Sensitive US government data exposed after Space-Eyes data breach

South Africa: Trade commission falls prey to cyber attack

South Africa’s trade regulator International Trade Administration Commission (ITAC) hit by cyber attack

Strengthening Data Defense: Insights From Recent Ransomware Attacks

T-Mobile, Verizon workers get texts offering $300 for SIM swaps

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

Third-party breach hits MFA authenticator Cisco Duo

Threat Actor Offers Unauthorized RDP Access of Iranian Pipeline Company

Trust Wallet Urges Caution for Apple Users Amid Reports of Apple iMessage Zero-Day Exploit

Trust Wallet warns iOS users of zero-day exploit

UK royals fall victim to alleged data breach

UnitedHealth: Change Healthcare cyberattack caused $872 million loss

What Were the Most Impersonated Brands For Phishing in Q1?

Who Stole 3.6 Million Tax Records from South Carolina?

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

15th April

A critical vulnerability in Delinea Secret Server allows authentication bypass, admin access

Alleged Telecom Argentina Data Access Offered for $100 on Dark Web

AT&T Data Breach Victims Will Get A Year Of Free Protection

BHF Couriers denies credit card data breach

Bradford-Scott says data breach impacted over 43,000 Andovers Federal Credit Union customers

Change Healthcare cyberattack fallout continues

Change Healthcare Receives Threat from Second Ransomware Group After Paying the First

Change Healthcare stolen patient data leaked by ransomware gang

Chinese Chipmaker Nexperia: Gigabytes of Data Stolen

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

Chinese-owned semiconductor company Nexperia hit by ransomware attack

Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims

Chipmaker Nexperia confirms breach after ransomware gang leaks data

Cisco: Hacker breached multifactor authentication message provider on April 1

Cisco Duo warns third-party data breach exposed SMS MFA logs

Critical PHP Vulnerabilities Exposed: Urgent Updates Needed to Safeguard Against Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)

Cyber attack exposes Covid-19 vaccination records in Dominican Republic

Daixin ransomware gang claims attack on Omni Hotels

DAIXIN Ransomware Group Claims Data Breach at Omni Hotels, Threatens Leaks

Data leaked as Pak Suzuki comes under cyber attack

Data security, ransomware protection top priority for Indian firms

Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks

FBI and Australian Federal Police (AFP) Arrest Alleged Developer, Marketer of Firebird/Hive RAT

FBI Warns of Massive Toll Services Smishing Scam

Fraud on career networks like LinkedIn and Xing

Geopolitical tensions escalate Operational Technology (OT) cyber attacks

Hacker claims Giant Tiger breach

Hacker claims responsibility for Giant Tiger hack, leaks millions of records online

Health care providers dig out from ransomware attack

Hope Revived for UN Cybercrime Treaty as Negotiations Set to Resume

Identity Theft Resource Center (ITRC) 2023 Data Breach Report Is a Mixed Bag

Intel and Lenovo Baseboard Management Controllers (BMCs) Contain Unpatched Lighttpd Server Flaw

IntelBroker Allegedly Breaches Space-Eyes Database, Exposing Confidential Documents Related to US Government Agencies

Iran’s missile strikes against Israel bolstered by cyberattacks, multiple gangs involved

Las Vegas Casino Hacks Were Result of Cooperation Between Young, Western Hackers and Russians

LayerSlider Plugin Flaw Exposes 1 Million Sites To SQL Injections

‘Leak of corporate data’: Cyber-attack hits Pak Suzuki Motor Company

Microsoft and Google Top the List in Q1 2024 Phishing Attacks: Check Point Research Highlights a Surge in Cyber Threats

Microsoft Data Breach: Security lapse by employees? Passwords, credentials exposed - Should you worry?

Microsoft will limit Exchange Online bulk emails to fight spam

Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

Nearly 3 Million Giant Tiger records exposed by purported hacker

New LockBit Variant Exploits Self-Spreading Features

New phishing Exodus campaign targets Chinese crypto investors

New SteganoAmor attacks use steganography to target 320 orgs globally

Over 50% global ransomware incidents in 2023 were detected in Southeast Asia (SEA)

Over 100 hotels in Japan fall victim to Booking.com phishing scams

Pak Suzuki Hit By Massive Cyber Attack

Palo Alto Networks fixes zero-day exploited to backdoor firewalls

Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

Palo Alto Networks Warns Customers of Actively-Exploited PAN-OS vulnerability

Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks

Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor

Ransomware gang starts leaking alleged stolen Change Healthcare data

Researchers stop ‘credible takeover attempt’ similar to XZ Utils backdoor incident

Roku: Credential Stuffing Attacks Affect 591,000 Accounts

Roku admits further subscriber data breach

Roku Cyberattack Affects 576,000 Customers

Roku Reports Over Half a Million Accounts Compromised in Credential Stuffing Attacks

Roku reports second data breach; over 500,000 accounts compromised

Russia and Ukraine Top Inaugural World Cybercrime Index

Security engineer guilty of hacking cryptocurrency exchanges

SN_Blackmeta Allegedly Launches Cyber Attack on Orange Israel, Says Group Will Continue Attacks on Israel

South Africa: Import tariff body International Trade Administration Commission (ITAC) was targeted in ransomware attack

South Africa: The system is offline - Government pension fund goes silent after data breach

Suzuki Pakistan Faces Cyber Attack on Corporate Database

Suzuki Pakistan reports data breach amid cyberattack

Technology use slowly coming back in Scranton School District amidst ransomware attack

Threat Actor Offers Database of Egyptian E-commerce Giant Curva for Sale at $250

Ukrainian hacktivists claim to breach Russian drone developer

US Treasury Targets Hamas Cyber Operations Leader with Sanctions

Wells Fargo discloses data breach affecting two customers, employee fired

What if we made ransomware payments illegal?

Yet another hacker group demands ransom from Change Healthcare

Zero-day exploit hits Palo Alto Networks

Posted by at
Labels:
Subscribe to: Posts (Atom)