Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 10th May and 16th May 2021.
16th May
After dropping support for ransom payments, AXA struck by ransomware in Asia
AXA division in Asia hit by ransomware cyber attack
Colonial Pipeline attack: A 'wake up call' about the threat of ransomware
DarkSide ransomware gang shuts shop following ‘law enforcement request’
Galway University Hospitals and Portiuncula University Hospital issue update on disruption to services
Hackers find easy prey as U.S. ignores one warning after another
Herff Jones credit card breach impacts college students across the US
How ransomware ecosystem operates
How to Stop Ransomware Attacks
How the Ransomware attack on the HSE will affect services in Offaly this week
More ransomware websites disappear in aftermath of Colonial Pipeline hack
Nearly 90% Of All US Cyberattacks Have Come From Within the Country
Ransomware attack - the impact on hospital services at Galway University Hospitals
Ransomware attack continuing to have considerable impact on services at Mayo University Hospital
The bizarre story of the inventor of ransomware
Updated information on hospital service cancellations at Letterkenny University Hospital (LUH)
US Feds say a lack of reporting poses barrier to cyber defence
US pipeline operator back to normal
Yes, Windows 10 Has Ransomware Protection: Here’s How To Turn It On
15th May
$81 Million crypto already stolen in 2021
200,000 Veteran’s Medical Records may Have Been Stolen by Ransomware attackers
Apple rejected over 215,000 apps in 2020 for privacy violations
Colonial Pipeline paid a $5 million ransom - and kept a vicious cycle turning
Colonial Pipeline restarts operations after ransomware attack led to gasoline shortages
Colonial Pipeline resumes 'normal operations'
DarkSide Drama Isn’t The Death Of Ransomware - It’s Not Even The Death Of DarkSide
DarkSide extracts $4.4m ransom from German chemical distribution company
Disruption to Sligo Hospital services expected to continue next week
Doctors locked out of x-rays, test results and medical records
Hacked US energy pipeline on track to restore full service but shortages persist
Hackers threaten to release police records, knock 911 offline
How to Activate the Security Features on Microsoft 365
HSE issues statement on the impact of ransomware attack for patients of Portlaoise, Naas and Tullamore hospitals
HSE ransomware attack: All you need to know
HSE ransomware attack: Thousands of appointments to be cancelled into next week
Ireland shuts down health IT system after ransomware attack
Ireland's health service shut down after 'serious' ransomware attack
Ireland’s Health Services hit with $20 million ransomware demand
Montreal library to close until Tuesday due to daycare data breach
National Cyber Defense Is a “Wicked” Problem: Why the Colonial Pipeline Ransomware Attack and the SolarWinds Hack Were All but Inevitable
Nigeria: Federal Government warns about new Cyberattack strategies used by hackers
NSW Labor warns members their data could end up online after hacker’s deadline passes
Pipeline Attack Stirs Debate on Whether Insurance Lures Hackers
Pipeline operator says ‘normal operations’ have resumed
Ransomware Actor Hit Insurance Giant AXA Following Decision to Stop Ransomware Reimbursements
Ransomware gangs have eyes on the UAE, with more tricks up their sleeves
Ransomware group says it released 'full data' on DC police department
Scripps Health ransomware shutdown hits the two-week mark
South Korea clamps down on digital currency phishing activities
Telephone System At University Hospital Limerick Affected By HSE Ransomware Attack
The Colonial Pipeline Attack Is a Dark Omen
Theft of personal information in the University of California (UC)
There’s a Simple Way Websites Can Identify Anonymous Users Across Different Browsers
To protect all of us, government and business had better step up cybersecurity
US pipeline resumes 'normal operations' after ransomware attack
14th May
2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic
A cyber-threat odyssey: Identifying geography, network characteristics of phishing attacks
A Toshiba business unit says it has been attacked by hacking group DarkSide
Adopting zero trust architecture can limit ransomware’s damage
After the Colonial Pipeline attack, here’s what everyone should know about ransomware
Australian Signals Directorate (ASD) knows who attacked the Australian Parliament House (APH) email system but isn't revealing who
Bitcoin extortion: How cryptocurrency has enabled a massive surge in ransomware attacks
City of Trenton Stops Sophisticated Vendor Phishing Scam in Its Tracks
Colonial Pipeline hack similar to Logansport ransomware attack
Court Sentences Man Who Stole $700K in City Phishing Scam
Critical Infrastructure Remains At Risk Following Ransomware Attack
Cross-browser tracking vulnerability tracks you via installed apps
Cyber attack 'most significant on Irish state'
Cybersecurity Experts Call for Stronger Action to Disrupt Ransomware 'Business Model'
DarkSide Added ‘Toshiba France’ to Its Victim List but It Could Be the Last One
DarkSide explained: The ransomware group responsible for Colonial Pipeline attack
DarkSide Ransomware Group Loses Server Access After US Moves to Disrupt Operations
DarkSide ransomware servers reportedly seized, operation shuts down
DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns
DC Police Victim Of Massive Data Leak By Ransomware Gang
Echelon Fitness Leaks PII of Customers Through Severely Insecure API
Executive impersonation attacks increased substantially between Q1 2020 and Q1 2021
Gary rebuilds servers following ransomware attack
Hackers Post Personal Data of D.C. Police Officers Following Ransomware Attack
Here’s How Much Your Personal Information Is Worth to Cybercriminals – and What They Do with It
How ransomware became a disruptive and lucrative form of cybercrime
How the Colonial Pipeline hack is part of a growing ransomware trend in the US
How to protect yourself from ransomware
How to select a cybersecurity framework to protect your greatest assets: People, property and data
How Zero Trust Security Can Protect Against Ransomware
HSE shuts down IT systems after ransomware attack by ‘international criminals’
Ireland will not pay ransom after health service cyber attack
Ireland’s Healthcare System’s IT Offline Following Ransomware Attack
Irish Health IT services shut down over ‘significant ransomware attack’
Irish Health Service Hit by 'Very Sophisticated' Ransomware Attack
Irish healthcare shuts down IT systems after Conti ransomware attack
Learning from cyber attacks could be the key to stopping them
Lemonade Denies “Unforgivably Negligent” Security Gaffe
Microsoft Alerts Aviation and Travel Firms to RAT Campaign
New Magecart Group 12 Campaign Is Deploying PHP-Based Skimmer
North Carolina moves toward ban on ransomware payments
Pipeline Ransomware Shows Dangers of Unsecured Infrastructure
QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
Questions raised on Rensselaer Polytechnic Institute (RPI) response to data breach
Ransomware: Survive by Outrunning the Guy Next to You
Ransomware ads now also banned on Exploit cybercrime forum
Ransomware attack causing serious disruption in Galway hospitals
Ransomware attack disrupts Irish health services
Ransomware Attacks Growing More Profitable
Ransomware attacks on Irish health services & Colonial Pipeline cause major disruptions to critical services
Ransomware gangs disrupted by response to Colonial Pipeline hack
Ransomware took down the Colonial Pipeline. You could be at risk too
Ransomware’s New Swindle: Triple Extortion
Rapid7 Admits Codecov Trouble but Says Code Hasn’t Been Affected
Rapid7 Source Code Accessed in Cyber-attack
Rapid7 source code, alert data accessed in Codecov supply chain attack
Report finds ransomware hitting manufacturers hardest
Researchers design a way to make encrypted keys harder to crack
RevengeRAT and AysncRAT target aerospace and travel sectors
Russian-language cybercriminal forum ‘XSS’ bans DarkSide and other ransomware groups
‘Scheme Flooding’ Allows Websites to Track Users Across Browsers
Scripps ransomware shutdown hits the two-week mark
'Significant' ransomware attack forces Ireland's health service to shut down IT systems
Small business agency SEDA taken down in ransomware attack
Solving the Ransomware Crisis
Sophisticated Actors Refresh Their ‘SombRAT’ Backdoor to Hide Better Following Analysis
Taoiseach insists Ireland will not pay ransom after HSE cyber attack
The 5 Key Ransomware Questions CEOs Should Be Asking CIOs Now
To Pay or Not to Pay? The Dilemma for Ransomware Victims
Toshiba hit by ransomware in suspected DarkSide attack
Toshiba unit struck by DarkSide ransomware group
Toshiba's French unit hit by DarkSide ransomware attack
US fuel pipeline 'paid hackers $5m in ransom'
US pipeline ransomware attack serves as fair warning to persistent corporate inertia over security
Verizon: Pandemic Ushers in ⅓ More Cyber-Misery
Verizon’s 2021 Data Breach Investigations Report (DBIR): Phishing and ransomware threats looming ever larger
What is AppSec? The Challenges and Rewards
What is DARKSIDE, the cybercriminal ransomware group that has the world on alert?
When exploit code precedes a patch, attackers gain a massive head start
13th May
3 areas of implicitly trusted infrastructure that can lead to supply chain compromises
A Cyber Executive Order For the 21st Century
Apple’s ‘Find My’ Network Exploited via Bluetooth
Attackers abuse Microsoft dev tool to deploy Windows malware
Babuk Leaks the Entire Data Set Stolen From D.C. Metro Police Three Weeks Ago
Beyond MFA: Rethinking the Authentication Key
Biden Administration Signs Comprehensive Cybersecurity Executive Order
Biden Executive Order Mandates Zero Trust and Strong Encryption
Biden's executive order faces challenges trying to beef up US cybersecurity
Chemical distributor pays $4.4 million to DarkSide ransomware
Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code
Cloud compromise now the biggest cybersecurity issue for financial institutions
Colonial hack: Biden orders tightening of cyber-defences
Colonial Pipeline Attackers Linked to Infamous REvil Group
Colonial Pipeline paid close to $5 million in ransomware blackmail payment
Colonial Pipeline restores operations, $5 million ransom demanded
Colonial Pipeline Shells Out $5M in Extortion Payout
Consumers aware of travel cyber risks, still not putting their digital wellness first
Consumers Unforgiving of Merchants’ Data Failings
Cyber-attacks Cost Small US Businesses $25k Annually
Cybercriminals exploit these cognitive biases the most
Cybersecurity Executive Order requires new software security standards
DC police suffer ‘massive’ info leak after ransomware attack
Fake Cryptocurrency Apps on iOS and Android Defrauding Asian Users
Four Years On: Two-thirds of Global Firms Still Exposed to WannaCry
Fresh Loader Targets Aviation Victims with Spy RATs
Gary, Indiana hit with ransomware attack on city's government computers
Hacking MFA the Technical Way and How to Guard Against These Attacks
How to Protect Structured and Unstructured Data
Insurance giant CNA fully restores systems after ransomware attack
Interpol Launches African Cybercrime Initiative and Operations Desk
Learnings from the Colonial Pipeline cyberattack: focus on the 98% of attacks, not the 2%!
Meet Lorenz - A new ransomware gang targeting the enterprise
Microsoft build tool abused to deliver password-stealing malware
Microsoft Security Intelligence exposes phishing scheme that could be affecting you right now
Microsoft warns: Watch out for this new malware that steals passwords, webcam and browser data
Microsoft's new security feature locks hackers out with GPS
Old bugs exposing all WiFi enabled devices to FragAttacks
Organizations using Microsoft 365 experience more breaches, with more severe impacts
Pennsylvania attorney general investigating massive coronavirus contact tracing data breach
Phishing, ransomware, web app attacks dominate data breaches in 2021, says Verizon Business Data Breach Investigations Report
Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags
Popular Russian hacking forum XSS bans all ransomware topics
President Biden signs executive order to strengthen U.S. cybersecurity defenses
Ransomware: How the NHS learned the lessons of WannaCry to protect hospitals from attack
Ransomware Going for $4K on the Cyber-Underground
Rapid7 source code, credentials accessed in Codecov supply-chain attack
Record Number of Breaches Detected Amid #COVID19
Top security threats for power plants and how to proactively avoid them
Trailer maker Utility targeted in ransomware attack
Wi-Fi vulnerability may put millions of devices at risk
12th May
328 weaknesses found by Western Australia Auditor-General in 50 local government systems
All Wi-Fi devices impacted by new FragAttacks vulnerabilities
Apple failed to disclose security incident affecting 128 million users in 2015
Apple Mum on 128 Million Users Hack
Are Cybercriminals Evil or Greedy?
Babuk Gang: The Rising Threat on Cyber Security Landscape
Biden issues executive order to increase U.S. cybersecurity defenses
Blurred WFH lines create cybersecurity challenges for companies
DarkSide Offered Ransomware-as-a-Service Before Pipeline Attack
FBI, CISA publish alert on DarkSide ransomware
Foreign Secretary issues warning to Russia on ransomware
Government lays out plans to protect users online
Greek Hemodialysis Unit Operator Hit by Ransomware Gang That Threatens DDoSing
Half of Government Security Incidents Caused by Missing Patches
Home Working Parents and Young Adults Are Most Risky IT Users
How to prevent another Colonial Pipeline ransomware attack
How to prioritize patching in the exploit storm
Microsoft: Threat actors target aviation orgs with new malware
Microsoft 365 email data breaches take center stage amid WFH in a new report
Microsoft shares details of malware attack on aerospace, travel sector
Most enterprise cybersecurity teams lack the ability to remediate risk
Navigating the waters of maritime cybersecurity
New ransomware: CISA warns over FiveHands file-encrypting malware variant
Not again! Another Phishing Simulation Goes Awry
Pet and shopping scams surge during pandemic
Phishers using Zix to “legitimize” emails in the eyes of Office 365 users
Police Doxxed After Ransom Dispute
Ransomware attackers are now using triple extortion tactics
Ransomware Attacks on Municipalities Continue
Ransomware-hit Colonial Pipeline causes US petrol supply crunch, panic buying
Researchers track down five affiliates of DarkSide ransomware service
Russia must do more to tackle cyber criminals operating from within its borders, says UK
Scammers aren’t always who we expect them to be: How AI and biometrics can help
Security awareness training doesn’t solve human risk
Study reveals growing cybersecurity risks driven by remote work
Tens of Thousands of VoIP Devices From Around the Globe Are Publicly Exposed
The perils of lax security hygiene and what organizations can do about it
Time to patch against FragAttacks but good luck with home routers and IoT devices
Trust Wallet, MetaMask crypto wallets targeted by new support scam
What the pipeline attack means for critical infrastructures
When the adversarial view of the attack surface is missing, DX becomes riskier
Why VPN Is Vital in Securing Your Online Privacy
11th May
90% of security leaders view bot management as a top priority
A simple guide to keeping customers safe on your website
Adobe fixes Reader zero-day vulnerability exploited in the wild
Amazon Fake Reviews Scam: What The Data Breach Revealed
America’s largest fuel pipeline has been shut since Friday after a ransomware attack. What’s going on?
Avaddon ransomware targeting Australian organisations
AXA to Stop Reimbursing Ransom Payments
Colonial Pipeline ransomware hack and gas shortage: What you need to know
Colonial Pipeline ransomware attack has grave consequences
Connected and Automated Mobility (CAM) sector cybersecurity challenges and how to mitigate them
Cyber security: Learn to protect yourself from phishing attacks
Energy Tech Firm Hit in Ransomware Attack
Everything you need to know about the Colonial Pipeline ransomware attack
Expect Ransomware Attacks to Be Common Under Biden
FBI names pipeline cyberattackers
Hacker downloads files of 5,000 children from La Place 0-5, including son of family minister
How a cyberattack on a major pipeline is affecting gas prices
Industrial Cybersecurity: Guidelines for Protecting Critical Infrastructure
It’s not just Scripps. Ransomware has become rampant during pandemic
Japanese Manufacturer Yamabiko Targeted by Babuk Ransomware
Kansas Identity Theft Spike Could Be Linked to Data Breach
New Android Malware Called ‘TeaBot’ Is Spreading in Europe
New Android malware targeting banks in Italy, Spain, Germany, Belgium, and the Netherlands
New Android malware TeaBot found stealing data, intercepting SMS
Norwegian firm shows how ransomware attack should be handled
Now ransomware is inundating public school systems
Panda Stealer targets cryptocurrency wallets and VPN credentials via malicious XLS attachment
Pipeline attack highlights ransomware threats to infrastructure
Ransomware: Don't pay up, it just shows cyber criminals that attacks work, warns Home Secretary
Ransomware Attack on Colonial Again Shows U.S. Ignores Warning After Warning
Ransomware crisis hits oil pipeline
Ransomware gang leaks data from Metropolitan Police Department
Ransomware gang releases DC police records
Security Vs. Convenience: Navigating the Mobile World
Six cyber security tips to keep your workspace safe
The best CISOs think like Batman, not Superman
The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem
The many sides of DarkSide, the group behind the Colonial Pipeline ransomware attack
The Top 5 Considerations That Should Guide Your SOC Strategy in 2021 and Beyond
This one change could protect your systems from attack. So why don't more companies do it?
Thousands of patient records exposed after ransomware attack on CaptureRx
Top concerns for IT leaders planning for hybrid workplace environments
Train firm slammed over 'bonus' phishing test
“Treat your data with respect,” ransomware crooks tell hacked DC police
University of California data breach: Sensitive information of staff, students leaked
‘Urgent and aggressive’ action required as ransomware crisis deepens
Virtual terror: Ransomware attack in the US foregrounds the need to better protect key infrastructure
Water regulator has handled more than 20,000 malicious emails in 2021
Why the Colonial Pipeline hack matters
Why threat hunting is obsolete without context
Your Security Awareness Training Isn’t Working
10th May
A picture is worth a thousand words, but to hackers, it’s worth much more
AirTag Jailbroken For The First Time And It Could Be Used For Phishing Attacks By Hackers
Amazon fake reviews scam revealed in data breach with massive potential
Apple kept mum about XcodeGhost malware attack against 128M users
AXA halts ransomware crime reimbursement in France
AXA pledges to stop reimbursing ransom payments for French ransomware victims
Can Organizations Ever Reach a State of Zero Trust?
City of Tulsa's online services disrupted in ransomware incident
City Of Tulsa Says Ransomware Attack Impacting Some Services
Colonial hack: How did cyber-attackers shut off pipeline?
Colonial Pipeline aims to restore operations by end of the week after cyberattack
Colonial Pipeline attack ratchets up ransomware game
Colonial Pipeline looking to 'substantially restore operations by end of week
Colonial pipeline outage caused by 'Darkside' hack
Colonial Pipeline remains offline after ransomware attack
Cyber attack disrupts US fuel supplies
Cyberattack halts pipeline for third day
Cyberattack on US pipeline is linked to criminal gang
Cybersecurity technology is not getting better: How can it be fixed?
DarkSide explained: the ransomware group responsible for Colonial Pipeline cyberattack
‘DarkSide’ Is Probably Responsible for the Ransomware Attack Against Colonial Pipeline
DarkSide ransomware will now vet targets after pipeline cyberattack
Defending against Windows RDP attacks
East Coast Faces Gas Price Spike Due to Ransomware on Pipeline
Exploiting common URL redirection methods to create effective phishing attacks
FBI Confirms Colonial Pipeline Hit by DarkSide Ransomware
Getting a grip on basic cyber hygiene
Google wants to enable MFA by default
How a Hacking Group Did Apple Repair Professionals an Accidental Favor
How do I select a managed cybersecurity solution for my business?
How To Identify and Appoint the Right Security Partner for Your Organization
It's not just Scripps. Ransomware has become rampant in health care during pandemic
Japanese Power Tool Maker ‘Yamabiko’ Claimed as Victim by Babuk
Kaspersky says scamming activities around COVID-19 vaccines intensified in Q1 2021
Lemon Duck hacking group adopts Microsoft Exchange Server vulnerabilities in new attacks
Lessons learned from the iPhone call recording app vulnerability
Malicious COVID-19 vaccine SMS that compromises Android phones spreading
Malicious UK Website Takedowns Surge 15-Fold in 2020
Mobile phishing has seen a huge rise in some industries
Nationwide Utilities Down Due to Ransomware Attack on Cloud Provider ASAC
New South Wales Government Tables Revolutionary Data Breach Disclosure Bill
No Room for Medieval Thinking in Ransomware
Of Pipelines And Cybersecurity
Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
Parent slams data breach at Southchurch High School, Southend
Peloton's Data Breach Is a Reminder to Lie Whenever You Can
Phishing scam impersonating myGov to harvest personal details
Pipeline hit by cyberattack could be back by week’s end
Pipeline ransomware attack: US invokes emergency transport rules to keep fuel flowing
Ransomware: Survive by outrunning the guy next to you
Ransomware attack on healthcare admin company CaptureRx exposes multiple providers across United States
Ransomware attack on critical pipeline fuels worry of transport chaos
Ransomware Attack On Pipeline Company Could Cause Fuel Shortages And Higher Prices On The East Coast
Ransomware Attack Targeting Colonial Pipeline Shuts Fuel Shipments Across Eastern U.S.
Ransomware attacks hit 'under-resourced' city governments hardest, says cybersecurity expert whose kids' school was shut down by hackers for 4 days
Ransomware Takes Down East Coast Fuel Pipeline
Report Quantifies the True Cost of Ransomware
Russian criminal group suspected in Colonial pipeline ransomware attack
Scammers pose as non-existent “Massachusetts DMV” employees in new phishing scam
Security and Privacy Challenges Threaten to Ground Vaccine Passports
Shedding Light on the DarkSide Ransomware Attack
South Korea Deploying System to Monitor Crypto Phishing
Staff Bonus was “Crass” Phishing Simulation
The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable - why national cyber defense is a 'wicked' problem
The Dystopic Future of Cybersecurity and the Importance of Empowering CISOs
The fight for your data: mitigating ransomware and insider threats
The Underbelly of Ransomware Attacks: Local Governments
This security project has taken down 1.5 million scam, phishing and malware URLs in just one year
Top 5 things to know about web shells
UK/US: Patch These 11 Bugs Now to Thwart Russian Spies
University Cancels Exams After Cyber-Attack
US and Australia warn of escalating Avaddon ransomware attacks
US passes emergency waiver over fuel pipeline cyber-attack
West Midlands Railway sent staff fake bonus email in cyber-security test
What is ransomware? Everything you need to know about one of the biggest menaces on the web
Work to secure U.S. pipelines after Colonial ransomware cyberattack shuts down supply