Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 19 April 2021

Data Breaches Digest - Week 16 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 19th April and 25th April 2021.

25th April

Backup Lessons From A Cloud-Storage Disaster

Beware of cybercriminals using Telegram to distribute malware

Big Basket Data Breach: Hacker Group Shiny Hunters Claims to Leak User Database of Online Indian Grocery Delivery Service

‘Big Basket’ Data Now Shared by “ShinyHunters” on Hacker Forums for Free

Cryptomining Campaign Leverages MS Exchange Server Flaw

Cyber-Coercion Must Be Fought with a Comprehensive National Strategy

Emotet malware forcibly removed today by German police update

Facebook Disrupts Palestinian APT Activities

Hacker leaks 20 million alleged BigBasket user records for free

Has my data been stolen in the Phone House hack? Check it here

How Covid-19 caused an organised crime boom

India Among Top Targets As Ransomware Attacks Grow By 767%

Learning lessons from the Apple ransomware incident

Qlocker Ransomware Earned Over $260,000 by Encrypting Vulnerable QNAP NAS Devices

Ransomware and Data Leak Site Publication Time Analysis

ShopBack Data Breach: How To Find Out If Your Account Is Affected

Should You Be Worried About Remote Work Cyber Security?

UAE businesses witness surge in ransomware attacks

What Can We Learn From the Garmin Ransomware Attack?

What Is Cybercrime as a Service?

24th April

5 new rules ransomware gangs play by nowadays

15% of All Ransomware Payments Made Last Year Carried a “Risk of Sanctions Violations,” Chainalysis Reveals

A ransomware gang made $260,000 in 5 days using the 7zip utility

Air Fryer Hacking On The Menu As Security Flaws Revealed

Apple sees $50 million ransom demand over leaked products data

Beware Of The Amazon AirPods Raffle Scam That Could Compromise Your Prime Account

Blockchain Technology: How it Works and How it’s Changing Everything

CISOs must help their boards manage cyber risk - here’s how

Click Studios ‘Passwordstate’ Compromised by Supply Chain Actors

Cybereason discovers global botnet campaign targeting MS Exchange

Election Data Breach Story Renews Press Freedom Debate in Albania

Enterprises need to change passwords following ClickStudios, Passwordstate attack

Fake Microsoft DirectX 12 site pushes crypto-stealing malware

HashiCorp is the latest victim of Codecov supply-chain attack

Hundreds of furious Football Index investors have their identities revealed by DCMS data breach after email in response to complaints about collapsed gambling platform was sent out with recipients' names not hidden

Keep These Things In Mind While Using WhatsApp, Otherwise You Can Be A Victim Of Big Fraud

Lessons Learned from the Global Year in Breach: Supply Chain Cybersecurity Risk is Swamping Businesses

New cryptomining malware builds an army of Windows, Linux bots

New Phone House Cyberattack Targets Around 13 Billion Consumers: Bank Account Numbers Possibly Leaked

New Ransomware Attack on Apple

Phone House breaks its silence and confirms the hack and what data of its customers has been compromised

Researchers say changing simple iPhone setting fixes long-standing privacy bug

Solving the security challenges of public cloud

Someone Claims to Have VPN Access to Chile’s State Bank

South Africa: Pensioners easy prey for banking fraud

Stop Sharing Passwords: Why Netflix Might Be More Secure Than Ever

Targeted ransomware attacks grow 767%, India among top targets

ToxicEye RAT hits Telegram app to spy, steal user data

University of California (UC) Left Vulnerable After Nationwide Ransomware Attack

Vehicle Emissions System Recovers After Cyberattack, Still Down in Connecticut

23rd April

5.6 Million Records that Appear to Belong to ‘Reverb’ Users Leaked Online

7 steps to stop phishing attacks from stealing your personal details

14 of the worst data leaks, breaches, scrapes and security snafus in the last decade

Apple’s Ransomware Mess Is the Future of Online Extortion

Bourbon confirms cyber attack

Bulgaria: Hacker Attacks Become Increasingly Frequent during Pandemic

Data Breach: 4 Steps to Mitigate Insider Threats

Data Privacy Statistics, Facts & Trends of 2021: Your Data Is the New Oil

Flubot: Warning over major Android 'package delivery' scam

Geico Customer Data Breach May be Part of Unemployment Insurance Scam

GCHQ Director: The UK and Allies Must Counter “Existential Threat” to the Digital Environment

Hacked Android phones mimicked connected TV products for fake ad views

How Cyber-Attack Automation Turned SMEs into Sitting Ducks: And How to Change This

How to...find out if your account has been leaked online

HSBC warning as scam text may be followed with dangerous call

Incident Of The Week: Microsoft Exchange, The FBI & A Lack Of Patching

Kaspersky saw a drop in ransomware attempts on SMBs in 2020

Kingston Police warn of cybercriminals using PDF files as a new phishing lure

Last Chance for Forensics Teams Ahead of Emotet Sunday Deadline

Lockdown Hotel Bookings at Risk Due to DMARC Fail

Organisations must work together to defend themselves against cyber-attacks, warns Chair of PIMFA Cyber Security Council

Oscars: Scammers using nominated films to lure victims

Passwordstate password manager hacked in supply chain attack

Phishing impersonates global recruitment firm to push malware

Phishing, monetary gain and supply chain attacks characterise cybercrime

Preventing social engineering attacks during the global pandemic

Prometei botnet uses NSA exploit, hits unpatched MS exchange servers

QNAP ransomware attack encrypts users’ NAS and requests a ransom to recover files

Ransomware Gang Demands $50 Million For Apple Watch And MacBook Pro Blueprints

Ransomware is growing at an alarming rate, warns GCHQ chief

Ransomware's perfect target: Why one industry needs to improve cybersecurity, before it's too late

REvil’s Big Apple Ransomware Gambit Looks to Pay Off

Scammer’s paradise: why you should change your online habits

Six best practices for managing cyber-security upon return to office

Substantial Increase in Cyber Crime in the FBI’s 2020 Internet Crime Report – Companies Must Take Heed

The Account Takeover Threat: A By-the-Numbers Breakdown

The Ransomware Epidemic: How Zero Trust Security Can Help

The threat landscape for the water industry

Three MEIZU System Apps Included in Upstream’s Top Ten Android Menaces

Three practical things financial services can do to stay protected

TLS-Encrypted Malware Volumes Double in Just Months

Too Much Trust?

ToxicEye: Trojan abuses Telegram platform to steal your data

‘ToxicEye’ Is the Latest Malware to Abuse Telegram for Command & Control

Transitioning to a SASE architecture

Trying to Stop Identity Theft? Go Beyond a Credit Freeze

US: Ireland Is a Target for Cyber-Criminals

What IT leaders are prioritizing in network security investments?

When a Ripple Becomes a Wave: Cyberattack Fallout

Why Your Regular Cybersecurity Health Check Is Outdated

22nd April

18 things to know about new cyberattack campaigns emerging this year

67% of IT pros concerned with teleworking endpoint misuse

A botnet named after Prometheus is also exploiting Exchange Server flaws

AirDrop flaws could leak phone numbers, email addresses

Albania: Alarm over indications of personal data breach, election campaign violations

Almost a quarter of UK businesses have paid a ransom in the last 12 months, study finds

Almost Half of All Malware Now Passes Communications Through TLS

Apple Blueprints Stolen In Supplier $50m Ransomware Attack

Are Hackers Looking to Take a Bite Out of Apple?

Are you ready for turbocharged ransomware attacks?

Attackers can hide 'external sender' email warnings with HTML and CSS

Basic user data stolen from ParkMobile data breach

Botnet backdoors Microsoft Exchange servers, mines cryptocurrency

China’s Cybercriminals Profit From Underground Data Monetization

Costco Issues Scam Warning

Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass

CSP & Magecart Web Skimmers: Facts and Fiction

Department of Justice (DoJ) Forms Ransomware Task Force as REvil Demands $50M

Department of Justice (DoJ) Launches Ransomware Taskforce as Apple Hit by Extortion Attempt

Department of Justice (DoJ) Launches Task Force to Battle Ransomware Threat

DMARC: The First Line of Defense Against Ransomware

Email Security Tips to Prevent Phishing and Malware

Email Volume Rose During the Pandemic. So Too Did the Number of Email Attacks

Emotet malware infrastructure seized after seven years

“Emotet” Shutdown Date Approaches and Here’s What It Means

Facebook uncovers Palestinian government officials targeted with malware

Fastway couriers experience data breach

Former NSA director says state and local governments must 'optimize' cybersecurity

Geico Customer Data Breach May be Part of Unemployment Insurance Scam

Gyrodata: Notice of Data Security Incident

Hackers hit Apple in 50M dollar ransomware attack via MacBook supplier

Hackers Try to Extort Apple After Stealing Files From Manufacturer

How micro-segmentation creates an uphill battle for intruders

How Ransomware Criminals Are Protected in Russia

How to protect your data with an identity theft protection service

Hundreds of Co-ops and Condos Suffer Data Breach

Indian Brokerage Firm Upstox Suffers Massive Data Breach

Infosecurity transformation and building proactive mitigation strategies

Inside the Cyber Attack “Machine”: What Hospitals Need to Know about the Dark Web and Post-Pandemic Threats

IT security teams deal with unique challenges fueled by a remote workforce

Kaspersky comments on Apple Quanta REvil ransomware attack

Malicious cryptominer exploits MS Exchange Server vulnerabilities

Malware and ransomware gangs have found this new way to cover their tracks

MangaDex Says Stolen User Database Already Shared “in the Wild”

Mangadex Works With ‘Have I Been Pwned?’ to Warn Users About Hacked Database

Massive global botnet takes advantage of Microsoft Exchange vulnerabilities

Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities

Mount Locker Ransomware Aggressively Changes Up Tactics

National Australia Bank (NAB) fired IT worker over data breach

Navigating Cybersecurity Gaps in Uncertain Times

NCSC offers free training to schools after rise in cyber attacks

NCSC publishes cyber security training for schools

New Macbook Pro Will Ditch The Touch Bar But Introduce Extra Ports, Stolen Schematics Confirm

New US Justice Department team aims to disrupt ransomware operations

Now this botnet is hunting for unpatched Microsoft Exchange servers

Office of the Public Defender for the 20th Judicial Circuit of Florida reports data breach

Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches

ParkMobile app data breach exposes private information

Philippines: Ransomware attempts versus small firms decline in 2020

Phone Hacking Tool Maker ‘Cellebrite’ Hacked by Signal’s Creator

Popular app’s recent data breach and steps to keep your information safe

Prometei Botnet Exploits Exchange Server Bugs to Grow

QNAP removes backdoor account in NAS backup, disaster recovery app

Ransomware Attacks on Schools: The Latest Developments

Ransomware attacks on shipping, logistics organizations rising as coronavirus vaccine supply chain targeted

RDP, Botnet Malware Top Access Point of Updated Ryuk Ransomware

Rethinking cybersecurity in the age of COVID: The "Dos and Don'ts" of protection

REvil ransomware – what you need to know

Santa Clara Valley Transportation Authority (VTA) targeted in apparent ransomware attack, hackers threaten to release trove of data

Security Biz Launches RDP Breach Notification Site

Services Australia penalised for breaching privacy of a vulnerable customer

Sharp increase in cyber attacks in last quarter of 2020

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal rattles sabre and exposes crackable Cellebrite underbelly

Six Best Practices For Ransomware Recovery And Risk Mitigation

So you want to work in ransomware?

Sodinokibi Ransomware Gang Extorts Apple Through Supply Chain Attack

SolarWinds hack analysis reveals 56% boost in command server footprint

Stanford student finds glitch in ransomware payment system to save victims $27,000

Student hacked accounts and used them to shop online

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns

Texas women plead guilty in spear phishing scam that took more than $700K from City of Ocala

The biggest threat to company data, may be coming from inside

The rundown on the FBI’s 2020 cybercrime report

TikTok faces UK lawsuit over alleged kids' data breach

TikTok sued over its use of children’s personal data

ToxicEye Malware Leverages Telegram For C2

ToxicEye malware exploits Telegram messaging service

University of Hertfordshire becomes victim of a cyber-attack

Unpatched MS Exchange Servers Now Targeted by the ‘Prometei’ Botnet

Use of Defensive AI Against Cyberattacks Grows

What Is a Facebook Cloning Scam?

Why Ransomware Is Making Our Healthcare Worse

Window of Exposure (WoE) a major concern as applications remain increasingly vulnerable

21st April

4 key steps for healthcare providers to combat Ransomware

7 cybersecurity trends to look out for in 2021

57 Percent of US Adults Forget a Password Right After Resetting it

A decade of email security

Addressing Burn Out in Cybersecurity Teams

Another massive Facebook data leak could be right around the corner

Apple ransomware leak corroborates 2021 MacBook Pro ports: HDMI, MagSafe, SD card slot

Apple supplier Quanta hit with $50 million ransomware attack from REvil

APTs Targeting American Organizations via Pulse Secure VPN Zero-Day

As ransomware evolves, businesses need new tools to fight back

Attackers are exploiting zero-day in Pulse Secure VPNs to breach organizations (CVE-2021-22893)

Businesses still suffering downtime due to network security issues

CERT-In says Facebook users should secure accounts after 6.1 million Indian users affected in data breach

CISA orders federal organizations to mitigate Pulse Secure VPN bug by Friday

Codecov breach impacted ‘hundreds’ of customer networks

Codecov Supply Chain Attack May Hit Thousands

Combatting Email Spam – What you should know

Complexity and budgetary constraints complicate cloud security

Cybersecurity only the tip of the iceberg for third-party risk management

Cybersecurity risks for local organisations have increased considerably during pandemic

Cybersecurity threats to the COVID-19 vaccine

Data Breach at New England’s Largest Energy Provider

Data Poisoning: When Attackers Turn AI and ML Against You

Easy-to-guess default device passwords are a step closer to being banned

Facebook ads used in spreading Facebook Messenger phishing scam

Facebook Internal Email Leak Suggests Data Leaks Should Be Framed as a “Sector Problem”

Facebook leaks strategy to numb reaction to data scraping incidents

Facebook wants to convince you that huge personal data leaks are normal

FBI Removes Web Shells From Compromised Third-Party Microsoft Exchange Servers Without Notifying the Owners

FIDO Announces New Security Standard for IoT Devices

Five new ways that ransomware gangs play today

Geico data breach leads to stolen driver’s license numbers

Hackers are targeting flaws in these VPN devices now. Here's what you need to do

Hackers found leveraging three SonicWall zero-day vulnerabilities

How Secure Are Healthcare IT Systems? New Research Provides a Glimpse

How To Deal With Employees As The New Security Perimeter

How to detect security vulnerabilities and prevent risks

How to maintain cybersecurity in a new online business

How to use employee personal data monitoring to close security gaps

If you use this car insurance company, your personal data might’ve just been stolen

Japan Says Chinese Hackers Targeted 200 Aerospace and Military Organizations

Kansas Department of Labor (KDOL) looking into possible data breach

Logins for 1.3 million Windows RDP servers collected from hacker market

Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices

MI5: 10,000+ Brits Approached by Spies on Social Site

MI5 warns of spies using LinkedIn

Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang

Most users don’t know the capabilities and risks of QR codes

Multiple APT Groups Exploit Critical Pulse Secure Zero-Day

National Australia Bank (NAB) sacked tech worker behind 2019 data breach

NCSC offers teachers free cyber security training

New onboarding standard to secure Internet of Things launched

NitroRansomware Demands Gift Codes As Ransom

ParkMobile data breach: What to know if you use the app

Pfizer identifies counterfeit COVID-19 vaccine in Mexico, Poland; warns of increase in fraud

Play Store apps plagued with malware have 700,000 downloads

Pulse Secure VPN zero-day used to hack government organizations and defense firms

Ransomware Hackers Leak Schematics for New MacBook Pro Confirming MagSafe, HDMI, SD Card Slot

REvil Ransomware Attacks Quanta; Seeks to Extort Apple

Securing vehicles from potential cybersecurity threats

Signal CEO gives mobile-hacking firm a taste of being hacked

Stallone Classic a Password Favorite

The award for the most popular movie used in leaked passwords goes to...

They hack Phone House and publish the data of millions of customers

TikTok faces UK lawsuit over alleged kids' data breach

TikTok sued for billions over use of children's data

TikTok Sued Over Use of Minors’ Data

UK Government Pressing Ahead with New IoT Law Amid Pandemic Smart Device Surge

Unreleased MacBook Schematics Stolen in $50 Million Ransomware Attack on Apple Supplier

US takes new aim at ransomware after most costly year

WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts

When it Comes to Cybersecurity, We Never Learn. Ever. Just ask Aaron431 About the Top 10 Passwords

White House: Here's what we've learned from tackling the SolarWinds and Microsoft Exchange server cyber incidents

Why CISOs at gaming companies need to reimagine security

Why telemedicine is vulnerable to cyberattacks: 3 things for hospitals to know

Why you need to change your attitude to cyber security

You need to download this Microsoft Outlook update, or your emails could be at-risk

Zero-day vulnerabilities in SonicWall email security are being actively exploited

20th April

4 in 5 UK businesses subject to phishing attacks

61 percent of companies hit by ransomware in 2020

Approaching zero trust security strategically

Banking frauds make for 50% of phishing cases in Maharashtra

Breaking the Phishing Kill Chain

Campus Still Closed as Portsmouth University Reels from Suspected Ransomware

China’s cybercrime underground making money off big data

Consumer data protection is a high priority, but there’s still work to be done

Cybersecurity spending has risen over the last year to $2.6m per US firm

Dating Service Suffers Data Breach

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

Emergency medicine staffing firm offers patients up to $1M insurance policy after phishing incident

“eWhoring” Actors Are Making Money by Scamming Others Using Stolen Nudes

Even though critical, web application security is getting less attention

Eversource Energy data breach caused by unsecured cloud storage

Facebook downplays data breach in internal email

Facebook Messenger users targeted by a large-scale scam

Facebook snafu exposes millions of private email addresses

Facebook suffers a data breach about how it’s hoping to stop the media talking about its last data breach

Fake Microsoft Store, Spotify sites spread info-stealing malware

Geico customers' driver's license numbers exposed in breach

How a Bulk IP Geolocation Tool Can Contribute to Phishing Prevention

How the open source community helped firms investigate their network activity following SolarWinds

Hundreds of customer networks hacked in Codecov supply-chain attack

Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’

Is Your Law Firm’s Website Secure? 9 Tips for Optimal Security

Lazarus hacking group now hides payloads in BMP image files

Monero Cryptominer Attack Exploits Exchange Server Flaw

Multi-factor authentication: Use it for all the people that access your network, all the time

New Ransomware Demands Discord Gift Codes Instead of Crypto

North Korean hackers adapt web skimming for stealing Bitcoin

Preventing Internal Cyberattacks Could Save Companies Millions

Pulse Secure VPN zero-day used to hack defense firms, government organizations

QR Code Malware Threat as Lockdown Ends

Real examples of phishing emails

Remote code execution vulnerabilities uncovered in smart air fryer

REvil gang tries to extort Apple, threatens to sell stolen blueprints

REvil ransomware gang hits Apple supplier Quanta; warns of data leak

Scammers stole the driver's license numbers of some Geico customers in a data breach, and they could be used to file for fraudulent unemployment benefits

School District’s Files Leaked in $40m Ransomware Attack

SonicWall warns customers to patch 3 zero-days exploited in the wild

Swinburne University’s data breach hits over 5,000 individuals

That Facebook Messenger update could be a phishing scam

The Case For and Against Criminalizing Ransomware

The wide web of nation-state hackers attacking the US

Threat Actor Claims to Have Hacked Domino’s

Top 5 Data Security Protocols to Secure Your Data Integrity!

Top 5 ways to protect against cryptocurrency scams

Why Ransomware Remains the Top Priority Endpoint Security Threat

19th April

After Virginia passes new privacy law, states race to catch up to CCPA and GDPR

Babuk Has a “Message for Journalists” Meant to Intimidate Victims

Bad bot traffic reaching an all-time high over the past year

Beware! Do You Download Android App APKs Using APKPure? It Distributes Trojans

Concerns grow over digital threats faced from former employees

COVID-19-themed cyberattack detections continue to surge

Cyberattacks and Security Breach Disclosures: U.S. Federal Law Coming?

Darkside ransomware gang has better processes than some businesses

DDoS attacks are more frequent and complex than ever

Digital business requires a security-first mindset

Dixie Group Systems Impacted by Ransomware

Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web

Dwell time drops, but that’s not the whole ransomware story

Elliman’s property management arm suffers data breach

Everything you need to know about the Microsoft Exchange Server hack

Facebook faces 'mass action' lawsuit over data breach

FIN7 Sysadmin Gets 10 Years Behind Bars

Five steps to get employees invested in security awareness training

Geico data breach opens door to unemployment scams

General Data Protection Regulation (GDPR)

Government Security Agency Warns Against Remote Whatsapp Hacking: Do This Right Away For Safety

Growing reliance on third-party suppliers signals increasing security risks

Growth in Illicit Crypto Finance ‘Inevitable’

Hacker Sold 895,000 Gift Cards Worth $38 Million and 330,000 Payment Cards on a Russian Dark Web Forum

Hackers claims to be selling 13tb of Domino’s India data

'High-level' organiser of FIN7 hacking group sentenced to ten years in prison

How businesses can lower data security risks in hybrid working environments

How security pros, the insurance industry, and regulators can combat ransomware

How To Improve Your Security Team’s Remediation Efficiency

Huge ransomware spike demands backup-as-a-service

ICO issued more than £40m in data breach fines in 2020

ICO Issued Over £42 Million in Fines Last Year

If you use this popular smartphone app, change your password immediately

If you want to safeguard your organization, focus on people

Latest Online Frauds! How to Protect from Spear Phishing, Pharming, Deepfake Identity Theft?

Ministers encourages citizens concerned over Facebook leak to visit Have I Been Pwned? website

Nonprofit provides help to hospitals battling ransomware

Online Education is the New Corporate Threat Vector

Over 59% of Indian adults fell victim to cyber crime over past 12 months

Payment Card Theft Ring Tech Leader Sentenced to 10 Years

Phishers and Spoofers are Getting Smarter! Are You?

Phishing Attacks Actively Using Alternative Exfiltration Methods Including Google Forms and Telegram Bots

Ransomware attack on 24 South Gloucestershire schools

Ransomware ‘bull’s eye’ grows, clouding telehealth’s rise in long-term care

REvil Ransomware Now Able To Change Windows Passwords And Automate File Encryption In Safe Mode

Six million male members may have been exposed after hack of gay dating service

South Korean users plan to sue Facebook over leaked user data

State institution in Slovakia target of ransomware attacks

Strong Security Comes in Small Packages

The 10 most imitated brands for phishing attempts in 2021 so far

The cost of a cyber attack in 2021

The FBI removed hacker backdoors from vulnerable Microsoft Exchange servers. Not everyone likes the idea

The Incredible Rise of North Korea’s Hacking Army

U.S. Takes Aim at Russia’s Cyber Ops Ecosystem

Warning over Hermes text scam circulating in the UK

What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis

Zero trust, basic cyber hygiene best defence against third-party attacks