Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 27 December 2021

Data Breaches Digest - Week 52 2021

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 27th December 2021 and 2nd January 2022.

2nd January

6 lessons learned about cybersecurity and freight in 2021

Beware! 2022 may see cyber attacks evolve to new levels

Cyber-attack on UK’s Defence Academy caused ‘significant’ damage

Cybercriminals adopting different strategies during pandemic, warn cyber experts

Hackers accidentally hacked the police, and then they themselves gave the decryption key

How Fake Banking Apps Can Scam You in Person

How Long Before VPNs Are Mothballed?

How to Protect Your Devices From Getting Hacked

Malicious Domains are a serious cyber security threat for businesses

Portuguese media group Impresa knocked offline in ransomware attack

Phishing more and more dangerous. Fake emails and links from alleged friends are known scam methods

RedLine Malware Leaks Over 440,000 Accounts, Passwords: How to Check If You've Been Exposed, 2 Ways to Avoid Data Breach

Top Network Security Trends

Uber dismisses vulnerability that lets you email anyone as Uber!

1st January

5 Ways To Keep Your Business Alive In 2022, The "New Normal" Of Cyber Crime

60% of U.S. infosec professionals believe ransomware is as serious as terrorism

Fears grow that cyber chaos will spark wars as hack attacks become more aggressive

How Do Email Spam Filters Work and Why Do You Still Receive Spam?

North Korean hackers stole $1.7 billion from cryptocurrency exchanges

Predictions for 2022 by cybersecurity vendors

PulseTV: Over 200,000 Credit Card Details Compromised

T-Mobile Confirms Hack: SIM Swapping

The Top 5 Cybersecurity Tools Companies Need to Implement Right Now

These have been the worst attacks of 2021

31st December

86% of healthcare organizations offer telehealth services yet suffer privacy mistrust

2021: ‘A crazy mess’: Cybersecurity year in review and a look ahead

2021: A Year of Massive Big Tech Fails

2022: How APAC Organisations are Preparing for a New Threat Landscape

A look ahead to 2022: predicting the top cyber threats

Big Tech's biggest weaknesses were on display in 2021

Biggest Credit Card Scams To Look Out For In 2022

Businesses must keep on top of the ransomware threat

Copycat and fad hackers will be the bane of supply chain security in 2022

Cyberattack cripples Europe's giant media group

Error prompted LastPass to send false breach alerts to users

Exploring the current state of cybersecurity resilience

Fraud is on the rise but there are things we can do to stay safe

How to safely browse the internet and stay secure online

Legacy OS use among 50% of UAE healthcare providers leaves them vulnerable to cyberattacks warns Kaspersky

Netgear leaves vulnerabilities unpatched in Nighthawk router

Personal details leaked in council data breach

Phishing, fake apps and leaks: what will be the main dangers in 2022?

PulseTV discloses potential compromise of 200,000 credit cards

Ransomware: Defend the Data, Demolish the ROI

Ransomware and Phishing and Malware, Oh My! Combatting 2021’s Scariest Security Threats

Ransomware Groups Keep Blaming Affiliates for Awkward Hits

Research claims Samsung Galaxy Store apps are spreading malware

Singapore: S$8.5 million lost in OCBC Bank phishing scams in December alone

Supply chains, ransomware, zero trust and other security predictions for 2022

T-Mobile Confirms Breach Through SIM Swapping & Data Leak

T-Mobile confirms new data breach caused by SIM swap attacks

Take data breach notifications seriously

The biggest data breaches, hacks of 2021

The Need to Re-Invent Cybersecurity at the Enterprise Level

These were the biggest crypto security breaches of the past 10 years

Top 5 Risks With Cloud Software and How to Mitigate Them

Top 10 healthcare breaches in the U.S. exposed data of 19 million

What Saved Sega From Being Embarrassed By a Massive Data Breach?

Your Two-Factor Authentication Is Not Secure, New Study Says

30th December

2 Tokyo hospitals alerted of possible cyber-attacks

5 Ransomware Predictions for 2022

11 hospitals in Japan hit by ransomware attacks since 2016

22 cybersecurity statistics to know for 2022

2022 will not be tolerant towards the cybersecurity ill-prepared

A Ransomware Group Showed Remorse - After Accidentally Hacking the Police

An SMS from MRW with your name and real information about a shipment: it seems real but it is yet another phishing to steal your bank details

AppSec and Software Community Respond to Log4j

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

AvosLocker Ransomware Gang Mistakenly Hits Police Department And Backs Down But Why?

Beware these threats and potential cyber attacks in 2022

Bored Ape NFT Collector Loses $2.2M in Phishing Scam

Businesses need to stop thinking that ransomware is different from other attacks

Cancer Care Providers Fined Over Data Security Breaches

Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution

Cloud Storage Security Tips to Help Keep Your Data Safe

Collector loses nearly $ 2.2 million in NFT after phishing attack

Cryptocurrency attacks and hacks: $100 billion lost in 2021

Cyber authority warns Israelis of widely distributed WhatsApp message hack

Cyberattack cripples publication at major Norway media group

DDoS Attacks Against Online Gamers and the Damaging Ripple Effect

Does Customer Age Matter for Fraud Prevention?

Experts fear more large-scale ransomware attacks will occur in 2022

Facebook Marketplace scam warning: Be ‘cautious and suspicious' when buying online

Firmware attack can drop persistent malware in hidden SSD area

Forcepoint's guide to biggest cybersecurity threats for 2022

Getting Started With Threat-Informed Security Programs

Have I Been Pwned adds 441K accounts stolen by RedLine malware

How to fight cyber-crime in your small business

How to Protect Your Digital Privacy in the Modern World?

In the Fight Against Cybercrime, Takedowns Are Only Temporary

India: Crypto bourses can’t get cover for cyber risks

Instagram copyright infringment scams – don’t get sucked in!

It’s time for a unified approach to securing data, applications, and the edge

JetBlue Tosses Most Passwords Out the Emergency Exit

Key Difference Between Viruses and Malware

Luxembourg: Phishing scam in circulation claiming to be from police director

McMenamins Confirms Employee Data Compromised in Ransomware Attack, Offers ID Protection & Credit Monitoring Services

More attacks on cloud providers, home workers coming in 2022: Kaspersky

Nearly 470 people lose at least S$8.5 million in phishing scams involving OCBC Bank

New iLOBleed Rootkit Targeting HP Enterprise Servers with Data Wiping Attacks

New Trend in Fraud Scams, “Targeted Links”, Finding Success With Impersonations of Popular Brands

North Korea Accused of Stealing Over $1.7 Billion in Crypto From Exchanges

North Wales Police Cyber Crime Team warning about fake email claiming to be from Asda

One of Norway’s largest media company Amedia is hit by a Cyberattack

Presentation offers inside look at Whistler ransomware attack

Private sector will now be called on to shield US infrastructure from attack

Ransomware and terrorism: For security pros the threat is equal

Ransomware Attack Forces Norway Newspaper to Shut Presses

RedLine Malware Steals Emails, Passwords of More Than 440,000 Accounts! How to Check Yours on 'Have I Been Pwned'

Secure Email Gateways (SEGs) Are Dead — Long Live Relay-Based Email Security

SEGA Europe Thoroughly Scrutinizes its Cloud Security

SEGA left one of its European servers wide open

SEGA Narrowly Avoids Massive Data Breach on Their EU Servers

Singapore: At least S$8.5 million lost in December to phishing scams involving OCBC Bank

Some Android apps on the Samsung Galaxy Store could infect your phone with malware, so delete them

T-Mobile confirms new data breach caused by SIM swap attacks

T-Mobile says farewell to 2021 with yet another data breach

T-Mobile’s latest data breach exposed users to SIM swapping attacks

The 4 Biggest Hacks of 2021 (and What We Can Learn From Them)

The average cost of app banking fraud in South Africa per transaction

The battle against spyware

The War On Cybercrime Is Over

The year the tide turned on ransomware

There are more malicious domains online than ever before

This WhatsApp scam can rob you of your personal, financial data

Toronto feared 35,000 citizens' data would be made public after cyberattack

Twitter account of FBI's fake chat app, ANOM seen trolling today

UAE authorities announces new measures against cryptocurrency fraudsters

UK: Dark Web Clears Stolen Police Databases

United States Has the Most Data Breach Victims in the World

Vice Society: Ransomware Gang Disrupted Spar Stores

Watch out for a rise in QR code cyberattacks

What Are Bad Bot Attacks?

What are the best tips to stop you from getting scammed?

What are the cyber security threats for Remote Employees in Canada?

What the Rise in Cyber-Recon Means for Your Security Strategy

With criminals moving online, fraud is now Israel’s top illicit cash crop

Within 3 months in 2021, Malaysians lost over US$9 million to spam calls

29th December

1.9 million people’s data is up for sale after hack of Vietnamese crypto trading app Onus

3 Ways To Make Your Organization More Resilient to Ransomware Attacks

5 Cybersecurity Trends to Watch in 2022

6 things in cybersecurity we didn’t know last year

2021 was 'unprecedented' for cyberattacks - Here's what you can do to protect yourself

2022: The year of the major DDoS attacks - are you prepared?

2022: The year to prioritize data protection services

2022 crypto scam predictions and how best to protect yourself

A Look Back at the Year in Data Security – and Predictions for 2022

American Civil Liberties Union (ACLU) demands answers about transit agency data breach

Aquatic Panda infiltrated academic institution through Log4j vulnerability, says CrowdStrike

As Ukraine crisis heats up, so will cyberattacks, experts warn

Beware! This WhatsApp Scam Exposes Your Personal And Financial Data

Binance takes the lead in combating criminal activities linked with crypto

Bracing for the Inevitable: 5 Security Predictions for 2022

Crypto Platform Suffers Log4j-Related Ransomware Attack

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

Cyber agency warns of increased threats to manufacturing groups during pandemic

Cyber Attacks and Credit Unions

Cyberattacks against hospitals, a threat exacerbated by the pandemic

Cybersecurity 2022: More Fraud, More Fakes, More Crypto Scams

Cyberspace: new battleground

DVLA issues urgent warning to drivers who could be scammed ahead of the New Year

Emerging Cybersecurity Trends in 2022 and Beyond

Endpoint Protection: Why It’s Important, How It Works & What To Consider

Financial crime risk management: Old crimes, new methods

Fintech firm hit by Log4j hack refuses to pay $5 million ransom

From paralyzing the SEPE to the largest breach in history: 2021, the year of computer insecurity

'Healthcare, vax supply chain face greatest hacking risk'

Healthcare Cybersecurity: Threats and Mitigation

How the Rise of Machine Identities Impacts Enterprise Security Strategies

How Tokenization Can Save You From Debit Or Credit Card Frauds

In the wake of the latest security scare, LastPass claims that no passwords have been compromised

Indian authorities set to tighten data breach laws in 2022

K-12 Cybersecurity Act Signed Into Law

LastPass Promises No Data Breach Following Hacking Scare; Caused by Fabricated Breach Alerts?

LastPass Says 'Credential Stuffing' Warnings Were Sent in Error

LastPass says no passwords compromised in latest security scare

LastPass says there’s no data breach, so your passwords were not hacked

LastPass VPs confirm 'no indication' of compromised accounts after security alerts

MFA and Zero Trust Adoption Prodded by Cybersecurity Events, Research Finds

New Formbook Malware Targets Unpatched Windows Systems – Update Now!

New Flagpro malware linked to Chinese state-backed hackers

No, LastPass Did Not Suffer A Massive Password Breach

North Korean Hackers Have Stolen Over $1.7 Billion Of Crypto From Exchanges, And Here’s What They Are Doing With It

Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics

Police fighting dramatic rise in online crime in Scotland 'with one hand tied behind back'

QNAP NAS devices hit with surge of ransomware attacks

QR Security - Are You Ready?

Ransomware, cyber insurance and unbreakable backup key reflections of 2021

Ransomware gang coughs up decryptor after realizing they hit the police

Rhode Island Public Transit Authority (RIPTA) data breach compromises unexplained PII

Saskatchewan Liquor and Gaming Authority joins growing list of organizations facing cyberattacks

Saving your passwords in your browser is a worse idea than you thought

Security 2022: Prioritising ransomware & consolidation, and what to do about cyber insurance

Security Professionals View Ransomware and Terrorism as Equal Threats

'Serious' Cyberattack Literally Stops the Presses at Major Newspaper Publisher

Seven ways to lock down a cloud database

Silent danger: One in five aged domains is malicious, risky, or unsafe

T-Mobile reportedly suffers yet another data breach

T-Mobile says new data breach caused by SIM swap attacks

The U.S. is falling behind in fighting cybercriminals — here’s what has to change

When employees leave, is your data walking out the door?

Why 2022 Could Be the Year of Zero Trust in Healthcare

Why are your IT people so miserable? Log4j2itis

Why Cyber Due Diligence Is Essential to the M&A Process

Why Manufacturing IP is So Susceptible to Cyber Theft

Why site security is important when online gambling

Will 2022 see greater moves towards password-less security?

Will Zero Trust Shape the Future of Cloud Security?

Worst AWS Data Breaches of 2021

28th December

3 Things To Know About Data Privacy Laws

3 Ways Healthcare Organizations Can Secure Their Protected Health Information

9 types of fraud the FinTech industry needs to beware of in 2022

10 of the biggest ransomware attacks in the second half of 2021

An Adaptive Security Strategy Is Critical for Stopping Advanced Attacks

Bermuda: Internet crooks cheat residents out of $3.8m this year alone

Beware! Did you login on WhatsApp, Facebook, Instagram fake websites by mistake?

Beware of two-stage malware attacks, says Sophos

Brown County received notification of a breach when computer system shut down in August

Building a threat informed defense: know your enemy, your battlefield and yourself

Businesses Must Take Proactive Stance in Fighting Financial Crime

Canadian Centre For Cyber Security Releases Ransomware Playbook

Check for Log4j vulnerabilities with this simple-to-use script

CISOs aren’t doing enough to mitigate social media fraud

Common Bitcoin Scams and How to Avoid Them

Crypto cybercrime set to surge next year

Crypto hacks led to $9.8 billion in losses in 2021

Cybercrime incidents in 2021 should be a warning for the future

Cybercriminals are closing in on supply chains

Cybersecurity for the Post-COVID Era

Cybersecurity in 2022: password-less authentication, zero trust, blockchain and more

Dark cyberworld

Developments that will define data governance and operational security in 2022

Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers

External attackers can penetrate most local company networks

Fear and the importance of security awareness

Florida Pharmacy Services Sued Over HIPAA Violations

Google Explains Pegasus Hack of iPhones

Got Amazon “account locked” email? DELETE it now from your Gmail, Outlook

Hackers Have Found A New Way To Use AnyDesk To Steal Your Data

Hackers use AnyDesk in safe mode to launch attacks

Healthcare, vaccine supply at risk of cyber attacks

How Many People Were Affected By Pro Wrestling Tees Data Breach?

How The Public Sector Can Better Protect Its Data Assets

How To Ensure IoT Security Through Blockchain

How to make sure your kids are safe online when using new 'smart toys'

How to protect personal data from identity theft on dark web?

How to protect yourself from hacking

How will the cybersecurity industry evolve in 2022?

Identity fraud may be a major 2022 scam trend, consumer group warns

Is Your Business At Risk? How You Can Improve Security For Your Company

LastPass Users Claim Passwords Used by Unknown Login Attempts! Possible Data Breach?

LastPass users warned their master passwords are compromised

Log4j 2.17.1 out now, fixes new remote code execution bug

McMenamins Tells Employees Personal Information Was Stolen in Ransomware Attack

Microsoft launches new Defender capabilities for fixing Log4j

Mon Health reports email phishing incident, potential data breach

Most of CompuGroup Medical's systems back online after ransomware attack

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

New AvosLocker Ransomware Exploits AnyDesk, Reboots System In Safe Mode

New Flagpro malware linked to Chinese state-backed hackers

New WhatsApp scam warning over 'hello mum' message that can empty bank account

Online scams: How do I avoid cyber crime this Christmas?

Online shopping scams are rising. Here’s what you can do

Pakistan: Official Data of Ministry of Finance Gets Hacked in a Recent Phishing Attack

Ransomware hits increased by 935 percent during 2021

RedLine malware shows why passwords shouldn't be saved in browsers

Riskware Android streaming apps found on Samsung's Galaxy store

Securely Empowering SMB Virtual Workforces: Why Virtual Desktops Make Sense

Security awareness training: Where it’s going wrong, and how to improve it

Security breach at Duneland School Corp

Shutterfly hit by Conti ransomware attack

Subdomain Takeover Flaw Affected Flywheel WordPress Hosting Platform

Supply Chain Security and Ransomware Attacks: CrowdStrike Research Findings

T-Mobile reportedly suffers another (smaller) data breach

That Toy You Got for Christmas Could Be Spying on You

The Human-AI Partnership Must Lead The Fightback Against Financial Crime

The scariest security horror stories of 2021

The U.S. is falling behind in fighting cybercriminals — here’s what has to change

The Unstoppable Rise of the Internet Scammer

The Worst Scams of 2021

Traditional authentication measures are failing: Five questions for safeguarding user identity

West Virginia employees to be paid despite Kronos remaining offline following ransomware attack

West Virginia state employees work overtime on Christmas to overcome ransomware attack

Worst Cyberattacks of 2021 (So Far)

27th December

4 practical strategies for Log4j discovery

5 Vulnerabilities in Medical Devices That Can Create Chaos

50% of healthcare providers in UAE use medical equipment with a legacy OS

2021 Manufacturing and Supply Chain Security Roundup

An apparent cyberattack downed Maryland’s health department in the US and Covid data. Here’s what we know and don’t know

Area Agency on Aging announces data breach for Berrien, Cass and Van Buren residents

Barracuda announces threat predictions for 2022

Companies that have suffered cyberattacks from ransomware, phishing and more

Could 2022 Be the Year of Digital Authentication?

Crypto cybercrime set to surge next year

Cyber attack threat has never been so great

Cybercriminals likely to hit more businesses, exploit digital payments in 2022

Do You Have an HR Tech Backup Plan If You Get Hacked?

Elcheron Malware Targets Crypto Users on Telegram: Here’s How to Stay Safe

Facial-recognition technology is one of the biggest threats to our privacy

Garrett Walk-Through Metal Detectors Can Be Hacked Remotely

Global Cyberattacks from Nation-State Actors Posing Greater Threats

Growing data privacy enforcement on the horizon

Hackers targeting government officials with tailored clickbaits for phishing attacks; shocking success rate

Hackers will continue to exploit the pandemic in 2022

How Legal Departments Can Help Define A Company’s Cybersecurity Benchmarks

How to avoid “festive fraud” during the holiday season

How to Protect Your Netflix Account from getting Hacked

Japan, US to team up against ransomware

Kaspersky Research: 47% of Incident Response Requests Linked to Ransomware

Kronos ransomware attack impacts major Maine employers

Logistics giant D.W. Morgan exposed 100 GB worth of clients’ data

Manufacturers of IT devices should step up when it comes to security

Multiple healthcare orgs report cyber attacks

Natural Gas Supplier Superior Plus Suffers a Ransomware Attack Similar to Colonial Pipeline’s

New Android Malware Targeting Brazil's Ita├║ Unibanco Bank Customers

New Gmail and Outlook warning! Delete this message from Amazon NOW

New Information States Pro Wrestling Tees Data Breach Occurred In April, Affected 31,000 People

No Sign of Reprieve From Ransomware Frenzy for Companies in 2022

Norway Intelligence Alleges Russia Of Carrying Out Cyber Attacks; Kremlin Denies Claims

Phishers Attempt to Steal 2FA Code of CoinSpot Users

Public urged to protect themselves from online sales scams

QNAP NAS devices hit in surge of ech0raix ransomware attacks

Ransomware: A Legitimate Illegitimate Business

Ransomware Attacks IT Consulting Firm But Doesn’t Spread to Customers

Ransomware Evolution: From WannaCry to DarkSide

Ransomware persists with a lower profile

Role Of Cyber Security In Compliance: A Comprehensive Guide

Rook Uses Babuk's Leaked Code in Kazakh Bank Attacks

Scammers steal thousands of riyals through messages pretending to be ‘Qatar Post’

Securing Infrastructure Against Ransomware

Shutterfly hit by Conti ransomware attack

Shutterfly reports ransomware incident

Shutterfly services disrupted by Conti ransomware attack

Six steps for building a secure cloud

Six ways to reduce cyber risk in the C-suite

SMBs need to gear up against cyber-crime before it’s too late

'Spider-Man: No Way Home' Pirated Downloads Contain Crypto-Mining Malware

Streaming: account hacking methods and how to avoid them

Strengthening ICT supply chain resilience is everyone’s business

The Amount of Crypto That Was Stolen in the Past Decade Will Shock You

The dangers of dark data: How to manage it and mitigate the risks

The Essentials of Digital Security

The growing need for cyber education in emerging nations

This dangerous WhatsApp scam can access your personal and financial details

This nasty Android trojan tricks you with a fake Google Play Store page

Tips for providing digital security benefits to employees

UK Police Data Leaked to Dark Web; Russian Hackers Hold 13 Million Records to Ransom

Warning after several online scams reported to police

Web app attacks are skyrocketing, it’s time to protect APIs

Why Data Destruction is an Integral Part of Data Management