Editor's Message

Welcome to DBD. On March 8th we officially celebrated our first anniversary. What started as a small idea unexpectedly evolved into a larger project, thanks to an overwhelming interest in the website and the information we provide. Therefore we would like to take this opportunity to thank each and every one of you who has supported us in our first year of operation, and we pledge to endeavour to continue providing you with the service you have come to expect from us going forward. Thank you for your support. Stay safe. :)

Monday, 13 September 2021

Data Breaches Digest - Week 37 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 13th September and 19th September 2021.

16th September

All Data Breaches of all time – An Alarming Timeline

APT-C-23 Using New Android Spyware in the Middle East

Are Asian businesses really prepared to deal with ransomware attacks

Attacks reach record highs in 2021

Banks Slammed for Low Fraud Reimbursement Rates

Bitcoin ledger as a secret weapon in war against ransomware

Bitdefender releases REvil master decryptor

Bot attack volumes growing 41% year over year, human-initiated attacks down 29%

Chinook School Division student information exposed during accidental data breach

Communicating in the midst of a cyber attack

Data breach in networks of Indonesian ministries and agencies

Ensuring Business Continuity In A Modern-Day Threat Landscape

Find the balance between security and privacy in a BYOD world

Ford Faces Class Action Lawsuit for Storing and Sharing Private Conversations

Free REvil ransomware master decrypter released for past victims

Health apps 'playing fast and loose' with user data, warns Federal Trade Commission (FTC) chief

Household Names Hit with £500K Fine for Spamming Consumers

How much are data breaches costing Canadian businesses?

HSE chief says cost of cyber attack could reach €100m

Increase in Phishing Attacks on Nigerian Organisations Hits 66%

Make or Break: What To Do When Security Solutions Fail

Microsoft announces passwordless authentication option for consumers

Misconfigured APIs Account for Two-Thirds of Cloud Breaches

New Go malware Capoae targets WordPress installs, Linux systems

Newcastle Grammar School reveals post-mortem of ransomware infection

Nigeria Records 13% Decline In Phishing Attack In H1

One-in-seven Nasdaq-100 companies ranked as highly susceptible to a ransomware attack

Ransomware: A market problem deserves a market solution

Ransomware attackers targeted app developers with malicious Office docs, says Microsoft

Ransomware attacks and crypto-currency scams on the rise

Ransomware gang threatens to remove key when victim contacts negotiator

Ransomware incidents continue to rise

Rethinking Security When Identity is the Ultimate Attack Surface

The 5 Ws for building a strong cybersecurity plan

The Massachusetts Attorney General will probe the T-Mobile data breach

The Ransomware Killchain: How It Works, and How to Protect Your Systems

Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released

Travel-themed phishing lures spiked this summer

When attackers strike

Why Understanding Data Privacy is More Important Than Ever

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

15th September

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company

9 tips to avoid cloud configuration conundrums

46% of all on-prem databases are vulnerable to attack, breaches expected to grow

A cyber security threat is now reported in Australia every eight minutes

A Phishing Kit Scammed Thousands Of People

Americans Fined After Hacking for Foreign Government

Arizona Medical Practice Permanently Loses EHR Data

Attackers Impersonate Department of Transportation (DoT) in Two-Day Phishing Scam

Australia and Singapore have higher incidences of insecure databases

Brand abuse attacks dominate list of fraud trends

California Attorney General Issues Bulletin on Health Data Breach Reporting Requirements

Call to eliminate 'human error' causing Guernsey data breaches

Critical Azure security vulnerabilities affect large organizations

Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs

Customer Care Giant TTEC Hit By Ransomware

Cyber Crime Attacks on Australians Increase to 1 Every 8 Minutes

Cyber crime in Australia increased 13% in the last year

Cyber crime spreads in Australia as COVID-19 pushes more people online

Cyber insurance – the year of change

Cybercriminals recreate Cobalt Strike in Linux

Cybercriminals use pandemic to attack schools and colleges

Cybersecurity tips for online learning as schools tap hybrid learning amid delta variant

Data Breach In Networks Of Indonesian Ministries And Agencies

Defeating Ransomware with Multi-Factor Authentication (MFA)

Department of Justice (DOJ) fines NSA hackers who assisted UAE in attacks on dissidents

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill

Employees are losing thousands of dollars to this ‘boss scam’

Execs concerned about software supply chain security, but not taking action

Experian data breach suspect nabbed

Financial services organisations spend over $2.62 million on ransomware recovery

Financial Services Sector Hit with $2m Ransomware Costs

Five Risks For Your Mission-Critical SaaS Data

Former U.S. intel operatives to pay $1.6M for hacking for foreign government

Google patches Chrome zero-day exploited in the wild

GSaaS: The Changing Dynamics of Cybersecurity

Half of on-prem databases contain security vulnerabilities

Hawks arrest suspect for massive Experian data breach

Health care data breach affects more than 100,000 Mainers

Health Care Providers Are Turning to Cyber Insurance

How to Prevent an Office of Foreign Asset Control (OFAC) Sanction When Responding to a Ransomware Attack

How to protect your on-premises databases from security vulnerabilities

Improving Backup Resiliency as the Last Line of Ransomware Defense

Individuals use two-factor authentication, biometrics to protect information

IoT: An Internet of Threats?

Ireland: Data Protection Commissioner launches two inquiries into TikTok

ISOMorph and HTML Smuggling

Justice department working to restore IT systems after ransomware attack

Lawsuit: Health System Failed to Heed Ransomware Warnings

Many companies are struggling to repel network attacks

Many employees can access millions of company files on their first day

McAfee Enterprise research links new RaaS gang to Babuk

Meris botnet assaults KrebsOnSecurity

Microsoft fixes critical bugs in secretly installed Azure Linux app

Microsoft just took another big step towards getting rid of passwords forever

Microsoft Patches OMIGOD, MSHTML and PrintNightmare Bugs

Microsoft rolls out passwordless login for all Microsoft accounts

MikroTik shares info on securing routers hit by massive MÄ“ris botnet

Most Fortune 500 companies’ external IT infrastructure considered at risk

Multiple Flaws in Microsoft Azure Put Half of All Deployments at Risk

National Information Technology Development Agency (NITDA) warns of data breach via mobile apps

Nearly a Third of Brits Say They Feel Unsafe Online

No Patch for High-Severity Bug in Legacy IBM System X Servers

NSA Director Promises ‘Intense’ Crackdown On Foreign Cyber Attacks

OMIGOD: Azure users running Linux VMs need to update now

Open Web Application Security Project (OWASP) updates top 10 vulnerability ranking for first time since 2017

Phishers impersonate US DOT to target contractors after Senate passed $1 trillion infrastructure bill

Phishing Attacks in Nigeria Drop 13% in H1 2021

Phishing Attacks on the Rise: 60% of Organizations in the UAE

Phishing Scams In 2021

Phishing texts and emails target University of Oregon community in fall surge

Quarter of Fortune 500's External IT Assets Are a Cyber Risk

Ransomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anyway

Ransomware encrypts South Africa's entire Department of Justice network

Ransomware gang threatens to wipe decryption key if negotiator hired

Ransomware gangs’ methods match state-sponsored attackers as assaults get more sophisticated

Ransomware is exploding and evolving

Ransomware preparedness is low despite executives’ concerns

Rare bright cyber spot: Australian Cyber Security Centre (ACSC) reports total incidents down 28%

Remote work presents challenges for IT leaders

Rise in cyberattacks on healthcare organisations

Russia Has Taken No Action to Combat Ransomware, FBI Says

Russia is fully capable of shutting down cybercrime

SEC’s SolarWinds Probe Could Expose Undisclosed Security Breaches

Securing the Edge in a Hybrid Environment

Security Experts Witnessed a 55,239% Increase in Ransomware Activity in Q2

Serious Flaw Found in HP OMEN Driver

Software Supply Chain Attacks Surge 650% in a Year

South Africa: Suspect arrested for massive 2020 data breach

South African government entities hit by cyber attacks and services affected

South African organisations not confident they could survive a ransomware attack

Stale Microsoft 365 accounts are a security risk: Remove them now

Steganography explained and how to protect against it

T-Mobile, customers diverge on forum to transfer data breach suits

T-Mobile Data Breach to Be Investigated by Massachusetts Attorney General

Tape Won’t Work for Ransomware Protection. Here’s Why

Tech giant Olympus reportedly hit by BlackMatter ransomware

The fight against ransomware

The Hidden Risk the Defense Sector’s Probably Overlooking

The Ransomware Pandemic That COVID Started

The Top 5 Threats to Cyber Security

Traditional Fraudulent Tactics Like Spam Emails and Phishing Still Prevalent According to Kaspersky

Two-thirds of cloud attacks could be stopped by checking configurations, research finds

U.S. Operatives Responsible for “KARMA” Deployment in the U.A.E. Offered Costly Resolution

UAE organisations report increased cyberattacks during the pandemic

UK's General Data Protection Regulation (GDPR) Explained

Wisconsin Attorney General Warns Of Increased Ransomware Threats

You can now eliminate the password for your Microsoft account

You Can Now Sign-in to Your Microsoft Accounts Without a Password

Your Security Debt is Due. Here’s How to Pay it Off

ZLoader is back: uses ads for spreading and disables Windows defender

14th September

60 Million records exposed: Fitbit, Apple, Google health info leaked in massive data breach

2020 Expensive Year For Ransomware Victims: Sophos

2021’s Most Dangerous Software Weaknesses

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

After a Short Summer Vacation, REvil Ransomware Group Shows Signs of Returning to Business

Apple Fixes Pegasus-Exploited Zero-Day Through iOS 14.8 and macOS 11.6

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

Apple Patches Pegasus Spyware Flaw for iOS Devices, Macs

Apple patches spyware flaw affecting all operating systems

Apple releases emergency patch to protect all devices against Pegasus spyware

Apple Releases Urgent Patch Following Discovery of Pegasus Spyware

Australia: Ransomware shows why we need a bipartisan federal cybersecurity policy

Automotive Industry Faces Severe Data Breaches and Ransomware Threats, CybelAngel Investigation Reveals

BlackMatter Ransomware Hits Japanese Tech Giant Olympus

Bot attacks grow 41% in first half of 2021

Child maintenance payments delayed after ransomware attack disables important system

Clinic: EHR Data Too Damaged to Recover Post-Attack

Cloud Misconfigurations: The Hidden but Preventable Threat to Cloud Data

Close to half of on-prem databases contain vulnerabilities, with many critical flaws

Constant threat of ransomware causing data protection headaches

Corporate corruption, fraud and bribery have significant impacts to the enterprise

Cost of ransomware attack in financial sector exceeds $2m

Create a ransomware playbook

Cyber attack on Justice Dept spills over to South Africa's new information watchdog

Dangers of DNS poisoning and how to prevent it

Deloitte Poll: Most US Executives Lack Ransomware Response Plan

Don’t get held to ransom: Cause, prevention, recovery

Executives' ransomware concerns are high, yet few are prepared for attacks

Explained: How safe is my iPhone after Apple’s no-click security flaw?

FBI ends GCSD cyber attack investigation

FBI Official: Russia Is Not Cooperating with U.S. Against Ransomware Threat

Financial Services Firms Spend Over $2m on Ransomware Recovery

Finding your PII data before someone else does

Fitness Tracking Platform Exposed 61 Million User Records

Five ways to improve your cyber resilience with robust ransomware recovery

General promises US 'surge' against foreign cyberattacks

Global Databases Riddled with an Average of 26 Vulnerabilities

Google patches two Chrome zero-days

Hackers Are Laying Siege to Critical Infrastructure: Here’s How to Fight Back

Healthcare cybersecurity: How to prevent the compromise of patient records?

Here's what smishing means as reports of text message scams jump - and how it differs from phishing

Houston Provider Delayed Notice of Ransomware Attack for Months

How the Digital Business is Keeping Up with Compliance

How to defeat cyber threats with AI-powered, real time threat intelligence

How to evaluate the security risk of your databases

HP OMEN Gaming Hub Flaw Affects Millions of Windows Computers

HP patches severe OMEN driver privilege escalation vulnerability

Improving Cyber Resilience Against Ransomware Attacks in the U.S.

Indonesia denies report of Chinese hacking group breaching intelligence agency servers

Information Regulator hit by ‘ransomware attack’

IT teams forced into compromising security for business continuity during pandemic

Krita art app users targeted by ransomware posing as paid 'collaboration' opportunities

Massachusetts Attorney General (AG) Launches Investigation Into T-Mobile Data Breach

Massachusetts Attorney General (AG) Launches Probe into T-Mobile Data Breach

Massachusetts probing huge T-Mobile data breach

Microsoft fixes remaining Windows PrintNightmare vulnerabilities

Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug

Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)

Microsoft Patches Actively Exploited Windows Zero-Day Bug

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability

Millions of HP OMEN gaming PCs impacted by driver vulnerability

More Aussies at risk as Google finds phishing, scams ramp up

‘New battleground’: Cyber attackers targeting Australia’s health system

New Stealthier ZLoader Variant Spreading Via Fake TeamViewer Download Ads

New York County IT Supervisor Charged with Crypto-Mining

New Zloader attacks disable Windows Defender to evade detection

Olympus insists medical services ‘uninterrupted’ by malware attack

One Stolen Password Took Down The Colonial Pipeline — Is Your Business Next?

Online Safety Starts With Using a Password Manager

OSI Layer 1: The soft underbelly of cybersecurity

Outsmart Cybersecurity Threats By Modernizing Your ERP

Pair of Google Chrome Zero-Day Bugs Actively Exploited

Perfect Storm Expands Opportunities For Cyber Investment

Personal information of North East ISD (NEISD) employees may have been compromised in cyber attack, district says

Phishing Attacks Getting Sneakier with Open Redirects

Phishing attacks on the decline as cybercrims focus efforts

Phishing puts South African companies under fire

Ragnar Locker Ransomware Gang Employs New Tactics: Leaking Data if Victims Contact the FBI

Ransomware Operators Ramp Up Pressure on Victims via Multiple Extortion Attacks

Ransomware prevention tips for SMEs: The threat from within

Response Plans, Backup Strategies Underpin Cyber Resilience

REvil: Ransomware gang active again in a new line-up

Rise in cyberattacks, ransomware during COVID-19 boosts IT security skills

Romance, BEC Scams Lands Soldier in Jail for 46 Months

Russia is fully capable of shutting down cybercrime

Scammers already targeting people with iPhone 13 offers

Seven signs your mobile phone has been hacked and your personal or financial details hijacked

‘Significant threat’: cyber attacks increasingly targeting Australia’s critical infrastructure

Smishing attacks increased 700% in first six months of 2021

SolarWinds CEO: Breach transparency 'painful' but necessary

South African Justice Department hit by ransomware attack

Texas GOP Website Down After Anonymous Hack

The Rise in Ransomware: Here's How to Fight It

The Rise of Ransomware

The state of ransomware: national emergencies and million-dollar blackmail

This phishing kit is wreaking havoc on thousands of victims

Thousands of UNM Health records breached

Three ways to keep your organization safe from cyberattacks

Training creators say cybersecurity drills don't have to be 'fight or flight'

US general in charge of cybersecurity pledges ‘surge’ to address ransomware attacks

What Is Cyber Insurance and Do I Need It?

What is Driving the Surge of Ransomware Attacks?

Why AI and Automation Provides Superhuman Security

Why cyber criminals are targeting schools

Why you should avoid those fun social media "tell us about yourself" questions

Wisconsin officials report increase in ransomware threats

Zero Trust Requires Cloud Data Security with Integrated Continuous Endpoint Risk Assessment

ZLoader’s Back, Abusing Google AdWords, Disabling Windows Defender

13th September

5 ways to better prepare your organization for a ransomware attack

5 ways to improve cyber resilience against ransomware, supply chain attacks

91% of IT teams feel pressure to compromise security

A Third of Industrial Control Systems Attacked in H1 2021

Anonymous hacks Texas Republican Party website against abortion law

Apple fixes iOS zero-day used to deploy NSO iPhone spyware

Apple Issues Emergency Fix for NSO Zero-Click Zero Day

Apple Issues Urgent Updates to Fix New Zero-Day Linked to Pegasus Spyware

Apple releases update fixing NSO spyware vulnerability affecting Macs, iPhones, iPads and Watches

Attackers' fumble gave out Kaseya decryptor key

Bad News: Innovative REvil Ransomware Operation Is Back

Beginning a more mature conversation about cybersecurity

Beware of these 5 common scams you can encounter on Instagram

BlackMatter attack on Olympus shows troubling rise of ransomware-as-a-service

BlackMatter ransomware hits medical technology giant Olympus

Brazil debates creation of national strategy to tackle cybercrime

Camera giant Olympus hit by ransomware attack

CISA Adds Single-Factor Authentication to the List of Bad Cybersecurity Practices

Class action targets Georgia health system over ransomware attack that exposed 1.4 million patients' info

Cloudflare CEO says crypto exchanges are a popular target for cyber attackers

Critical Bug Reported in NPM Package With Millions of Downloads Weekly

Cyber Insurance Carriers, Increasingly Targeted by Hackers, Impose New Coverage Conditions

Disincentivizing ransomware criminals across the federal government

Elevated Cyber-risk as Companies Choose Speed Over Security

Enterprise automation adoption surging, security and compliance area jump by 171%

Federal Trade Commission (FTC) warns of extortionists targeting LGBTQ+ community on dating apps

Fitbit, Apple user data exposed in breach impacting 61M fitness tracker records

Gone phishing: The escalation in global cyberattacks is an unintended consequence of Fourth Industrial Revolution (4IR) technologies

Google patches 10th Chrome zero-day exploited in the wild this year

Hacker-made Linux Cobalt Strike beacon used in ongoing attacks

Hackers leak California hospital patients' data online after ransomware attack

Honing Cybersecurity Strategy When Everyone’s a Target for Ransomware

How Intrusion Risk Controls Ward off Ransomware Hackers

How Likely Is Your Employee To Cause A Data Breach?

How Nonprofits Can Defend Against Ransomware Attacks

How To Defend Against Increasingly Convincing Phishing Attacks

Information Regulator of South Africa concerned by breaches and ransomware attacks

IoT device attacks double in the first half of 2021, and remote work may shoulder some of the blame

Kaspersky Records Over 2 Million Phishing Attacks in South Africa, Kenya and Nigeria in H1 2021 and Spam Email Still a Threat

Linux Implementation of Cobalt Strike Beacon Targeting Organizations Worldwide

Looking for election threats in all the wrong places

Mobile app creation: Why data privacy and compliance should be at the forefront

‘MskHost’ Taken Down by Hacktivists Who Will Now Pass Stolen Clientele to the Police

Mustang Panda Compromises Indonesian Intelligence Agency

MyRepublic reports data breach to customers

New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection

Now Is The Time To Update Your Risk Management Strategy And Prioritize Cybersecurity

Nuspire Report Confirms Massive Spike in Ransomware Attacks

Olympus Admitted the ‘BlackMatter’ Ransomware Gang Got Them

Olympus Allegedly Falls Victim to BlackMatter Ransomware Attack

Olympus hit by suspected ransomware attack

Olympus investigating reported ransomware attack with BlackMatter hallmarks

Olympus likely victim of BlackMatter ransomware

Only 30% of enterprises use cloud services with E2E encryption for external file sharing

Open redirect on UK council website was being used for Royal Mail-themed parcel payments scam

Over 60 million wearable, fitness tracking records exposed via unsecured database

People, places, and spaces: Edge data centers’ biggest security challenges

Phishing attacks vs employees skyrocketed during the pandemic

Prevention is better than cure: The ransomware evolution

Ransomware attacks are about to get worse. But there are ways to stop them

REvil is back - and wants to rebuild its reputation

REvil Ransomware Is Back Online After A Brief Hiatus

REvil’s Back; Coder Fat-Fingered Away Its Decryptor Key?

Securing a Hybrid Work Environment: The Worst of Both Worlds

Securities and Exchange Commission (SEC) Probe into Russian Hacking of SolarWinds has corporate America worried

Security Advisory Regarding Remote Code Execution in MSHTML

Security Experts Witnessed a 55,239% Increase in Ransomware Activity in Q2

South Africa: Calls for transparency after justice department cyber attack

Technology giant Olympus hit by BlackMatter ransomware

Tesla targeted in failed ransomware extortion scheme

The Evolution of Disruptionware and the Growth of Ransomware as a Service (RaaS)

The great data robbery

The Three Pillars of Unified Risk Management for Product Security

The top cyber security risks of 2022

Third-party cloud providers: Expanding the attack surface

Tips For Protecting Yourself Against Rising Cybercrime

Top 5 Enterprise Security Threats and How To Avoid Them

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack

US Locks Up Key Player in Nigerian Romance Scam

Virginia National Guard suffers cyberattack as Marketo leaks data

What’s Behind the Leaks of Customer Data From Retailer Databases?

Why a Zero-Trust Model for Email Security Is Critical