Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday, 30 March 2020

Data Breaches Digest - Week 14 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 30th March and 5th April 2020.


5th April

Docker servers targeted by new Kinsing malware campaign

Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others

The remote-working rush is creating a playground for spies and cybercrooks

Zoom Recordings Exposed

4th April

12k+ Android apps contain master passwords, secret access keys, secret commands

DOJ says Zoom-bombing is a crime

Legal initiative launched to aid those affected by massive data leak

Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs

3rd April

45% of Employees Don’t Know How to Respond to Ransomware Attacks

A hacker has wiped, defaced more than 15,000 Elasticsearch servers

Affordacare data breach worse than company first thought

App exposes 44 million user records: Driver’s licenses, credit cards, medical info

Catches of the month: Phishing scams for April 2020 – the coronavirus special

Coronavirus - 5 Ways to Protect Your Organisation Against Cyber Attacks

Data Breach: A summary of healthcare security incidents in March 2020. Are you a victim of Medical Identity Theft?

Data Breach Report: Popular Digital Wallet App Key Ring Exposes 14 Million Users

Discord Turned Into an Account Stealer by Updated Malware

Dramatic rise in COVID-related cyberattacks

Establishing Secure Data Management Best Practices

Facebook takes on Zoom with new standalone desktop Messenger app for MacOS and Windows with unlimited video group calls during coronavirus lockdown

FBI warns of 'Zoom-bombing' as teleconferencing use surges during outbreak

GoDaddy suffers embarrassing phishing attack

Hacking forum gets hacked for the second time in a year

JavaScript skimmers: An evolving and dangerous threat

Management Company Wolfe & Associates Suffers Data Breach

Microsoft: Emotet Took Down a Network by Overheating All Computers

Microsoft Warns Hospitals: Fix VPNs or Be Threatened by Ransomware

Microsoft warns hospitals of impending ransomware attacks

Mozilla Patches Two Actively Exploited Firefox Zero-Days

New campaign to hack MS-SQL servers uncovered

New Zoom Bug Lets Hackers Compromise Windows Credentials

OGUsers hacking forum hacked; entire database dumped on rival forum

Ransomware and DDoS attacks: Cybercrooks are stepping up their activities in the midst of coronavirus

Santa Barbara rental property service suffers from data breach

The Future of Biometrics IoT

The Race Against Ransomware Attacks: How to protect yourself and fight back?

Thousands of Elasticsearch servers wiped by criminals

Twitter Apologises After It Found a Firefox Cache Bug Was Storing Your DMs

Web skimming attacks not expected to intensify during COVID-19 quarantines

Zoom 'unsuitable' for government secrets, researchers say

Zoom-Bombing: How Trolls Are Hijacking Quarantine (and How to Protect Yourself)

2nd April

10 Years of Data Breaches Mark Vulnerable Businesses

Australian Kids' Smartwatch Maker Hit By Same Bug Again

Best Practices to Manage Third-Party Cyber-Risk Today

Bitdefender reveals Mandrake spyware targeting Aussie Android users

Coronavirus: Hackers are now launching dozens of email scams each day

Cyber criminals are trying to exploit Zoom's popularity to promote their phishing scams

Florida-Based Firm Files Class Action Against Marriott After Latest Data Breach Revelation

Hacker Hijacks 30 YouTube Accounts to Broadcast Bill Gates-themed Bitcoin Ponzi Scheme

Key Ring App Data Leak Exposes 44 Million Images

List of data breaches and cyber attacks in March 2020 – 832 million records breached

MakeFrame: Magecart Group 7’s Latest Skimmer Has Claimed 19 Victim Sites

New Research From Kaspersky Finds 45% of Employees Don’t Know How to Respond to a Ransomware Attack

New solution shines light on Dark Web credential trading

Phishing attack on Godaddy compromised Escrow.com website

Protecting Office 365 from external and insider data breaches

Ransomware strikes biotech firm researching possible COVID-19 treatments

The Average “Cyber Breach” Costs Business £5,220 Says this Gov’t Report: Is It Badly Wrong?

The internet is now rife with places where you can organize Zoom-bombing raids

There's now COVID-19 malware that will wipe your PC and rewrite your MBR

Zoom: We're freezing all new features to sort out security and privacy

1st April

A crypto-mining botnet has been hijacking MSSQL servers for almost two years

Bizarre Data Breaches You’ve Never Heard About

Coronavirus: Microsoft directly warns hospitals, 'Fix your vulnerable VPN appliances'

Coronavirus: Zoom under increased scrutiny as popularity soars

Cybersecurity warning: These scammers are looking for a way into your email accounts

Data Breach Report: Cloud Backup Provider Exposes More than 135 Million Customer Records

Hackers Play Dirty, So Practice Good Digital Hygiene

Hackers ‘Without Conscience’ Target Health-Care Providers

Italy's social security website hit by hacker attack

LimeRAT malware is being spread through VelvetSweatshop Excel encryption technique

Massive Data Breach Of Majority Of Malta’s Citizens Is Being Investigated By Data Protection Commission

Massive data leak leaves more than 337,000 voting records exposed

Microsoft is working on mitigating an entire Windows bug class

Microsoft Warns Hospitals Vulnerable To Ransomware Attacks

Morrisons not liable for actions of employee over data leak, Supreme Court rules

Morrisons wins case involving worker with a grudge who leaked other staff’s wages

Ransomware, social engineering and cryptojacking – the things keeping IT professionals awake

Rutter’s hit with federal lawsuit claiming $5M-plus in damage from data breach at its convenience stores

SOS Online Backup exposed 135M records via unsecured cloud storage

Supreme court take on Bradford-based Morrison's data leak case

Top financial services cybersecurity and data breaches

Why All Employees Are Responsible for Company Cybersecurity

Why some hackers are targeting healthcare facilities during coronavirus pandemic

Windows 10 alert: Zoom client can leak your network login credentials

“World’s most secure online backup” provider exposes 135M records

Zoho on collecting customer data and avoiding the cookies trap

Zoom says it will fix security holes that video hackers have exploited

Zoom under scrutiny in US over privacy, porn hacks

31st March

Affordacare patients notified of security breach

Another Marriott Breach Affects Millions

Cambridge Analytica Nightmare Not Over For Facebook

Companies who make workers use Zoom risk breaking the law if they fail to say how data is shared

Data Leak: Personal identifiable information of 4.9 million Georgians found online

Data on almost every citizen of Georgia posted on hacker forum

FBI re-sends alert about supply chain attacks for the third time in three months

For Marriott Hotels, Lightning Does Strike Twice In New Data Breach Affecting 5.2 Million

Hack Brief: Marriott Got Hacked. Yes, Again

Houseparty app boycotted after users claim their online accounts were hacked

Houseparty denies hack as credential stuffing attacks spread

Houseparty ‘NOT hacked’ – and offers $1MILLION bounty to find person who started ‘smear campaign’

Houseparty offering over 800k reward for proof of sabotage amid hacking rumours

Houseparty offers $1m reward for proof of sabotage

Houseparty users claim app ‘has been HACKED’ – but creators deny breach

How to delete Houseparty account: Step-by-step guide

Is Houseparty safe? Has it been hacked? And if not, why are YOU being told to delete it?

Kwampirs threat actor continues to breach transnational healthcare orgs

Marriott claims new information breach impacts 5.2 million visitors

Marriott data breach: What to know and how to protect your data

Marriott data breach exposes personal data of 5.2 million guests

Marriott discloses new data breach impacting 5.2 million hotel guests

Marriott hit by second data breach exposing “up to” 5.2 million people

Marriott hotel chain faces fines after another major data breach

Marriott International confirms data breach of up to 5.2 million guests

Marriott International Experiences Massive Data Breach

Marriott International hotel chain in second data breach

Marriott International Notifies Guests of Property System Incident

Marriott International's latest data breach hits 5.2M guests

Marriott’s Latest Data Breach Impacts 5.2 Million Travelers

Marriott Reports Data Breach Affecting Up to 5.2 Million Guests

Marriott Reveals Data Breach That Could Have Impacted 5.2 Million Customers

Marriott Reveals Yet Another Data Breach

Marriott suffers data breach affecting 5.2 million customers

Millions of Guests Impacted in Marriott Data Breach, Again

New Marriott Data Breach Affects 5.2 Million Guests

No proof of a Houseparty breach, but its privacy policy is still gatecrashing your data

SBTech client sites to resume operations after cyber attack

SBTech partners experience 72-hour downtime after cyber-security breach

SBTech-powered operator sites offline after cyberattack

SBTech-powered sites taken offline by cyberattack

Second Marriott data breach exposes 5.2 million guests

Second Marriott mega-breach airs the privates of 5.2m

Sensitive Voter Data Exposed by App Used in US Elections

Telecom Firm Virgin Media Faces Class-Action Suit Over Customer Data Breach

Unofficial Iranian Telegram Applications Leak Data of 42M Users

Virgin Media could pay more than $5.5 billion for data breach

What is going on with the Houseparty app, and is it safe to use?

When hackers kidnap their data, companies are increasingly using ‘breach coaches’ and negotiators

Worried about Houseparty data breach? Here is how you can delete your account

Zoom being sued for allegedly sharing user data with Facebook

Zoom shares fall after user files lawsuit claiming data breach

30th March

American Operator MGM Resorts Targeted by Computer Hackers

Businesses can prevent data and privacy breaches brought on by COVID-19

Client Sues Law Firm for Failing to Disclose Data Breach

Cloud Breaches Don't Have To Be Inevitable

Coronavirus: Now COVID-19 phishing scammers face 'rapid-response' crackdown

COVID-19: Five cybersecurity tips for remote workers

Credit provider 118 118 Money 'fesses up that hacker nabbed customer service phone recordings

Cybersecurity Lawyer Who Flagged The WHO Hack Warns of Massive Remote Work Risks

FBI: Cybercrime Gang Mailing 'BadUSB' Devices to Targets

Federal court data breach sees names of protection visa applicants made public

Georgian Voter Data Reportedly Leaked Online

Go Google free: We pick privacy-friendly alternatives to every Google service

Hacker hijacks YouTube accounts to broadcast Bill Gates-themed crypto Ponzi scam

How to Pick the Right Cybersecurity Vendor for Your Business

More Than 200,000 Content Creators & Influencers Exposed In Hack

Notorious Cyber Security Attacks in India to Date

Online Gambling Company BetUS Falls Victim to Latest Data Breach of Maze Hacking Group

Ozark Orthopaedics Data Breach Exposes Over 15,000 Patients

Personal data of almost 5 million Georgian voters exposed online

Ransomware Attacks Are the Last Things Hospitals Need Now

Voter records for the entire country of Georgia published online

Zeus Sphinx malware resurrects to abuse COVID-19 fears

Zoom to iPhone users: We're no longer sending your data to Facebook