Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 25 October 2021

Data Breaches Digest - Week 43 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 25th October and 31st October 2021.

31st October

12 Men Linked to Various Ransomware Operations Arrested

A crypto project that raised $60 million overnight using a dog meme saw all of that money go missing in what may have been a phishing attack

A predictive cybersecurity diagnosis for healthcare

Cybercrime 101: What you don’t know can hurt the most

Europol Captures 12 Suspects Believed to Have Used Ransomware to Attack 1,800 Victims in 71 Countries

FBI: K-12 schools a leading target for ransomware attacks. Are local districts secure?

Graff multinational jeweller hit by Conti gang. Data of its rich clients are at risk, including Trump and Beckham

Microsoft warns of rise in password sprays targeting cloud accounts

National Bank of Pakistan gets hit by cyberattack, reports no financial loss or data breach

Phone Number Masking: A Complete Guide To Securing Sensitive Information In Call Centers

Ransomware: German authorities allegedly identify a member of the REvil group

Russian hackers 'steal details of Beckhams and Oprah' in 'virtual jewellery heist'

Shady Malware Distributor Is Hunting Minecraft Players With Chaos Ransomware

Tech support scams continue to remain one of the top phishing threats

30th October

37% of IT admins fear software vulnerabilities more than cyber threats

Atlanta Man Arraigned On Charged Of Wire And Computer Fraud

Barbados: Data protection law praised but cybersecurity work begins

Chaos ransomware targets gamers via fake Minecraft alt lists

Consumer Alert: Beware of Payroll Diversion Scams

Content Disarm and Reconstruction – A Proactive Stance On Cybersecurity

COVID-19 induced WFH puts cybersecurity in the spotlight in India

Craigslist Malware Threat: Hackers Use Email System to Deliver Malicious Software, Don't Click on Phishing Emails

Cyber pandemic returned in Singapore yet again

Cyberattacks On Rise: Here’s how to stop cybercrime

DeFi Investors Targeted by Dangerous Malware

Festive deals come with phishing scams

Financial institution phishing is inflicting losses of as much as €150,000 in Spaniards who are suffering it: some sufferers blame the banks

Fortinet warns of Black Friday scams involving PS5s, Xboxes and fake Amazon gift card generators that steal crypto

From phishing emails to social-media ads: Better Business Bureau warns about scams for holiday season

Guidance Note On Preparation And Response To A Data Breach

Hackers hit Papua New Guinea financial hub, fail in bid to hold state officials to ransom

Kaspersky shares ways to manage your ‘digital ghost’

Man Charged for Extortion and Illegally Streaming Major US Sports Leagues Games

Massive cyber heist rocks high society jeweller Graff: Russian gang demand multi-million ransom or they'll release private details of rich and famous - after leaking files on David Beckham, Oprah and Donald Trump

New Spook Ransomware Building on Prometheus Codes Exposes All Victims, Even Paying Ones

Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide

Protecting your business' legacy systems from ransomware attacks

Russia national extradited to US as part of alleged cybercrime conspiracy

Russian hackers ‘steal details of Hollywood stars and billionaire tycoons’ in ‘virtual heist’ on jewellery firm

San Diego Emergency Departments Deluged With Patients After Cyberattack

South Africa under cyber attack: Interpol reveals top threats in South Africa

South Korean watchdog proposes Facebook pay 300,000 won per victim over personal data breach

‘Squid Game’ Lures Used by Actors to Distribute Dridex Malware

Squid Game malware might be the scariest thing you see this Halloween

Threat hunters and red teams: Inside the big banks’ cyber defences

Toronto Transit Commission still recovering from ransomware attack

What is a QR code? Is QR code security really an issue?

29th October

20 healthcare employee wrongdoing, spoofing and ransomware incidents this month

40% of organizations have suffered a cloud-based data breach

2021 State of Ransomware Report Reveals 83% of Victims Paid to Get Data Restored

A malware prevention strategy to complement StopRansomware.gov

'AbstractEmu' Malware Found on 19 Apps - 10,000 Downloads Before Its Removal

Air gap backups provide another layer of protection

Alleged Russian ransomware attacker arraigned in federal court

Apple fixes security feature bypass in macOS (CVE-2021-30892)

Are immutable backups the last line of defence against ransomware attacks?

Attacks on APIs are under-detected and under-reported, says Akamai report

Australian Federal Police (AFP) confiscates AU$1.7m from Sydney man who stole Netflix, Spotify, Hulu accounts

Caixabank And Bankia Customers In Spain Are Warned About New Phishing Email Con

Caveat Cyber Emptor: 3 Ways to Protect Sensitive Personal Data this Online Shopping Season

Centennial Bank warns of phishing scam, tells customers to delete messages

Colorado university had a data breach which 30,000 students affected

Covid Testing Megalab Leaves Private User Data Vulnerable

Cyber Incident Response Requires a Mix of Tactics, IT Leaders Say

Cybercrime: Europol arrests 12 people for ransomware activities possibly affecting 1,800 victims in 71 countries

Data breach at India’s biggest demat depository exposed 4.39 cr investors

Department of Justice (DOJ) and Treasury Take Crypto Enforcement to the Next Level

Despite large investments in security tools, organizations are not confident they can stop data exfiltration

Email scams are catching crypto investors offguard and stealing millions

Employers must balance productivity and collaboration tools with security

Europol Announces 12 Individuals Tied to Ransomware Attacks Were Identified and Interrogated

Europol Claims Big Ransomware Win As 12 Suspects ‘Targeted’ For Attacks On 1,800 Victims

Europol detains hackers behind 2019 Norsk Hydro ransomware attack

FBI Raids Chinese Payment-Terminal Company

Federal Authorities Warn Employers Against Ransomware Payouts and Offer New Guidance on Preventing and Responding to Cyberattacks

Federal push to identify, protect critical groups from hackers gains momentum

Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App

Google fixes two high-severity zero-day flaws in Chrome

Government blocking phishing texts spoofing agencies

Healthcare System Phishing Breach Affects 209,000

Here Are 150 Fake Android Apps to Delete From Your Phone

Hive ransomware now encrypts Linux and FreeBSD systems

How can Businesses avoid Data Breach Blind Spots?

How Healthcare Systems Can Protect Against Three Major Cyber Risks

How ransomware paralyzed a city council for days

How to stop cybercrime: 5 tips to bust phishing, ransomware attacks

How universities can fight against cyberattacks

HSE cyberhackers got €11m in ransoms from across the world

International Task Force Disrupts European Ransomware Operation

Is the Source of the Next Big Data Breach Sitting in Your Conference Room?

Leftover files are putting visitors to popular websites at risk

Lessons learned in healthcare security during COVID-19

Lincolnshire Teenager Ordered to Return the Over £2 Million He Gained Through Gift Vouchers Fraud

Local government ransomware attacks and how MSPs can help

Lufkin ISD working to recover from September ransomware attack

Luxury hotel chain hit twice by hackers after reneging on ransomware payment

Microsoft hacked leaving billions of passwords at risk - check yours is safe

Microsoft Warns of Nobelium Attacks on IT Supply Chain

Minnesotan Charged with Hacking Pro Sports Leagues

Misconfigured Database Leaks 880 Million Medical Records

Morse Code and 'Double Extortion': The State of Malware Today

National Rifle Association (NRA) hit by ransomware attack

New Android Spyware Threat Poses as Antivirus in Japan

New Data Shows Canadian Households Facing Increased Cyber Threats

New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems

One in ten people click on phishing links

Part of a data breach? These are the steps to take immediately

Perfect Storm of Cybersecurity Risks Threatens the Hybrid Workplace

Phishing attack targets business customers of crisis-hit energy provider

Police arrest hackers behind over 1,800 ransomware attacks

Police bust ransomware gang that plagued French, Norwegian firms

Ransomware: Police sting targets suspects behind 1,800 attacks that 'wreaked havoc across the world'

Ransomware attack on Martin County Tax Collector's Office could inflict data damage

Ransomware Attacks Are Costliest for Businesses in Developed Countries

Ransomware Has Disrupted Almost 1,000 Schools in the US This Year

Ransomware network disrupted after two-year probe

Researchers spot dangerous Squid Game-themed phishing emails

Rising Cyberthreats Against Africa’s Emerging Digital Infrastructure

Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime

Schreiber Foods back to normal after ransomware attack shuts down milk plants

Securing 5G cloud infrastructures

Snake malware biting hard on 50 apps for only $25

SolarMarker Attackers Use SEO Poisoning to Push Malicious Code

South Korea: Facebook directed to pay $257 per victim over personal data breach

South Korea: Facebook recommended to pay W300,000 compensation per victim over personal data breach

Survey highlights long recovery times associated with ransomware

Suspected Trickbot Malware Developer Faces 60 Years in Jail

TA575 criminal group using 'Squid Game' lures for Dridex malware

The Dawn of Insider Risk – Are You Prepared?

These Companies Are Most at Risk for Ransomware Attacks

This New Android Malware Can Gain Root Access to Your Smartphones

Three Operational Technology (OT) security lessons learned from 2021’s biggest cyber incidents

Toronto Transit Commission (TTC) investigating ransomware attack that compromised multiple servers

Toronto transit system hit by ransomware attack, Toronto Transit Commission (TTC) says no significant disruptions

Treasury: Victims paid $590 million to ransomware hackers in first half of 2021

U.S. water and wastewater systems targeted by cybercrime

UMass Memorial notifies 209K patients 8 months after data breach discovery

Unauthorized account openings increased by 21% in the last 12 months

Urgent warning as Amazon scams run rampant – here’s how you can take action and protect your data

US Federal Agencies Issue a Joint Cybersecurity Advisory Over Blackmatter Ransomware Targeting Critical Infrastructure Entities and Food Organizations

Wealthy art world warned after Art Basel hit by cyberattack

What is Emotet?

Why data security is pivotal to NHS structure

Why Energy Sector Cybersecurity Is Essential

WordPress plugin bug can lead to complete loss of site content

Zscaler’s 2021 Encrypted Attacks Report reveals 314% spike in HTTPS threats

28th October

11 lessons from the TimeHop data breach

83% of companies suffer business damage when down for 24 hours

400,000 German Students’ Sensitive Data Exposed by API Flaw

400M+ medical records exposed in massive data breach – What it means for you

Acer Suffers Another Cyber Attack Within Weeks; Hackers Warned of More Vulnerable Servers

All Sectors Are Now Prey as Cyber Threats Expand Targeting

All Windows versions impacted by new LPE zero-day vulnerability

Android spyware spreading as antivirus software in Japan

API attacks are both underdetected and underreported

Atom Silo illustrates larger threat: Here’s what to do

Avast releases decryptors for multiple ransomware strains

Avista warns customers of ransomware attack

Central Vermont schools may have been hit with ransomware

Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers

Construction industry is the top industry hit by ransomware

Construction industry the worst hit by ransomware

Cryptocurrency and DNS: Phishing Domains, Cryptomining and More

Cyber pandemic drags on in Singapore with another healthcare data breach

Data breach: Hospital shares email addresses of vaccine trial participants

Data Breach at University of Colorado

Despite increased cyber threats, many organizations have no defense plans in place

Did BlackByte ransomware attack the Tax Collector's Office? Maybe not, but no one's sure

Emergency Google Chrome update fixes zero-days used in attacks

EU investigating leak of private key used to forge Covid passes

EU’s Green Pass Vaccination ID Private Key Leaked

FBI: Ranzy Locker Ransomware Attacks 30 Companies Through July

FBI warns of Ranzy Locker ransomware threat, as over 30 companies hit

Free decryption tools for AtomSilo, Babuk, and LockFire ransomware released by Avast

Georgia man arraigned on international email phishing scam charges

German authorities and reporters claim to identify core REvil member

German Authorities Track Down REvil Ransomware Group Core Member

German investigators identify REvil ransomware gang core member

Good Grief! Ransomware gang has only gone and pwned the National Rifle Association (NRA) – or so it claims

Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

Grief Ransomware Targets National Rifle Association (NRA)

Hackers Steal $130 Million From Cream Finance in the Third Hack This Year

How ransomware crews pile on the pressure to get victims to pay

HTTPS threats grow more than 314% through 2021

Implementing DMARC to eliminate phishing emails

Is offensive testing the way for enterprises to finally be ahead of adversaries?

Israeli Researcher Cracked Over 3500 Wi-Fi Networks in Tel Aviv City

Job hunting? Watch out for this nasty remote work scam

Kemper $17.6M Data Breach Settlement Wins Preliminary Court Approval

KnowBe4 Finds Increasingly Dangerous Attacks in Phishing Emails With Business, IT and HR Focus

Luxury hotel chain in Thailand reports data breach

Malicious NPM Libraries Caught Installing Password Stealer and Ransomware

Martin County Tax Collector's possibly hit by ransomware attack

Massachusetts Health System Data Breach Affects About 200K Patients

Microsoft: Shrootless bug lets hackers install macOS rootkits

Mitigating Cybersecurity Risks of Mergers and Acquisitions

More than three million CoinMarketCap users suffered a data breach

New AbstractEmu malware roots Android devices, evades detection

New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

NSA and CISA share guidance on securing 5G cloud infrastructure

Over 800 million medical records exposed in data breach

Over 800 Million Medical Records Exposed In Massive Data Breach of 68 GB Size

Papua New Guinea's government system hit by ransomware attack

PHI 'Removed' in Practice Management Firm's Ransomware Attack

Ransomware: It's a 'golden era' for cyber criminals - and it could get worse before it gets better

Ransomware: Why least privilege is key for prevention

Ransomware Attacks: The Biggest Threat to Your Business

Ransomware gang claims to have hacked the National Rifle Association (NRA)

Ransomware gangs use SEO poisoning to infect visitors

Ransomware Hackers Freeze Millions in Papua New Guinea

Ransomware risks from supply chains remain key concern for UK businesses

Ransomware Soars 148% to Record-Breaking Levels in 2021

Ransomware, phishing and cyberattacks are increasingly hitting Wisconsin school districts, most recently in Janesville

Researcher found 70% Wi-Fi networks in Tel Aviv are hackable

Researchers Predict an Increase in Ransomware Attacks on eCommerce - 314% Growth in HTTPS Threats Through 2021

REvil gang member identified living luxury lifestyle in Russia, says German media

Sensitive data of 400,000 German students exposed by API flaw

SEO Poisoning Used to Distribute Ransomware

Shadow IT Alert: Half of Home Workers Buy Potentially Insecure Kit

Singapore employment agency that suffered data breach says most stolen data is from fake profiles

Small Businesses Pay Up to $1M to Recover from Breaches

Steam users warned to beware this dangerous phishing scam

Stopping Ransomware Before it Gets Worse

Supply chain security must include cyber resilience

Suspected REvil Gang Insider Identified

Top cybersecurity threats enterprises will face in 2022

TrickBot malware dev extradited to U.S. faces 60 years in prison

Turning back the rising tide of ransomware

Unions for 30,000 State Employees File Unfair Labor Practice Complaints Against State After Vaccine Data Breach

Vendor Partner Responsible for Fullerton Health Data Breach

Washington County school district looks into possible ransomware attack

WordPress plugin bug impacts 1M sites, allows malicious redirects

Year of ransomware continues with unprecedented surge

27th October

1 in 10 people clicking on phishing links on mobile devices

4 Key Stereotypes Among Workers That Expose Businesses to Cyber Attacks

6 common mistakes that lead to ransomware infections

14% of C-suite executives say organizations have no cyber threat defense plans

41 billion cyber threats blocked, India 2nd on global ransomware list

2022 to see large scale data breaches, malware on mobile phone to grow: Check Point

A Recipe for Destruction: Municipalities and Managing Cyber Risk

Adobe’s Surprise Security Bulletin Dominated by Critical Patches

Akamai Finds API Vulnerabilities to be a High-Stakes Game for Companies and Individuals Worldwide

Android spyware apps target Israel in three-year-long campaign

Apple Patches Critical iOS Bugs; One Under Attack

As Ransomware Reigns, Few Organizations Encrypt Cloud Data, Security Study Shows

Australia: Agencies ‘hunting every night’ with offensive cyber capabilities

Australia launches new initiative for blocking scam government texts

Australia leads APAC in adoption of zero trust

Avast Releases FREE Ransomware Decryptor for Multiple Strains - How to Get One

Babuk ransomware decryptor released to recover files for free

Bringing Cybersecurity To The Forefront Of The Boardroom

Cost of a Data Breach: Retail Costs, Risks and More To Know

Crypto scams are using hijacked YouTube channels

Cyber Attack Cripples Iranian Fuel Distribution Network

Cyber Attack in Iran Reportedly Cripples Gas Stations Across the Country

Cyber insecurity: Iran highlights ‘other cyber attacks’ after gas disruptions

Cybersecurity: it’s time to beat the ransomware criminals at their own game

Cybersecurity depends on simple, accessible processes

Cybersecurity Suggestions For Enterprise And Private Use

Data breach at Colorado university impacts 30,000 students

DDoS attacks are crippling UK VoIP operators

Deepfakes, cryptocurrency and mobile wallets: Cybercriminals find new opportunities in 2022

Dental Data Breach Affects 125,000 Patients in 10 States

Digital Extortionists DDoS VoIP Providers

E-commerce phishing scams in Singapore cost victims at least S$764,000 (RM2.35mil)

Employment agency that suffered data breach says most stolen data is from fake profiles

Ever thought of ransomware attacks? Here’s why Malaysian SMBs should start backing up their data

FBI says ransomware is on the rise: what is it and who's vulnerable?

Finland: National Bureau of Investigation (NBI) make "significant progress" in Vastaamo data breach, blackmail probe

Finland: OmaKanta email phishing scam circulating, Kela warns

Five new trends in healthcare cybersecurity

Four key tenets of zero trust security

Free decryptor released for Atom Silo and LockFile ransomware

Good security habits: Leveraging the science behind how humans develop habits

Guarding Against The Human Element: How Insider-Threat Trends Should Guide Cybersecurity Policy

Hackers arrested for ‘infiltrating’ Ukraine’s health database

Hackers for hire, ransomware among top cyber threats in 2022

Hackers had second go at SEPA during cyber attack

Hackers May Have Compromised Craigslist's Email System, Watch Out For Phishing Scams

Hackers target Americans’ drinking water supply

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

Hackers-for-hire are biggest cybersecurity threat

Hashthemes AJAX WordPress Vulnerability Allowing Site Wipe Fixed

HM Treasury Hit by Five Million Malicious Emails in Past Three Years

How CIOs Can Protect Data Against Ransomware Attacks in 2022

How deepfakes enhance social engineering and authentication threats

How to Be Cyber Smart: 5 Tips for Creating a Safe Home Office

How to stop security threats early

Hybrid Attacks Are Threatening Hybrid Work Through the Cloud

Implementing Zero Trust Principles in a Connected World

India 2nd on global ransomware list as 41 billion cyber threats blocked in first half of 2021

India’s Supreme Court Orders Pegasus Probe

‘International Organised Criminals’ Likely Culprits Behind SEPA Cyber-Attack

Iran blames foreign country for cyberattack on petrol stations

Iranian Gas Stations Crippled After Suffering Cyberattack

It will take 'months and months' to work through effects of Corry school ransomware attack

Latest Report Uncovers Supply Chain Attacks by North Korean Hackers

Majority of Businesses Don’t Protect Their Sensitive Data in the Cloud

Malicious NPM libraries install ransomware, password stealer

Meet Balikbayan Foxes: a threat group impersonating the Philippine government

Microsoft warns of new supply chain attacks by Russian-backed Nobelium group

Microsoft warns over uptick in password spraying attacks

More worries for consumers as hackers intensify attacks

National Rifle Association (NRA): No comment on Russian ransomware gang attack claims

Nearly 2/3 of Mid-Size Organizations Suffered Ransomware Attack in Past 18 Months

New fraudulent e-mails circulating in Belgium

New Threat ‘SquirrelWaffle’ Deploys Qakbot and Cobalt Strike Through Malspam

Nigeria: Energy sector prone to cyber threats

North Korean Lazarus APT Targets Software Supply Chain

Ofcom's Scam Call-Blocking Plan Could Save Consumers Millions

Organizations making security trade-offs in the push to innovate

Pegasus row: India's top court orders probe into snooping allegations

Phishing-Resistant Multi-Factor Authentication Coming for US Government Employees as “Zero Trust” Architecture Rolls Out

Pinelands Regional School District Announced Data Breach

Ransom Demands From Hackers Could Break Records in 2022

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Ransomware gang says it targeted National Rifle Association

Ransomware group claims it hacked National Rifle Association (NRA) amid spike in cyberattacks

Ransomware groups urged to attack U.S. public sector

“Ransomware Killed My Baby”: Lawsuit Raises Issue Of CyberSecurity-Breach Disclosure Liability

Revealing the industries most hit by ransomware

REvil's Cybercrime Reputation in Tatters - Will It Reboot?

So...what does a hacker REALLY look like?

Stopping ransomware before it starts

Tech support scams are the No.1 phishing threat faced by consumers

Tech support scams have become top phishing threats, report says

The dangers behind wildcard certificates: What enterprises need to know

The evolution of cybercrime and how we can fight back

The Weaponization of Operational Technology

These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords

Third-Party Vendor Ransomware Attack Impacts Humana, Anthem Members

Thousands of human error data breaches at Hampshire County Council

Threat actor leaks Mercedes-Benz platform’s source code

Twitch Data Breach is Another Example of Why Cybersecurity is a Must for all Businesses

Understanding And Responding To Ransomware Threats

US Mulls Banning Ransomware Payment To Root Out Cyber-Extortion

War-Driving Technique Allows Wi-Fi Password-Cracking at Scale

Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

WordPress Plugin Bug Lets Subscribers Wipe Sites

Working with hospitals to reassess risk in the ransomware age

26th October

5 Ways to Secure Amazon S3 Buckets

6 Ways to Keep Your Business Data Safe

8 Ambulatory Surgery Centers (ASC) data breaches reported to HHS in 2021

9 key security threats that organizations will face in 2022

62% of Organizations Have No Confidence in their Cybersecurity Tools Ability to Prevent Data Exfiltration

72% of organizations hit by DNS attacks in the past year

400,000 Fullerton Health Client Details Were Stolen and Sold Online

A checklist to keeping your company data safe

Africa sees increase in ransomware, botnet attacks – but online scams still pose biggest threat

Almost All US Organizations Experienced a Cyber Event in the Past Year

An Operation-Centric Approach to RansomOps Prevention

Anyone can be the victim of a ransomware attack

Are Baby Boomers More Vulnerable Online Than Younger Generations? You Might Be Surprised

As fewer victims pay ransoms, Conti gang looks to sell victim data

Association of Independent Meat Suppliers (AIMS) accuses Food Standards Agency (FSA) of data breach

At least $764,000 lost in September to e-commerce phishing scams in Singapore

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Australia drafts Online Privacy Bill to bolster data security

Banking scam uses Docusign phish to thieve 2FA codes

Banking Trojan Targets 100 Organizations in Brazil

Biometrics emerging as the preferred identity verification option for digital consumers

Brutal WordPress plugin bug allows subscribers to wipe sites

Business Email Compromise (BEC) Costs UK Firms £140M Over Past Year

Businesses worry about their ability to prevent data exfiltration

Can you Become Ransomware-Proof?

CISA warns of remote code execution vulnerability with Discourse

Congress may ban ransomware payments, Senate Homeland Security chairman says

Cyber-attack hits UK internet phone providers

Czech your cybersecurity: One in eight employees watch porn at the office

Data breaches and cyber attacks quarterly review: Q3 2021

Data Security: How Data Activity Monitoring Protects Against Ransomware

Data Security in an Unsecure World

Defending against ransomware is NOT rocket science

Emerging Loader Delivered Via Hijacked Email Threads

Executives’ top concern in Q3 2021? New ransomware models

FBI: Ranzy Locker ransomware hit at least 30 US companies this year

FBI office in Omaha warns cyber attacks are on the rise, urges businesses to plan ahead

Federal Government Cracks Down on Data Breach Disclosures

Firewalling data

Forget Hacking Back: Just Waste Ransomware Gangs' Time

GCHQ Boss: Ransomware Has Doubled in a Year

Groove Operators Reportedly Ask Peers to Attack US

Half of Public Sector IT Pros Not ‘Fully Confident’ in Cyberattack Response

Home Affairs in talks to give telcos more blocking powers against malicious messages

How cyberattacks disrupt the auto supply chain

How Healthcare Organizations Can Keep Active on Email Security

Immutable backups for ransomware defense may not be enough

Increased risk tolerances are making digital transformation programs vulnerable

Iran’s Gas Stations Stop Pumping After Hack, State Media Reports

Iranian gas stations out of service after distribution network hacked

Is SEO Affected by Cybersecurity?

Kremlin’s SolarWinds hackers target global IT supply chains

Lawmakers Could Bar Private Company Ransomware Payments

Lazarus Attackers Turn to the IT Supply Chain

Malicious Firefox Add-ons Block Browser From Downloading Security Updates

Man who "scraped and sold 178 million users' data" is sued by Facebook

Michigan Man Sentenced to 7 Years in Prison for UPMC PII Breach

Microsoft: SolarWinds Hackers Are Attacking Tech Suppliers

Middletown Township Government Hit By Ransomware

Millions of Android devices abused by UltimaSMS Adware Scam

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Money launderers for Russian hacking groups arrested in Ukraine

More than half of healthcare applications currently open to attack

Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users

Mozilla Firefox cracks down on malicious add-ons used by 455,000 users

MSPs, Not Bank Of America, Are The New Ransomware Target, Says ThreatLocker

Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan

North Korean state hackers start targeting the IT supply chain

Notorious ransomware group REvil taken down in government fight back

Notorious REvil Ransomware Gang Goes Dark Again; Tor Sites Taken Offline by Joint Government Operation

Over 10 Million Android Users Targeted With Premium SMS Scam Apps

Phishing attack exploits Craigslist and Microsoft OneDrive

Phishing ups its game, gets more personalised

Pinelands District Investigates Data Breach

Popular nmp package hijacked, modified to deliver cryptominers

Post-REvil Takedown, MSSPs Need to Get Ready for Resurgence

Protecting your hemp business from ransomware

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

Ransomware Attack Fallout: Some Victims Face Customer Lawsuits

Ransomware gang outraged at “bandit-mugging behavior of the United States” after REvil group pushed offline

Ransomware has proliferated because it's 'largely uncontested', says GCHQ boss

Ransomware Is Hitting Hard in 2021: FinCEN

Ransomware Locks Janesville Schools Out of Wi-Fi, Printers

Ready to Play? Squid Game Becomes an Attractive Lure to Spread Cyberthreats

Reports show healthcare’s ongoing third-party vendor, vulnerability challenges

Researcher cracked 70% of WiFi networks sampled in Tel Aviv

Russian-speaking hackers hijack YouTube channels via phishing campaign

Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users' passwords

Secret Double Octopus and Ponemon US Study Finds Remote Work Driving Passwordless with 66% Planning Adoption Over the Next 2 Years

Six Immediate Steps To Take When Experiencing a Data Breach

SolarWinds & Accellion Breaches: Supply Chain Attacks Wreaking Havoc

SolarWinds hackers, Nobelium, targeting global IT supply chain

Spammers use Squirrelwaffle malware to drop Cobalt Strike

SQL injection flaw in billing software app tied to US ransomware infection

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

State Department to Form Cyber Bureau

Tech support scams are biggest phishing threat to consumers

The first step to being cybersmart: Just start somewhere

The Internet's Biggest Scams and the Tech to End Phishing

The Journey to Zero Trust Begins with Identity

The Number of Phishing Emails Impersonating Craigslist Is Growing

The Ransomware Problem Is Worsening and Organizations Need to Pay More Attention

The rise of Ransom DDoS: How organizations can prepare

These ransomware criminals lost millions of dollars in payments when researchers secretly found mistakes in their code

Think before you click: 1 in 10 people clicking on phishing links on mobile devices

Third-party data breach in Singapore hits healthcare provider

Thwarting Phishing Threats With Simulations

US Citizens Sue Company That Processes Billions of Texts For Exposing Their Data

US State Department to form cyber bureau

Vulnerability Management vs Attack Surface Management

What is the role of the channel in the fight against ransomware?

What To Expect in a Ransomware Negotiation

When it comes to collaboration tools, firms struggle to keep up with security and compliance

Why Hive Attacks Are the Latest Menace to Healthcare Sector

Why the Next-Generation of Application Security Is Needed

You definitely don't want to play: Squid Game-themed malware is here

25th October

1 in 10 people clicking on phishing links on mobile devices

A coding bug helped researchers build a secret BlackMatter ransomware decryption tool

BillQuick says patch coming after Huntress report identifies vulnerabilities used in ransomware attack

BlackMatter Bug Saved Victims Millions in Ransom Payments

BlackMatter Decryptor Nullified by Actors’ Fix After Ransomware Note Leaked on Twitter

BlackMatter ransomware victims reclaim data using secret decryptor

BQE Web Suite Billing App Rigged to Inflict Ransomware

Britain Wants to Use Its New Cyber Command to 'Hunt' Ransomware Gangs

CISA urges admins to patch critical Discourse code execution bug

Cleanup on aisle C: Tesco app back online after attack led to shopping app outages

Companies that pay ransomware attackers get thumbs down from consumers

Conti Ransom Gang Starts Selling Access to Victims

Countries Ranked According to Online Risks

Cyber-Attacks on House of Commons Soar by 358% in 2021

Cyberattackers never slow down, but Missouri’s government is asleep at the keyboard

Cyberattacks to critical infrastructure threaten our safety and well-being

Data breach leads to £10k fine for Scottish charity

Data of Over Three Million CoinMarketCap Users Breached, Crypto-Tracker Acknowledges

Defending Assets You Don’t Know About, Against Cyberattacks

Despite spending millions on bot mitigation, 64% of organizations lost revenue due to bot attacks

Facebook sues Ukrainian man for scraping and selling 178m users’ data

Feds’ ransomware warning has big implications for California businesses

Groove Calls for Cyberattacks on US as REvil Payback

Hackers Exploited Popular BillQuick Billing Software to Deploy Ransomware

Hackers used billing software zero-day to deploy ransomware

Hospitals face increased pandemic-era threats of cyberattacks

How deepfakes enhance social engineering and authentication threats, and what to do about it

How To Protect Your Organization's Root Accounts

How to Protect Yourself from Phishing Attacks

Increase in Ransomware Attacks Tied to Remote Work

Industrial Goods & Services Tops Ransomware Targets in 2021

Janesville school district hit by ransomware attack

Memo to Ransomware Victims: Seeking Help May Save You Money

Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May

Microsoft resellers warned of Nobelium attacks on IT supply chain

Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group

Millions of Android users targeted in subscription fraud campaign

Mozilla blocks malicious add-ons installed by 455K Firefox users

Network and IoT security in a zero trust security model

Nevada, North Dakota top cybercrime lists in the US

New Attack Lets Hackers Collect and Spoof Browser's Digital Fingerprints

New ransomware models the top emerging risk

New York City’s ‘Peculiar’ New Delivery App Law Raises Data Breach Fears

Protect your healthcare organization from cyber infection

Protecting your business from Ransomware attacks

Ransomware: How bad is it going to get?

Ransomware: Industrial services top the hit list - but cyber criminals are diversifying

Ransomware attacks in the UK have doubled in a year, British spy chief warns

Ransomware attacks in UK have doubled in a year, says GCHQ boss

Ransomware group targets financial service firms with phishing campaign

Ransomware hit industrial sector the hardest in the third quarter

Ransomware pandemic: The threat of 'triple extortion'

Ransomware Q3 Roll Up

REvil ransomware group reportedly taken offline by multi-nation effort

Russian Actor Nobelium Now Targets IT Resellers and Other Technology Service Providers

Securing a New World: Navigating Security in the Hybrid Work Era

Security Awareness Month 2021: Cyber criminals never sleep

Security leaders facing challenges in managing and securing distributed work environments

SolarWinds hackers are going after cloud, managed and IT service providers

SolarWinds hackers, Nobelium, hit cloud providers and resellers

SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns

South Korea: Large DDoS attack shuts down KT's nationwide network

Tesco App and Website Back Online After Cyber Incident

Tesco website and app back online after attempted cyber attack

Tesco's website restored after suspected cyberattack

The power of blockchain as a tool to fight cybercrime and fraud

To Defend Against Ransomware, First Accept These Truths

Trickbot banking Trojan develops new techniques

Trickbot banking Trojan evolves with 61 new techniques

Understanding GDPR’s impact on event data and helpful security tips

Vulnerability in billing software is being used to deploy ransomware

Why cybersecurity leaders should focus on spending, people and technology (in that order)