Editor's Message

Welcome to DBD. We hope you like the changes we are making to the site to give you more visibility of what we consider the top stories and advice of the day, and to allow you to search through content using labels. Any feedback, positive or negative, would be gratefully received to enable us to give you the best experience on any device.

Wednesday, 28 October 2020

Experian: Irish Credit Reference Agency Facing Potentially Huge GDPR Fine For Illegally Selling Personal Data For Marketing Purposes

Turla: Russian-Speaking Hacking Group Reportedly Attacks Undisclosed European Government Organization

Sky Lakes Medical Center: Oregon Hospital Suffers Ransomware Attack Resulting In Disabled IT Systems

Gunnebo: Swedish Security Company's "Mount Locker" Ransomware Attack Results In Customers' Data Leaked On Dark Web

Tuesday, 27 October 2020

Steelcase: Michigan Office Furniture Manufacturer Suffers "Ryuk" Ransomware Attack Resulting In IT Systems Shutdown

Motorola: More Than 100 Internet-Accessible Irrigation Systems Discovered Exposed Online Without A Password

Enel Group: Italian Multinational Energy Company Suffers "NetWalker" Ransomware Attack Demanding $14 Million Ransom

Stelco: Canadian Steel Manufacturer Suffers Undefined Cyber Attack Resulting In Temporary Production Suspension

Microsoft 365: 78% Of Administrators Don't Activate Multi-Factor Authentication (MFA)

Phishing: 45% Of Global Remote Workers Ignore Training And Open Emails They Consider To Be Suspicious

Amazon: US E-Commerce And Technology Giant's Insider Data Breach Results In Customers' Data Including Email Addresses Leaked To Third-Party

Mithaas: Noida Indian Restaurant Chain Suffers Ransomware Attack Resulting In Disabled IT Systems

Isentia: Sydney Media-Monitoring And Data Analytics Company Suffers Ransomware Attack Disrupting Media Portal Services

Fragomen: New York Immigration Law Company Suffers Data Breach Exposing US "Google" Employees' Personal Data

Monday, 26 October 2020

Nitro Software: San Francisco PDF Software Company's Data Breach Results In 70 Million Users' Personal Data For Sale On The Dark Web

Press Trust Of India: India's Largest News Agency Suffers "LockBit" Ransomware Attack Resulting In Service Disruption

Yorktown Central And Croton-Harmon School Districts: New York State School Districts Suffer Separate Ransomware Attacks

Vastaamo: Finnish Psychotherapy Provider's Ransomware Attack Escalates As Extortion Emails Are Sent To Patients

Ransomware Operator Claims - Week 44 2020

Welcome to this week's ROC Report, an exclusive view of Ransomware Operator's claimed victims that were published on the Dark Web during the period between 26th October and 1st November 2020, kindly provided by our partner "Ransom Leaks".


Victim: Capital Lumber Company
Location: Phoenix, Arizona, USA
Description: Building Materials Supplier

Victim: WPT Nonwovens Corporation
Location: Beaver Dam, Kentucky, USA
Description: Nonwoven Fabric Manufacturer


Victim: Moss, Inc
Location: Franklin Park, Illinois, USA
Description: Tensioned Fabric Solutions Manufacturer


Victim: Aetna Corp
Location: Cambridge, Massachusetts, USA
Description: Lighting Solutions Provider

Victim: Enel Group
Location: Rome, Italy
Description: Energy Company

Victim: Motschiedler, Michaelides, Wishon, Brewer & Ryan, LLP
Location: Fresno, California, USA
Description: Law Company


Victim: Arapahoe Libraries
Location: Englewood, Colorado, USA
Description: Public Libraries

Victim: Matson, Inc
Location: Honolulu, Hawaii, USA
Description: Logistics Company

Data Source: Ransom Leaks. Flag Icons created by Freepik and provided by Flaticon.

Data Breaches Digest - Week 44 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 26th October and 1st November 2020.

28th October

4 Ways Schools Can Improve Cybersecurity - Even When Budgets Are Tight

76% of applications have at least one security flaw

92% of Educational Organisations Consider Improper Sharing of Sensitive Records a Top Security Threat

2020's nastiest malware revealed

A New Ransomware Threat Kidnaps Android User Data

Amazon Warns Users of Insider Disclosing Details to Third Party

Ambulance staff personal data breach in Moray

As offices emptied and remote work became the norm, security teams struggled

Attacks on IoT devices continue to escalate

Australians aware of cyber threats, but ‘not fully prepared’ for them, survey reveals

Beyond passwords: How to use multi-factor authentication - aka 2FA - to improve your security

Black Friday and Cyber Monday scams are calling – Let it ring

Businesses left to make decisions based on old, inaccurate data, study finds

Cabinet Office publishes employee and supplier personal info in data breach

CISA releases advisory on North Korean malicious cyber activity

City of Baltimore ups cyber cover after ransomware attack

City of Port Phillip Council apologises for data breach

Community college continues to investigate cyberattack

Concern over Moldova Cyber Security As Election Looms

COVID-19’s Impact on Cybersecurity and Securing the Remote Workforce

COVID-19-related scams have cost Americans more than $160 million

Cyber attack that led to pause in worldwide operations was ransomware, investigation continues: Dr Reddy's

Cyber crime costing industry up to $8-trillion annually

Cyber resilience and the public sector

Cyberattacks as a Public Health Threat

Cyberattacks Soar During the Pandemic – How Regulators Responded

Cybersecurity Awareness Month: Protect yourself from phishing

Decline in Information Security Training and Policies May Negatively Impact U.S. Businesses

Disinformation and the CISO

Does New Zealand have a cybersecurity awareness problem?

Education sector most at risk of DNS attacks - with a steep cost

Experian Threatened With Massive GDPR Fine After Acting Unlawfully

Experian’s data processing practices violate the GDPR

For Sale: Database of Nearly 200 Million U.S. Voters and Consumers on Hacker Forums

Fragomen Confirms Data Breach Impacting Google Employees

Furniture Giant Steelcase Hit by Suspected Ransomware Attack

German infectious disease agency hit again by hackers after arson attack

Gunnebo data breach: Blueprints of bank vaults, security systems leaked online

Hacked therapy centre emailed clients' ID numbers on invoices

Hackers Leak Swedish Security Firm's Data

How Covid provides opportunities for cybercriminals

How important are vulnerability management investments for a cybersecurity posture?

How the Past 6 Months Have Shaped ICS Risk

How to keep your charity secure in the ‘new normal’

Indonesia: E-commerce must do more to protect users against cybercrime

Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees

Isentia Reeling After Suspected Ransomware Attack

It can happen to you: How SMEs should protect themselves from cyber security attacks

It's match winning to patch

Italian energy giant Enel hit by Windows NetWalker ransomware

'Lives at stake': How ransomware impacts hospitals

Massive ransomware attack hits Press Trust of India (PTI), services resume

Maze Ransomware Is An Election Night Threat

Nearly half of global consumers expect to be affected by a data breach

Nitro again insists data breach 'isolated' as incident gets more coverage

Oregon hospital shuts down computer system after ransomware attack

Phishing Campaigns Mimic Microsoft Teams, HHS COVID-19 Vaccine Tracker

Phishing revealed as number one organisation attack

Phishing Scam Involves Fairfax Students' Snapchat Accounts

Protect your endpoints, but don’t forget the other 70%

QNAP warns of new QTS bugs that allow take over of devices

Ransomware: To Pay or Not to Pay Just Got More Complicated

Ransomware attack hits Indian IT managers' confidence too

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Singapore: New variant of phishing scam fakes Grab advertisements

Sixty percent of organizations have accelerated zero trust projects in response to COVID-19

Social networks, messengers, external cloud services often exploited by cyber-fraudsters

Ten ways to protect your business from cybercrime

The 5 biggest cybersecurity threats for the healthcare industry

The First 2020 Election-Related Ransomware Attack Hit a Georgia County

The Importance of Cybersecurity in Healthcare

The Importance of Good Cyber Hygiene - Now More than Ever

The new cybersecurity threats in a locked-down world

Therapy Clients Become Targets of Blackmail Campaign

TrickBot Linux Variants Active in the Wild Despite Recent Takedown

Trump website defaced in second successive cyber breach

UK SMEs: The importance of cyber

US federal agencies warn organisations of global hacking campaign by North Korean Kimsuky group

Users of Ledger Hardware Wallet Targeted by Phishing Attack

Winston Privacy devices vulnerable to RCE via chained exploits

27th October

7 Cybersecurity Precautions South Africans Should Take

34% of Employees Say Their Company Doesn't Follow Basic Cybersecurity Protocols During COVID-19, Despite Increased Risk Due to Remote Work

78% of Microsoft 365 admins don’t activate Multi-Factor Authentication (MFA)

A new threat matrix outlines attacks against machine learning systems

Adapted transit users want compensation after Société de transport de Montréal (STM) website shut down by virus

Almost one-third of Australian and New Zealand businesses have paid off ransomware attackers

Amazon Fires Employee Who Leaked Customer Names, Emails

Amazon sacks employee over data breach

Amazon sacks insiders over data leak, alerts customers

Australian businesses likely to pay off ransomware attacks, research shows

Australian Digital Health Agency (ADHA) records two My Health Record security incidents in FY20

Avoid these three creepy cyber tricks on Halloween

Backups as a last line of defence are under threat

Beating insider fraud requires a new culture

Beware the coronavirus con artists: Can you spot the fraudsters posing as everything from airlines to HMRC?

Canadian businesses overconfident about data security

Common Trojan found, was making curious attempts to infect users’ machines

‘Convincing’ Phishing Attack Targets Ledger Hardware Wallet Users

Cyber Awareness Training a Must for Third-Party Contractors

Cyber Risk Forces Africa’s Maritime Security Concerns to Evolve

Cyber risk literacy should be part of every defensive strategy

Cyber-attacks on healthcare indicate criminals never let go of opportunity

Cyberattack strikes media-monitoring company used by Australian government

Data breaches upping Australian Taxation Office (ATO) fraud 'red flags'

Data Of Last Resort: Building Cyber Recovery

DDoS attacks a wake up call for complacent businesses

Digital payments fuelling fraud surge during COVID crisis

Do You Consider Yourself Cyber-Literate?

Domestic and foreign cybersecurity threats surrounding the 2020 election

Don't fall for fake 'rule of six' fines claiming to be from us, warns Northamptonshire Police

Experts Slam Perp and Clinic at Center of Extortion Scandal

Facebook “copyright violation” tries to get past 2FA – don’t fall for it!

FBI: Hackers stole government source code via SonarQube instances

Finnish psychotherapy center fires CEO for suppressing breach details

Finnish psychotherapy clinic discloses data breach, victims extorted

Finnish Therapy Patients Blackmailed After Data Breach

Floridian Arrested for Hacking Home Camera System

Fragomen, a law firm used by Google, confirms data breach

Fraudsters exploit legitimate US lottery in Arabic fraudulent campaign that’s gone global

French IT Services Firm Confirms Ryuk Ransomware Attack

Google's law firm hit by data breach, employee details leaked

Government Threatened with Legal Action Over Track and Trace

Hackers, Ransomware Gangs Diversify Tactics to Inflict More Harm

Hackers are blackmailing Vastaamo psychotherapy patients

Hackers steal personal data of Google employees after breaching US law firm

Half of employees admit to opening emails they considered suspicious

Has the pandemic changed the nature of K-12 cybersecurity?

How Disaster Recovery Planning Can Help Avoid Government Sanctions

How Fighting Cybercrime Also Fights Global Poverty

How foreign actors are trying to undermine the US presidential election

How to apply data protection best practices to the 2020 presidential election

How to set up a maximum security antivirus on your devices

How URL Tracking Systems are Abused for Phishing

Inside an Attempted Election Hack: A US Cybersecurity Operative Tells All

Is your enterprise susceptible? 4 key focus areas for cyber resilience

IT security threats are taking more time to remedy than ever

Kaspersky detects phishing version of Arabic Netflix

Kaspersky uncovers fraudulent schemes for iPhone pre-order

Kaspersky warns of fraudulent iPhone pre-order schemes

Ledger users fall victim of phishing attack, second time in less than a week

Local Election Officials Targeted with Suspicious Email Campaign Ahead of US Presidential Polls

Many Employees Still Lax on Cybersecurity

Microsoft 365 security: Tips to keep your tenant safe

Mount Pleasant: City gives updates on October 10 cyberattack

New malware hijacks Discord to hack your PC

Noida: After Haldiram's, Mithaas hit by ransomware

Organizations at Higher Risk of Cyber-Attacks Due to IoT Expansion

Organizations struggle to obtain quality threat data to guide key security decisions

Phone scamming – friends don’t let friends get vished!

Police suggest hovering over links before clicking to avoid being scammed

Protecting Students From Financial Aid Fraud Should Be A Priority For Schools

Ransom, bribery and the darknet – Why cyber criminals are shifting their modus operandi

Ransomware LockBit hits PTI disrupting services for hours

Ransomware vs WFH: How remote working is making cyberattacks easier to pull off

Ransomware’s Next Target: Backup Data

Remote Workers Ignore Training to Open Suspicious Emails

Schools Admit Security Gaps

Sky Lakes Medical Center targeted in ransomware attack

Société de transport de Montréal (STM) still investigating widespread outage sparked by ransomware attack

Sopra Steria hit by new version of Ryuk ransomware

Spoof voter email attack was “not against a real voter registration database”

State-sponsored hackers are diversifying tactics, report says

Steelcase furniture giant hit by Ryuk ransomware attack

Stelco reveals information systems were subjected to a "criminal attack"

Survey Uncovers High Level of Concern Over Firewalls

The Importance of Data Security and Privacy for Businesses

The Largest Data Breaches in U.S. History

The rising threat of human-controlled ransomware

Top 5 things to know about EU-US data privacy

US elections are still vulnerable to email spoofing

Why cloud security is more important than ever

Why Does The Software Defined Perimeter (SDP) Matter?

Zero Trust adoption gains traction in Asia Pacific, not a minute too soon

26th October

10 healthcare malware, ransomware and phishing incidents this month

Adapt cybersecurity programs to protect remote work environments

Adware found in 21 Android apps with more than 7 million downloads

Another Noida sweets manufacturer attacked by ransomware

Attackers finding new ways to exploit and bypass Office 365 defenses

Attacks Exploiting Digital Certs Soar by 700% in Five Years

Beware: Link Previews From Social Messaging Apps Put Your Data at Risk

Beware of a new phishing campaign using fake voter registration forms

Beware Of These Top Five Social Engineering Scams

Combatting ransomware attacks on health care providers

Company Data Breach Policy

COVID-19’s impact on cybersecurity and securing the remote workforce

Cyber Risk for Small Businesses: Understanding Your Individual Risks and What You Can Actually Do

Cybersecurity Challenges for the Charity Sector

Data protection report finds decline in information security training and policies may negatively impact US businesses

DNS attacks increasingly target service providers

Donald Trump's Twitter hacked after researcher guessed password

Email phishing attack on Georgia health department exposes 45,732 individuals' info

Enterprises confident Chief Sustainability Officer (CSO) will improve cybersecurity

European IT giant Sopra Steria hit by ransomware attack

Finnish Patients Blackmailed After Clinic Data Breach

Four types of cyber-attack that could take down your data center

Fraudsters Alter Election Phishing Scam

French IT giant Sopra Steria suffers Ryuk ransomware attack

Georgia election system hit with ransomware

Golf and ski resort operator Boyne Resorts struck by ransomware attack

Google Employee Data Exposed During Data Breach, Law Firm Says

Google employees personal info exposed in law firm data breach

Hacker steals $24 million from cryptocurrency service 'Harvest Finance'

Hackers use a fake version of Netflix in Arabic for phishing attacks

Harvest Finance Places Bounty on Hacker

Hennepin County Sheriff’s Office Responds to Data Breach

How to Remove Malware From Your PC

How to survive the ransomware apocalypse

Infected IoT device numbers grow 100% in a year

Insider data breaches set to increase due to remote work shift

IT-Based COVID Responses Inviting More Vicious Ransomware Attacks

KashmirBlack botnet behind attacks on CMSs like WordPress, Joomla, Drupal, others

Keeping backup data secure to minimise ransomware damage

Ledger is investigating phishing scam that targets wallet users

LockBit ransomware attacks PTI crippling news service

LockBit Used Automated Tools to Sleuth Out Specific Tax and Point-of-Sale Software on Breached Networks to Determine Ransomware Targets, Sophos Research Reveals

Massive Nitro data breach impacts Microsoft, Google, Apple, more

Massive Nitro data breach impacts Microsoft, Google, and Apple

Massive ransomware attack hits PTI, services resume

Minnesota National Guard and other states report for federal cybersecurity mission

Nando’s Customers Hit by Credential Stuffing Attacks

News agency PTI hit with ransomware attack, news publishing disrupted for several hours

Nitro Software hacked with customer data offered for sale on the dark web

Novel Coronavirus Phone Scams: How to Identify and Avoid COVID-19 Scams

Organizations need to understand risks and ethics related to AI

Over 100 irrigation systems left exposed online without a password

Psychiatric centre data breach a "wake up call"

Ransomware attack on restaurant chain Mithaas, Noida police launches probe

Ransomware attack on restaurant chain Mithaas, probe on

Research Shows That Facebook is a Prime Target for Phishing Attacks

Sophos uncovers multi-faceted techniques attackers use in new Ryuk ransomware

Sopra Steria confirms being hit by Ryuk ransomware attack

Sopra Steria confirms it was hit by new Ryuk ransomware variant

Sopra Steria confirms it was hit by new strain of Ryuk ransomware, will take weeks to return to normal operations

Sopra Steria confirms “new” strain of Ryuk ransomware behind cyberattack

Sopra Steria Hit by New Ryuk Variant

Sopra Steria laid low by Ryuk Ransomware

Steelcase experiences cyberattack

The Growing Cybersecurity Threats and How to Address Them

Therapy patients blackmailed for cash after clinic data breach

This nasty trojan uses Discord as a command and control server

Using 'Password' As A Password, Ransomware And Other Threats That Undermine Election Security

Vastaamo board fires CEO, says he kept data breach secret for year and a half

Watch out! Spoofed Apple phone call is making the rounds again

What to do if your business suffers a data breach

Why the 2020 election is already being hacked

Saturday, 24 October 2020

Emotet: Malware's New Template Pretends To Be Microsoft Office Requesting Microsoft Word Update In Order To Infect Victims

90% Of Global Organizations Believe Cybersecurity Is Failing Due To Ineffective Technology

75% Of All 56 US States And Territories Have Election IT Infrastructure Vulnerable To Multiple Cyber Attacks

Indian River County: Florida State County's Ransomware Attack Results In Compromised Servers And Disabled IT Networks

Louisiana State Enlists National Guard To Help Prevent Ransomware Attacks Against Government Offices Infected With Emotet

Friday, 23 October 2020

Boyne Resorts: Michigan Ski And Golf Resort Operator Suffers "WastedLocker" Ransomware Attack

Mid-Prarie Community School District: Iowa Public School District Informs Parents And Students Of Third-Party Data Breach

1,740 UK Businesses Fall Victim To 31% Increase In Cyber Crime During Coronavirus Lockdown

63 Billion Credential Stuffing Attacks Recorded On Global Retail, Hospitality And Travel Industries In 2 Years

Chenango County: New York State County's Ransomware Attack Results In $450 Ransom Demand For Each Disabled Computer

Phishing: Cyber Criminal Groups Are Collecting US Voters' Personal Data And Passwords Using Fake Voter Registration Forms

186 Million US Registered Voters' And 245 Million US Residents' Personal Data Found For Sale On Hacking Forum

Thursday, 22 October 2020

Darkside: Ransomware Operator Donates $20,000 To "Children International" And "The Water Project" Charities

LockBit Ransomware: How The Ransomware-as-a-Service (RaaS), Driven By Automated Processes, Deploys In Less Than 5 Minutes

Microsoft Teams: Up To 50,000 Users' Targeted With New Email Phishing Attack Designed To Steal Office 365 Login Credentials

Sopra Steria: French Information Technology Consultancy Suffers "Ryuk" Ransomware Attack

Meinhardt Group: Singapore Engineering Company's "REvil" Ransomware Attack Results In Stolen Data Leaked On The Dark Web

Dr Reddy's: Indian Pharmaceutical Company Suffers Cyber Attack Resulting In Global IT Systems Shutdown

Wednesday, 21 October 2020

TrickBot: Microsoft And Partner Coalition Take Down 94% Of TrickBot Malware's Global Command And Control Servers

Vastaamo: Finnish Psychotherapy Services Provider's Ransomware Attack Results In Patients' Personal Data Stolen

City Of Shafter: California State City Suffers Ransomware Attack Resulting In Compromised And Disabled IT Systems

Scalable Capital: Munich Investment Management Company's Data Breach Compromises 20,000 UK And German Customers' Personal Data