Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 21 December 2020

Data Breaches Digest - Week 52 2020

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 21st December and 27th December 2020.

27th December

4 predictions for security in 2021

Beware these cons and scams this Christmas

Campari data breach slows local operations

Cybercriminals are quick to adapt to current events to exploit victims

Cybercriminals to focus on remote and cloud-based systems in UAE next year

Data of 115m Pakistani mobile phone users was not leaked on Nadra’s part, Sindh High Court (SHC) told

Elon Musk & Jeff Bezos Were Hacked, but You Can Still Protect Yourself

Enterprises that disclose breaches experience fewer losses

FBI and Europol probe to shut down Safe-Inet VPN

Making Your Organization More Secure and Resilient

Phishing Will Continue Wreak Havoc in 2021 - Make Sure You’re Ready

Tech companies, firms like Microsoft and McAfee institute the 'Ransomware Task Force'

The Worst Hacks of 2020, a Surreal Pandemic Year

VOIP hardware and software maker Sangoma struck by ransomware attack

26th December

A Cybersecurity Checklist For 2021: 6 Ways To Help You Protect Yourself In Coming Year

Beware: The Mobile Version of Cyberpunk 2077 Is Actually a Ransomware

Coinbase Security Team Shares Tips to Avoid Crypto related Phishing Attacks, SIM Swapping Tactics, and Damaging Security Breaches

Cyberpunk 2077 on Android? Better say malware

FBI, Europol take down a VPN service aimed at criminals

Flavor And Fragrance Giant Symrise AG Hit By Clop Ransomware

GoDaddy teased employees with fake Christmas bonus which was actually phishing test

Koei Tecmo discloses data breach after hacker leaks stolen data

Massive cyberattacks that shook the world in 2020

Online fraudsters hit lockdown shoppers as stolen payment cards for sale on 'dark web' rise fourfold

Police issue advice on how to stay safe in Boxing Day sales

Ransomware Attacks UCaaS Service Provider Sangoma Technologies

Ransomware threat will be controlled by the new task force formed with the help of Microsoft and Citrix

Settlement hit in data breach at hotel booker

SolarWinds releases updated advisory for new SUPERNOVA malware

TaskRabbit Reset Passwords After Credential Stuffing Attack

The SolarWinds Breach Reinforces Why Boards And Audit Committees Need More Tech Expertise

Weslaco gets legal advice on combatting data breaches

25th December

A CEO’s secrets – snooping cyber-criminals to bring down a WFH chief executive

A massive data breach exposed the weakness of the Bitcoin community

Being aware of phishing emails to keep your crypto safe

CrowdStrike releases free Azure security tool after failed hack

Fake Amazon gift card emails deliver the Dridex malware

Fake “mobile app” of Cyberpunk 2077 game is being distributed as a ransomware, don’t download it

GoDaddy apologises for fake Christmas bonus email security test

GoDaddy Apologises Over Fake Christmas Bonus ‘Phishing’ Email Security Test for Employees

GoDaddy sent an email to employees announcing a surprise holiday bonus. It was really a phishing test, and those who failed were invited to get more security training

Iran-based hacker group attacks Israeli cyber company

Kaspersky discovers COVID-19 research related cyber threats

New research reveals evolving tactics attackers use to trick victims

Police advice to beat online conmen in Ceredigion, Pembrokeshire and Carmarthenshire

Ransomware: Attacks could be about to get even more dangerous and disruptive

Ransomware attacks threaten U.S hospitals and healthcare systems

Scammers target victims using COVID vaccine news

Targeted ransomware attacks on Indian pharma firms to surge in 2021

The 10 Biggest Data Breaches that grabbed attention in 2020

This Is How Bank Of Baroda Mobile App Was Exploited By Fraudsters To Steal Money From Customers

Why cybersecurity tools fail when it comes to ambiguity

24th December

Account takeovers: Insiders need not be malicious to cause chaos

Amazon Gift Card Scam Delivers Dridex This Holiday Season

Attorney General Shapiro Successfully Resolves Sabre Data Breach Case

Bahrain sees 39% drop in Covid cyber-attacks in Q3

Beazley reports increase in ransomware severity, cost

Beware these banking scams and fraud tactics in South Africa

Boxing Day bots: Threats to e-commerce and how to stop them

Check Point MD explains how Covid-19 opened the floodgates to cyber threats

China cyber attacks: the current threat landscape

CISA releases CISA Insights and creates webpage on ongoing APT cyber activity

Citrix confirms ongoing DDoS attack impacting NetScaler ADCs

Citrix devices are being abused as DDoS attack vectors

COVID-19 Vaccine Registration: Beware! Cybercriminals Making Fake Calls and Sending Phishing Mails to 'Book' Early Slot for Vaccination

Crackdown nets gang of foreign cybercriminals in Istanbul, other cities of Turkey

DHS warns American businesses about data services and equipment from firms linked to Chinese government

Dozens sue Amazon Ring after vile hackers shout racial abuse and death threats through home cameras

Dubai Police arrest 86 people for phishing in 2020

Email hack exposes data of 485K+ Aetna, Blue Cross members

Emerging Threats in Healthcare Information Security

FBI PIN warns that ransomware attackers are calling to threaten their victims

Firms warned they 'wouldn't survive' data breach as a third fail to train staff

FreePBX developer Sangoma hit with Conti ransomware attack

GoDaddy used a holiday bonus email as a phishing scam test and people aren't happy

Government Security Experts Issue Farmers with New Advice

Hackers threaten to leak plastic surgery pictures

How to recognize and avoid phishing attacks on your business

ICO warns SolarWinds victims they must report any related breaches

Independence utility payments back online

Lincolnshire Police warning of DPD delivery scam messages

Massive cyberattacks that shook the world in 2020

Massive data breach may have been discovered due to 'unforced error' by suspected Russian hackers

Microsoft, Citrix Help Form New Task Force To Take On Global Ransomware Scourge

Misconfigured AWS Bucket Exposes Hundreds of Social Influencers

NetGalley data breach: Publishing industry website forces password reset following ‘security incident’

NetGalley discloses data breach after website was hacked

New Cyber Attack Group Cripples Another Major Logistics Player

North Korean state hackers breach COVID-19 research entities

Now Pensions members' data leaked by service partner

Personal Data From Thousands Of Pension Plan Accounts Breached...Third-Party Service Provider Blamed

Phishing attacks have increased worldwide since the start of the pandemic

Police urge Powys residents to be alert to email phishing scams

Police warn of phishing emails promise COVID-19 relief payments

Prevent Ransomware From Taking the Podium With Layered Security

Ransomware 2.0: India, Australia logged most incidents

Ransomware 2.0: India, Australia logged the highest number of incidents

Russian crypto-exchange Livecoin hacked after it lost control of its servers

Sangoma Technologies Confirms Data Breach as Result of Ransomware Attack

Scammers Keep Impersonating Shipping Companies. Here's How to Protect Yourself

Securing Online Shopping in the Post-COVID World

SEPA subject of 'significant cyber attack'

Settlement reached in data breach investigation

Sky Lakes Medical Center identifies and addresses data security incident

SolarWinds: Hacked firm issues urgent security fix

SolarWinds Hackers "Impacting" State and Local Governments

SolarWinds Sunburst: UK data watchdog issues hack alert

The Three Characteristics of a Defensible Security Program

Top 10 cyber crime stories of 2020

U.S. cybersecurity: Preparing for the challenges of 2021

UK cosmetic surgery provider hit by ransomware, customer data stolen

What the Worst Security Threats of the Year Tell Us About 2021

Why AI and security pros need to work together to fight cybercrime

Why Are More People Not Automating Certificate Management?

23rd December

6 persuasion tactics used in social engineering attacks

7 ways malware can get into your device

72% of Covid-related cyberattacks coming via fake emails

Android security: The last piece of advice you'll need for 2020

Android Users Affected by Ransomware Disguised as Cyberpunk 2077

As technology develops in education so does the need for cybersecurity

Automated Penetration Testing – Can it Replace Humans?

Corporate Endpoint Security: How to Protect Yourself from Fileless Threats and Detect Insiders

COVID sees 400% surge in cyber crime

Cyber Insurance Market Expected to Surge in 2021

Cybersecurity: Defend your business, people and data from evolving cyberattacks

DHS warns against using Chinese hardware and digital services

DHS warns of data theft risk when using Chinese products

Fraudsters bank on targeted, high-value attacks during 2020 holiday shopping season

How can the construction sector achieve cyber resilience?

How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis

Indian pharma firms at high ransomware attack risk in 2021

Ireland: Data Protection Commission Imposes A €450,000 Fine On Twitter For A GDPR Data Breach

Leaky Server Exposes 12 Million Medical Records to Meow Attacker

Malicious files detected every day increases by 5.2% in 2020, Kaspersky finds

Only 30% of companies prepared to secure a complete shift to remote work

Ransomware: Attacks could be about to get even more dangerous and disruptive

Ransomware: what is your data worth?

Russia’s hack attack demands a reckoning

Securing Crypto Exchanges To Prevent Over-regulation

Shopify stores riddled with fakes and fraudsters

Skipton Building Society prevents £61m in fraud during 2020

Tech’s bigger role in pharma industry demands stronger security measures

The Cyber Safety Threats We’ll Face: Predictions For Online Safety In 2021

The Many Ways Disinformation And Cybercrime Can Infiltrate Your Business

Top 10 cyber security stories of 2020

UK organisations using SolarWinds Orion platform should check whether personal data has been affected

US: Buying Chinese Tech is a “Grave Threat” to Your Data Security

US government seeks to make cryptocurrency transactions traceable

Web Page Layout Can Trick Users into Divulging More Info

You’ve heard of Software as a Service – now get ready for Ransomware as a Service

22nd December

4 tips for HR to reduce the risk of cyber attacks

5 Email Threat Predictions for 2021

10 Online Scams and How Much They Could Cost You

2020 - A Transformational Year in Cybersecurity

2021 - The year of data extortion

Australia must do more to prepare for a SolarWinds-style supply-chain attack

Backups are a tool – not a silver bullet – in the fight against ransomware

Beware of COVID-19 ‘smishing’ scam messages to your phone

Beware this scam involving fake Amazon and UPS messages

Biden blasts Trump administration over SolarWinds attack response

Biden is eyeing renewable energy. So are hackers

Big Tech Joins Up to Ransomware Task Force

Canada: Health info potentially breached. Be careful what you click!

CISA updates emergency directive for SolarWinds Orion compromise

Communication Issues Plague County after Ransomware Attack

Corporate Cybersecurity Defenses Outgunned by Cybercriminals

Could Fake Vaccine Criminals Be Thwarted By Technological Solutions?

Cyber criminals’ favourite VPN service Safe-Inet taken down in Europe

Cyberpunk 2077 Mobile Is Obviously Malware That You Shouldn’t Download

Cybersecurity To Remain Hot In The New Year

Data breach hits members of BlueCross BlueShield of Tennessee's vision care vendor

'Do not use the link': Warning over scam emails

Don't let a data breach sink your business: Here's what you need to know

Emotet Back in Circulation

Emotet Campaign Restarts After Seven-Week Hiatus

Enterprise cybersecurity threats spiked in 2020, more to come in 2021

FBI warns of ongoing COVID-19 vaccine related fraud schemes

Festive period prey to phishing and social engineering surge

Forward Air’s shutdown backing up shipments at key market: airports

Hackers Targeted Senior U.S. Treasury Officials in Data Breach

Hacking and ransomware are key tools for criminals right now

How Should CISOs Combat Rising "Soft" Attacks?

How the Pandemic Encouraged Businesses to Adopt a Zero Trust Model

How to combat future cyberattacks following the SolarWinds breach

How to prevent data theft on remote teleworking teams

Intel, Cisco, VMware also part of big SolarWinds hack, suffered data breach

International sting shuts down 'favorite' VPN of cybercriminals

Israeli cyber experts uncover massive attack on 85,000 MySQL servers

Just 8% of Firms Offer Regular Security Training

Ledger Issues Update on Data Breach That Leaked Personal Information of 272,000 Customers

Ledger will not compensate users affected by theft of personal data

Microsoft and McAfee headline newly-formed 'Ransomware Task Force'

Microsoft and McAfee wants to kill off ransomware forever

Microsoft Blasts NSO Group As Ruthless Cyber Mercenaries Hiding Behind Immunity Shields

Microsoft, Google, Cisco, Dell join legal battle against hacking company NSO

Ministry of Justice Suffers 17 Serious Data Breaches Last Year

Pandemic is a once-in-a-lifetime opportunity for identity thieves, fraudsters – here’s how to fight back

Phishers Spoof New York Department of Labor

Phishing scam targeting Monroe County pistol permit applicants

Police Seize VPN Service Beloved by Cyber-criminals

Predicting the chief security concerns of 2021

Prepare to Fight Upcoming Cyber-Threat Innovations

Privacy watchdog releases damning report into massive Desjardins data breach

Rangely District Hospital (RDH) resolves issues caused by April ransomware attack

Ransomware attacks a pressing threat to world in 2021

Ransomware attacks on healthcare, pharma sectors seen rising in 2021

Ransomware Disguised As Cyberpunk 2077 Mobile affecting android users

Roanoke College delays spring semester after cyberattack

Safe-Inet, Insorg VPN services shut down by law enforcement

Safeguarding your digital life is critical

Scam emails which appear to be parcel delivery company DPD which then attempt to steal bank details

Scamwatch: Banks won't ask you to click on the link

Six Trends Shaping the 2021 Cybersecurity Outlook

SolarWinds hackers breached US Treasury officials’ email accounts

SolarWinds victims revealed after cracking the Sunburst malware DGA

Spotify reset passwords following data breach

Tech firms unite to combat the growing threat of ransomware

Tech Giants Support Facebook in Case Against Spyware Maker

The 4 Key Security Gaps Every Security Team Needs To Close In 2021

The Institute for Security and Technology launches multi-sector Ransomware Task Force ransomware

The realities of ransomware: Five signs you’re about to be attacked

Three reasons why context is key to narrowing your attack surface

Top 5 Cyber Threats from 2020

Trucking And Freight Company Forward Air Suffered Ransomware Attack

Trucking giant Forward Air hit by new Hades ransomware gang

TSYS staff in Belfast and Derry told personal data at risk after ransomware attack

Twitter GDPR enforcement dispute resolved by EDPB

Understanding fraud trends during the coronavirus pandemic

UVM Medical Center admits it was victim of ransomware attack

Warning follows Covid vaccine phishing scam surge

Warning over coronavirus vaccine text message scam

Watch out for identity theft this holiday season, experts warn

What your data security team can expect in 2021: 5 key trends

Where to Focus Security Resources Mid- and Post-Pandemic

Why insider threat presents a big risk to financial services organisations

Why sharing passwords with your partner is a HUGE mistake

Worldwide new account fraud declined 23.2% in 2020

Zero Trust: Not Just for Humans, but Also Machines

21st December

3 most frequent phishing attacks and how to protect against them

5 key Security Tech trends that must be at the heart of every organization’s security strategy

5 Major Website Security Issues That Will Seriously Hurt Your Business

72% Of COVID-19-Related Cyberattacks Take Place Via Spear Phishing

72% of COVID-related cyberattacks are coming from fake emails

A Mysterious Phishing Scam Is Roiling the Publishing Industry

A second hacking group has targeted SolarWinds systems

Addressing the Manufacturing Threat Landscape

Attorney General Bill Barr says Russia IS behind massive hack which has hit swathes of federal government and biggest businesses

Auction Software Provider Hit with Foreign Ransomware Attack

Biden is 'considering cyber attacks' on Russian infrastructure in retaliation for 'Pearl Harbor of hacks' that breached 200 US federal agencies and firms - as fired DHS Cybersecurity chief Chris Krebs admits his 'failure' to stop it

Breakup Plan for Cyber Command and NSA

Businesses at risk from holiday shopping cybercrime

Central Freight Lines falls victim to cyberattack

Chinese Hackers Targeted Indian Shoppers During Flipkart Big Billion Day Sale

City of Ellensburg is the victim of a ransomware cyberattack

Clop Ransomware Attacked Symrise, Data Stolen and Systems Encrypted

Clop ransomware encrypts 1,000 Symrise computers

Connecticut Hospital Suffers Ransomware Attack

COVID-19 Exposed The True Vulnerability of Healthcare Infrastructure

COVID-19 Vaccine Scams: Avoid Those Phishing Emails

CPRA explained: New California privacy law ramps up restrictions on data use

Critical bugs in Dell Wyse ThinOS allow thin client take over

Crypto wallet data breach compromises hundreds of thousands of users

Crypto Wallet Provider Ledger Hacked: Data Leak Results in Phishing Scams

Cyber Attacks Becoming More Common

CyberPunk 2077 mobile game found to be malware

Cybersecurity Predictions for 2021

Cybersecurity pros: Are humans really the weakest link?

Data breaches could become the new PPI in 2021

Data stolen from cryptocurrency wallet provider Ledger published on hacking site

Disruption in 2020 paves the way for threat actors in 2021 and beyond

Don't get caught out by these banking scams

Don't let miscommunication lead to lapses in cybersecurity

EXMO cryptocurrency exchange hacked, loses 5% of total assets

Farmers get their own security advice as cyberattacks increase

FBI, CISA Warn of Increase in K-12 Cyber Attacks

FBI’s dark web investigations hampered by inefficiencies, overlapping objectives of different units

Five ways COVID-19 will change cybersecurity

Forward Air reveals ransomware attack, warns of revenue hit

Four tips for improving security for work-from-home employees

Frequent Attacks on Government IT systems calls for officials' training in Cyber Security

From BIAS to Sweyntooth: Eight Bluetooth Threats to Network Security

GDPR and the EU After Brexit Still Undecided

HMRC scam: Britons conned and offered hundreds in 'tax rebate' Tier 4 scam

How A Cybersecurity Firm Uncovered The Massive Computer Hack

How do we stop cyber weapons from getting out of control?

How to beef up cybersecurity at your business

How to Detect Spyware and Protect Yourself Against It

How to Mitigate the Risk of Social Engineering and BEC Attacks

Huntsville City Schools: Social Security numbers, parent emails possibly accessed during ransomware attack

Huntsville City Schools warns about personal information possibly compromised in cyber attack

Huntsville schools: Social Security numbers at risk in ransomware attack

India: Income Tax Department Warns Users On Fake Links On Refunds

Intel, Nvidia Swept Up In SolarWinds Attack

Iranian hacker group claims to have penetrated Israel Aerospace Industries (IAI)

Israeli Cyber Experts Uncover Massive Attack on 85,000 MySQL Servers

Joe Biden's team vows sanctions over cyberattacks

Law enforcement take down three bulletproof VPN providers

Ledger Cryptocurrency Wallet Users Hit With Data Leak

Ledger User Database Dumped Online, Targeted Phishing Attacks Expected?

Looking At Cybersecurity In Every Aspect Of Your Business

Main cybersecurity challenges for 2021 identified

Major data breaches that happened during the Covid 19 pandemic

Massive breach shows how espionage is carried out in the 21st century

Microsoft, Google, Cisco, and others file amicus brief in support of Facebook's NSO lawsuit

NCSC statement on the SolarWinds compromise

New report examines security threats and risk management trends in 2021

New SUPERNOVA backdoor found in SolarWinds cyberattack analysis

No One Is Safe And Why You Should Be Worried

Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat

NSA warns hackers are forging cloud authentication information

NWT Power Corporation (NTPC) still unsure how ransomware attack happened, documents show

Pandemic causes majority of businesses to shift their cybersecurity strategy

Partial lists of organizations infected with Sunburst malware released online

People’s Energy suffers data breach in 'extremely upsetting' cyberattack

Phishing scam asking recipients to validate information appears to target Texas Department of Licensing and Regulation (TDLR) licensees

Phishing scams impersonating Amazon, FedEx and UPS skyrocket

Physical addresses of 270K Ledger owners leaked on hacker forum

Preparing for The 'New-Normal' Cyber Pandemic

Principles of Effective Cybersecurity Wargames

Protecting the enterprise against the modern Bond villain

Ransomware Attacks Surge in Q3 as Cyber-Criminals Shift Tactics

Ransomware Disguised as Mobile Version of Cyberpunk 2077

Ransomware evolved: Protecting against exfiltrated data threats

Ransomware Risks in 2020: Double Extortion and Third-Party Targeting

Remote work, Bitcoin, IoT, and 5G are great news for cybercriminals in 2021

Restructuring of networks amid pandemic made India vulnerable to ransomware attacks

Russia Officially Denies Large-scale US Hack

Second hacking team was targeting SolarWinds at time of big breach

Securing Your Business from Common Cyberattack Methods

Security Predictions and Trends to Watch for 2021

Security vendors: It’s time to come clean about intrusions

Six steps to protect company data while working from home

Social engineering cyberattacks and how they’re impacting businesses

SolarWinds is the perfect storm attack on the US

SolarWinds is the tip of the iceberg

SolarWinds Vendor Supply Chain Attack: A Timely Reason to Review Procedures for Risk Assessments and Vendor Contracts

Stolen Card Prices Soar 225% in Two Years

The basics of healthcare security hygiene have never been more important

The most common banking scams of 2020

The Rise Of International Hacker Networks

The Rising Stakes of Ransomware Attacks

The scariest security horror stories of 2020

The website to use to see if scammers have your details

Today’s Mobile Workforce: Don’t Compromise on Cybersecurity

US seizes domains used for COVID-19 vaccine phishing attacks

VMware latest to confirm breach in SolarWinds hacking campaign

Watch Out For These 8 COVID-19 Cyber Scams

Web-hosting service Managed.com shuts down servers following cyberattack

When strength in numbers is on the wrong side

Why Ledger Kept All That Customer Data in the First Place

Your Guide for Digital Safety: Holiday Edition