Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 22 February 2021

Data Breaches Digest - Week 08 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 22nd February and 28th February 2021.

28th February

32Red Customers See Other Players’ Info in Shock Data Breach Glitch

Beware: AOL phishing email states your account will be closed

‘Cyberpunk 2077’ next patch delayed to second half of March after cyber attack

FBI Warns Against Vishing Scams Over VoIP

Fixing the “Human Error” Problem

Hackers exploited flaws in Accellion FTA to steal Bombardier data

Hackers seized on the pandemic. Some states are fighting back

Hampshire residents scammed out of £16m by investment fraudsters

How Businesses Can Mitigate Security Risks In The COVID-19 Era

How to encourage cyber-safe behaviour at work without becoming the office grouch

Law Firms as Targets For Hackers - Risks and the Way Forward

Oxford University lab studying COVID-19 targeted by cyberattack

Philippines: Civil Service Commission data breach, thousands of user details exposed

Police and UK banks stopped £45m of fraud in 2020

Ransomware attacks rise in 2020, SaaS apps are the new target

RMIT attack underlines need to train all uni staff in cyber safety

Russian hackers target Ukrainian government agencies with watering-hole attacks

Ryuk Trojan Attacking Via WiFi Networks

Scammers take advantage of COVID fears to commit vaccine fraud

Some San Diegans’ personal information provided to Jewish Family Service exposed online

These Are The States Most At Risk For Ransomware Attacks

27th February

A Collection of User Data Allegedly Sourced from Android VPNs Appeared for Sale

Avoiding the bait of a phishing expedition

Data Breaches – One of The Worst Crises

Here’s how hackers are able to crack your passwords

Is that email from the NHS or a fraudster?

Mexico, favorite of hackers in Latin America

Michael Giannulis Offers Tips for Fortifying Cybersecurity for Your Small Business

Npower Will Not Use the App that was Exploited by Hackers Anymore

NSA, Microsoft promote a Zero Trust approach to cybersecurity

Researchers Find Numerous Risks in the Alexa Skills Ecosystem

Secondary school pays ransom after being hit by a cyber attack

Should California drivers be worried about DMV contractor’s data breach?

SolarWinds’ security practices questioned by lawmakers following cyber attack

T-Mobile Announces Data Breach Following SIM Swap Cataclysm

Wawa might owe you money or gift card, according to proposed data breach settlement

Why Do Chief Security Officers Leave Jobs So Often?

Why would you ever trust Amazon's Alexa after this?

Youngest, oldest are most vulnerable to scams

Zee5 Data Breach: PII of 9 Million Zee5 Users’ Allegedly Leaked Online

26th February

45,000 patients at Covenant HealthCare potentially exposed by data breach

Attacks on industries supporting Covid-19 response efforts have doubled

Australia: Government must help business tackle ransomware

Australia: Ministers’ private email accounts in historical data breach

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

Chinese Hackers Target Tibetans with Malicious Firefox Extension

Comparing different AI approaches to email security

Covid-19 sees rapid cloud adoption, rise in double-extortion ransomware

COVID-19 vaccine security: an assessment of the risks, both physical and cyber

Cyberattack rate per healthcare organisation up 37% in 2020

Cybercrime groups are selling their hacking skills. Some countries are buying

Cyberpunk 2077 Developers get locked out of their systems after Ransomware attack

Data breach investigation in Indian Army

Dozens of institutional abuse victims to sue over data breach

FBI Investigating Michigan School District Hack

Fifty percent of all ransomware attacks are against manufacturers, research

Four tips to help businesses navigate today’s threat landscape

Go malware is now common, having been adopted by both APTs and e-crime groups

Hackers hold jeweller’s Instagram account to ransom

Hackers Leaked Secret Details of This Military Spy Plane

Hackers using malicious Firefox extension to phish Gmail credentials

Healthcare Cyber Attacks Rise by 55%, Over 26 Million in the U.S. Impacted

Healthcare security services firms tackle ransomware spike

How stalkerware can threaten your safety and privacy, and how to avoid it

ICS threat landscape highlights

Identity Theft Attacks Channeled Millions in Jobless Claims to Inmates

India: Army probes data breach as massive Northern Command espionage case could see heads roll soon

India: Officials targeted in new phishing bid via government IDs

LastPass for Android Is Using Seven Trackers and Several Risky Permissions

Lazarus Targets Defense Companies with ThreatNeedle Malware

Legal firm to have accidentally leaked 15,000 cases via the cloud

Majority of malware now delivered via cloud apps

Making this Year Better for Cybersecurity

Malicious Firefox extension allowed hackers to hijack Gmail accounts

Malware Gangs Partner Up in Double-Punch Security Threat

Malwarebytes unveils a new APT group: LazyScripter

Massive rise in threats across expanding attack surfaces

NCSC reveals plan to help secure UK SMBs

Nearly half of SMBs believe they are too small to be hacked

New York Cyber Task Force launches report revealing national cybersecurity response readiness

North Dakota hospital informs 1,500 patients of data breach

Notices to go out to 1.3 million Washingtonians affected by unemployment data breach

Npower Ditches App After Credential Stuffing Attacks

Npower shuts down mobile app following data breach

Npower takes down app after customer data breach

One in four people use work password to log on to personal sites, increasing the risk to the enterprise

One in four people use work passwords for consumer websites

Oxford University lab with COVID-19 research links targeted by hackers

Oxford University says Covid-19 lab hacked, research not affected

Pandemic Cyber Crime, By the Numbers

Ransomware: Beware of 13 Tactics, Tools and Procedures

Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance

Ransomware still a huge cyber threat in 2021

Ryuk ransomware now self-spreads to other Windows LAN devices

Securing data in a telework environment: modern defense solutions

Sequoia Capital discloses data breach after failed BEC attack

T-Mobile discloses data breach after SIM swapping attacks

Tax scams still pose a risk after you file your taxes. Key details and how to protect yourself

The rise, fall and rise of ransomware

The rise of non-English language spear phishing emails

TikTok Agrees to Pay $92 Million in Class-Action Settlement

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

TikTok Set for Massive $92m Payout Over Privacy Suit

TikTok Settles $92 Million Lawsuit For Privacy Data Breach On Minors

Twitter scammers earned over $145k this week in Bitcoin, Ethereum, Doge

Understand Your Staff: How Insiders Shape Defenses

USA Third Most Affected by Stalkerware

25th February

4 Common Myths About Cyber Resilience

16 Critical Things Every Business Leader Should Know About Ransomware

6,000 VMware vCenter Devices Vulnerable to Remote Attacks

Amazon data breach fears: 'Millions of people's security' at risk – Insiders raise alarm

Army CID offers recommendations regarding ransomware attacks

Attackers scan for vulnerable VMware servers after PoC exploit release

Australia: Labor calls for national ransomware strategy

Babuk ransomware targets five industries

CD Projekt staff reportedly locked out of computers after ransomware attack

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

CISA warns of vulnerabilities in file transfer services after ransomware attacks on Centene, Kroger

Cleveland FBI investigating Cuyahoga Metropolitan Housing Authority (CMHA) computer ransomware attack

Cloud Ransomware Hit Nearly 40% of Healthcare Organizations in 2020

Cryptocurrency exchange in liquidation due to hack, hacked again

Cyber-pandemic: The most notable cyber attacks of 2020

Cyberattack rate per healthcare organisation up 37% in 2020

Data breaches have lasting financial effects on hospitals

DDoS Ransom Attacks: What You Need to Know

Don’t Make Friends With Social Media Phishing Scammers

Dutch Analysis Council (NWO) confirms ransomware assault, information leak

Dutch research funding agency, paralyzed by ransomware attack, refuses to pay up

ENISA Releases Guidelines for Cloud Security for Healthcare Services

FBI, Michigan State Police investigating cyber attack on Saginaw Township schools

Four ways proxies can help shield businesses

Harvard Business School Data Breach Tests MBA Students’ Trust

Healthcare Cyberattacks Doubled in 2020, with 28% Tied to Ransomware

Indian Army orders probe in alleged data breach in Northern Command

Indian Army Probes Alleged Data Breach In Northern Command Amid Border Tensions

Insider Cloud Data Theft Plagues Healthcare Sector

Ireland: More than 6,600 data security breaches notified last year

Lazarus Hits Defense Firms with ThreatNeedle Malware

Nearly 30% of cyberattacks on hospitals in 2020 were ransomware

Nearly Half of All Credential Phishing Lures Feature a Microsoft Product

New Jersey hospital warns consumers of data breach

Nominet Announces Expansion of Initiative to Educate Online Users on Cybercrime

Npower scraps app after financial details stolen in data hack - what you need to know

NurseryCam daycare monitor suffers data breach, according to UK media

One Ransomware Victim Every 10 Seconds in 2020

Personal data of 45,000 people potentially exposed in Covenant HealthCare data breach

Phishing fuels proliferation of profiteering practices in pandemic

Proposed settlement could give Wawa shoppers affected by data breach up to $500

Ransomware, Phishing Will Remain Primary Risks in 2021

Royal Mail sends urgent warning to millions of UK customers over new delivery scam

Sensitive data breach reported at Army Northern Command

So far, ransomware attacks way down at schools, hospitals in 2021

Students’ Information Compromised by Data Breach at Harvard Business School

The Fault in Our Emails: Why Everyone Still Falls for Phishing Attacks

These four new hacking groups are targeting critical infrastructure, warns security company

This chart shows the connections between cybercrime groups

TietoEVRY hit by ransomware group

Top ransomware group profits more than $123M in 2020

Venture Capital giant Sequoia Capital discloses data breach after failed BEC attack

Washington State Auditor's Office (SAO) To Begin Notifying Victims Of Unemployment Data Breach

Wawa would pay customers $9M in cash, gift cards in proposed settlement

Why 2021 Can be a Year to Change the Trajectory of Cyber Adversaries

24th February

3 Security Flaws in Smart Devices & IoT That Need Fixing

£3.5 billion Bitcoin stolen; recoverable. Hope for thousands of others

5 Reasons Hackers Target Mobile Devices And How To Stop Them

5 tips to protect your organization against the next cyberattack

10 tips for protecting your cloud data and accounts

10K Microsoft users targeted by FedEx and DHL phishing attack

39% of Healthcare Organizations Suffered Ransomware Attacks in the Cloud in 2020

2021 X-Force Threat Intelligence Index Reveals Peril From Linux Malware, Spoofed Brands and COVID-19 Targeting

A Powerful New Approach to Phishing — the Biggest Issue in Cybersecurity

Along with COVID, France’s Hospitals Battle Cyberattacks

Babuk ransomware unsophisticated, but highly dangerous

BlackBerry 2021 Threat Report: Are Hackers Increasingly Targeting MSSPs

Bombardier Suffers Cyber Attack

Botnet Abusing Bitcoin Blockchain To Evade Detection

Chatham County: What to do if your personal data has been stolen

Cisco fixes maximum severity MSO auth bypass vulnerability

Cl0p ransomware gang hits Aviation giant Bombardier, leaks sensitive data

Clop Ransomware Leak Portal Publishes Bombardier Data

Cloud apps are increasingly being used to deliver malware

CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses

Coronavirus vaccine scams – fraud experts give their top tips to help you stay safe

CrowdStrike Slams Microsoft Over SolarWinds Hack

CybelAngel Reveals How Cybercriminals Target Healthcare Sector

Cyber resilience: Protecting the vaccine supply chain

Cybercrime cases in the Netherlands more than doubled in 2020

Cybercrime Could Cost the World $10.5 Trillion Annually by 2025

Cybercriminals are continuously changing their ways for attacks through a new phishing scam which is capable of bypassing old-style URL defense

Cybercriminals Target QuickBooks Databases

Cybersecurity Agencies Warn of Accellion Vulnerability Exploits

Dark Web Analysis: Healthcare Risks Tied to Database Leaks, Credentials

Experts warn cyber crime threat for car dealers increasing as conmen use pandemic quirks to steal cash

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Five Eyes members warn of Accellion FTA extortion attacks

Healthcare bore brunt of cyberattacks in 2020, study says

Heavily used Node.js package has a code injection vulnerability

How to combat the latest security threats in 2021

How to make sure you are safe while surfing the web?

How to protect yourself from common job search scams

Human rights activists in Vietnam targeted by spyware

In major product update, Veeam rolls out ‘ransomware-safe’ backup repositories

Kia hit by ransomware? Reports say yes, carmaker says no

Kroger data breach highlights urgent need to replace legacy, end-of-life tools

LazyScripter hackers target airlines with remote access trojans

Legal Firm Leaks 15,000 Cases Via the Cloud

Medical Data of 500,000 French Residents Leaked Online

Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Mobile phishing against government surged with pandemic telework

Mobile Phishing to Steal Government Credentials Increased 67% in 2020

More than 6,700 VMware servers exposed online and vulnerable to major new bug

Most businesses see state-sponsored cyberattacks as a major threat

NASA and the FAA were also breached by the SolarWinds hackers

National Privacy Commission (NPC) probes data breach in lending app

Netskope Research Finds Majority of Malware Now Delivered via Cloud Apps

New APT Group Targets Airline Industry & Immigration

New York State Education Department (NYSED) warns of phishing scam targeting licensed professionals

NHS in Leeds urges people not to fall for these Covid vaccine scams

NurseryCam data breach: Personal data records accessed by hacker

Over 8 million COVID-19 test results leaked online

Personal info might have been hacked after January Clearfield County cyber attack

Phishing scam targets New York medical professionals

Phone scam reports tripled in January, says HMRC

Poor Remote Working Behaviors and Procedures Putting Orgs at Risk

Premier League Teams Train Together in Defense Against Cyber-Attacks

Prevention of Phishing Attacks in 2021

Ransomware Attack Delays Cyberpunk 2077's Next Major Patch

Ransomware Attacks Double Against Global Universities

Ransomware gang extorts jet maker Bombardier after Accellion breach

Ransomware threats to watch for in 2021 include crimeware-as-a-service

Report sheds light on how cybercriminals target healthcare

Royal Mail warns customers of new scam that targets people by text and email

Russian hackers linked to attack targeting Ukrainian government

Russian Hacking Group Deploys IronPython Malware Loader

Startups and SMEs need to be more vigilant about cyber-attacks in 2021

Study Finds 50% of SMBs Have Experienced a Website Breach And 40% Are Being Attacked Monthly

Successful Phishers Make Slim Gains in 2020

Telework exposes U.S. government employees to increasing credential-theft mobile attacks

The world is facing a 'global cybercrime pandemic'

These phishing scams impersonate popular shipping companies

Three Ways MSPs Can Improve Supply Chain Security

TransLink response to data breach angers Unifor local unions

TransLink slow to reveal crucial details about ransomware attack, says union

U.S. municipalities are the perfect target for cybercriminals in 2021

Ukraine reports cyber-attack on government document management system

Union says TransLink has been slow to reveal details about ransomware attack

Universities Face Double Threat of Ransomware, Data Breaches

Updated Minebridge RAT Targets Security Researchers

Using Insurance Data to Better Tackle Ransomware

Vietnam: Activists targeted by notorious hacking group

Vietnamese Hackers of “Ocean Lotus” Are Targeting Human Rights Activists

Want to pass on your old PCs to good causes? Here's how to do it while staying secure

Wawa Expected to Pay $9 Million to Customers for Data Breach

What do users and IT have in common? They're both to blame for poor remote security practices

Why phishing and ransomware should be at the top of your c-suite's security concerns

Why Ransomware Protection and Digital Services Are Key State Government Concerns

Will Clubhouse's recent breach throw a wrench in its momentum?

23rd February

5 Dangers Caused by Ransomware for Businesses of All Sizes

10K Microsoft Email Users Hit in FedEx Phishing Attack

10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express

84% of Critical National Infrastructure (CNI) Orgs Experienced Cyber-Attacks in the Last Year

95% of IT leaders say that client and company data is at risk on email

119k Threats Per Minute Detected in 2020

Accellion FTA attacks, extortion attempts might be the work of FIN11

Access all areas: Flourishing trade for black hats who specialize in the initial breach of organizations exposed

Active Directory Security and Hardening: An Ethical Hacker’s Guide to Reducing AD Risks

Adversaries exploit supply chains, double down on COVID-19 and ransomware

Airplane maker Bombardier data posted on ransomware leak site following FTA hack

APT32 state hackers target human rights defenders with spyware

Best Practices for Managing Cyber Risks in a Cyber World

BlueVoyant Report Reveals Ransomware is the Number One Cyber Threat facing Higher Education

Bombardier: Confidential information exposed in recent data breach

Bombardier says confidential information was exposed in recent data breach

Center for Internet Security (CIS) Offers All US Hospitals Free Ransomware Protection Service

Cloud Infrastructure Misconfigurations Take 25 Days to Fix

Clubhouse confirms data spillage of its audio streams

Clubhouse suffers data breach

Companies Under Cyber Attack

Cyber security firm saw attacks rise by 20% during 2020

Cybersecurity: Prevention Better than Cure

Daycare Webcam Service Exposes 12,000 User Accounts

Deleted Keybase chat images retrievable on Windows, macOS, Linux

Everything You Need to Know About Phishing and Pharming

Filipino credit app Cashalo suffers data breach

Finnish IT Giant Hit with Ransomware Cyberattack

Finnish IT services giant TietoEVRY discloses ransomware attack

FireEye: Accellion FTA Attacks Could be FIN11

FireEye researchers spot patterns in Accellion FTA attacks

Hackers hit 10,000 mailboxes in phishing attacks on FedEx and DHL Express

How cyberattacks can threaten colleges and universities

IBM issues patches for Java Runtime, Planning Analytics Workspace, Kenexa LMS

IBM Squashes Critical Remote Code-Execution Flaw

Images Deleted on ‘Keybase’ Chat Are Still Retrievable

In-House Legal Teams Increasingly Responsible for Cybersecurity

India’s IT Protection Centre Compromised by ‘Sakura Samurai’ Hackers

Inside a ransomware attack on a small trucking company

Is your company losing data amid remote work?

Keybase patches bug that kept pictures in cleartext storage on Mac, Windows clients

Lone wolves exist but say hello to Ransomware Inc

Louisiana College Cyber-Thief Sentenced

Microsoft users targeted by fake FedEx and DHL emails

Most Firms Now Fear Nation State Attack

Networks and breaches

New Partnership Launched to Improve Cyber-Resilience in Scotland

NurseryCam suffers data breach after security concerns raised

Organizations are at growing risk from Initial Access Brokers

Personal data of 600 people exposed by Scottish Borders Council data breach

Physical cyber threats: What do criminals leave when they break in?

Ransomware: Sharp rise in attacks against universities as learning goes online

Ransomware attack or not, Kia’s resilience is under the microscope

Regulator investigating Cashalo data breach

Scammers Are Now Tricking Texans Through Impersonated Calls

Sophos explains the workings of 'Conti' ransomware

Surge in ZLoader Attacks Observed

These hackers sell network logins to the highest bidder. And ransomware gangs are buying

Think Tank Warns of “Silent Stealing” Fraud

Top 5 things to know about network attacks

Top cloud infrastructure risks faced by real-world organizations

TransLink workers sent letters saying what info hackers were able to copy

Transport for New South Wales confirms data taken in Accellion breach

Twitter removes accounts of Russian government-backed actors

Ukraine: DDoS attacks on govt sites originated from Russia

VMware fixes critical RCE bug in all default vCenter installs

Warning as criminals sell fake Covid vaccines

22nd February

8 Ways Ransomware Operators Target Your Network

10 COVID-19-related lessons for future-ready cybersecurity

30,000 Macs infected with new Silver Sparrow malware

Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims

Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11

Assume Clubhouse Conversations Are Being Recorded, Researchers Warn

BBC Reports Theft of 105 Electrical Devices

Center for Internet Security (CIS) Offers Free DNS Security Tool for US Hospitals

Chinese hackers cloned attack tool belonging to NSA’s Equation Group

Chinese Hackers Hijacked NSA-Linked Hacking Tool

Chinese Hackers of the ‘APT31’ Had Reportedly Stolen NSA Spyware Code

Chinese hackers used NSA exploit years before Shadow Brokers leak

Clubhouse suffers ‘data breach’ after third-party developer designs app for Android users

Concern as Attacker “Breakout” Time Halves in 2020

Council apologises for free school meals payment data breach

Criminals leveraging shift to remote work to develop targeted attacks

Cyber fraudsters switching from big money scams to ‘silent stealing’

Cyber-risk to critical infrastructure reaches all-time high

Data protection fines could be pushed to 2022 in Brazil

Database encryption: Protecting the crown jewels

Emmanuel Macron pledges €1bn for cybersecurity after hospital ransomware attacks

Exponential increase in malware and exploit activities

FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group

Former Employee Behind Earthquakes Stadium Hack

Fraudsters leveraging the NHS brand in fresh COVID-19-related phishing scam

Fraudsters Using Telegram API to Harvest Credentials

Global Accellion data breaches linked to Clop ransomware gang

Hackers expose Hyundai logistics data after apparent ransomware attack

Hackers have eye on 6 Bangladeshi organisations

If you receive an email that invites you to play the beta, do not open it, it is phishing

Kia and Hyundai recovering from days-long network outages

Kia Motors says major IT outage was not because of a ransomware attack

Kroger is latest victim of third-party software data breach

Kroger reports data breach from third-party file transfer service

Mysterious malware infects 30,000 Mac computers

New cloud security analysis finds default configurations and identity management are the biggest concerns

New report reveals evolving risks and insecure defaults in the cloud

New Silver Sparrow malware infects 30,000 Macs for unknown purpose

Organisations turn the tide on ransomware attackers

Powerhouse VPN products can be abused for large-scale DDoS attacks

Python programming language hurries out update to tackle remote code vulnerability

Ransomware Attacks Remain Persistent and Pervasive

RMIT claims 'significant progress' in bouncing back from Friday's IT outage

Scottish Borders Council suffers data breach

Security researchers discover VMware bug that could allow remote command execution

Sequoia Capital is hacked due to phishing scam

Sequoia Capital Suffers Data Breach

SHAREit fixes security bugs in app with 1 billion downloads

Silicon Valley Venture Capital Firm Phished

Silver Sparrow malware on 30,000 Macs leaves security pros confused

“Silver Sparrow” Malware Perched Inside 30,000 M1 Macs

SolarWinds hackers continued attacking Microsoft until January

Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter

Telephony Denial-of-Service (TDoS) Attacks Take Aim at Emergency First-Responder Services

Texas electric company warns of scammers threatening to cut power

Top-clicked phishing tests

US Prosecutors Unveils New Charges Against North Korean Hackers

US Retailer Kroger Admits Accellion Breach

Venture Capital firm Sequoia Capital suffers data breach, investor information stolen

Why non-human workers can increase security issues in your business