Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 17 August 2020

Data Breaches Digest - Week 34 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 17th August and 23rd August 2020.


23rd August

5 Ways Machine Learning Can Thwart Phishing Attacks

223 Million YouTube, TikTok And Instagram Accounts Exposed In Massive Data Breach

Beware This Sinister New ‘Dark Side’ $1 Million Cyber Threat, You Must

Blockchain could help colleges like Arizona State University (ASU) provide better, more secure online education

#BugAlert: Attackers can use Google Drive to hack your system

Businesses are crystal clear about cyber risk, but still ill-equipped to handle it

Covid-19 pandemic: Beware of hackers on streaming platforms

Experian offers mea culpa after massive data breach blunder

FBI and CISA warn against surge in voice phishing campaigns

Former Uber Executive Charged with Offering Bribes to Cover Up Data Breaches

FortiGuard Labs: Cyber adversaries exploiting pandemic at enormous scale

Freepik and Flaticon suffer data breach; 8.3 million users affected

Google Drive Unpatched Flaw Tricks Users to Install Malware

How to Prevent and Protect Yourself from Cyber Attacks

Konica Minolta Attacked By A New Ransomware

Oman sees more than 190,000 phishing attacks in Q2

Only a few among 1,000 polled spot all phishing e-mails

’Remain vigilant’ - Fear runs high after Experian data breach

University of Utah pays $450K after ransomware attack

Why Organisations Need to Strengthen their Cyber Defences

WorkForce warns West Virginians about cases of unemployment fraud

22nd August

5 Best Ways to Protect Your Crypto Wallet

Covid-19 pandemic: Beware of hackers on streaming platforms

Engineer falls prey to tele-phishing

FBI probing breach that may have compromised identities of COVID-19 patients

Filipinos ‘most concerned’ about security, study says

Freepik Data Breach Impacted 8.3 Million User Records

Good news: Your PC just got safer from would-be-hackers

Google Drive flaw may let attackers fool you into installing malware

Here’s how hackers are using targeted phishing to gain your personal info

How to Avoid Crypto Scams: Advice for New Bitcoin Investors

India businesses are prioritising investing in cyber security: Microsoft survey

Jack Daniels Manufacturer Thwarts a Ransomware Attack but Data Remains at Risk

MultiCare Foundation Addresses Security Incident on Blackbaud Fundraising Platform

Ransomware: A Cyber threat that Continues to Haunt Public

Sparklight warns customers of impersonation phishing scams

The University of Utah just footed a $457,000 ransomware bill

Uber's former security chief charged for allegedly concealing data breach

University of Utah pays $450K to stop cyberattack on servers

University of Utah Pays Ransomware Gang to Prevent Student Data Leak

21st August

4 Threats to Online Gamers and How to Avoid It

AI gathering of personal information can make you a phishing target

Akamai Identifies Copycat DDoS Extortion Rings

Alexa Bug Gives Hackers Access to Voice History, Personal, and Bank Account Information, Check Point Reveals

An AWS Virtual Machine Is Infected With Mining Malware. There Could Be Others

APT Group Targeting Military Refines Its Tactics

Back-to-school online safety: 11 tips for parents

Better Business Bureau Offers Prevention Tips Following Cyber Attacks on Canada Revenue Agency (CRA)

Bitcoin Ransomware and Remote Working: What the Future Holds

Boy Scouts of America Notifies Members, Donors and Alumni About Impact of Blackbaud Data Security Incident

Canada: Responding To Cyber-attacks – Lessons For Saskatchewan Municipalities From Recent Data Breaches

Carnival must right the ship after breaches threaten travelers’ trust

Community-provided Amazon Machine Images come with malware risk

Corporate VPN endangered by Voice Phishing attacks

Customers complain of delays after ransomware attack on delivery company Canpar Express

Cyber swindlers take University of Utah for nearly $500K in ransomware attack

DePaul University reports data breach with third-party provider

Experian breach affects over 24 million customers and businesses in South Africa

Experian Data Breach: What to Do to Protect Your Information?

Ex-Uber CSO Joseph Sullivan charged over 2016 data breach cover up

FBI investigating COVID-19 data breach in South Dakota

Few Singaporeans able to identify all phishing email

Firms Splurge on Security and Staff During Pandemic

Food Bank of Central & Eastern North Carolina part of widespread Blackbaud data breach of nonprofits

Former Uber CSO charged for covering up 2016 data breach

Former Uber Security Chief Charged over Alleged Data Breach Cover-up

Former Uber security officer accused of hiding data breach from FTC

Free photos, graphics site Freepik discloses data breach impacting 8.3m users

Gmail fixes dangerous bug – Steps to protect your account now

Google and Amazon are Impersonated the Most in Phishing Scams

Google finally forced to patch serious Gmail bug after exploit published online

Hackers eye students returning to virtual classes as easy targets

Health agencies are gathering data to combat COVID-19: Here’s why that might be a problem and what to do about it

How do you solve a problem like REvil? Recent GandCrab arrest will have ‘no impact’ on successive ransomware campaign

How Hackers Leverage COVID-19 to Disrupt Supply Chain Operations

How Threat Actors Are Bypassing Two-Factor Authentication For Privileged Access

How to keep APIs secure from bot attacks

Hundreds of millions of Instagram, TikTok, YouTube accounts compromised by data breach

IBM settles lawsuit over data privacy of Weather Channel app

Instacart Reveals Third Party Employees Accessed Customer Data

Instagram Influencer Arrested Amid Claims of $350 Million Global Cyber Scam

Konica Minolta Hit By Ransomware, No Impact To All Covered

Know the signs of a ‘phishing’ e-mail

Marriott faces UK class action-style lawsuit over massive data breach

MPs slam UK data regulator for failing to protect people’s rights

MSSPs: Why managed security service providers are crucial for SMBs

Myerscough College hit by cyber attack on exam results day

Myerscough College hit by 'devastating' cyber attack on GCSE results day

NASA embracing automation in move to zero-trust security architecture

No action taken as Center Parcs Woburn Forest apologises for employee data breach

Online predators are exploiting coronavirus to lure children, expert warns

Outlook “mail issues” phishing – don’t fall for this scam!

Phishing attacks in Africa diversify, target small companies

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

Recent Headlines Highlight The Legal Consequences of Data Breaches

Redding Police Warn Residents of Phishing Email Scam

Remote college creates fertile ground for internet mischief

Remote working linked to data breach in 66% Indian firms

Scammers Continue to Ruin the Good Deeds of the Small Business Administration

Scamwatch: Offer of solar panels may not be a bright idea

South Africa: Cybercrimes Bill will tighten noose on hackers

Stop the Cyber-Attack Cycle with Privileged Access Management

The US Commodity Futures Trading Commission (CFTC) seeks $429 million penalty from the crypto scam Control-Finance

These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

Uber ex-security boss accused of covering up hack attack

Uber security chief Charged in Hacking Cover-up

Uber security executive charged over 2016 data breach ‘cover-up’

UK college hit with DoS attack on results day

University of Utah pays $457,000 to ransomware gang

US financial regulator warns of phishing sites impersonating brokers

US government warns remote workers of ongoing vishing campaign

Using AI to fight hand-crafted Business Email Compromise

Voice phishing attacks on the rise, CISA, FBI warn private

What is the future of scams?

Why a NotPetya Lawsuit Was Dismissed

Why CMMC Could Be Our Best Weapon to Fight Back Against Chinese IP Theft

Working from home is still leading to major cybersecurity issues

20th August

4 Google Classroom Security Issues

65,000 attempted data breaches a day, is lockdown home working to blame?

Alarming Email Security Facts and Stats and Ways to Deal with Them

Android can now tell you when your passwords have leaked to hackers with a single tap

Bahrain records 67,581 phishing attacks in second quarter of year

Can security software help you from being scammed?

Cybersecurity is vital, even for schools

Did Jack Daniels Thwart a Ransomware Attack or Not?

Don't Let Ransomware Ruin Your Business

Encryption and endpoint control: the heroes of post-lockdown data security

EU regulators wrangle over penalty for Twitter data breach

Experian Data Breach Hits 24 Million Customers

Fortinet research demonstrates enterprises must adapt to address telework security challenges long-term

French police warning over email 'phishing' scam

Healthcare Data Breach Costs Rise

How SOCs have been coping during the pandemic

Indian leaders say upskilling key cybersecurity challenge

Instacart discloses security incident caused by two contractors

Instagram, TikTok and YouTube user data left unsecured in data breach

Interview: Darktrace’s Max Heinemeyer on why Covid-19 is only the beginning

Konica Minolta struck by debilitating ransomware attack

Linux users no longer safe from this up-and-coming DDoS botnet

List of 2020 election meddlers includes Cuba, Saudi Arabia and North Korea, US intelligence official says

Major Marriott Data Breach Triggers Class Action Suit in Latest Attack

Malicious actors leak allegedly stolen Canadian military college's data

Malwarebytes Research: Companies Too Confident About WFH Security

Man finds sensitive patient data outside Caithness General

Marriott faces London lawsuit over vast data breach

New Phishing attack warning: How they can steal your money and what to do about it

NHS probe after walker comes across confidential document near Highland hospital

NHS probe launched after private medical records found outside Scots hospital

One in three ASX 200 companies have an open data leak, leaving them vulnerable to a breach

Phishing goes targeted and diversifies during COVID-19 outbreak with 492,532 attacks in Q2 in Egypt

Ransomware is big business – here is what Singapore businesses should know

Ransomware Negotiations Revealed: Flattery and Empathy Works

Remote working linked to data breach in 66% Indian firms

Second-largest memory chip maker SK Hynix hit by Windows ransomware

Securing Remote Workers Should be Part of an Integrated Security Strategy

Semiconductor giant SK Hynix silent on ransomware attack

Sophos deconstructs Dharma ransomware-as-a-service attacks

Taiwan urges blocking 11 China-linked phishing domains

Take steps to protect virtual learners from cyber theft

The Connection Between Employees, Phishing, Marketing And Your Company’s Reputation

This is How Hackers Stole 116 BTC From University of California

Threat hunters watch as Chinese hackers forage forums for tools

Twitter Data Case Sparks Dispute, Delay Among EU Privacy Regulators

US: Have You Gotten This Email Scam?

Voice Phishers for Hire Are Targeting Corporate VPN Networks

WannaRen ransomware decryption keys released by Hidden Shadow actors

What To Do When Your Computer Is Attacked

Why cybercrime remains a worrying business challenge in a COVID-lockdown world

Why it's imperative for financial sector to spend on cyber security

Working from home causes surge in security breaches, staff 'oblivious' to best practices

World's biggest cruise line company hit by ransomware attack

19th August

2.5 Million Medical Records Reportedly Leaked Online By AI Company

235 Million Instagram, TikTok And YouTube User Profiles Exposed In Massive Data Leak

After malware attack, Samaritan restores main computer system

Average Ransom Payment Rises 60 Percent in Three Months, Study Finds

Bletchley Park visitors warned of data breach after Blackbaud ransomware attack

Carnival Cruises hit with a costly ransomware attack

Carnival Cruises Hit with Ransomware

Cleveland Museum of Natural History contractor targeted in ransomware attack

Data breach costs $3.86 million on average - Ponemon report

Data breach landscape

Dharma ransomware attacks SMBs during COVID-19 pandemic

Fake news on Covid-19 government initatives boost phishing in Brazil

Fileless worm builds cryptomining, backdoor-planting P2P botnet

FortiGuard labs reports cyber adversaries are exploiting the global pandemic at enormous scale

FritzFrog malware attacks Linux servers over SSH to mine Monero

Gun exchange site confirms data breach after database posted online

Hackers hit Jack Daniel's owner, Ritz London

How COVID-19 Is Changing CISOs' Approaches to Security

How cybersecurity leaders are overcoming the new risk landscape

How to ensure retail security during a pandemic

How to Protect Your Digital Identities from Phishing Attacks

Husson University latest to announce data breach

Major airlines fail to block fraudulent emails

Majority of ICS Vulnerabilities Can Be Exploited Remotely

Make hackers give up with multi-factor authentication

Marriott faces London lawsuit over vast data breach

Marriott Hit by Another Class Action Lawsuit After Breach

Marriott International faces class action suit over mass data breach

Marriott International faces London lawsuit over vast data breach

Marriott International faces UK class action over huge data breach

Naples vice mayor's email account used in cybercrime, police report says

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

New tricks boost phishing attacks in South Africa, Kenya, Nigeria

Nigeria witnesses about 300,000 phishing attacks in Q2 and SMEs are main target

Okanagan Similkameen Regional District staff still can't access email after attempted ransomware attack

Oklahoma: Two local organizations report database breach to supporters

Oman reports 193K phishing attacks in Q2

Phishing scams dominate the Philippines cybercrime landscape

Police and Industry Take Down $42m “Bulletproof Exchange”

Ransomware hits Jack Daniel's owner and Ritz London - investigation ongoing

Researchers detail bug in wireless devices impacting critical sectors

REvil Ransomware hits Jack Daniel's manufacturer, Ritz London

Scams Awareness Week 2020 - Be yourself. Don’t let a scammer be you

Security, Regulations and Compliance Round Table 2020

Sick of political campaign spam? Resist hitting unsubscribe - it could lead to identity theft

Telehealth is the future of healthcare, but how secure is it?

The benefits of providing employees with an identity compromise solution

Tips to Help Secure a Remote Workforce

WannaRen ransomware author contacts security firm to share decryption key

Warn your staff about phone spear phishing attacks, as reports rise

18th August

5 Reasons to Care about Security During a Pandemic

5 Ways to Update An Agency’s Incident Response Plan

10 RDP security best practices to prevent cyberattacks

61% of Airlines Have No Published DMARC Record, Customers Susceptible to Email Fraud

A Brief Guide to How to Prevent Email Phishing Attacks

Are you transitioning back to the office with cyber attackers in tow?

Big Steel Sheet Manufacturer Struck by Maze Ransomware

Blackbaud Ransomware Hack Affects 657K Maine Health System Donors

Building a Digital Defense Against Firing Scams

Capital One fined US$80 million for 2019 data breach

Carnival Corp. hacked; guest and worker information accessed

Carnival Cruise Gets Hit With Ransomware Attack

Carnival cruise lines hit by ransomware, customer data stolen

Carnival launches investigation after detecting ransomware attack

Carnival takes remedial action after cyber breach

Chinese companies’ gambling rackets meant for phishing attacks?

CISA Warns of Phishing Campaign Used to Deploy KONNI Malware

COVID-19 a ‘Fraudster’s Playground’

Cruise operator Carnival Corporation & Plc suffers ransomware attack

Cyber Pandemic Survival Guide: Three Things For Future Consideration

Cybersecurity breach of software firm, Blackbaud, may impact healthcare charity donors and patients

East Anglia Children's Hospices (EACH) charity victim of international data breach

Election Security: A Progress Report From CISA's Krebs

Encryption Happens Last: The Ransomware Revolution

Energy Grid Security Gets More Challenging With IoT

Fake COVID-19 testing kits and lockdown puppy scams: how to protect yourself from fraud in a pandemic

FeedMore WNY vendor hit by ransomware attack

FINRA Warns of Fake FINNRA

Firewall Best Practices to Block Ransomware

Fly By Night: Airline Emails Wide Open To Cyber Fraud, Study Finds

Government Data Breaches Becoming Less Costly

Gym app management platform exposed info of thousands of users

Hackers access guests’ data in attack on cruise operator behind Cunard and P&O

Hackers hijack design platform to go phishing

Hackers target the world’s biggest cruise operator with ransomware

HMRC investigates 10,000 Covid scams

HMRC Investigating Over 10,000 COVID-Related Phishing Scams

How to avoid getting cyber-burnt this summer

IcedID Trojan Rebooted with New Evasive Tactics

Illegal streamers warned of higher risk of hacking, scams and viruses

Increased Scams In A Pandemic?

Insights from Verizon’s COVID-19 Breach Landscape Report: Working From Home (WFH) leads to greater vulnerability

Jefferson Parish Schools data breach exposes 86 students' information

Leaked Passwords for Pulse Secure Enterprise VPN Servers Traced Back to Failure to Keep up With Patches

Lessons learned and best practices for remote workforce network security

Making Infosec Jobs Easier: Responding to Cybersecurity Incidents

Nearly 40% of Firms Fired Staff for Security Policy Breaches

New Attack Alert: Duri

Over 10,000 Covid-19 phishing scams reported to HMRC during height of pandemic

Parents sent exam results for wrong Edinburgh school pupils

Phishers Grab Microsoft Credentials With Fake SharePoint Emails

Phishing defense: Strategies to ensure your employees don’t get hooked

Phishing emails promise Belgians a €250 Covid-19 premium

Phishing for Bitcoin: The Twitter Hack Masterminded by a 17 Year Old

Phishing goes targeted and diversifies during COVID-19 outbreak with 2 million attacks in Q2 in Africa

Phishing is more targeted and diversified under Covid-19

Ponca City Schools Gives Update On Ransomware Attack

Prepare to defend: Why combating phishing attacks requires a proactive approach

Puttin’ on the Ritz: Fine-Dining Customers Targeted With Phone Scams after Ritz London Data Breach

Ransomware Payday: Average Payments Jump to $178,000

Regional District of Okanagan Similkameen (RDOS) still trying to get systems up and running after attempted ransomware attack

Ritz London clients scammed after apparent data breach

San Antonio: Local clinical research company warns of data breach

Santa Cruz County District Attorney's Office Warns Of IRS Tax Scams

Small business owners with federal coronavirus loans: Beware of phishing scams

SonicWall’s mid-year Cyber Threat Report finds malicious Microsoft Office files on the rise and Ransomware up Globally

Taking Care of Your Data Responsibilities in a Shared Responsibility Model in the Cloud

The Attack That Broke Twitter Is Hitting Dozens of Companies

The ransomware hunt that unearthed a historic banking trojan

The right cyber security solutions for blended working

The URL “Danger Zone”

The year of social distancing or social engineering? Phishing goes targeted and diversifies during COVID-19 outbreak with 2 million attacks in Q2 in Africa

Two-fifths of firms have sacked staff for cybersecurity breaches during Covid, poll shows

Ukraine arrests gang who ran 20 crypto-exchanges and laundered money for ransomware gangs

University of California San Francisco (UCSF) ransomware attack: University had data protection but it wasn’t used on affected systems

US Jails Sextortionist for 35 Years

US liquor giant hit by ransomware – what the rest of us can do to help

Warning to holidaymakers as travel company's computer is hacked

Why AI is your best defense against cyber attacks

Why do healthcare organizations have a target on their back?

Why Your Ecommerce Store Should Always Prioritize Cybersecurity

Work ongoing to restore Regional District of Okanagan Similkameen (RDOS) network

17th August

Bank of Ireland to be investigated over reported online banking data breach

Bengal Criminal Investigation Department (CID) warns of phishing attacks through fake oximeter apps

Big American liquor company hit by Windows REvil ransomware

Blackbaud hack: East Anglia's Children's Hospices latest victim

Blackbaud ransomware attack exposed donor data from two UK charities

BlueScope Steel enhances cyber security after mid-May attack

Carnival hit by ransomware attack, guest and employee data accessed

Covid fear aids cybersecurity business worldwide

Crypto-mining worm steal AWS credentials

Data breach reports down 52% in the first half of 2020; Number of records exposed increase to 27 billion

‘Dharma’ ransomware attacking SMBs, average loss is Rs 6.4 lakh

Dharma Ransomware-as-a-Service poses major threat to SMBs

Email enigma: Why is Canada hit with so many phishing attacks?

Google, Amazon and WhatsApp are the most imitated brands in phishing scams

How Active Cypher is Securing Enterprises from Malware Attacks

How easy is it to fall for a scam?

How to adapt to phishing trends and keep cybercriminals at bay

How to negotiate with cyber terrorists during a pandemic

I got phished: hackers hit right note with streaming music bait

Jack Daniel’s maker Brown-Forman suffers REvil ransomware attack

Jack Daniel’s-Maker Suffers REvil Ransomware Breach

JSE-Listed Insurer Momentum Metropolitan Hit With Data Breach

Konica Minolta hit by second huge ransomware attack

Malicious cyber actor using phishing emails to spoof SBA's COVID-19 relief webpage

Momentum Metropolitan reveals they were hit by a cyberattack

New COVID Phishing Scams Target Tax Pros

Oracle and Salesforce to Face GDPR Lawsuit

Pinnacle Clinical Research Provides Notice Of Data Breach

Publicly Reported Data Breaches Fall, But Records Exposed Escalates

Ransomware ‘biggest threat facing Australian business’

Ransomware Hits Leading US Medical Debt Collector R1 RCM Inc

Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

Signs that Your Data Security Is Faulty

Six Suspects Face 275 Felony Complaints Related to Data Breach at Property Management Firm

Stress, Age Play Role in Cyber Mistakes

Swiss state-owned companies targeted by phishing scams

The Ritz suffers data breach after hackers pose as staff

The worrying rise in SMS phishing scams

Think 3,2,1 to protect your business against ransomware

Tusla suffers 23 'high risk' data breaches - including stolen files and loss of devices - since last year

Why India needs a strong cybersecurity policy soon

Why is only TikTok under microscope when most social apps are just as dangerous?

Wrongful use of data: The next cyber storm brewing on the horizon