Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 19th April and 25th April 2021.
25th April
Backup Lessons From A Cloud-Storage Disaster
Beware of cybercriminals using Telegram to distribute malware
Big Basket Data Breach: Hacker Group Shiny Hunters Claims to Leak User Database of Online Indian Grocery Delivery Service
‘Big Basket’ Data Now Shared by “ShinyHunters” on Hacker Forums for Free
Cryptomining Campaign Leverages MS Exchange Server Flaw
Cyber-Coercion Must Be Fought with a Comprehensive National Strategy
Emotet malware forcibly removed today by German police update
Facebook Disrupts Palestinian APT Activities
Hacker leaks 20 million alleged BigBasket user records for free
Has my data been stolen in the Phone House hack? Check it here
How Covid-19 caused an organised crime boom
India Among Top Targets As Ransomware Attacks Grow By 767%
Learning lessons from the Apple ransomware incident
Qlocker Ransomware Earned Over $260,000 by Encrypting Vulnerable QNAP NAS Devices
Ransomware and Data Leak Site Publication Time Analysis
ShopBack Data Breach: How To Find Out If Your Account Is Affected
Should You Be Worried About Remote Work Cyber Security?
UAE businesses witness surge in ransomware attacks
What Can We Learn From the Garmin Ransomware Attack?
What Is Cybercrime as a Service?
24th April
5 new rules ransomware gangs play by nowadays
15% of All Ransomware Payments Made Last Year Carried a “Risk of Sanctions Violations,” Chainalysis Reveals
A ransomware gang made $260,000 in 5 days using the 7zip utility
Air Fryer Hacking On The Menu As Security Flaws Revealed
Apple sees $50 million ransom demand over leaked products data
Beware Of The Amazon AirPods Raffle Scam That Could Compromise Your Prime Account
Blockchain Technology: How it Works and How it’s Changing Everything
CISOs must help their boards manage cyber risk - here’s how
Click Studios ‘Passwordstate’ Compromised by Supply Chain Actors
Cybereason discovers global botnet campaign targeting MS Exchange
Election Data Breach Story Renews Press Freedom Debate in Albania
Enterprises need to change passwords following ClickStudios, Passwordstate attack
Fake Microsoft DirectX 12 site pushes crypto-stealing malware
HashiCorp is the latest victim of Codecov supply-chain attack
Hundreds of furious Football Index investors have their identities revealed by DCMS data breach after email in response to complaints about collapsed gambling platform was sent out with recipients' names not hidden
Keep These Things In Mind While Using WhatsApp, Otherwise You Can Be A Victim Of Big Fraud
Lessons Learned from the Global Year in Breach: Supply Chain Cybersecurity Risk is Swamping Businesses
New cryptomining malware builds an army of Windows, Linux bots
New Phone House Cyberattack Targets Around 13 Billion Consumers: Bank Account Numbers Possibly Leaked
New Ransomware Attack on Apple
Phone House breaks its silence and confirms the hack and what data of its customers has been compromised
Researchers say changing simple iPhone setting fixes long-standing privacy bug
Solving the security challenges of public cloud
Someone Claims to Have VPN Access to Chile’s State Bank
South Africa: Pensioners easy prey for banking fraud
Stop Sharing Passwords: Why Netflix Might Be More Secure Than Ever
Targeted ransomware attacks grow 767%, India among top targets
ToxicEye RAT hits Telegram app to spy, steal user data
University of California (UC) Left Vulnerable After Nationwide Ransomware Attack
Vehicle Emissions System Recovers After Cyberattack, Still Down in Connecticut
23rd April
5.6 Million Records that Appear to Belong to ‘Reverb’ Users Leaked Online
7 steps to stop phishing attacks from stealing your personal details
14 of the worst data leaks, breaches, scrapes and security snafus in the last decade
Apple’s Ransomware Mess Is the Future of Online Extortion
Bourbon confirms cyber attack
Bulgaria: Hacker Attacks Become Increasingly Frequent during Pandemic
Data Breach: 4 Steps to Mitigate Insider Threats
Data Privacy Statistics, Facts & Trends of 2021: Your Data Is the New Oil
Flubot: Warning over major Android 'package delivery' scam
Geico Customer Data Breach May be Part of Unemployment Insurance Scam
GCHQ Director: The UK and Allies Must Counter “Existential Threat” to the Digital Environment
Hacked Android phones mimicked connected TV products for fake ad views
How Cyber-Attack Automation Turned SMEs into Sitting Ducks: And How to Change This
How to...find out if your account has been leaked online
HSBC warning as scam text may be followed with dangerous call
Incident Of The Week: Microsoft Exchange, The FBI & A Lack Of Patching
Kaspersky saw a drop in ransomware attempts on SMBs in 2020
Kingston Police warn of cybercriminals using PDF files as a new phishing lure
Last Chance for Forensics Teams Ahead of Emotet Sunday Deadline
Lockdown Hotel Bookings at Risk Due to DMARC Fail
Organisations must work together to defend themselves against cyber-attacks, warns Chair of PIMFA Cyber Security Council
Oscars: Scammers using nominated films to lure victims
Passwordstate password manager hacked in supply chain attack
Phishing impersonates global recruitment firm to push malware
Phishing, monetary gain and supply chain attacks characterise cybercrime
Preventing social engineering attacks during the global pandemic
Prometei botnet uses NSA exploit, hits unpatched MS exchange servers
QNAP ransomware attack encrypts users’ NAS and requests a ransom to recover files
Ransomware Gang Demands $50 Million For Apple Watch And MacBook Pro Blueprints
Ransomware is growing at an alarming rate, warns GCHQ chief
Ransomware's perfect target: Why one industry needs to improve cybersecurity, before it's too late
REvil’s Big Apple Ransomware Gambit Looks to Pay Off
Scammer’s paradise: why you should change your online habits
Six best practices for managing cyber-security upon return to office
Substantial Increase in Cyber Crime in the FBI’s 2020 Internet Crime Report – Companies Must Take Heed
The Account Takeover Threat: A By-the-Numbers Breakdown
The Ransomware Epidemic: How Zero Trust Security Can Help
The threat landscape for the water industry
Three MEIZU System Apps Included in Upstream’s Top Ten Android Menaces
Three practical things financial services can do to stay protected
TLS-Encrypted Malware Volumes Double in Just Months
Too Much Trust?
ToxicEye: Trojan abuses Telegram platform to steal your data
‘ToxicEye’ Is the Latest Malware to Abuse Telegram for Command & Control
Transitioning to a SASE architecture
Trying to Stop Identity Theft? Go Beyond a Credit Freeze
US: Ireland Is a Target for Cyber-Criminals
What IT leaders are prioritizing in network security investments?
When a Ripple Becomes a Wave: Cyberattack Fallout
Why Your Regular Cybersecurity Health Check Is Outdated
22nd April
18 things to know about new cyberattack campaigns emerging this year
67% of IT pros concerned with teleworking endpoint misuse
A botnet named after Prometheus is also exploiting Exchange Server flaws
AirDrop flaws could leak phone numbers, email addresses
Albania: Alarm over indications of personal data breach, election campaign violations
Almost a quarter of UK businesses have paid a ransom in the last 12 months, study finds
Almost Half of All Malware Now Passes Communications Through TLS
Apple Blueprints Stolen In Supplier $50m Ransomware Attack
Are Hackers Looking to Take a Bite Out of Apple?
Are you ready for turbocharged ransomware attacks?
Attackers can hide 'external sender' email warnings with HTML and CSS
Basic user data stolen from ParkMobile data breach
Botnet backdoors Microsoft Exchange servers, mines cryptocurrency
China’s Cybercriminals Profit From Underground Data Monetization
Costco Issues Scam Warning
Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
CSP & Magecart Web Skimmers: Facts and Fiction
Department of Justice (DoJ) Forms Ransomware Task Force as REvil Demands $50M
Department of Justice (DoJ) Launches Ransomware Taskforce as Apple Hit by Extortion Attempt
Department of Justice (DoJ) Launches Task Force to Battle Ransomware Threat
DMARC: The First Line of Defense Against Ransomware
Email Security Tips to Prevent Phishing and Malware
Email Volume Rose During the Pandemic. So Too Did the Number of Email Attacks
Emotet malware infrastructure seized after seven years
“Emotet” Shutdown Date Approaches and Here’s What It Means
Facebook uncovers Palestinian government officials targeted with malware
Fastway couriers experience data breach
Former NSA director says state and local governments must 'optimize' cybersecurity
Geico Customer Data Breach May be Part of Unemployment Insurance Scam
Gyrodata: Notice of Data Security Incident
Hackers hit Apple in 50M dollar ransomware attack via MacBook supplier
Hackers Try to Extort Apple After Stealing Files From Manufacturer
How micro-segmentation creates an uphill battle for intruders
How Ransomware Criminals Are Protected in Russia
How to protect your data with an identity theft protection service
Hundreds of Co-ops and Condos Suffer Data Breach
Indian Brokerage Firm Upstox Suffers Massive Data Breach
Infosecurity transformation and building proactive mitigation strategies
Inside the Cyber Attack “Machine”: What Hospitals Need to Know about the Dark Web and Post-Pandemic Threats
IT security teams deal with unique challenges fueled by a remote workforce
Kaspersky comments on Apple Quanta REvil ransomware attack
Malicious cryptominer exploits MS Exchange Server vulnerabilities
Malware and ransomware gangs have found this new way to cover their tracks
MangaDex Says Stolen User Database Already Shared “in the Wild”
Mangadex Works With ‘Have I Been Pwned?’ to Warn Users About Hacked Database
Massive global botnet takes advantage of Microsoft Exchange vulnerabilities
Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities
Mount Locker Ransomware Aggressively Changes Up Tactics
National Australia Bank (NAB) fired IT worker over data breach
Navigating Cybersecurity Gaps in Uncertain Times
NCSC offers free training to schools after rise in cyber attacks
NCSC publishes cyber security training for schools
New Macbook Pro Will Ditch The Touch Bar But Introduce Extra Ports, Stolen Schematics Confirm
New US Justice Department team aims to disrupt ransomware operations
Now this botnet is hunting for unpatched Microsoft Exchange servers
Office of the Public Defender for the 20th Judicial Circuit of Florida reports data breach
Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches
ParkMobile app data breach exposes private information
Philippines: Ransomware attempts versus small firms decline in 2020
Phone Hacking Tool Maker ‘Cellebrite’ Hacked by Signal’s Creator
Popular app’s recent data breach and steps to keep your information safe
Prometei Botnet Exploits Exchange Server Bugs to Grow
QNAP removes backdoor account in NAS backup, disaster recovery app
Ransomware Attacks on Schools: The Latest Developments
Ransomware attacks on shipping, logistics organizations rising as coronavirus vaccine supply chain targeted
RDP, Botnet Malware Top Access Point of Updated Ryuk Ransomware
Rethinking cybersecurity in the age of COVID: The "Dos and Don'ts" of protection
REvil ransomware – what you need to know
Santa Clara Valley Transportation Authority (VTA) targeted in apparent ransomware attack, hackers threaten to release trove of data
Security Biz Launches RDP Breach Notification Site
Services Australia penalised for breaching privacy of a vulnerable customer
Sharp increase in cyber attacks in last quarter of 2020
Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Signal rattles sabre and exposes crackable Cellebrite underbelly
Six Best Practices For Ransomware Recovery And Risk Mitigation
So you want to work in ransomware?
Sodinokibi Ransomware Gang Extorts Apple Through Supply Chain Attack
SolarWinds hack analysis reveals 56% boost in command server footprint
Stanford student finds glitch in ransomware payment system to save victims $27,000
Student hacked accounts and used them to shop online
Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network
Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns
Texas women plead guilty in spear phishing scam that took more than $700K from City of Ocala
The biggest threat to company data, may be coming from inside
The rundown on the FBI’s 2020 cybercrime report
TikTok faces UK lawsuit over alleged kids' data breach
TikTok sued over its use of children’s personal data
ToxicEye Malware Leverages Telegram For C2
ToxicEye malware exploits Telegram messaging service
University of Hertfordshire becomes victim of a cyber-attack
Unpatched MS Exchange Servers Now Targeted by the ‘Prometei’ Botnet
Use of Defensive AI Against Cyberattacks Grows
What Is a Facebook Cloning Scam?
Why Ransomware Is Making Our Healthcare Worse
Window of Exposure (WoE) a major concern as applications remain increasingly vulnerable
21st April
4 key steps for healthcare providers to combat Ransomware
7 cybersecurity trends to look out for in 2021
57 Percent of US Adults Forget a Password Right After Resetting it
A decade of email security
Addressing Burn Out in Cybersecurity Teams
Another massive Facebook data leak could be right around the corner
Apple ransomware leak corroborates 2021 MacBook Pro ports: HDMI, MagSafe, SD card slot
Apple supplier Quanta hit with $50 million ransomware attack from REvil
APTs Targeting American Organizations via Pulse Secure VPN Zero-Day
As ransomware evolves, businesses need new tools to fight back
Attackers are exploiting zero-day in Pulse Secure VPNs to breach organizations (CVE-2021-22893)
Businesses still suffering downtime due to network security issues
CERT-In says Facebook users should secure accounts after 6.1 million Indian users affected in data breach
CISA orders federal organizations to mitigate Pulse Secure VPN bug by Friday
Codecov breach impacted ‘hundreds’ of customer networks
Codecov Supply Chain Attack May Hit Thousands
Combatting Email Spam – What you should know
Complexity and budgetary constraints complicate cloud security
Cybersecurity only the tip of the iceberg for third-party risk management
Cybersecurity risks for local organisations have increased considerably during pandemic
Cybersecurity threats to the COVID-19 vaccine
Data Breach at New England’s Largest Energy Provider
Data Poisoning: When Attackers Turn AI and ML Against You
Easy-to-guess default device passwords are a step closer to being banned
Facebook ads used in spreading Facebook Messenger phishing scam
Facebook Internal Email Leak Suggests Data Leaks Should Be Framed as a “Sector Problem”
Facebook leaks strategy to numb reaction to data scraping incidents
Facebook wants to convince you that huge personal data leaks are normal
FBI Removes Web Shells From Compromised Third-Party Microsoft Exchange Servers Without Notifying the Owners
FIDO Announces New Security Standard for IoT Devices
Five new ways that ransomware gangs play today
Geico data breach leads to stolen driver’s license numbers
Hackers are targeting flaws in these VPN devices now. Here's what you need to do
Hackers found leveraging three SonicWall zero-day vulnerabilities
How Secure Are Healthcare IT Systems? New Research Provides a Glimpse
How To Deal With Employees As The New Security Perimeter
How to detect security vulnerabilities and prevent risks
How to maintain cybersecurity in a new online business
How to use employee personal data monitoring to close security gaps
If you use this car insurance company, your personal data might’ve just been stolen
Japan Says Chinese Hackers Targeted 200 Aerospace and Military Organizations
Kansas Department of Labor (KDOL) looking into possible data breach
Logins for 1.3 million Windows RDP servers collected from hacker market
Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
MI5: 10,000+ Brits Approached by Spies on Social Site
MI5 warns of spies using LinkedIn
Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang
Most users don’t know the capabilities and risks of QR codes
Multiple APT Groups Exploit Critical Pulse Secure Zero-Day
National Australia Bank (NAB) sacked tech worker behind 2019 data breach
NCSC offers teachers free cyber security training
New onboarding standard to secure Internet of Things launched
NitroRansomware Demands Gift Codes As Ransom
ParkMobile data breach: What to know if you use the app
Pfizer identifies counterfeit COVID-19 vaccine in Mexico, Poland; warns of increase in fraud
Play Store apps plagued with malware have 700,000 downloads
Pulse Secure VPN zero-day used to hack government organizations and defense firms
Ransomware Hackers Leak Schematics for New MacBook Pro Confirming MagSafe, HDMI, SD Card Slot
REvil Ransomware Attacks Quanta; Seeks to Extort Apple
Securing vehicles from potential cybersecurity threats
Signal CEO gives mobile-hacking firm a taste of being hacked
Stallone Classic a Password Favorite
The award for the most popular movie used in leaked passwords goes to...
They hack Phone House and publish the data of millions of customers
TikTok faces UK lawsuit over alleged kids' data breach
TikTok sued for billions over use of children's data
TikTok Sued Over Use of Minors’ Data
UK Government Pressing Ahead with New IoT Law Amid Pandemic Smart Device Surge
Unreleased MacBook Schematics Stolen in $50 Million Ransomware Attack on Apple Supplier
US takes new aim at ransomware after most costly year
WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts
When it Comes to Cybersecurity, We Never Learn. Ever. Just ask Aaron431 About the Top 10 Passwords
White House: Here's what we've learned from tackling the SolarWinds and Microsoft Exchange server cyber incidents
Why CISOs at gaming companies need to reimagine security
Why telemedicine is vulnerable to cyberattacks: 3 things for hospitals to know
Why you need to change your attitude to cyber security
You need to download this Microsoft Outlook update, or your emails could be at-risk
Zero-day vulnerabilities in SonicWall email security are being actively exploited
20th April
4 in 5 UK businesses subject to phishing attacks
61 percent of companies hit by ransomware in 2020
Approaching zero trust security strategically
Banking frauds make for 50% of phishing cases in Maharashtra
Breaking the Phishing Kill Chain
Campus Still Closed as Portsmouth University Reels from Suspected Ransomware
China’s cybercrime underground making money off big data
Consumer data protection is a high priority, but there’s still work to be done
Cybersecurity spending has risen over the last year to $2.6m per US firm
Dating Service Suffers Data Breach
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
Emergency medicine staffing firm offers patients up to $1M insurance policy after phishing incident
“eWhoring” Actors Are Making Money by Scamming Others Using Stolen Nudes
Even though critical, web application security is getting less attention
Eversource Energy data breach caused by unsecured cloud storage
Facebook downplays data breach in internal email
Facebook Messenger users targeted by a large-scale scam
Facebook snafu exposes millions of private email addresses
Facebook suffers a data breach about how it’s hoping to stop the media talking about its last data breach
Fake Microsoft Store, Spotify sites spread info-stealing malware
Geico customers' driver's license numbers exposed in breach
How a Bulk IP Geolocation Tool Can Contribute to Phishing Prevention
How the open source community helped firms investigate their network activity following SolarWinds
Hundreds of customer networks hacked in Codecov supply-chain attack
Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’
Is Your Law Firm’s Website Secure? 9 Tips for Optimal Security
Lazarus hacking group now hides payloads in BMP image files
Monero Cryptominer Attack Exploits Exchange Server Flaw
Multi-factor authentication: Use it for all the people that access your network, all the time
New Ransomware Demands Discord Gift Codes Instead of Crypto
North Korean hackers adapt web skimming for stealing Bitcoin
Preventing Internal Cyberattacks Could Save Companies Millions
Pulse Secure VPN zero-day used to hack defense firms, government organizations
QR Code Malware Threat as Lockdown Ends
Real examples of phishing emails
Remote code execution vulnerabilities uncovered in smart air fryer
REvil gang tries to extort Apple, threatens to sell stolen blueprints
REvil ransomware gang hits Apple supplier Quanta; warns of data leak
Scammers stole the driver's license numbers of some Geico customers in a data breach, and they could be used to file for fraudulent unemployment benefits
School District’s Files Leaked in $40m Ransomware Attack
SonicWall warns customers to patch 3 zero-days exploited in the wild
Swinburne University’s data breach hits over 5,000 individuals
That Facebook Messenger update could be a phishing scam
The Case For and Against Criminalizing Ransomware
The wide web of nation-state hackers attacking the US
Threat Actor Claims to Have Hacked Domino’s
Top 5 Data Security Protocols to Secure Your Data Integrity!
Top 5 ways to protect against cryptocurrency scams
Why Ransomware Remains the Top Priority Endpoint Security Threat
19th April
After Virginia passes new privacy law, states race to catch up to CCPA and GDPR
Babuk Has a “Message for Journalists” Meant to Intimidate Victims
Bad bot traffic reaching an all-time high over the past year
Beware! Do You Download Android App APKs Using APKPure? It Distributes Trojans
Concerns grow over digital threats faced from former employees
COVID-19-themed cyberattack detections continue to surge
Cyberattacks and Security Breach Disclosures: U.S. Federal Law Coming?
Darkside ransomware gang has better processes than some businesses
DDoS attacks are more frequent and complex than ever
Digital business requires a security-first mindset
Dixie Group Systems Impacted by Ransomware
Domino’s India Data Breach: 18 Cr User Records Being Sold On The Dark Web
Dwell time drops, but that’s not the whole ransomware story
Elliman’s property management arm suffers data breach
Everything you need to know about the Microsoft Exchange Server hack
Facebook faces 'mass action' lawsuit over data breach
FIN7 Sysadmin Gets 10 Years Behind Bars
Five steps to get employees invested in security awareness training
Geico data breach opens door to unemployment scams
General Data Protection Regulation (GDPR)
Government Security Agency Warns Against Remote Whatsapp Hacking: Do This Right Away For Safety
Growing reliance on third-party suppliers signals increasing security risks
Growth in Illicit Crypto Finance ‘Inevitable’
Hacker Sold 895,000 Gift Cards Worth $38 Million and 330,000 Payment Cards on a Russian Dark Web Forum
Hackers claims to be selling 13tb of Domino’s India data
'High-level' organiser of FIN7 hacking group sentenced to ten years in prison
How businesses can lower data security risks in hybrid working environments
How security pros, the insurance industry, and regulators can combat ransomware
How To Improve Your Security Team’s Remediation Efficiency
Huge ransomware spike demands backup-as-a-service
ICO issued more than £40m in data breach fines in 2020
ICO Issued Over £42 Million in Fines Last Year
If you use this popular smartphone app, change your password immediately
If you want to safeguard your organization, focus on people
Latest Online Frauds! How to Protect from Spear Phishing, Pharming, Deepfake Identity Theft?
Ministers encourages citizens concerned over Facebook leak to visit Have I Been Pwned? website
Nonprofit provides help to hospitals battling ransomware
Online Education is the New Corporate Threat Vector
Over 59% of Indian adults fell victim to cyber crime over past 12 months
Payment Card Theft Ring Tech Leader Sentenced to 10 Years
Phishers and Spoofers are Getting Smarter! Are You?
Phishing Attacks Actively Using Alternative Exfiltration Methods Including Google Forms and Telegram Bots
Ransomware attack on 24 South Gloucestershire schools
Ransomware ‘bull’s eye’ grows, clouding telehealth’s rise in long-term care
REvil Ransomware Now Able To Change Windows Passwords And Automate File Encryption In Safe Mode
Six million male members may have been exposed after hack of gay dating service
South Korean users plan to sue Facebook over leaked user data
State institution in Slovakia target of ransomware attacks
Strong Security Comes in Small Packages
The 10 most imitated brands for phishing attempts in 2021 so far
The cost of a cyber attack in 2021
The FBI removed hacker backdoors from vulnerable Microsoft Exchange servers. Not everyone likes the idea
The Incredible Rise of North Korea’s Hacking Army
U.S. Takes Aim at Russia’s Cyber Ops Ecosystem
Warning over Hermes text scam circulating in the UK
What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis
Zero trust, basic cyber hygiene best defence against third-party attacks