Editor's Message

Welcome to DBD. On March 8th we officially celebrated our first anniversary. What started as a small idea unexpectedly evolved into a larger project, thanks to an overwhelming interest in the website and the information we provide. Therefore we would like to take this opportunity to thank each and every one of you who has supported us in our first year of operation, and we pledge to endeavour to continue providing you with the service you have come to expect from us going forward. Thank you for your support. Stay safe. :)

Upcoming Webinar

Webinar: Cyber-risk and the impact on company valuation
Date: Wednesday 4th August 2021
Time: 11:00 AM BST / 6:00 AM EDT / 3:00 AM PDT
Register For FREE Here

Monday, 26 July 2021

Florida DEO: Florida's "CONNECT" Unemployment Benefits Website's Data Breach Potentially Compromises 57,920 Claimants' Personal Data

Savory Spice: US Online Spices Marketplace Suffers Three Year "Magecart" Attack Compromising Customers' Personal Data And Full Payment Card Details

Data Breaches Digest - Week 30 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 26th July and 1st August 2021.

29th July

Cyberattacks on the rise: How to protect your business

28th July

API attack traffic has grown at triple the rate of overall API traffic

Apple patches zero-day vulnerability in iOS, iPadOS and macOS

Aussie businesses taking almost a year to contain data breaches

Average organization targeted by over 700 social engineering attacks each year

Batesville School District blocks ransomware attack

Biden: Major cyber attack could lead to a 'real shooting war'

Biden: Severe cyberattacks could escalate to 'real shooting war'

Biden Signs Memo to Defend Industrial Controls From Hackers

Biden Warns Cyberattacks Against US Could Spark a ‘Real Shooting War’

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths

Calgary’s parking authority exposed drivers’ personal data and tickets

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers

Colonial Pipeline Hinted at Critical Infrastructure Threat

Confidence redefined: The cybersecurity industry needs a reboot

Consumers are increasingly concerned about online security and imminent attacks

Cost of data breach hits record high during pandemic: IBM report

Cost of data breaches in Canada hit new record in 2021

Critical Microsoft Hyper-V bug could haunt orgs for a long time

Critical pipelines report over 220 cyber incidents since May TSA directive

D-BOX Recovering From Ransomware Attack, But 1Q Financial Results Deferred

Dark web ads offering access to corporate networks increase sevenfold

Data Breach Costs Have Broken Records During Coronavirus Pandemic

Data breach costs hit record high due to pandemic

Data privacy in the era of COVID-19 vaccine rollouts

East Sussex council continues to battle 'sustained' cyber-attack

Ecuador's Health Ministry Asks Prosecutors to Investigate Data Breach of 1.5 Million Patients

Enterprise data breach cost reached record high during COVID-19 pandemic

European survey reveals Ireland is seeing the biggest increase in cybersecurity attacks

Exposing the latest cloud threats affecting enterprises

FBI reveals top targeted vulnerabilities of the last two years

FBI To Congress: Banning Ransomware Payouts Could Backfire

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

Gloucestershire businesses lost £370,000 to cyber fraud in the last year

Google: Android apps must provide privacy information by April 2022

Google Play Protect fails Android security tests once more

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

Haron and BlackMatter are the latest groups to crash the ransomware party

How cybercriminals are targeting the Olympics

How Iranian Actors Targeted Aerospace Defense Contractor Through a Fake Social Media Persona

How Microsoft security infrastructure can sink a business

How security leaders can build emotionally intelligent cybersecurity teams

How the Dark Web enables access to corporate networks

IT staffers receive an average of 40 targeted phishing attacks in a year

It’s never too late to plan for a ransomware attack

Kaspersky Research Shows Scammers Target Those Looking to Watch Tokyo Olympics

Latest HP cybersecurity threat report reveals hackers sharing computer vision tools to supercharge capabilities

Microsoft adds Safe Links phishing protection to Microsoft Teams

Milanote workplace collaboration app used for phishing attacks

Minimising the impact of REvil delivered via Kaseya servers

New bugs could let attackers hijack Zimbra server

New RaaS Called ‘BlackMatter’ Emerges to Fill the Gap Left by REvil and DarkSide

NHS Test and Trace told man details of positive 'contact' in 'shocking data breach'

No More Ransom Saves Victims Almost €1B Over 5 Years

Northern Ireland's COVID certification service suspended after data leak

Number of hacking tools increasing as cyber criminals become more organized

One IBM i Shop’s Close Call With Ransomware

Phishing victims turn to class-action lawsuits against banks

Radiology practice assembles skilled team to strengthen cybersecurity after data breach

Ransomware – three questions to ask your cybersecurity teams

Ransomware demands in H1 2021 leap nearly threefold

Ransomware has already cost victims $45 million in 2021

Ransomware In Asia-Pacific: How To Prepare

Ransomware payments make for bad business: Here's what actually works!

Ready, set, scam: Cybercriminals targeting Olympic Games fans

REvil returns, but under another name

Rise in hacking tool downloads as cybercrime becomes 'more organised than ever'

Robust Cybersecurity Solutions for Maritime Transportation

Rs 16.5 cr average cost of data breach for an Indian firm

Russian-Speaking Forum ‘RAMP’ Fostering New RaaS Launches and Affiliates

Santander will not block your account: The scam to steal your bank account

Second TSA Security Directive Issued to Pipeline Operators to Reinforce Cybersecurity

Sophos uncovers malware targeting Discord

Studies show cybersecurity skills gap is widening as the cost of breaches rises

The most common cybersecurity mistakes doctors make

The Rise of Cybercrimes in India

The State of Blockchain Applications in Cybersecurity

These hackers built an elaborate online profile to fool their targets into downloading malware

Three easy ways to reduce cyber risk

Too Big To Fail: Recent Cybersecurity Incidents Highlight Critical Infrastructure Vulnerabilities

Top 5 Benefits of Cloud Infrastructure Security

Top internet scams from the last 3 months, that you should look out for

Trending cybercrimes and the big impact of lesser-known breaches

Turning the tide on surging account takeovers in the media industry

UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild

UC San Diego Health announces data breach

UK Reports £5.7m In Cyber Crime Financial Loss So Far This Year - With One Third Coming From Businesses

University of California, San Diego Health victim of phishing resulting in data breach

Urgent: Why you need to update all your iPhones, iPads, and Macs right now

Viruses, Malware, or Spyware: What's More Dangerous?

Weaponised operational tech to harm or kill humans: Gartner

What Does It Take to Be Secure with Multi-Factor Authentication?

What is Malware? How to Prevent & the Different Types

What is secretive ‘spyware’ Pegasus, and what can it do?

What’s in Your Trash? Cyber Lawsuit Blames Trash Company for Data Breach

Where does the SME fit into a supply chain attack?

Your phone is watching you: Why NSO Group’s spyware is such a big threat to democracy

27th July

3 Key Cybersecurity Threats Affecting Remote Workers Returning to the Office

36% of organizations suffered a serious cloud security data leak or a breach in the past year

66% of applications in the utilities sector have at least one exploitable security vulnerability per year

Accounting firms warn clients about ransomware attacks

After ransomware attack: Anhalt-Bitterfeld asks the Bundeswehr for help

Alleged Clubhouse Database Containing 3.8 Billion Phone Numbers Is On Sale On The Dark Web

Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

Average time to fix high severity vulnerabilities grows from 197 days to 246 days in 6 months

Biden Administration Wants to Require Businesses to Disclose Ransomware Attacks

Biden officials pledge to confront cybersecurity challenges head-on

Can Critical Infrastructure Companies Prevent Ransomware Attacks?

CISOs operating blind, with limited visibility and control

Consumer attitudes towards various digital identity authentication methods

Crisis communications for a hostile cyber landscape

Cybercrime and hacking by hostile states demands a 'Digital Geneva Convention' – Stewart McDonald MP and Alyn Smith MP

Cybercriminals are getting more sophisticated

Cybercriminals may target 2020 Tokyo Olympics, FBI warns

Cybersecurity: 4 ways cybercriminals can try to extort you and how to stay safe

Data Breach at UC San Diego Health: Some Employee Email Accounts Impacted

Data Protection: What Tools Are Available To Enhance Security?

DVLA issue scam warning to UK drivers over hoax messages

Fight against ransomware: New website to get help faster marks five years of ‘No More Ransom' initiative that helped over six million victims recover their data

Hackers are increasingly targeting Discord to spread malware, warns Sophos

Hackers Turning to 'Exotic' Programming Languages for Malware Development

Hackers Use Discord For Spreading Malware - 14,000 Malware URLs Reported

Hackers using Discord to spread malware

Half of vulnerabilities Singapore government finds via bounties, disclosures are valid

Health related patient data emerges on the dark web

Healthcare data breaches in 2021 up by 185% from last year

How Network Segmentation Can Protect Supply Chains from Ransomware Attacks

How to create a positive and effective cybersecurity environment instead of a shame culture

How to prevent corporate credentials ending up on the dark web

HP finds 75% of threats were delivered by email in first six months of 2021

Imaging Company Reports Data Breach

India: How the student data breach leaves minors vulnerable to several threats

iPhone Facing Hacking Threat With Major Security Risk: Update Now to Prevent Data Breach!

Ireland: AIB customers hit by new realistic text scam that accesses your bank account details

Is Japan ready to face mounting cyber threats during the Olympics?

Kaseya recovers data stolen in ransomware attack with mysterious decryption tool

LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk

LockBit ransomware automates Windows domain encryption via group policies

Majority of employees take cybersecurity shortcuts, despite knowing risks

Malware developers turn to 'exotic' programming languages to thwart researchers

Microsoft Teams: Here comes new protection against phishing attacks

Microsoft Teams is getting better phishing protection

Microsoft warns of credential-stealing NTLM relay attacks against Windows domain controllers

Microsoft warns of PetitPotam attack taking over Windows domains

Monero Bug May Have Exposed the Privacy of Transactions for a Small Number of Users

More than one in three organizations say that they are experiencing more cyberattacks

Nation-state hackers undeterred by US ‘naming and shaming’

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

No More Ransom Saves Victims Nearly €1 Over 5 Years

Old crypto malware makes come back, hits Windows, Linux devices

Patient Receipts With PHI Stolen, Recovered From Doctor’s Office

Persistent Cyberattacks Put Hospitals' Finances at Risk

Philippines: Security Bank users claim phishing losses totaling more than P5.7 Million

Phishing Used to Get PII, not Just Ransomware

Port operator declares force majeure after ransomware hit

'Praying Mantis' threat actor targeting Windows internet-facing servers with malware

Ransomware attack on Grass Valley

Rhode Island Woman Pleads Guilty to Phishing Scheme

Saudi Cybersecurity Experts’ Take On Clubhouse Data Breach Reports

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Tech support scams among top phishing attacks

The City of Thessaloniki in Greece is Being Extorted by the ‘Grief’ Ransomware Group

The Cyber Apocalypse Never Came. Here’s What We Got Instead

The number of attacks on US networks using ransomware viruses has increased by 300%

The risk of insecure protocols in business environments

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

Time to update your iPhone as Apple fixes 'actively exploited' zero day flaw

Tokyo Olympics hit by cyberattack a week after FBI warning

Turning the tide on surging account takeovers in the media industry

UC San Diego Health discloses data breach after phishing attack

UCSD Health data breach

Unknown number of British Columbians' personal information for sale online after health company extorted

Update Your Apple Device Now to Plug a Critical and Actively-Exploited Zero-Day

What have insurers learned after the JBS cyberattack?

What Is Identity Theft and How Can You Prevent It?

What Is Ransomware and How Can It Hurt an Organization?

Why remote working leaves us vulnerable to cyber-attacks

Zimbra Server Bugs Could Lead to Email Plundering

26th July

Australia: Remote access scams increase 184 per cent

Avoid sophisticated phishing attacks by slowing down, getting trained

AvosLocker Ransomware Gang Recruiting Affiliates, Partners

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

Calls To Ban Crypto Make Headlines, But They Ignore Reality

Can your organisation survive the ransomware onslaught?

Check Point reports 93% surge in smart ransomware attacks over past year

Clubhouse denies allegation of data breach that claimed to leak 3.8 million phone numbers on dark web

Clubhouse Denies Allegations That Claimed 3.8 Billion Phone Numbers Available on Dark Web

Connecticut Expands Data Breach Notification Law, Changes Effective October 1, 2021

Coveware: Median ransomware payment down 40% in Q2 2021

Criminals target Discord to spread malware

Critical Infrastructure Companies Rise To Meet Cyber Threat

Crypto-ransomware connection draws U.S. Senate scrutiny

Cybercriminals launch targeted phishing attacks against Microsoft 365 users

Data-localization policies are spreading rapidly around the world

DDoS protection major concern for Middle East service providers

Deepfakes: Microsoft and others in Big Tech are working to bring authenticity to videos, photos

Disrupting Ransomware by Disrupting Bitcoin

Double Encryption: When Ransomware Recovery Gets Complicated

Everything You Should Know About the HIPAA Enforcement Rule

Express MRI Notifies Patients of Data Breach

Five 'must dos' for small business to increase cyber resilience

'Freeze your credit report': Cybersecurity expert advises after DEO security data breach

‘Holy moly!’: Inside Texas' fight against a ransomware hack

How to develop a skilled cybersecurity team

How to empower and prepare the next generation of cyber professionals

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

How to protect against social engineering attacks

Ignore API security at your peril

Jefferson Health hacked as cyber criminals seize info on cancer patients. Temple hospital hacked, too

Kaseya denies paying hackers for decryption key after ransomware attack

Kaseya Obtains Decryptor Key for REvil Ransomware Victims

Kaseya Receives Decryptor After Ransomware Attack

Kaseya Says It Didn’t Pay a Ransom To Hackers

Malware Makers Using ‘Exotic’ Programming Languages

Microsoft: Here's how to shield your Windows servers against this credential stealing attack

Microsoft brings Safe Links phishing protection feature to Teams

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

MosaicLoader, the new malware is being promoted through search engine ads, designed to lure users looking for cracked software

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

Nigeria: Expert urges data security against $6 trillion loss

No More Ransom celebrates success in helping 600k people recover from ransomware attacks

No More Ransom saves almost €1 billion in ransomware payments in 5 years

Potential phishing scam averted following Irish coronavirus certificate website typo

Ransomware: Here's how much victims have saved in ransom payments by using these free decryption tools

Ransomware Attack on New York Boarding School Exposes SSNs

Ransomware Insurance Claims Surge in Number and Value. The Problem Is Worsening

Reports ID trends to watch in cybersecurity

Researchers warn of unpatched Kaseya Unitrend backup vulnerabilities

‘Savory Spice’ Breached and Customer Credit Card Details Compromised

Should ransomware payments be banned?

Signal fixes bug that sent random images to wrong contacts

Sophos warns of Discord-borne malware

States Consider Legislation to Ban Ransomware Payments

Texas ransomware attack shows what can happen when whole towns are targeted

The knowledge gap around runtime security and the associated risks

The True Impact of Ransomware Attacks

The US House just passed a bill to incentivize cybersecurity planning for state and local government

Third Party Security Failure Caused 1 TB Data Breach at Saudi Aramco; Hackers Play Puzzle Games With Oil Giant

Tokyo 2020 hit by data breach

Tokyo 2020 Olympic Games Hit by Data Breach

Top consumer cybersecurity insights and takeaways from April to June 2021

Town of North Beach Reports All Normal after Early July Ransomware Attack

Twitter’s attempts to tighten security fall flat as Two Factor Authentication is not being adopted by users

U.S. Policy Can Slow Down Russia-Based Ransomware

Uber interfered with privacy of 1.2 million Australians

Uber slapped on wrist for massive data breach

US Senator Gary Peters Investigates Crypto and Ransomware, Introduces Legislation

Verifiable credentials are key to the future of online privacy

What is the future of cybersecurity? In-depth cyber space analysis

What to do after a ransomware attack

WhatsApp chief says government officials, US allies targeted by Pegasus spyware

Who us??? Kaseya says it hasn’t paid anybody for its ransomware decryption key

Why remote working leaves us vulnerable to cyber-attacks

Ransomware Operator Claims - Week 29 2021

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 19th July and 25th July 2021, kindly provided by our partners.

Flag Icons created by Freepik and provided by Flaticon.

Saturday, 24 July 2021

Prestera Center: West Virginia Mental Health Services Provider's Data Breach Compromises 3,708 Patients' Health Information

Yale New Haven Health: US Healthcare Provider Suffers Third-Party Data Breach Compromising 15,904 Patients' Health Information

Brockton Police: Massachusetts Police Department Suffers Suspected Ransomware Attack Resulting In IT Systems Disruption

Aging Partners: Nebraska Government Department's Phishing Attack Compromises 46,000 Emails And 1,513 Citizens' Health Information

Friday, 23 July 2021

Emma Willard School: New York Private Boarding School Suffers Ransomware Attack Compromising Personal And Financial Data

Transnet: South African Railway And Container Terminal Operator's Ransomware Attack Results In IT Systems And Operational Disruption

HealthAlliance: New Zealand IT Services Provider Suffers Data Breach Potentially Compromising District Health Boards' Patients' Data

740 Global Ransomware Victims Had Their Data Stolen And Leaked On The Dark Web In Q2 2021 With 47% Increase From Q1 2021

Thursday, 22 July 2021

National Lottery Community Fund: UK Lottery Funding Programme's Data Breach Exposes Six Years Of Applicants' Personal Data And Bank Details

Kaseya VSA: Miami Cloud-Based MSP Platform Obtains Universal Decryptor For "REvil" Ransomware Supply Chain Attack Victims

Guntrader: UK Firearms Trading Website Suffers Data Breach Resulting In 100,000 Customers' Personal Data Leaked On The Dark Web

PeopleGIS: US Software Company's 86 Unsecure Servers Exposed 1.6 Million Files From Over 100 Municipalities In Massachusetts, New Hampshire And Connecticut