Editor's Message

Welcome to DBD. Due to legal concerns, we have removed our detailed ransomware attack reports, but will continue to report on these attacks as and when they are announced in the public domain. Any feedback, positive or negative, would be gratefully received to enable us to give you the best experience on any device. Thank you for your support. Stay safe. :)

PLEASE NOTE: DUE TO ILL HEALTH WE ARE SLIGHTLY BEHIND WITH UPDATES BUT WILL BE WORKING THROUGH THE WEEK TO CATCH UP. THANK YOU FOR YOUR UNDERSTANDING...NORMAL SERVICE WILL RESUME AS SOON AS POSSIBLE ;)



Wednesday, 3 March 2021

Prisma Promotora: Brazilian Finance Company's Third-Party Unsecure Database Exposes 717,068 Files With Customers' Personal And Financial Data

Ryuk: New Ransomware Version's Worm-Like Ability Spreads Itself Onto Any Windows Machine On The Same Compromised Network

CallX: Californian Telemarketing Company's Unsecure Server Exposes 114,000 Customers' Phone Conversations And 2,000 Chat Transcripts

CSX: Florida Freight Rail Operator's Third-Party "Clop" Ransomware Attack Results In Sensitive Data Leaked On Dark Web

PrismHR: US Online Payroll And HR Company's Suspected Ransomware Attack Potentially Compromises 2 Million Employees' Data

Tuesday, 2 March 2021

Oxfam Australia: Australian Charity Suffers Data Breach Resulting In 1.7 Million Donors' Personal Information For Sale On Dark Web

Universal Health Services: US Healthcare Provider Reveals "Ryuk" Ransomware Attack Resulted In Estimated $67 Million Loss

Red Echo: Chinese State-Sponsored APT Group Targeted India's Power Grid With Malware To Disrupt Electricity Supply After Border Clash

Mariana Tek: US Fitness Studio Management Platform's Unsecure Server Exposes 850,831 Clients', Business Owners' And Trainers' Personal Data

Tether: US Blockchain And Cryptocurrency Organization Suffers Ransomware Attack Resulting In $24 Million Ransom Demand

Malaysia Airlines: Malaysian National Airline's Third-Party Data Breach Compromises Frequent Flyer Program Members' Personal Data

Monday, 1 March 2021

İnova Yönetim: Turkish Legal Advisory Company's Unsecure Server Exposes 15,000 Traffic Accident Court Cases And 55,000 Sensitive Documents

Gab: US Right-Wing Social Media Platform Suffers Data Breach Resulting In 15,000 Users' Data And 40 Million Posts Stolen And Leaked

32Red: Gibraltan Online Casino Company Suffers 'Technical Glitch' Data Breach Exposing 118 Players' Account Information To Other Players

Staring College: Dutch Secondary School's Ransomware Attack Results In School Closure And Undisclosed Ransom Paid

ZEE5: Indian On-Demand Video Platform Suffers Third Data Breach In Nine Months Resulting In 9 Million Users' Data Stolen And Leaked

Ticketcounter: Dutch E-Ticketing Platform Suffers Data Breach Resulting In 3 Million Users' Information Leaked On The Dark Web

Data Breaches Digest - Week 09 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 1st March and 7th March 2021.


3rd March

1-in-5 Americans Had a Healthcare Provider Impacted By a Cyberattack as Ransomware Targeting Hospitals Escalated During the Pandemic

Attackers turn delivery method for Gootkit malware into multi-payload “Gootloader” platform

Backup Is Feeble Protection Against Ransomware

Cash App phishing kit deployed in the wild, courtesy of 16Shop

Cloud Services Are Top-of-Mind for Phishers

Cybercrime report reveals extent of COVID-19 exploitation

Cybercriminals take bold steps forward as confidence soars

Cybersecurity firm Qualys likely latest victim of Accellion hacks

Cybersecurity Trends and Emerging Threats in 2021

Data extortion ransomware attacks on retailers up over 1,000% during pandemic

Don't Be Fooled by These Advanced Phishing Techniques

DoS Vulnerability in Eclipse Jetty Calls for Urgent Updates

Gootkit malware creators expand their distribution platform

Hackers share methods to bypass 3D Secure for payment cards

Here are 7 Ways to Protect Yourself Online

If Your Business Doesn’t Have Automatic Cloud Backups, You Could be in Trouble

Insider data leaks: Causes and remedies

Key Lessons from the Malaysia Airlines Nine-Year Data Breach

Lazarus Group Tied to TFlower Ransomware

Microsoft Pushes Urgent Updates for Exchange Server After the Discovery of Multiple 0-Days

New WhatsApp and Just Eat scams are trying to steal your personal and financial information

Over 50% Increase of Unique Cyber Threats in the Wild in 2020, Cymulate's Continuous Security Testing Report Reveals

Protecting Against Brand-Impersonating Phishing Messages

Ripe for extortion? Navajo Nation hospital targeted by large-scale ransomware hack

Scammers Target Wall Street In New Capital Call Fraud Schemes

Technical controls to prevent business email compromise attacks

The Ryuk Ransomware Is Now Turning Into a Dangerous Worm

This dangerous ransomware is using a new trick to encrypt your network

Ursnif Trojan has targeted over 100 Italian banks

Venture capital firm in data breach

Why Cybersecurity is More Important than Ever for SMBs in 2021

Why paying off ransomware gangs is not a good idea

Zee5 may have leaked data of 9 million users - Not for the first time

2nd March

10 types of cyberattacks to know and avoid

$21 Million in New 2020 Ransomware Payments were Made According to Chainalysis Review of Uncovered Crypto Addresses

50% Phishing Emails Seek Credential Theft, as Malware Delivery Declines

10,000s of Brazilians Exposed to Fraud in Massive Data Breach

Alarming Cybersecurity Stats: What You Need To Know For 2021

Alexa Skills: Security gaps and data protection problems

Americans are at risk of being dragged into global cyber warfare, FireEye's CEO warns: 'It's as simple as if you can be hacked, you are hacked'

Browser Extension Developers Turn to Code Injection for Monetization

California Department of Motor Vehicles (DMV) warns residents of REAL ID phishing scam

Central Piedmont Community College systems restored, classes resume after ransomware attack

Civil Service Commission (CSC) takes steps to protect data privacy after reported website breach

Compromised Website Images Camouflage ObliqueRAT Malwaree

Countering the evolving threat of ransomware

Cryptocurrency Firm Tether Refuses to Pay Ransom to Hackers

CSX probes ‘security incident’ as hackers leak data

Customers willing to share personal data in exchange for personalized services

Cybercriminals continue to target trusted cloud apps

Data extortion ransomware attacks on financial sector up 350 per cent during Covid-19 pandemic

‘DDoSecrets’ Is Soon to Publish 70GB of Far-Right Detestation Coming Straight From ‘Gab’

Dealing With Ransomware Threats

Department of Justice (DoJ) Steps Up Investigation into NSO Group

Eight Rules for Effective Password Protection

Far-right platform Gab confirms it was hacked

Gift of the Gab? CEO of Alt-right Social Network Publishes Tirade Following Data Breach

Google addresses customer data protection, security in Workspace

Healthcare firms saw a rise in ransomware attacks last year

Malaysia Airlines: Personal data of Enrich members may have been compromised

Malaysia Airlines discloses a nine-year-long data breach

Malaysia Airlines discloses frequent flyer data breach that lasted nine years

Malaysia Airlines Suffers Data Breach Involving Enrich Members

Malaysia Airlines suffers data security 'incident' spanning nine years

Malicious NPM packages target Amazon, Slack with new dependency attacks

‘Mariana Tek’ Exposes 1.5 Million User Records via Unprotected AWS Bucket

Marriott hotel data leak and why travellers should know what’s going on

Medal of Honor Holders’ Identities Stolen

Multi-payload Gootloader platform stealthily delivers malware and ransomware

NSA issues guidance on Zero Trust Security Model

ObliqueRAT Trojan now lurks in images on compromised websites

Oxfam Australia confirms data breach after stolen info sold online

Oxfam Australia supporters embroiled in new data breach

Payroll giant PrismHR outage likely caused by ransomware attack

Payroll/HR Giant PrismHR Hit by Ransomware?

Phishing Attacks: What Are They, What They Can Do, and How to Avoid One

Preparing for the Cybersecurity Maturity Model Certification onslaught

Ransomware Attack's Economic Impact: $67 Million

Ransomware attacks in manufacturing tripled in 2020

Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root

Ryuk Ransomware: Now with Worming Self-Propagation

Should you pay up when hit by ransomware? There are several things to consider first

SolarWinds reports $3.5 million in expenses from supply-chain attack

Universal Health Services Estimates $67 Million in Ransomware Losses

What hacking attacks can teach us about defending networks

What is cyber insurance? Everything you need to know about what it covers and how it works

Working Windows and Linux Spectre exploits found on VirusTotal

Zee5 Once Again Caught In Data Breach; Info Of 9 Million Users Exposed

1st March

5 Easy Ways to Protect Yourself From Web Hackers and Eavesdroppers

37 billion data records leaked in 2020, 140% year on year

70% of Orgs Facing New Security Challenges Due to #COVID19 Pandemic

An ounce of cybersecurity prevention is worth a pound of cure

AOL Phishing Campaign in Wild to Steal Account Credentials

Berlin Resident Jailed for NHS Bomb Threats

Building a Next-Generation SOC Starts With Holistic Operations

Business Email Compromise Attacks Raise Corporate, Bank Alarms

Businessman charged with intent to steal General Electric’s secret silicon technology

Can robotics and AI really fill cybersecurity skills gap?

Chinese State-Supported Actors Target India’s Power Grid

Chinese state-sponsored Red Echo group targeted India’s power infrastructure

City Has Opportunity To Learn From Ransomware Attack

Civil Service Commission (CSC): Remedial measures put in place to prevent data breach

Criminals are ‘selling’ vaccines and appointments in latest wave of COVID-19 scams

Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681)

Cyber Mercenaries in Demand as Organizations Hire Their Services

Cyber threats lurking in the humble email

Data is most at risk on email, with 83% of organizations experiencing email data breaches

Did COVID-19 Usher In Cybercrime’s Golden Age?

Email is Still the Top Vector for Data Loss

Essential guide to operation-centric security

European e-ticketing platform Ticketcounter extorted in data breach

Firewall Vendor Patches Critical Auth Bypass Flaw

Five ways to protect your organization from ransomware attacks

Free cybersecurity tool aims to help smaller businesses stay safer online

Gab data breach may include 70GB of data on 15,000 users

Gab hacked – DDoSecrets leak profiles, posts, DMs, passwords online

Go Malware Detections Increase 2000%

Google: Bad bots are on the attack, and your defence plan is probably wrong

Hackers cause delay to decision on Largs windfarm

Hackers exploit websites to give them excellent SEO before deploying malware

Hackers hit State Bank of India users with text phishing scam

Hackers hit State Bank of India users with text phishing scam, request them to redeem credit points worth Rs 9,870

Hackers seized on the pandemic; states fighting back

Hackers use black hat SEO to push ransomware, trojans via Google

Half of Orgs Concerned Remote Working Puts Them at Greater Risk of Cyber-Attacks

“Hey, what’s your password?” How to encourage cyber-safe behaviour at work

Highly skilled & well-funded: The new booming threat in cybercrime

Hong Kong: $130,000 lost in latest bank con

How do I select a cloud security solution for my business?

How teenagers may be compromising your data

How to manage the security challenges triggered by remote work

If you're still using AOL, watch out for this phishing scam

India: No data breach in Chinese hacking attempt at power grid system, says government

India: No impact or data breach due to Chinese cyber attacks, says power ministry

Indian hackers could be infecting Pakistani users with malware through fake apps

Indian pharma companies and hospitals targeted by Chinese, Russian and Korean hackers groups

Indian Vaccine Makers, Oxford Lab Reportedly Hacked

Insights for navigating a drastically changing threat landscape

It is time to be proactive towards cybersecurity threats

It’s Raining Malware: Understanding and Protecting Against Today’s Threats

Jones Day Law Firm Associated With Donald Trump Leaks Confidential Client Information in a Third-Party Data Breach

Judge approves $650m settlement for Facebook users in privacy, biometrics lawsuit

Lazarus, advanced persistent threat group, targets the defense industry

List of data breaches and cyber attacks in February 2021 – 2.3 billion records breached

LogMein And IDG Study Reveals Half Of Organisations Fear Remote Work And Access Has Put Them At Risk Of Cyber Breaches

Malware Loader Abuses Google SEO to Expand Payload Delivery

Malware researcher speculates on the future of ransomware

Many Businesses Have Governance, Risk and Compliance (GRC) Software, Yet Most Still Struggle to Manage IT Risks Consistently

Many healthcare apps have serious security flaws

Metrobank lists ways on how to avoid the bait of phishing

Minion privilege escalation exploit patched in SaltStack Salt project

Ministry of Power denies impact from Chinese hacking attempt at power facilities, says 'all systems cleaned by antivirus'

Mobile Adware Booms, Online Banks Become Prime Target for Attacks

Most IT security leaders lack confidence in their company’s security posture

Namibia: Government Institutions Pension Fund (GIPF) warns members of cyber threats

New Forms of Ransomware and 5G Smart City Attacks Could Cause Real Harm, Expert Warns

Nottinghamshire shop owner loses 50% of business after being hit by hacker

NSW Transport agency extorted by ransomware gang after Accellion attack

Passwords, Private Posts Exposed in Hack of Gab Social Network

Philippines: Grave data breach

Phishing attacks in Europe soared 718% in 2020, according to Allot

Phishing Attacks Increase 718% in Europe According to Allot Research

Power Ministry Says No Impact on Any Functionalities of POSOCO Due to Malware Attack

Preparing For Tomorrow – Why Weathering The Initial Covid-19 Storm Isn’t Enough For Security

Protecting Against Evolving Ransomware Attack Trends

Protecting the digital workplace with an integrated security strategy

Ransomware operators are exploiting VMware ESXi flaws

Ryuk Ransomware Updated With 'Worm-Like Capabilities'

Same cyber threats, better solutions as impact of data breaches skyrocketed in 2020

Securing the digital space amid the new normal

Self-Assessment Tool Aims to Enhance Small Biz Security

SolarWinds security fiasco may have started with simple password blunders

Sophos details delivery method of financial malware Gootkit

State Bank of India (SBI) customers hit by text phishing scam - Here's how fraudsters operate

Study suggests Chinese cyber campaign targeted India's power grid after Galwan Valley clash

Tether cryptocurrency firm says docs in $24 million ransom are 'forged'

Tether faces 500 Bitcoin ransom: We are ‘not paying’

The other pandemic

The Phishing Problem in Healthcare

Threats expand to impact the edge and digital supply chains

Three steps to prevent your company from being a victim

Tips to stop cyber attacks during the COVID-19 vaccine rollout

U.S. Customs and Border Protection (CBP) Warns of Telephone Scam

Universal Health Services lost $67 million due to Ryuk ransomware attack

Universal Health Services Ransomware Attack Cost $67M in Lost Revenue, Recovery Efforts

Universal Health Services Suffered $67 Million Loss Due to Ransomware Attack

Washington State Auditor to notify 1.3 million unemployment claimants of data breach last year

What is Social Engineering?

When it Comes to Cybersecurity and Compliance, there is no Room for Error

Why data privacy isn’t just a compliance concern, it’s an essential asset

Why organisations should embrace long-term cybersecurity planning

Why what you watch can make you a target for cybercriminals

World's leading dairy group Lactalis hit by cyberattack

“ZEE5” Has Leaked the Data of Nine Million Users but Didn’t Disclose It

Ransomware Operator Claims - Week 08 2021

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 22nd February and 28th February 2021, kindly provided by our partners.

Flag Icons created by Freepik and provided by Flaticon.