Editor's Message

Welcome to DBD. With 2021 drawn to a close, we would like to take this opportunity to wish everyone a very safe and Happy New Year. The last year has been tough for us all, with both the COVID-19 and Ransomware pandemics doing their best to disrupt our way of life, but hopefully our aggressive and progressive fight against these will indeed keep us safe in the near future. Thank you for all your support. Stay safe. :)






Monday, 17 January 2022

Clarins: French Cosmetics Company's Singapore Division Suffers "Log4j" Vulnerability Data Breach Compromising Customers' Information

Data Breaches Digest - Week 03 2022

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 17th January and 23rd January 2022.


17th January

2G's security weaknesses are still a problem, even for modern phones

3 ways to improve your website security

10 cognitive biases that can derail cybersecurity programs

Accellion Reaches $8.1m Data Breach Settlement

Aditya Birla Fashion and Retail Ltd faces data breach, company says investigation underway

Australia: State Government takes action against payroll provider over data breach

BioPlus Specialty Pharmacy Faces Lawsuit Over Healthcare Data Breach

Bug in WebKit's IndexedDB implementation makes Safari 15 leak Google account info...and more

Campaign Uses Public Cloud to Spread RAT Payloads

Clarins reports data breach; Singaporean customers may be affected

Criminalizing cybercrime and raising the risk for cyberattackers

Crypto scam sites continue to draw Indians in droves

Cyber criminals wreaking havoc in Nigeria

Cyber espionage campaign targets renewable energy companies

Cyber leak is timely reminder to boost online security in 2022

Cyber threats ‘growing faster than ability to prevent and manage them effectively’

Cybercrime: Rising Concern to Cyber World

'Dangerous' NHS scams are tricking people into sharing personal details and what to do if you get one

Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down

DHL dethrones Microsoft as most imitated brand in phishing attacks

DHL, Microsoft, WhatsApp top phishing list of most imitated brands

Digital Fraud And Shared Responsibility

Doubts Face UK Businesses Looking to Get Proactive About Cybersecurity

EHR Vendor Faces Legal Action Over Data Breach

Ellen DeGeneres Facebook Scam Promises $750 in Cash App

Even the most experienced cyber professionals agree: We can’t prevent all breaches

Former Inspector General Pleads Guilty to Software Theft

Global cyber crime damages to exceed $10 trillion

Goodwill claims it was hit by data breach

Google Drive and other popular cloud data storage apps under hot water as bad actors are leveraging these platforms to distribute malware

Hackers attack Parasol and Brookson, leaving umbrella contractors unpaid

Hackers holding data hostage demand extortion in digi coins

How Can We Ensure That Online Data Remains Private?

How does a SOC as a Service work and what advantages does it have?

IT firm C-Planet fined €65,000 over massive voter data breach

Jackson Hospital fends off recent ransomware attack

Jazz and Telenor Denies Alleged Data Breach Circulating on Different Platforms

Know your enemy

Linux malware is on the rise. Here are three top threats right now

Many users don’t know how to protect their broadband Wi-Fi routers

Meeting the healthcare sector’s unique cybersecurity challenges

Microsoft: ‘Destructive malware’ fakes ransomware to target Ukrainian orgs

Microsoft Defender Exclusions List Can Be Read by Attackers in Windows 10

Microsoft Edge users beware: this fake Edge update downloads malware onto your PC

Microsoft Warns of Destructive Malware Campaign Targeting Ukraine

Mitigating Cloud Security's Greatest Risk: Exposure

More cybercrime, less theft in Netherlands last year

National Bureau of Investigation (NBI) ‘convinced’ no hacking in Comelec system

NatWest issue scam warning to customers - what you need to know

New York City school platform outage complicating COVID-19 tracing efforts

Nigeria: Cyber Criminals Wreaking Havoc in Nigeria

Nigerian Communications Commission (NCC) Alerts Nigerians To New Ransomware Attacking Organisational Networks

Nintendo warns of spoofed sites pushing fake Switch discounts

Norfolk medical secretary gets hoax email 150,000 times

Protecting yourself in the new era of cybercrime

Ransomware: Why only the bravest businesses will survive

Russian government arrests REvil ransomware gang members

Safari bug leaks your Google account info, browsing history

SIM card swap scams on rise in Tamil Nadu, police unearth modus operandi

Singapore cops arrest 10 during anti-scam operation targeting those fraudulently registering SIM cards

Supposed Microsoft Edge Update is Actually Ransomware

Tackling the Biggest Threat to Cyber Security: Your Staff

The eight key benefits that MFA can deliver your organisation

The Philippines: Online financial fraud cost consumers P540 million in 2021

The sneaky Apple scam targeting iPhone, iPad and iMac users by email in Ireland

The State of Credential Stuffing Attacks

Top three questions about the Log4j vulnerability

TTPs used by DEV-0586 APT Group in WhisperGate Attack Targeting Ukraine

Ukraine: Wiper malware masquerading as ransomware hits government organizations

Ukraine Accuses Russia Of Cyberattacks Targeting Multiple Government Websites

Ukraine blames Belarus for PC-wiping 'ransomware' that has no recovery method and nukes target boxen

Update on Ubiquiti Data Breach: Insider Suspected

US Must Get Tougher to Deter Russian Cyberattacks

Using Zero-Trust to Secure Dissolving Network Boundaries

Watch out for these SMS, it’s a phishing attempt!

Why cyber defense in Japan is so unreliable

Why is intergenerational collaboration critical in advancing zero trust security progress?

Zoho patches new critical authentication bypass in Desktop Central

Ransomware Operator Claims - Week 02 2022

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 10th January and 16th January 2022, kindly provided by our partners.

Flag Icons created by Freepik and provided by Flaticon.

Saturday, 15 January 2022

Goodwill: Maryland Non-Profit Organization's "ShopGoodwill" Auction Platform Vulnerability Exposes Users' Personal Information

Aditya Birla Fashion & Retail: Mumbai Fashion Retailer Suffers "ShinyHunters" Data Breach Resulting In 5,470,063 Customers' Accounts Leaked Online

Durham Johnston School: UK School's "Vice Society" Ransomware Attack Results In Stolen Data Leaked On The Dark Web

Senado Argentina: Argentine Senate Suffers Ransomware Attack Resulting In Website Disruption And Sensitive Data Stolen

Friday, 14 January 2022

Ukrainian Government Suffers Suspected Russian Cyber Attack Defacing And Disabling Over 70 Government Department Websites

Hensoldt: German Defense Contractor's UK Division Suffers "Lorenz" Ransomware Attack Resulting In Data Leaked On The Dark Web

Entira Family Clinics: Minnesota Medical Practice's Third-Party Ransomware Attack Compromises 199,628 Patients' Health Records

REvil: Ransomware Operators Arrested By Russian Federal Security Service Resulting In The Seizure Of $6.67 Million In Cash And Cryptocurrency

Wednesday, 12 January 2022

Ministry Of Foreign Affairs: North Korean APT Group Deploys Phishing Attacks Against Russian Diplomats After Compromising Email Account

Albuquerque Public Schools: US Public School District Suffers Cyber Attack Resulting In IT Systems Disruption And Class Cancellations

Loyola University Medical Center: Chicago Medical Center Suffers Email Data Breach Exposing 16,934 Patients' Health Information

TransCredit: Florida Business Credit Reporting Agency's Unsecure Database Exposes 822,789 US And Canadian Customers' Credit Records

Tuesday, 11 January 2022

Night Sky: Chinese Ransomware Operator Targeting "Log4Shell" Vulnerable "VMware Horizon" Servers With Ransomware Attacks

Medical Review Institute Of America Suffers "SonicWall" Vulnerability Cyber Attack Compromising 134,571 Clients' Health Information

Siriraj Hospital: Bangkok Hospital Denies Data Breach Despite 38.9 Million Public And Private Patients' Medical Records For Sale Online