Editor's Message

Welcome to DBD. We hope you like how the site is continuing to evolve to provide you with what we consider the top stories and advice of the day, and provide you with an exclusive insight into the current state of data leaking ransomware attacks. Any feedback, positive or negative, would be gratefully received to enable us to give you the best experience on any device. Stay safe. :)

Wednesday, 2 December 2020

Embraer: Brazilian Aircraft Manufacturer's Ransomware Attack Results In Operational Disruption And Sensitive Data Stolen

Huntsville City Schools: Alabama School District's Ransomware Attack Results In 37 School Closures

nTreatment: San Francisco Medical Records Management Company's Unsecure Server Exposes 109,000 US Patients' Health Information

Global Data Breaches - November 2020

November 2020 saw another 103 Data Breaches reported which accounted for 586.7 Million Data Records reported compromised.

November's total amount of Data Breaches reported decreased by over 11% from last month, but the total amount of Data Records reported compromised increased by over 577% from last month.

The hardest hit sectors were Healthcare, Technology and Public Sector, with most breach types continuing to be Cyber Attack, Internal Error and Ransomware, accounting for over 71% of total Data Breaches reported this year.

Currently this takes the yearly totals so far to 986 Data Breaches reported and 20 Billion Data Records reported comprised as of the end of November 2020.

Download PDF

Watch 30 Second Video

Data Source: IT Governance.

Tuesday, 1 December 2020

GootKit: German Internet Users Targeted With Fake Forum Posts Deploying Malware And "REvil" Ransomware

Dark Web: Personal Data Including Credit Card And Online Banking Details Is Being Sold For As Little As $0.50

Parcel Delivery Phishing Scams Using Amazon, DHL And FedEx Branding Increased By 400% In November 2020

Magecart: Newly Discovered Credit Card Skimmer Hijacks PayPal Transactions During The Checkout Process On Compromised Online Stores

Lloyds Pharmacy: UK Pharmacy Chain's Parcel Of Bedfordshire NHS Patients' Prescriptions Records Mistakenly Delivered To Home In Scotland

Philabundance: Philadelphia Hunger-Relief Group Loses $923,533 To Cyber Criminals After Electronic Payment To Contractor Is Diverted

KNWU: Royal Dutch Cycling Union's Ransomware Attack Results In Members' Data Stolen And Rejected Ransom Demand

Absa: South African Bank Suffers Internal Data Breach Exposing Customers' Personal Information To External Parties

Monday, 30 November 2020

Manchester United: UK Premier League Football Club Facing £15 Million Fine If Ransomware Attack Ransom Demand Paid

US Named Data Theft Capital Of The World After Suffering More Than 6 Billion Data Breaches In The Last 7 Years

The Average US Household Suffers 104 Cyber Attacks To Their Connected Devices Every Month

OceanLotus: Vietnamese State-Sponsored APT Group Targeting Apple MacOS Users With Malware To Steal Confidential Business Information

AspenPointe: Colorado Healthcare Provider's Data Breach Results In 295,617 Patients' Health And Personal Information Stolen

Ransomware Operator Claims - Week 49 2020

Welcome to this week's ROC Report, an exclusive view of Ransomware Operator's claimed victims that were published on the Dark Web during the period between 30th November and 6th December 2020, kindly provided by our partners.


Victim: E-Land Retail
Location: Seoul, South Korea
Description: Department Store Chain

Victim: Nova Biomedical
Location: Waltham, Massachusetts, USA
Description: Blood Testing Technology Manufacturer And Distributor

Victim: Parkland Fuel Corporation
Location: Calgary, Alberta, Canada
Description: Independent Fuel And Petroleum Products Supplier


Victim: Bretz RV & Marine
Location: Missoula, Montana, USA
Description: RV And Boat Dealership

Victim: Conn-Selmer, Inc
Location: Elkhart, Indiana, USA
Description: Musical Instruments Manufacturer

Victim: De'Longhi America, Inc
Location: Upper Saddle River, New Jersey, USA
Description: Kitchen And Home Comforts Manufacturer

Victim: Exide Technologies
Location: Gennevilliers, France
Description: Automotive And Industrial Batteries Manufacturer

Victim: HT M├ędica
Location: Madrid, Spain
Description: Radiology Medical Group

Victim: Intersport International Corporation GmbH
Location: Bern, Switzerland
Description: International Sporting Goods Retailer

Victim: Kiolbassa Smoked Meat (Kiolbassa Provision Company)
Location: San Antonio, Texas, USA
Description: Smoked Meat Products Processor And Distributor

Victim: Samson Holding Ltd (Samson Marketing)
Location: High Point, North Carolina, USA
Description: Furniture Wholesaler And Manufacturer

Victim: Stewart, Gee & Murray CPA LLP
Location: Saskatoon, Saskatchewan, Canada
Description: Accountants

Victim: Total System Services LLC (TSYS)
Location: Columbus, Georgia, USA
Description: Payment Processing Services Provider


Victim: Forbes Energy Services
Location: Alice, Texas, USA
Description: Independent Oilfield Services Contractor


Victim: AMT Senior Aerospace
Location: Arlington, Washington, USA
Description: Commercial Jet Aircraft Parts Manufacturer

Victim: City of Portland
Location: Portland, Texas, USA
Description: Local Government Website

Victim: MetCap Living Management, Inc
Location: Toronto, Ontario, Canada
Description: Residential Apartment Rental Company

Victim: Precoat Metals Corp.
Location: St. Louis, Missouri, USA
Description: Coil Coated Metal Manufacturer And Retailer


Victim: Altamaha Federal Credit Union
Location: Jesup, Georgia, USA
Description: Credit Union Bank

Victim: Randstad North America, Inc
Location: Atlanta, Georgia, USA
Description: Recruitment And Employment Agency


Victim: Leonardo S.p.A. (Kopter Group AG)
Location: Rome, Italy
Description: Aerospace, Defence And Security Company

Mount Locker

Victim: Forrester Construction Company
Location: Rockville, Maryland, USA
Description: Construction Company


Victim: Britax Child Safety, Inc
Location: Fort Mill, South Carolina, USA
Description: Child Safety Seat And Stroller Manufacturer

Victim: Mainsail Lodging & Development LLC
Location: Tampa, Florida, USA
Description: Hotel And Resort Property Management Company

Victim: Name South, LLC
Location: Mooresville, North Carolina, USA
Description: German Automobile Parts Supplier


Victim: InfiApps
Location: Netanya, Israel
Description: Mobile Gaming Developer


Victim: Local 881 UFCW
Location: Des Plains, Illinois, USA
Description: Labor Union

Flag Icons created by Freepik and provided by Flaticon.

Data Breaches Digest - Week 49 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 30th November and 6th December 2020.

3rd December

CISA warns APT groups targeting US think tanks

Cloud-native benefits stifled by critical security and networking issues

Death, Destruction and Rigged Elections: The New Reality of Today’s Cyber Threats?

Growing Acceptance of Ethical Hacking

How to reduce the risk of third-party SaaS apps

Philly Food Bank Loses $1m in BEC Scam

Raising defenses against ransomware in healthcare

Ransomware gang says they stole 2 million credit cards from E-Land

The challenges of keeping a strong cloud security posture

The changing face of ransomware

This phishing group is targeting COVID-19 vaccine supply chains

Top 8 Ransomware Attacks of 2020 That Shook The Internet

2nd December

14% rise in suspected 2020 holiday weekend e-commerce fraud

2020: A Unique Year for Data Privacy Issues

Absa bank embroiled in data leak, rogue employee accused of theft

American Medical Association (AMA) Warns of Telehealth Cyber Risks, Insider Threats Tied to COVID-19

AspenPointe breach compromises personal and healthcare data of 295,617 patients

Avoid This Fake Zoom Meeting Invite Phishing Scam

Beware - that email about your Amazon delivery alert could be an online scam

Brazilian aerospace firm Embraer hit by cyberattack

BTC Markets exposes customer names, emails in botched blast send

BTC Markets privacy breach exposes all customers to potential phishing attacks

Canadian businesses need strong cyber defences in risk-laden climate

Class action suit launched against Dell after data breach led to years of scam calls

Cloud native security: A maturing and expanding arena

Common API Security Risks and How to Mitigate Them

Consumers vastly misjudge the vulnerability of their home networks

Criminals to Favor Ransomware and BEC Over Breaches in 2021

Cyber-espionage campaign opens backdoor to steal documents from infected PCs

Cybercriminals Already Profiting from the Retail Season

Cyberespionage APT group hides behind cryptomining campaigns

Demand for private network deployments will be driven by heavy industry verticals

DNS Filtering: A Top Battle Front Against Malware and Phishing

Double extortion ransomware will be a big theme in 2021

DPD scam: Warning over passwords and bank details as new scam targets Christmas post

Electronic health records provider caught out in data breach

FBI: Block Email Forwarding to Stop BEC Attackers

Fired US Cybersecurity Chief Considers Legal Action

Fraudsters impersonate DHL, Amazon in November phishing email surge

Hackers Are Targeting US Think Tanks

Half of Docker Hub Images Feature Critical Flaws

Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data

HMRC phishing scam abuses mail service to bypass spam filters

How do hackers choose their targets?

How Incident Response Teams Survived COVID-19

Huntsville schools close for the week amid cyberattack

Interpol warns of organised cyber crime networks targeting COVID-19 vaccines

Ireland: Twitter Data-Breach Decision Coming Soon, Privacy Watchdog Says

IT leaders on 2021 opportunities, challenges and key technology trends

K12 online schooling giant pays Ryuk ransomware to stop data leak

‘Long & Foster’ Suffered a Catastrophic Data Breach Incident

Master Chef and Black Mirror producer attacked by DopplePaymer ransomware

Native Cloud Security Controls Still “Not Good Enough”

Netwrix 2021 Cybersecurity Predictions Point to More Intense Threats

New DPD email scam Sheffield shoppers need to be aware of this Christmas

Open source software security vulnerabilities exist for over four years before detection

Phishing targets US brokerage firms using FINRA lookalike domain

Police staff member resigns over data breach

Rock Springs Police Department Warns Residents of New Phishing Scam

Russian hacking group uses Dropbox to store malware-stolen data

Saint John should share details of ransomware attack, cybersecurity expert says

Sales of CEO email accounts may give cyber criminals access to the "crown jewels" of a company

Serious data breach rocks Absa Group

Stats on Cyber Claims: Cyber Crime is Most Expensive, Internal Failures are Most Frequent

The Ongoing Threat of Telecoms Fraud

The three stages of security risk reprioritization

The Zendal group is defrauded by 9 million euros for the phishing technique

There’s no vaccine for ransomware

Top cybercrimes that may affect your business; fraudsters trying to play ‘long-game’

Turla Crutch attacks Ministry of Foreign Affairs in an EU country, misuses Dropbox in cyber-espionage

Uswitch report reveals the world’s biggest data breaches

What is Ransomware? How dangerous is it and how to get rid of it

Which security practices lead to best security outcomes?

Why businesses should focus on protection, instead of relying on detection

Why should we care about a data breach?

1st December

8 cybersecurity trends to watch out for in 2021

2020's worst cryptocurrency breaches, thefts, and exit scams

2021 Cybersecurity Trends: The Emergence of the Personalized Attack Chain

Absa Confirms Client Data Breach

Absa employee at the centre of a data breach

Alabama school district shut down by ransomware attack

Android app still exposing messages of 100M users despite bug fix

Are you ready for a more privacy-focused New Zealand?

AstraZeneca Targeted by Nation-State Actors Via Phishing Attacks, Malware

At quick glance, ‘expertly framed’ Quickbooks phishing email looks legit

Attackers use Windows ransomware to hit Big Brother production firm

Baltimore County Public Schools (BCPS): Virtual learning to resume as ransomware investigation continues

Baltimore County Students, Staff Rush To Make Sure There Are No Lingering Ransomware Issues On Devices After Cyberattack

Banijay, producer of MasterChef, hit by ransomware

Blackberry Details Hacker-for-Hire Group Targeting U.S., Europe, Asia, Australia, Africa Entities

Bomb Threat Hacker Gets 8-Year Prison Sentence

BSI encourages SMEs to prepare for a cyber incident, in a remote working environment – the hybrid office

Canon employee data exposed in ransomware attack

Carding forum crackdown prevents EUR40m in payments fraud

Carrefour Handed $3.7m GDPR Fine

Claims of ties between ransomware groups met with skepticism among threat researchers

Connecticut Leads $17.5M Settlement Over Home Depot Data Breach

Conti Ransomware Gang Posts Advantech's Data

Critical Oracle WebLogic flaw actively exploited by DarkIRC malware

Cyber Crime Unit Arrests Five in Louisiana

Cyber spies targeting foreign-based crooks

Cyber-Attack Exposes Data of 295,000 Colorado Springs Patients

Cybersecurity Flaws Could Lead to Biological Attacks

Data management at the heart of cloud security

Delivery scams surge to ring in the holiday season

DHL, Amazon and FedEx are most phished delivery services

Don’t Blame the Victim, Blame the Game: The OFAC’s Misstep in Fining Ransomware Payers

Don’t do this mistake in case you lose your iPhone

FBI warns of BEC scammers using email auto-forwarding in attacks

FBI warns of email forwarding rules being abused in recent hacks

Financial Threats in 2021: Cryptocurrency Transit, Web Skimmers Move To the Server Side and Extortion Plague

Foiling RaaS attacks via active threat hunting

German Court Slashes GDPR Fine for Telecoms Giant by 90%

“GootKit” Banking Trojan Turning Into a Scourge in Germany

'Hacker_R_US' gets eight years in prison for bomb threats and DDoS extortion

Herndon’s K12 Inc. reports ransomware attack

How Data Classification Helps Organizations Maintain a Strong Data Security Posture

How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?

How to protect your personal data from being sold on the Dark Web

How to secure your network from a Ryuk ransomware attack

If you shopped over the holiday weekend, read this warning

Indian job portal IIMJobs hacked; database leaked online

Is Windows Defender Good Enough to Protect Your PC by Itself?

Latest pandemic wave underscores vulnerability of cloud file systems

List of data breaches and cyber attacks in November 2020 – 586 million records breached

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

Major Cybersecurity Challenges in the Healthcare Sector

Malicious npm packages caught installing remote access trojans

Malicious NPM packages used to install njRAT remote access trojan

Malware may trick biologists into generating dangerous toxins in their labs

Microsoft links Vietnamese state hackers to crypto-mining malware campaign

Microsoft Office 365 Phishing Leverages Oracle, AWS Cloud Services

Microsoft removes 18 malicious Edge extensions for injecting ads into web pages

Microsoft Report says Nation-State Hacker Group is Leveraging Cryptocurrency Techniques to Stay Under the Radar

Most Brits aren't protecting themselves online when remote working

MPs Victim of Nearly 3 Million Malicious Email Attacks Monthly

Number of phishing attacks on Azerbaijani web sites down

Old Vulnerabilities Open the Door for WannaCry Ransomware

Online education vendor K12 hit with ransomware, pays ransom

Only 14% of Online Users Frequently Use Biometric Authentication

Outbound emails a business threat according to new report

Overcoming Healthcare’s Cybersecurity Challenges

Parcel delivery phishing scams up 400 percent in November

Partitioned Endpoints Pair Security with Convenience for Home Working

Pennsylvania county pays $500,000 to recover data stolen by ransomware gang

Personal Info Available on Dark Web for as Little as 50 Cents

Philadelphia hunger relief group Philabundance lost nearly $1 million in cyberattack

Predictions: The Top Endpoint Security Threats of 2021 (And How to Prevent Them)

Ransomware Attack Shutters Baltimore County Schools

Remote Workers Admit Lack of Security Training

Remote working poses growing security threat from cyber criminals

Royal Dutch Cycling Union refuses to pay ransom following data breach

Scam Alert: Glen Ellyn Library Warns Of Phishing Attempts

Secure access: business confidential

Securing the Office of the Future

Social Media Account Verification Messages: CyberCriminals’ Latest Phishing Technique Exploits Both Human Emotions And Anti-Fraud Techniques

South Africa: Post Office warns against new phishing postal scam

South Africans warned of new post office email scam

State-backed threat group using crypto mining malware to evade detection and monetise compromised networks

Tech Leaders Share 10 Ways Individuals Can Guard Against Ransomware

That email about your delivery could be fake: Phishing scammers increase their attack on online shoppers

The biggest hacks, data breaches of 2020

The Future of Cybersecurity: How to Prepare for a Crisis in 2020 and Beyond

The Future Of Privacy: What Businesses Should Be Planning For

The Future of Ransomware: Preparing for the Next Generation of Ransomware Attacks

The Painful Calculus of Ransomware Payments

Thousands of US lab results and medical records spilled online after a security lapse

Top 10 Email Phishing Attacks Deployed During the Holiday Season

Two Essential Defenses that Baltimore County School District (and All Districts) Should Adopt to Keep the Next Ransomware Attack from Succeeding

Typosquatting: What it is and why it’s a danger to charities

Vietnamese State Hackers Deploy Coin Miners to Victims

What is cyber insurance? Everything you need to know about what it covers and how it works

Why microlearning is the key to cybersecurity education

Woman in Scotland receives parcel containing confidential information about hundreds of patients in Milton Keynes

Zoom Impersonation Attacks Aim to Steal Credentials

30th November

3 Ways You Can Frustrate the Average Cybercriminal

5 Benefits of Upgrading Your Home Network Security

28 Million Licensed Texan Drivers Hit by a Data Breach

2020 Was the Year of the Great VPN Comeback, or Was It?

A Baker’s Dozen of Cyberattacks

Absa hit by data breach

Australia: The public sector just went mobile. So how do you secure voice calls and messages?

Average household hit with 104 threats each month

Back-to-Work Phishing Campaign Targeting Corporate Email Accounts

Baltimore County Schools Plan To Resume Virtual Learning Wednesday Following Cyberattack

Baltimore County schools still closed following cyber attack

Baltimore schools close responding to ransomware attack

Baltimore students told to ditch Windows PCs after ransomware attack

Bandook malware targets ‘unusually wide variety’ of industries, regions

Better Business Bureau provides tips on avoiding scams Cyber Monday

Beware new South African Post Office customs scam

Beware, if you receive this email it is phishing

Bug Bounties: Why These 10 Vulnerabilities Matter the Most

Building real cyber resiliency in government

Businesses can save on the hefty cost of a security breach if they're honest

Canon: Ransomware Attack Exposed Employee Data

Canon confirms ransomware attack in August exposed employees' personal data

Check Point Highlights Future Malware Threats to Fintechs

Companies are relaxing cybersecurity during the pandemic to boost productivity

Consumers underestimate how often their networks are targeted by threat actors

Consumption of public cloud is way ahead of the ability to secure it

Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand

Credit card skimmer fills fake PayPal forms with stolen order info

CTAG was attacked by the Sodinokibi ransomware in October

Customers fooled by fake Woolworths phishing scam offering free grocery boxes on social media

Cyber Monday safety tips from the Better Business Bureau

Cyber security faces threat from 'ransomware'

Cyber security statistics for small organisations

#CyberMonday Risks of a Locked-Down Festive Period for Online Retailers

Data Stolen from America's Largest Fertility Clinic Operator

Delaware County in the process of paying DoppelPaymer creators $500K

Delaware County Pays $500,000 Ransom After Outages

Denmark News Agency Refuses to Pay Hacker's Ransom

Docker malware is now common, so devs need to take Docker security seriously

Driven by Ransomware, Cyber Claims Rise in Number & Value

Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up

Gootkit malware returns to life alongside REvil ransomware

Hacker selling CEO, CFO email accounts for as less as Rs 7,400

Hackers are targeting MacOS users with this updated malware

Hackers exploiting MobileIron vulnerability

Healthcare provider AspenPointe data breach affects 295K patients

Here’s how to avoid potential scams as holiday shopping moves increasingly online

How Active Directory Is Being Leveraged in Phishing Attacks

How do I select a pentesting solution for my business?

How much will a data breach really damage your organisation’s reputation?

How To Protect Your Manufacturing Business From Cybercrime

Huntsville City Schools cancels classes Tuesday due to ransomware threat

In a remote environment, data security is HR’s concern

IoT chip maker Advantech confirms ransomware attack, data theft

Is 2020 the Year of the Linux Malware Pandemic?

Lehigh Valley Technology Company warns businesses to expect a dramatic increase in cyber-attacks in 2021

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

MasterChef Producer Hit by Double Extortion Ransomware

Microsoft ‘most imitated’ brand by cyber hackers

More online shopping means more holiday scamming, FBI warns

New South Wales driver's licence data breach victims still in the dark after three months

New Zealand Privacy Act: Updated data breach legislation comes into effect tomorrow

Office 365 phishing scam uses legitimate Oracle and AWS services

Pandemic thinking: What if there were a vaccine for OT ransomware?

Pandemic, A Driving Force in 2021 Financial Crime

Pay2Key Ransomware Joins the Threat Landscape

Post-Cyberattack, UVM Health Network Still Picking Up Pieces

Ransomware – the gift that keeps on taking

Ransomware Attack on Baltimore County Schools

Ransomware halts classes for 115,000 Baltimore pupils

Ransomware, Zero-Day, IoT, and Connected Car Attacks All on the Threatscape Horizon in 2021

Remote Desktop Protocol remains one of 'top attacked protocols', report says

Remote work readiness gives Singapore firms cybersecurity anxiety

'Return to Office' Phishing Emails Aim to Steal Credentials

Risk of identity theft is high this year, here’s how experts say you can protect your credit

Ryuk Ransomware Attack Could Cost French IT Services Firm Nearly $60M

Singapore: The year hackers and scammers exploited our COVID-19 fears to cheat us

SMBs Disclosing Data Breaches Minimize Financial Impact

Sophos Suffers Data Exposure Incident

Stride Identifies a Cyberattack on Its Systems and Network

Surge in cyber attacks on Indian vaccine makers in Oct-Nov

The Multi-Million Pound Manchester United Hack

The Password Is Slowly Becoming Extinct, but It’s Not Obsolete Yet

The Rising Threat of Ransomware: How Trucking Can Fend Off Cyberattacks

The solution to the increase in cyberattacks

The US Is Number One for Data Theft

This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins

Top 5 tips for choosing strong passwords

Top 10 Cybersecurity Tips for Small Businesses

Top security tips for online shoppers

Vermont hospitals still recovering from October ransomware attack

Wall Street Regulator Sounds Alarm over Email Phishing Scam

Whitehat Jr, Dunzo, Big Basket Hacked In Last Few Months: India Gets 4 Lakh Malware Everyday!

Why companies can’t become complacent as the second lockdown hits