Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 12 April 2021

Data Breaches Digest - Week 15 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 12th April and 18th April 2021.

18th April

Discord Nitro gift codes now demanded as ransomware payments

Even now, it might take you weeks, at least, to detect a cyber intrusion

Facebook privacy breach - Lesson for Organisations to learn from this

Filipino-Korean cybercriminals, hackers busted in Angeles

Hackers are targeting Pakistani taxpayers with Federal Board of Revenue (FBR) emails containing harmful malware

India’s Cyber Agency Flags WhatsApp Risks; Recommends Updates

Ireland’s Privacy Commission begins a large-scale data breach investigation on Facebook

New modus operandi by fraudsters to withdraw money from ATMs

Over 30 Lakh Cybersecurity Jobs Vacant, Even As Hack Attacks Grow Worldwide

Phone House suffers a cyber attack: data from 3 million Spanish customers at stake

Students warned of data breach after cyberattack hits University of California system

Swinburne University's data breach hits over 5,000 individuals

The perils of suing crypto exchanges after ransomware attacks

The true cost of data breach fatigue could be detrimental to our security

Thousands of queer men’s details stolen in cyber attack on gay dating site Manhunt

TV licence alert: How to report text & email scams as Boris Johnson is urged to act

US sanctions cryptocurrency addresses linked to Russian cyberactivities

What Is Logic Bomb Malware and How Can You Prevent It?

WordPress to automatically disable Google FLoC on websites

17th April

Bank with Wells Fargo or Chase? Hackers are coming after you

Codecov Informs of a Supply Chain Hack That Goes 2.5 Months Back

Fortinet’s tips on how to keep kids safe online

How to Delete Your Facebook Account: A Step-by-Step Guide

Major BGP leak disrupts thousands of networks globally

More than 3.1 Million vacancies unfilled in Cybersecurity positions all across the world

Ryuk ransomware operation updates hacking techniques

Threat hunting for today’s enterprises

Twitter account of Philippine Statistics Authority hacked

16th April

1-click code execution vulnerabilities in popular software apps

44% of healthcare cyberattacks caused by network breaches

A hacker claims to be selling sensitive data from OTP generating firm

A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack

BazarLoader Malware Abuses Slack, BaseCamp Clouds

Can AI be Used to Mitigate Human Error?

Can the Aviation Community Stop a Cyber Attack from Taking Off?

Clubhouse Joins Facebook and LinkedIn as Target of Data Scraping; Cumulative One Billion User Profiles Have Been Leaked

Consumers worry about the cybersecurity of connected vehicles

Criminals Are Abandoning Bitcoin, Says Former CIA Director – Here’s Why

Crypto Lender Celsius Suffers Data Breach Through Third-Party Mailing List

Cryptojacking: How to Guard Against Cryptocurrency Criminals

Cyberattack on UK university knocks out online learning, Teams and Zoom

Data breach exposes financial support from police officers for fascist shooter Rittenhouse

Data breach of thousands of Chattanooga Library card owners revealed

Debunking Three Cyber Insurance Myths For SMEs

Digital rights group to sue Facebook over mass 2019 data breach

Dispelling the myths around passwordless authentication

Encrypted Data in the Cloud

Essential Security Guide For Your Email Marketing Campaign

Essentials to Consider When Choosing a Cloud Security Posture Management Solution

FBI cleans web shells from hacked Exchange servers in rare active defense move

Gay dating app Manhunt hacked, exposing thousands of users’ data

Genshin Impact 2FA will be introduced to help improve security for player accounts

Google faces massive fines after world-first data breach ruling

Google Project Zero testing 30-day grace period on bug details to boost user patching

Google to Delay Publishing Bug Details for 30 Days

HackBoss malware poses as hacker tools on Telegram to steal digital coins

Hillsborough Schools Recover, Plan to Reopen Monday after Cyber Attack

How (and why) cyber specialists hacked a North American utility's smart meter

How the Kremlin provides a safe harbor for ransomware

How to Secure Your Employees Against Hackers

Isolated data breaches leave student, university files vulnerable

It's not all doom and gloom in cybersecurity with remote workers

Latest on ransomware attack on 24 schools near Bristol

Maharashtra cyber's anti-phishing unit received 5,226 complaints in two years

Major data breach at cleaning and catering company Spotless

Many CISOs are drowning in ‘security debt’

MeterUp Parking App Hacked, Personal Information Accessed

Microsoft remains most imitated brand for phishing

Organizations Improve Detect, Response Capabilities, FireEye Mandiant Report Finds

ParkMobile app hacked, may affect some who park in downtown Columbia

Phishing 101: How It Works & What to Look For

Popular Codecov code coverage tool hacked to steal dev credentials

President Biden issues sanctions against Russia for cyberattacks, election interference

Protecting the human attack surface from the next ransomware attack

Ransomware Attacks in 2021: Information Meets Emotion

RCM vendor data breach affects 136,000: 5 hospitals, health systems involved

Russian foreign intelligence service exploiting five publicly known vulnerabilities to compromise U.S. and allied networks

Slack and BaseCamp used to lure users into downloading malware

Small business clients are making these cyber security errors

SolarWinds cyber strike: Russia did it, say US and UK

State institution in Slovakia became target of ransomware attacks

The basic cybersecurity controls that every company MUST have

The Many Faces of Malware: A Tour of Real-World Samples

The parallels of pandemic response and IoT security

Trickbot Actors Target Slack and BaseCamp Users

Update to REvil ransomware changes Windows passwords to automate file encryption via Safe Mode

US Indicts SecondEye Operators

US Issues Russian SVR Warning

US Sanctions Russia for Cyberattacks and Election Interference

Was Braman Motors target of hackers demanding ransom money? Employee says it’s true

Why Cyber-Attacks are the Biggest Threat to Online Businesses

Why is Cyber Security Essential in the Education Sector?

Why the pandemic has been a catalyst for ransomware attacks and what to do about it

Why You Should Worry About the Booming Dark Web Economy

15th April

6 Insider Data Loss Prevention (DLP) Risk Indicators

103,573 mobile malware detected in Malaysia last year

A guide to two-factor authentication, the two-part security test for your online accounts and devices

A Look at Digital Attacks on Gaming Resources During the Pandemic

A truly agnostic approach to key encryption removes the risks in hybrid cloud

Advice for aspiring threat hunters, investigators, and researchers from the old town folk

Are BaaS Solutions the Answer to Spike in Ransomware Attacks?

Arrest Made Over California City Data Breach

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Aussie Biz Warned: Phishing Attacks Are On The Way

Australia: Government urges businesses to patch Microsoft Exchange

Behind the Great Firewall: Chinese cyber-espionage adapts to post-Covid world with stealthier attacks

Better than the best password: How to use 2FA to improve your security

Beware! There’s A New Fake Maybank Website Tricking Malaysians & Stealing Banking Information

Boost your organisation’s digital security with ‘Zero Trust’

CISOs Must Focus on People and Technologies Amid Rising Attacks

City’s IT Team Catches Alleged Data Breach in Finance Department

Consumer Alert: Why the Facebook data breach is a big deal

Council's Government cyber attack cash may have to be repaid unless conditions are met

COVID-19 attack campaigns continue to surge in 2H20

Cybercriminals get bolder as impact from SolarWinds and ransomware grows

Cyber insurance market reacts to ransomware epidemic

Cybersecurity: Ransomware – to pay or not to pay?

Digital Devices Took Over Our Lives In 2020: Here's How To Stay Secure

Dirty Tricks: The Latest in Ransomware Tactics

Europe's Data Protection Guardians Green Light EU-UK Data Flows

Fake Version of TikTok App Has Started Spreading Adware

Four out of 10 mobile phones vulnerable to cyber-attacks

Global Attacker Dwell Time Drops to Just 24 Days

Government most targeted for ransomware

Hacker Is Selling Live Server Access to an OTP-Generating Telco

Hackers flood the web with 100,000 pages offering malicious PDFs

Hackers Steal Data of 200K During CareFirst BlueCross DC Cyberattack

Heartbreak and Hacking: Dating Apps in the Pandemic

Hertfordshire University cyber-attack takes out all IT systems

Houston Rockets Hit by the “Babuk” Ransomware Gang

How Facebook’s recent data breach affect its users

IBM Uncovers More Cyber Attacks on COVID-19 Vaccine Supply Chain

Important Strategies for Aligning Security With Business Objectives

Ireland’s Data Commissioner Launches GDPR Inquiry into Facebook Data Breach

Lloyds Bank warning as Britons targeted by suspicious text

Machine learning-powered cybersecurity depends on good data and experience

Malware Variants: More Sophisticated, Prevalent and Evolving in 2021

Microsoft is most impersonated brand in phishing attempts

Ministry of Manpower's (MOM) warns public about fake e-mail seeking info

NBA's Houston Rockets probing cyber attack, working closely with FBI

NSA: Top 5 vulnerabilities actively abused by Russian government hackers

Open source security, license compliance, and maintenance issues are pervasive in every industry

Outdated VPN device led to Capcom cyberattack

Phishing attack ramps up against COVID-19 vaccine supply chain

Popular NFT marketplace Rarible targeted by scammers and malware

Ransomware: To Pay or Not to Pay?

SolarWinds: US and UK blame Russian intelligence service hackers for major cyber attack

Some cheeses have holes, but your cyber security strategy should not

'Staggering, concerning': Aon says ransomware now 'truly weaponised'

The Android app that steals your bank details

The business case for SOC-as-a-Service

The force of biometrics in post-pandemic financial services security

The Montefiore Medical Center Had Its Fourth Breach in 7 Months

The Need for a Cybersecurity Protection Agency

The Top 5 Reasons Hackers Might Target Your Small Business

Trickbot: Attackers Using Traffic Violation Scam to Spread Malware

University of Hertfordshire hit by cyber attack

University of Hertfordshire hit by major cyber attack on 'all systems' as online teaching cancelled

University of Hertfordshire Suffers Cyber-Attack That Takes Down its Entire IT Network

University of Hertfordshire's entire IT system offline after cyber attack

Unpatched MS Exchange servers hit by cryptojacking malware

US government confirms Russian SVR behind the SolarWinds hack

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

Users becoming more savvy with COVID phishing scams

Warning for Android users over Brazilian trojan sweeping the US and Spain: Downloading a dodgy app could leave you open to banking fraud

Wells Fargo and Chase now among most imitated brands in phishing attacks

Why is phishing so successful for scammers?

Why ransomware victims are deciding not to pay up

Why Security Awareness Training is a Top Cybersecurity Investment for Business

Why Traditional Cybersecurity Tools Cannot Defend Against Zero-Day and No Signature Attacks

14th April

14.3 million South Africa Facebook users hit by data leak – check if you are affected

14.3 Million South African Facebook Users Implicated by Data Breach

15% of Brits use their pet’s name as a password

330 million people across 10 countries were victims of cybercrime in 2020

A complete Facebook data breach & privacy leak timeline (2005 to 2021)

As ransomware rises, backup-as-a-service is worth a consideration

Aviation Industry Lacks Cohesive Cybersecurity Approach

Bad Bots Could Disrupt #COVID19 Vaccine Rollout

Bank hacks, online merchandise fraud and phishing attempts have skyrocketed during COVID-19 pandemic

Capcom Blames 'Old VPN Device' for 2020 Ransomware Attack

Capcom Reveals Ransomware Hack Came from Old VPN

Change your passwords! Dating site Manhunt reveals major data breach

Check Point Research highlights emerging threats of IcedID banking trojan

Cheesy hack: Ransomware attack on Dutch logistics company leaves supermarket shelves empty

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

Cyber criminals are targeting the cloud - here’s how to defend against them

Cyber Threat: 5 Key Ways Your Business Computer Can Be Hacked

Cyberattack Wrecks Return to School for Massachusetts District

Cybercriminals targeting unpatched Exchange servers by installing cryptojacking malware

Cybersecurity funding hits all time high in 2020

Cybersecurity training lags, while hackers capitalize on the pandemic

DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency

DDoS attacks increased by 20% in 2020, meaning everyone should consider themselves at risk

Detection capabilities improve, but ransomware surges on

Does the Cloud Solve Your Cybersecurity Challenge?

EMEA firms experience surge in external compromise detections

Facebook: Ireland opens privacy probe into tech giant data breach

FBI accesses ProxyLogon target servers to disrupt cyber criminals

FBI accessing computers accross US to remove malicious web shells

FBI cleans up infected Exchange servers

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs

FBI removes web shells from hacked Microsoft Exchange servers

FBI Removes Web Shells from Infected Exchange Servers

Free parking app popular in Charlotte, other cities confirms user data breach

Get your firm to say goodbye to password headaches

Grocery startup Mercato spilled years of data, but didn’t tell its customers

High numbers of schools hit by phishing, account compromise and ransomware attacks

Hospitals: Striking the balance of cybersecurity, interoperability and digital health

How B2B Firms Are Confronting Increased Security Threats As Work Goes Remote

How Businesses Can Survive and Thrive Amidst the New Fraud Landscape

How Fraudsters Nearly Stole $17.5 Million via PPE Fraud

Huge spike in ransomware attacks calls for adoption of backup as a service solutions by modern enterprises

IBM flags more cyber attacks on COVID vaccine infrastructure

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Industry Watch: Internet crime complaints rise

Ireland’s online privacy watchdog to investigate Facebook over data breach

Major firms disclose breaches in the wake of SolarWinds attack

Majority of Mobile App Vulnerabilities From Open Source Code

Maybank Warns Against Fake Maybank2u Websites Phishing For Customer Details

McAfee Sees COVID-19 Themed Threats and Powershell Malware Surge

Meet the Ransomware Gang Behind One of the Biggest Supply Chain Hacks Ever

Microsoft Patches Four More Critical Exchange Server Bugs

Most imitated brands in phishing emails in Q1 2021

Municipal Parking App Reports Cybersecurity Breach

Nasty Windows 10 ransomware is capable of changing YOUR login password

NBA Attacked with Alleged Ransomware 500 GB of Houston Rockets Data Stolen Including Contracts and More

New Jersey School Districts Investigate Cyber-Attacks

North American Electric Reliability Corporation (NERC) Says 375 Electricity Providers Installed the Laced SolarWinds Update

Over 3.5 Million Websites Vulnerable to Multiple ‘Elementor’ Flaws

Over 14 million South Africans included in Facebook data leak

Phishing Campaign Targeting COVID Vaccine 'Cold Chain' Expands

Police warn of phishing scam involving texts and e-mails impersonating DHL and SingPost

Practical advice to stop you from losing your data

Ransomware Actors Hit ‘ASBIS CZ’ and Paralyzed All Selling Activities

Ransomware Attack Creates Cheese Shortages in Netherlands

Ransomware attacks a kids school – raising threat on America

Remember GDPR? Expect another set of cyber regulations around vulnerabilities

Research finds sharp increase in Initial Access Brokers listings

Rise of Double-Extortion Shines Spotlight on Ransomware Prevention

SAP fixes critical bugs in Business Client, Commerce, and NetWeaver

Scammers using more sophisticated tactics

Securing Remote Health Care Post-COVID-19

Security crucial as 5G connects more industries, devices

Singapore: Ministry of Manpower (MOM) warns of phishing scam seeking contact details from recipients for Covid-19 vaccination roll-out

Six Key Guidelines To Protect Critical Infrastructure From Cyber Threats

Sweden: Russians Behind Sports Confederation Hack

Tasmania casinos hit by Windows ransomware, owner claims they are open

Tax Season is in Full Swing and so is Unemployment Fraud

Two Somerset County school districts report cyber attacks

Understanding cloud-era Shadow IT and how to stop it

University of California-Wide Data Hack Outrages Students

University Of Colorado Refuses To Pay $17 Million Ransom Following Accellion Data Breach

Use of PDF files in phishing scams unpacked

Users are getting better at recognising phishing attacks

Victim of data breach shares how Facebook tracks him in viral video

Victims scammed out of £26,000 by fraudsters pretending to be from Santander

Vital Signs: Why Service Monitoring is a Key Step in Effective IoT Cybersecurity

Vivaldi, Brave, DuckDuckGo reject Google's FLoC ad tracking tech

Warning over Hermes text scam circulating in the UK

What is cybersecurity and why is it important?

Which? warns of new DVLA text scam targeting drivers

Zero Days and Patch Lag: Stemming the Software Pandemic

13th April

Acknowledging Data Breach, Upstox Upgrades Security Systems

Adobe fixes critical vulnerabilities in Photoshop and Digital Editions

Attacks against cloud users surged in 2020

Better Business Bureau Warns of Rise In Tax Scams

Capcom: Ransomware gang used old VPN device to breach the network

Capcom ransomware attack: Hackers gained access via vulnerable VPN

Capcom says last year's ransomware attack exploited an 'old VPN' that had been kept online due to Covid-19

CISA gives federal agencies until Friday to patch Exchange servers

Clubhouse Denies Data Breach but API Does Mean User Information is Public

Clubhouse API allows everyone to scrape public user data

COVID-Related Threats, PowerShell Attacks Lead Malware Surge

Cring ransomware targets industrial and business systems through vulnerability in VPN servers

Cyber Criminals Targeting Municipal Computer Systems

Cybersecurity: Victims are spotting cyber attacks much more quickly - but there's a catch

Cybersecurity guide for the hospitality industry

Destructive Attacks Surged in 2020 for Financial Institutions

Educational organizations are hit by phishing attacks targeting cloud data more than any other vertical

Fake websites used in phishing attacks, impersonating brands like Pfizer and BioNTech

FBI nuked web shells from hacked Exchange Servers without telling owners

Food Shortages at Dutch Supermarkets After Ransomware Outage

Global Dwell Time Drops as Ransomware Attacks Accelerate

Government most hit by ransomware attacks in 2020 followed by Banking, says Atlas VPN

Hackers Leak Hacker Data in Swarmshop Breach

How do you solve a problem like customer data protection?

How open source security flaws pose a threat to organizations

McAfee: COVID-19 Themed Attacks Continue to Surge

Name:Wreck Bugs Could Impact 100 Million IoT Devices

New DNS vulnerabilities have the potential to impact millions of devices

New Linux, macOS malware hidden in fake Browserify NPM package

NSA discovers critical Exchange Server vulnerabilities, patch now

Parking app used across metro says data breach accessed info including license plates, addresses

Poker machines in Tasmania shut down after ransomware attack

Promoting a Cultural Shift for Cybersecurity

QBot malware is back replacing IcedID in malspam campaigns

Ransomware: Looking beyond endpoint protection

Ransomware on the Rise, Organizations Doing Better at Detecting Intrusions

Researcher releases PoC exploit for 0-day in Chrome, Edge, Brave, Opera

Risk startup LogicGate confirms data breach

Scammers Tricking Rapacious Crypto-Investors With the Help of Lightshot

Set of 9 Vulnerabilities Called “Name:Wreck” Affects Over 100 Million Devices

The Evolution of Ransomware: Four Predictions to Shape Your Security Strategy

These new vulnerabilities put millions of IoT devices at risk, so patch now

TV Licence warning: Phishing scams 'rise dramatically'

University of Portsmouth closes campus due to 'ransomware attack' on IT services causing 'ongoing disruption'

Users more alert to pandemic phishing

Wake Me Up Before You Know Know...About the Latest Third-Party Data Breach

Watch out for this W-2 phishing scam targeting the 2021 tax season

What techniques hackers use to spoof your identity and how to protect yourself

Why MSPs Need to Shift from Cyber Security to Cyber Resilience

Why You Need a Clear Phishing Prevention Plan for Your Business

Worldwide IT spending to total $4.1 trillion in 2021

12th April

5 Ways Cyberattacks Happen

6-year-old Moodle flaw exposed millions to account takeover attack

500 million LinkedIn accounts leaked

Accident in Iran’s Natanz Nuclear Facility Was the Result of a Cyberattack

'AI-powered' cyberattacks are on the rise

AIG Canada to foot part of city’s $2.9 million cyberattack bill

Are You Prepared to Prevent Data Loss?

Breach of trust: Cybersecurity can make or break a brand

Brits Still Confused by Multi-Factor Authentication

Clubhouse Data Appears on Hacker Forum but Not as a Product of a Breach

Clubhouse data breach: 1.3 million users have info leaked online

Combating the Rise of Ransomware-as-a-service (RaaS)

Could social media networks pave the way towards stronger authentication?

Credential phishing attacks – what are the latest themes and tactics?

Criminals spread malware using website contact forms with Google URLs

Critical security alert: If you haven't patched this old VPN vulnerability, assume your network is compromised

Cyber-criminals Increasingly Leveraging Debates About Travel During #COVID19 to Launch Attacks

Cyberattack at Haverhill Schools Keeps Seniors from Returning Monday; Educators Tentatively Reach Return Pact

Data transparency increasingly important, Kaspersky study states

Domain Typosquatting – Online Trademarks protection in the name of typing errors

Europol: “Virtually All” Crime Now Has a Digital Element

Facebook leaked data shows it tracks users across internet, knows when you ordered pizza

Facebook was running ads of malicious apps pretending to be Clubhouse for PC

Fake ads of a PC version of Clubhouse has been spreading malware

Has Clubhouse been hacked? CEO says claims are ‘false’

Haverhill High School goes fully remote as issues from ransomware attack linger

Here’s Where Phishing Emails Are Likely To Emerge From

How Merchants Fight Fire With Fire When Facing AI-Equipped Fraudsters

How To Stop Hackers Targeting Your Home

IT security professionals demonstrate excessive trust despite concerns with remote work security programs

It’s Time to Captivate the Next Generation of Cybersecurity Professionals

Lazarus Group uses Vyveva backdoor to target South African freight company

Malware laden fake Clubhouse app for PC is something you need to watch out for

Man Arrested After Failed AWS Bomb Plot

Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users

New Malware Downloader Spotted in Targeted Campaigns

Over 33% ICS computers faced cyberattacks in H2 2020

Over 90% of Organizations Hit by a Mobile Malware Attack in 2020

Parents were at the end of their chain — then ransomware hit their kids' schools

Paycheck Protection Program (PPP) Remains A Favorite Target Of Fraudsters

Ransomware’s evolving tools and technical tactics confuse forensic analysis

Royal Mail-related phishing scams surge by 645%

Scam alert: Fraudsters are getting sneakier

Scammers phishing for data through ANZ bank text messages

Scraped data of 1.3 million Clubhouse users published online

Securing SMEs Post-Pandemic: Four Ways To Improve Security For Remote And Hybrid Workforces

Stock Brokerage Firm ‘Upstox’ Suffers Data Breach, Company Says Users’ Data Safe

Supermarkets cheesed off after dairy supplier is hacked

The benefits of cyber threat intelligence

The Most Common Types Of Cyber Crime

The SOC is blind to the attackable surface

TriHealth reports patient and employee data breach through law firm

U.S. Regulator’s Crypto Conundrum Hurts Ransomware Victims

Upstox suffers hack, data of 25 lakh users up for sale on dark web

Upstox Tiptoes Around Data Breach Impacting 2.5 Million Users, But Upgrades Security System

What Does It Take To Be a Cybersecurity Researcher?

What fallout can we expect from the 2019 Facebook leak?

What to Do After a Data Breach

Where are phishing emails more likely to originate from?

Whistleblower Says Ubiquiti Lied About the Source and Extent of Its Data Breach To Protect Stocks

Will Ransomware Cause the End of the Internet as We Know It?

Windows 10 warning: New ransomware changes all your passwords