Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday, 28 March 2022

Data Breaches Digest - Week 13 2022

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 28th March and 3rd April 2022.


3rd April

Amazon scam threatens to permanently lock your account and it’s easy to be fooled

Be wary of scammers out to get your personal details

Beware: This Fake BAYC Metaverse Land NFT Exploits OpenSea Bug

Bored Ape, other major NFT Discord servers targeted by scammers

Fake Trezor data breach emails used to steal cryptocurrency wallets

Ledger May Be Secure but Not Private, According to Its Privacy Policy

New Borat remote access malware is no laughing matter

Partnership Healthplan of California Data Breach Possibly One of the Largest in Health Care

Replay attacks allow hackers to eavesdrop on you — how to prevent them

Scammers steal millions by offering fake jobs to university students

State-run health insurance exchange failed to prevent breaches of Connecticut residents’ data, audit finds

The metaverse is coming, but so are all these security problems

Trezor Customers Targeted with Phishing Scam

Trezor investigates potential data breach as users cite phishing attacks

Trezor wallets hacked? Don’t be duped by phishing attack email

Two UK teens charged after arrest over Lapsus$ breaches

US claims South Africa targeted in Russia’s global hack attack campaigns

Why Your Enterprise Needs FIDO Authentication Technology

2nd April

5 dangerous cybersecurity mistakes you’re probably making

10 Leading Practices for Managing the Risk of Remote Access

A hacker just stole over $600 million in crypto. Experts explain the historic swindle — and why cyberattacks shouldn't discourage adoption of digital assets

Advanced Phishing Attacks Saw Twofold Increase in 2021

After massive New York City (NYC) student data breach, here are the steps you can take

Android spyware linked to Russian hackers tracks location, records audio

Bored Ape and other major NFT Discord servers targeted by scammers

CISA adds seven bugs to Known Exploited Vulnerabilities Catalog

Comelec: Smartmatic data breach not related to polls

Cyber Espionage Actor Deploying Malware Using Excel

Cybersecurity Mistakes Cost Jobs, Tessian Finds

Dark web trade in personal data on rise

Hackers linked to North Korea were suspected of carrying out a cyberattack on South Korea

How to avoid Bank Phishing and protect passwords

Hunting for Spring Core Exploitation

Is the end nigh for end-to-end encryption?

Millions Drained From Ethereum DeFi Protocol Inverse Finance

North Korea is linked to a cyberattack disguised as a Covid vaccine

Norton Phishing Scam Uses Personal Info to Steal Money from Victims

Password Stealing BlackGuard Malware Sold In Russian Hacking Forum Targets A Ton Of Apps

Protect your printer by keeping the firmware up to date

Russia-Ukraine War: Kremlin’s cyberwar is underway, say experts

Scammers are texting you from your own number now — here’s what to do if that happens

Scammers Hacked the Project Bots of Bored Ape and Other NFT Discords on April Fools Day

Spring4Shell: Spring Remote Code Execution Vulnerability

Teenage hackers trick Facebook and Apple into giving up data – Are you at risk?

This fake Norton antivirus email could really ruin your weekend

Types of Cyber Attacks

UK charges two teenagers linked to the Lapsus$ hacking group

US Health Provider Law Enforcement Health Benefits (LEHB) Hit by Ransomware Attack, Network Compromised

Warnings Issued to Private Businesses, Citizens About Potential Cyber Attacks

Warning over WhatsApp phishing message doing rounds offering ‘free Easter chocolate basket’

Web3 Is Supposed to Be Secure. What About All These Hacks?

When Bittrex Phishing Fraud Overshadowed The Google Searches

1st April

8 signs that your computer has been hacked

15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks

$72 million lost in mobile app ad fraud

A battle on two fronts: the convergence of cyber and physical conflicts

A Former Teen Hacker Explains Why It’s So Hard to Stop Teen Hackers

Accelerating awareness in a new era of cybercrime

An Overview of the Strengthening American Cybersecurity Act

ApeCoin Drops 8% After Bored Ape Yacht Club Discord Suffers Phishing Scam

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Apple updates macOS, iOS, and iPadOS to fix possibly exploited zero-day flaws

'Back from vacation': Lapsus$ now claims to have data from an Apple partner

Beastmode botnet boosts DDoS power with new router exploits

Bored Ape Yacht Club warns against minting NFTs after phishing attempt

British Police Charge Two Teenagers Linked to LAPSUS$ Hacker Group

“Browser in the Browser” attacks: A devastating new phishing technique arises

‘Cadbury Easter Egg Hunt’ Scam Circulates on WhatsApp

Cadbury issues warning over Easter chocolate WhatsApp scam

California health plan facing network disruptions after alleged Hive ransomware attack

Can AI Help Insurers Detect Cybersecurity Risks?

Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit

Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit

Cloud native application security is a critical priority, risk perception is worryingly low

Construction Industry: Data Security Considerations

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Critical GitLab vulnerability lets attackers take over accounts

CrowdStrike finds 'logging inaccuracies' in Microsoft 365

Cyber Wyoming Tracking Local Phishing Attacks

Data Breach Alert: Condor Earth Technologies, Inc

Data Breach Alert: SuperCare Health

EU draft law adds security checks to all crypto transactions

European Union: The Regulation And Management Of Personal Data Breaches

Executives for Health Innovation (EHI) Provides Guidance for Protecting non-HIPAA-Covered Health Data

FBI: Ransomware attacks are piling up the pressure on public services

FBI Issues Warning of Escalating Ransomware Attacks on Local Government Agencies

GEBE investigating cyberattack, says efforts focused on minimising impact

GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts

Google: Russian credential thieves target NATO, Eastern European military

Google releases patch to fix vulnerability in Chrome

Government workers rely on Microsoft. That could be a security problem, Google claims

Hackers are taking aim at food companies

Hackers attack cryptocurrency ecosystems, $700m stolen in three months

Hackers have found a clever new way to steal your Microsoft 365 credentials

House Passes Better Cybercrime Metrics Act

How Much Does a Data Breach Cost?

How Restaurant Operators Can Defend Against Ransomware

How To Protect Your Connected Fleet Vehicles From Cybercriminals

If Data Privacy Is Overlooked, It’ll Be a ‘Game-Over’

Increase in Cyber-Attacks Leads to Influx of New Reporting Obligations

Increasing Cyberattacks Driving Up Cyber Insurance Rates

Ireland: More than €22 million stolen by fraudsters in bank account takeovers in 2021

Is IT ready for the metaverse? If not, it should be

IT And OT Convergence Need Holistic Cybersecurity Protection

IT Services Giant Admits $42m Fallout from Ransomware Attack

JavaScript security: The importance of prioritizing the client side

Lapsus$ hackers 'access' health data from Apple Watch

Making security mistakes may come with a high price for employees

Milka offers you chocolate on the networks? Warning, this is a scam

Modem-wiping malware was behind Viasat cyberattack

New study puts ransomware threats and impacts in context

Nigerian Arrested in India for Involvement in N665m Bank Scam

North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims' Crypto

NSA Employee Accused of Sharing National Defense Secrets

One in four employees who made security mistakes lost their job

One in three UK firms suffered phishing attack last year, government study finds

Over Half of Data Security Incidents Caused by Insiders

Pfizer asks hourly staffers to return overpayments in aftermath of vendor's cyberattack

Phishing attacks exploit free calendar app to steal account credentials

Phishing email offers students financially impacted by COVID-19 up to $4,000 in financial aid

Police arrest Nigerian kingpin allegedly behind major banks e-fraud in India

Preparing for the future of ransomware

Protecting and Transforming Cyber Health Care (PATCH) Act seeks to shore up security for medical devices, IoT networks

Ransomware attacks are on the rise, who is being affected?

Ransomware attacks straining local governments, public services

Ransomware Gangs Claim Health Plan and Healthcare Provider Attacked

Ransomware Payments Hit Record Highs in 2021

Ransomware Response: 5 steps to Protect Your Business

Recent cyberattack against Iberdrola affects the data of 1.3 million customers

Russian Wiper Malware Likely Behind Recent Cyberattack on Viasat KA-SAT Modems

Russian-linked Android malware records audio, tracks your location

Scammers steal €22.5m from Irish victims as account takeover fraud rises 552%

Sitel on Okta breach: "spreadsheet" did not contain passwords

Spokane Regional Health District Announces Second Phishing Attack in 3 Months

Spring4Shell: New info and fixes (CVE-2022-22965)

Step 1 to Simple Online Security: Always Use Strong Passwords

Taiwanese star Jay Chou says Bored Ape NFT has been stolen by ‘phishing website’

Tesco shoppers urged to delete scam email immediately from inbox

The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities

Three Cybersecurity Fundamentals Businesses Get Wrong

To Pay or Not to Pay: Five Critical Approaches to Beating a Ransomware Threat

Top reasons why cybersecurity professionals leave their jobs

Trend Micro fixes actively exploited remote code execution bug

Two teenagers charged in connection with investigation into hacking group, says City of London police

Two teenagers charged in connection with Lapsus$ cyberattacks

UK police charge 2 teenagers in connection with Lapsus$ hacks

Ukraine, Conti, and the law of unintended consequences

Vishing Continues to be a Risk Worth Assessing

When should the data breach clock start?

Why Anti Phishing Simulations Need to be Studied

Zero trust in business cyber security

Zyxel urges customers to patch critical firewall bypass vulnerability

31st March - World Backup Day

5 Levers Lawmakers Can Use to Tackle Cybercrime

17 tips to keep you safe from phishing schemes

57% of people can’t recall if they ever backed up their important documents

2022 World Backup Day

About 1,300 Catholic Health patients affected by email security incident at vendor

Agencies report cyberattacks on power supply devices, public sector

Analyzing the Hidden Costs of Cybercrime

Apple and Meta shared data with child hackers pretending to be law enforcement

Apple emergency update fixes zero-days used to hack iPhones, Macs

Apple Issues Patches for 2 Actively Exploited Zero-Days in iPhone, iPad and Mac Devices

As Cyber Threats Grow, Nearly 600,000 Jobs Still Vacant

Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn

Average UK cyberattack cost £4,200 last year

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Botnet attacks: How bad bots can impact your enterprise

Brand Exposure: How Exposed Personal Data Impacts Corporate Digital Risk

Bugs in Wyze Cams Could Let Attackers Takeover Devices and Access Video Feeds

Calendly actively abused in Microsoft credentials phishing

Charleston Area Medical Center Files Notice of Recent Data Breach

Chinese hacking group uses new 'Fire Chili' Windows rootkit

CISA Issues UPS Warning

CISA orders agencies to patch actively exploited Sophos firewall bug

Connecticut’s Bradley Airport Website Hit by Cyberattack

Conversation hijacking doubles in 2021

Current Geopolitics Are Raising The Need For New Cybersecurity Measures

Cyber attacks from 2021 which we need to talk about

Cyber Security Breaches Survey 2022

Cyber-attack on California Healthcare Organization

Cybersecurity readiness for Critical Information Infrastructure (CII) deemed critical

Data Breach Alert: Law Enforcement Health Benefits Inc

Data Breach Alert: Partnership HealthPlan of California

Data Breach Alert: Youth Consultation Services

DDoS attacks becoming larger and more complex, finance most targeted sector

Deploying pseudonymization techniques to protect health data

Did you get a spam text from your OWN number? You’re not alone

DPRK hackers go after crypto assets using trojanized DeFi Wallet app

Drawing the RedLine - Insider Threats in Cybersecurity

Fall for Phishing? You Could Get Fired

FBI efforts to disrupt business email compromise scams leads to 65 arrests

FBI Warns of Phishing Attacks Targeting US Election Officials

Fighting cybercrime across the world

Financial advice industry gets hard word on cyber security

Follow These Best Practices To Meet Cyber Insurance Requirements and Save

Global Police Arrest 65 in Multimillion-Dollar BEC Bust

Globant admits to data breach after Lapsus$ releases source code

Globe Telecom flags new phishing scams

Globe warns public vs phishing attacks amid Russia-Ukraine conflict

Google: Multiple hacking groups are using the war in Ukraine as a lure in phishing attempts

Google Cloud security survey is ‘aggressive’ move vs. Microsoft

Hackers Increasingly Using 'Browser in a Browser' Technique in Ukraine Related Attacks

Hive ransomware group claims Partnership HealthPlan of California data breach

How Much is Enough? A Different Cybersecurity Risk Management Approach

How to prevent phone hacking and remove intruders from your device

Is 2022 the year encryption is doomed?

Know Your Ransomware Enemy: Getting Inside the Mind of a Hacker

Lack of CLM maturity is putting organizations at risk

Lapsus$ hacks - Companies must quantify cyber risks to improve security

Linux secure networking security bug found and fixed

List of data breaches and cyber attacks in March 2022 – 3.99 million records breached

LockBit victim estimates cost of ransomware attack to be $42 million

‘Low’ threat of cyber attack on Ireland but ransomware risk is high, says top official

Meet BlackGuard: a new infostealer peddled on Russian hacker forums

Mahesh Bank was easy pickings for hacker

NCSC tells UK businesses to ‘consider risk’ of using Russian tech

Nebraskans lost $19.7M to cybercrime in 2021, per FBI's Internet Crime Report for 2021

New AcidRain data wiper malware targets modems and routers

New BlackGuard password-stealing malware sold on hacker forums

New Python-based Ransomware Targeting JupyterLab Web Notebooks

New York City wants an FBI investigation into the data breach that affected 820,000 students

No April fool: back up your data

No Patch Available Yet for Critical SpringShell Bug

Now Anyone Can Easily Phish Your Credentials with Phishing Kits

On World Backup Day, overconfidence a worrying trend among organizations

Palo Alto Networks error exposed customer support cases, attachments

Pandemic effect: Cyberattacks getting more destructive and targeted

PayPal Text Message Scam

Phishing scam targets election officials, FBI warns

Phishing uses Azure Static Web Pages to impersonate Microsoft

Protecting Your Organization Against a New Class of Cyber Threats: HEAT

QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

Ransomware: Should Companies Ever Pay Up?

Ransomware is 'straining' local government services, FBI says

Ransomware payments increased 78% last year

Red flag for ransomware: attackers are using Log4Shell vulnerability to deliver backdoors to virtual servers, Sophos research shows

Reduce data breach risk on World Backup Day 2022

Reducing Critical Infrastructure Risk From End-of-Life Software

Russia targeting Ukraine, countries opposing war in cyberspace

Safe Mode Is A Growing Attack Surface For Bad Actors

Samsung’s Advanced Chip Technologies Stolen In Data Breach

Scammers target university students with fake jobs

Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework

Spring patches leaked Spring4Shell zero-day RCE vulnerability

Spring4Shell: No need to panic, but mitigations are advised

The 'Silver Lining' to Ransomware Attacks on Businesses in an Increasingly Hostile World

The volume of DDoS attacks from compromised IoT devices rose significantly in March

Threats from Sanctioned Nations: Cyber Hygiene and a Plan Provide Best Defense for Banks

Ubiquiti sues journalist, alleging defamation in coverage of data breach

Ukraine Leaks Personal Details of 620 Alleged FSB Agents

Urgent Facebook Messenger scam warning over four word text to never open

US healthcare data breach impacts 85,000 law enforcement officers

Viasat: Denial of Service Attack Impacted Tens of Thousands

What is data vaulting and how does it shape modern backups?

What Kinds of Information Will Hackers Target From Regular People?

Where should companies start when it comes to device security?

Why do organizations need to prioritize cyber resiliency?

Why remote browser isolation is core to zero-trust security

World Backup Day: 5 Backup Tips to Retain Critical Data Following a Ransomware Attack

World Backup Day: When backups are no longer enough

World Backup Day – March 31, 2022: Businesses Must Backup and Plan for Recovery

Zyxel patches critical bug affecting firewall and VPN devices

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices

30th March

5 security culture maturity indicators every organization must know

32% of world's largest enterprises suffer a CMS security breach every week

35 NFTs including Bored Apes stolen via phishing attack in last week alone

$625m Stolen From Ronin Network – The Blockchain Behind Axie Infinity Game

2022 Trends To Look Out For In The Industrial Cybersecurity Industry

A Tech Company Made It Harder to Use Its Products to Mine Crypto. Then Came the Ransomware Attack

A Third of UK Businesses Experience Cyber-Attacks at Least Once a Week

Analysis of BlackGuard - a new info stealer malware being sold in a Russian hacking forum

Approximately 1,300 Catholic Health patients impacted by data breach

As Lapsus$ comes back from 'vacation,' Sitel clarifies position on data breach

Attackers Steal $618m From Crypto Firm

Biden asks companies to prep for cyberattacks. Experts say auto supply chains aren't ready

Bradley International Airport Website Hit by DDoS Cyber Attack; No Data Breach Has Been Reported

Credential Harvesting and Initial Access: What Are They and How Can I Hit Back?

Cyberattacker tried to crash Bradley airport website, officials say

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments

Cybercrime during the pandemic cost UK businesses £2.4billion

Cybercrime statistics legislation is ready for president's signature

Cybersecurity: A Promising Restitution Order

Ethereum sidechain Ronin that powers play-to-earn game is fleeced for over $600m

Facebook Messenger Four-Word Phishing Scam

FBI disrupts BEC cybercrime gangs targeting victims worldwide

FBI Gives Tips To Avoid Falling Victim To Ransomware

FBI Investigating More than 100 Ransomware Variants

FBI Reports Phishing Campaign Targeting Election Officials

Fewer employees are reporting security incidents

Globant confirms hack after Lapsus$ leaks 70GB of stolen data

Google: Russian hackers targeting NATO, military email accounts

Google: Russian phishing attacks target NATO, European military

Google Chrome Bug Actively Exploited as Zero-Day

Got a 'Free Msg' Spam Text From Yourself? Don't Click on the Link

Hackers gained access to about 422 files in ransomware attack against Riverhead School District last November, superintendent says

Hacking group claims responsibility for ransomware attack on Northern California health care network

Have you received a text from your own Verizon number?

Here’s How You Can Combat The Biggest Risks In DeFi World Today

Hive ransomware shuts down California health care organization

Hive ransomware uses new 'IPfuscation' trick to hide payload

Honda's Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

Hong Kong businesses advised to stay alert to email cyber attacks

How to implement passwordless authentication

How to ward off cybercriminals

'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang

India: Number of phishing incidents has gone up, says government

IoT warning: Hackers are gaining access to UPS devices. Here's how to protect yours

Ireland: Gardaí issue warning over HSE phishing scam

Lapsus$ ‘Back from Vacation’

Lapsus$ Breaches Reveal that Even Cybersecurity Organizations Don’t Follow Best Practices

LAPSUS$ Claims to Have Breached IT Firm Globant; Leaks 70GB of Data

Latest data shows Saudi Arabian organisations making gains in building greater cyber resilience

Law Enforcement Agencies Arrested 65 in Business Email Compromise (BEC) Crackdown

Log4j Attacks Continue Unabated Against VMware Horizon Servers

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

Log4Shell Used in a Third of Malware Infections

‘Low’ threat of cyber attack on Ireland, says top official

Major Aussie banks warn of new text message scam

Mars Stealer malware pushed via Google Ads and phishing emails

Mitigating security risks posed by hybrid working

MSHTML Flaw Exploited to Attack Russian Dissidents

NCSC: Time to Rethink Russian Supply Chain Risks

Nearly 40 per cent of UK businesses hit by cyber attacks

New Scam Coming From Your Own Cellphone Number

New Spring Java framework zero-day allows remote code execution

North Korean threat actors target news outlets and fintechs with a Google Chrome vulnerability

Personal Data of 820,000 New York City Students Exposed

Phishing Attacks: Malicious URLs May Outpace Email Attachment Risks

Phishing campaign targets Russian govt dissidents with Cobalt Strike

Posts on name-and-shame dark web leak sites climbed 85% in 2021

Preparing for Cyber Disruption – The Future State of Ransomware

Pro-Russia Hackers Targeted More than 400 U.S. Hospitals in 2020

Protect Yourself Against Potential Cyberattacks

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

QNAP warns severe OpenSSL bug affects most of its NAS devices

Ransomware attacks drive Zero Trust Network Access (ZTNA) adoption: learning from those who learned the hard way

Ransomware group claims to have stolen 850,000 patient records from California insurer

Ransomware payments hit multi-million dollar highs

RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

Regular web users unwittingly launch DDoS attacks on Ukraine

Rehab Group victim of 'plain vanilla ransomware criminal attack'

Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread

Russia Has Threatened American Businesses With Retaliatory Cyber Attacks - What Your Business Needs to Know to Protect Itself

Shoppers targetted with a fake Tesco refund email

Shutterfly Employee Data Compromised in Ransomware Attack

Shutterfly, hit by Conti ransomware group, warns staff their data has been stolen

Significant year-over-year increase in widely exploited security flaws

Small medical practices more vulnerable to cyberattacks

Spain: Beware of fake emails offering an extra Covid vaccine, it's a scam to get your bank details

State-backed hacking attacks are a big worry, but most firms don't know what to watch out for

Supply Chain Attacks Are Increasing – Organizations Must Evolve

The benefits of implementing continuous security in the development lifecycle

The Philippines: Globe Telecom warns users vs potential phishing attacks linked to Russia-Ukraine conflict

These remote work job scams promise easy money but aim to steal your savings

This new ransomware targets data visualization tool Jupyter Notebook

This Virus May Have Hijacked Your Email Threads

Triple Threat: Ransomware Criminals Add Data Theft, Manipulation to Encryption Tactics

Two-factor authentication is a great idea. But not enough people are using it

UK ransomware attacks rose by 100% in 2021

Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security

UPMC begins payments to 66,000 employees affected by 2014 data breach

US Cybersecurity Needs to Fill 600,000 Positions as Country Prepares for Possible Cyberattack From Russia

US national emergency extended due to elevated malicious cyber activity

US Sentences Estonian Hacker With 5 Years In Prison, $36m Fine

US telecommunications company likely targeted by Russian hackers shares details of February 24 attack

Viasat: February cyber attack impacted tens of thousands of customers in Ukraine, Europe

Viasat shares details on KA-SAT satellite service cyberattack

VMware Horizon platform pummeled by Log4j-fueled attacks

Vulnerability Assessment Versus Penetration Test: What’s Best For Your Organization?

Warning over new scam on French carte Vitale healthcare cards

What Is SpringShell? What We Know About the SpringShell Vulnerability

What Is Zero Trust Security?

Why authentication is still the CISO’s biggest headache

World Backup Day: Now one of the most important days of the year

29th March

1 in 4 employees who fell victim to cyberattacks lost their jobs

3 Risks Lurking in Your Construction Accounting Software

82% of Public Sector Applications Contain Security Flaws

$620 million in crypto stolen from Axie Infinity's Ronin bridge

2021 COVID bounce: Malware has returned with a vengeance

A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages

After massive New York City (NYC) student data breach, here are steps you can take to protect your family

Anonymous Hacks 2 Russian Industrial Firms, Leak 112GB of Data for Ukraine

Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)

Bradley Airport Website Suffers Cyber Attack

Bradley International Airport website hit by DDoS cyber attack; no data breach has been reported

Canada the target of 'thousands' of cyberattacks every day, Canadian Security Intelligence Service (CSIS) reveals

CISA warns of attacks targeting Internet-connected UPS devices

CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

Confidential documents were blown into gardens in data breach

Consistency in password resets helps block credential theft

Coordinated Phishing Attempts Targeted Election Officials in 9 States, Says FBI

Critical Sophos Firewall RCE Vulnerability Under Active Exploitation

Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances

Cyber incidents reported to the Financial Conduct Authority (FCA) up over 50%

Cyber Insurance Won’t Cover Acts of War

Cyber leaders concerned about Russian critical infrastructure attacks

Cyberattack targets Bradley International airport website

Cyberattack targets Connecticut airport website

Cybercriminals’ phishing kits make credential theft easier than ever

Cybersecurity Act Signed Into Law Creates New Reporting Obligations

Cybersecurity Mishaps Cost 1 in 4 Employees Their Jobs

Cybersecurity mistakes costs one in four workers their job, data suggests

Data Breach Alert: AUTOPAY Direct, Inc

Data Breach Alert: Certified Title Corporation

Data Breach Alert: Cloudstar

Data Breach Alert: Sarku Japan

Data Breach Alert: Soft Drink & Brewery Workers Union Local 812 Retirement Fund

Dental Practice Fined for Sharing Patient Data on Social Media

Do not click links in text messages that come from your own phone number

Don’t Become A Victim to Account Takeover Attacks

EU agencies must ramp up cybersecurity measures, auditors say

European Police Bust Multimillion-Dollar Investment Fraud Gang

Europol dismantles massive call center investment scam operation

Exchange Servers Speared in IcedID Phishing Campaign

Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation

FBI: Cyber Criminals Took from Victims in the US Over $6.9 Billion in 2021

FBI: Hackers targeted election officials’ email in 9 states

FBI warns election officials of credential phishing attacks

Four Steps To Get Started With A 'Bottom-Up' Cybersecurity Approach

French health insurance data leak: what to do if you are affected

Google Threat Analysis Group on protecting users and customers against cyberattacks

Hackers are getting faster at exploiting zero day flaws. That's going to be a problem for everyone

Hackers are using fake ’emergency’ requests to obtain customer data

Hackers send almost 4,000 fake job offer emails every day

Hackers use modified MFA tool against Indian government employees

Health Plans, Laboratories, Health Departments Hit by Healthcare Data Breaches

Hive ransomware group claims to steal California health plan patient data

How Automated Offboarding Can Keep Your SaaS Stack Safe

How to Disrupt the Web Attack Lifecycle

IceID trojan delivered via hijacked email threads, compromised MS Exchange servers

If you see these 4 words on Facebook Messenger, don’t click

Leaked hacker logs show weaknesses of Russia’s cyber proxy ecosystem

Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners

Major Cyber Attack launched on Ukraine Ukrtelecom

Mars Stealer malware pushed via OpenOffice ads on Google

Microsoft issues metaverse warning for millions of users over ‘identity THEFT’ – and scammers posing as loved ones

Microsoft on Metaverse: 'Trust Cannot End at the Doorway of a Virtual Meeting Space'

Minimizing security risks: Best practices for success

More than 60% of mid-sized Indian organizations surveyed fell victim to a cyberattack in 2021, Sophos research shows

Mutating Verblecon malware in illicit cryptomining...so far

New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

New Malware Loader 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners

New Report on Okta Hack Reveals the Entire Episode LAPSUS$ Attack

NFTs stolen from Bored Ape Yacht Club (BAYC) fans due to Twitter airdrop scam

North Korea targets Chrome zero-day exploit

Not enough businesses have a formal ransomware plan in place

Office of the Attorney General warns of text message phishing scam targeting Maryland unemployment insurance claimants

Officials confirm attempted cyberattack on Bradley International Airport website

Personal Data of 620 FSB Officers Published Online

Ransomware, Malware, Phishing Top List of IT Security Concerns

Red Flag for Ransomware: Attackers Are Using the Log4Shell Vulnerability to Deliver Backdoors to Virtual Servers, Sophos Research Shows

Researchers show how quickly your system can be hacked and encrypted by the leading malwares

Russia's top tech giant is harvesting data from millions of iOS users

Sanctions Hitting Russian Cyber-Criminals Hard

Security Incidents Reported to Financial Conduct Authority (FCA) Surge 52% in 2021

Shutterfly discloses data breach after Conti ransomware attack

Sophos warns critical firewall bug is being actively exploited

Subdomain takeover attacks on the rise and harder to monitor

The Federal Trade Commission’s New Take On Health “Data Breaches” Means Advertisers Could Be Guilty Of Breaches And Not Even Know It

The security gaps that can be exposed by cybersecurity asset management

Three Pillars of Cyber Security: People – Process – Technology

Time to Gear Up Your Company's Cybersecurity

Transparent Tribe APT returns to strike India's government and military

Ukraine destroys five bot farms that were spreading 'panic' among citizens

Ukraine security agency shutters Russian disinformation bot farms

Ukraine Suffers Significant Internet Disruption Following Cyber-Attack

Ukraine's national telecoms operator suffers cyberattack

USB Ransomware Attacks: The temptation of finding USB drives and IoT devices

Using Russian tech? It's time to look at the risks again, says cybersecurity chief

Verblecon malware loader used in stealthy crypto mining attacks

What Are Phishing Kits And Their Off The Shelf Tools?

What Does it Mean to Be Zero-Day?

What To Do When Your Business Is Affected By A Ransomware Attack

Why You Should Invest in Cybersecurity Insurance

World’s Leading Messaging & Email Platforms Suffered Phishing For Three Years Through URL Rendering Technique

Wyze Cam flaw lets hackers remotely access your saved videos

Yandex is Sending iOS Users' Data to Russia

28th March

2 email accounts in Syracuse University department victim to data breach involving personal information

5 old social engineering tricks employees still fall for, and 4 new gotchas

86% of Organizations Have Faced a Nation-State Cyber-Attack

Anonymous Claimed Data Leak to Force Nestlé Out of Russia

Attackers Deploy SIM Hijacking to Breach Cryptocurrency Accounts

Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns

Beware of old and new tax-themed scams and schemes

Bin collectors apologise after sensitive letters blown onto London streets

Can Microsoft Make the Metaverse Safe?

China APT group using Russia invasion, COVID-19 in phishing attacks

Chrome and Edge hit with V8 type confusion vulnerability with in-the-wild exploit

CISA: Here are 66 more security flaws actively being used by hackers - so get patching

CISA warns orgs to patch actively exploited Chrome, Redis bugs

Cloud-native adoption shifts security responsibility across teams

Critical SonicWall firewall patch not released for all devices

Critical Sophos Security Bug Allows RCE on Firewalls

Crypto Scams Surge Amid Ukraine War

Cyber Incident Reporting Act: What it means for your organization

Cyber security policies: a must-have for online trading brokerages

Cyber security risks and companies’ readiness

Cyber Threat Alert: New Jersey Brain and Spine

Cyber warfare is a ‘watershed moment’ for the industry

Cyberattack numbers on the rise across the world: how to keep your data safe

Cybercriminals focusing on crypto donations to Ukraine to trick victims

Cybercriminals launched 9.75 million DDoS attacks in 2021

Cybersecurity is everyone's responsibility

Cybersecurity myths are compromising your data – how to address them

Data Breach Alert: Capital Region Medical Center

Data Breach Alert: Cytometry Specialists, Inc. d/b/a CSI Laboratories

Data Breach Alert: DNA Diagnostics Center, Inc. Security Incident Puts Personal Data at Risk

Data Breach Alert: Virginia Mason Medical Center

Data scam and impersonation fraud statistics are skyrocketing, here’s what you need to know

Deadline passes for R220m extortion demand in TransUnion cyber attack

Emerging mobile threat

Encryption is key to data protection, but not all strategies look alike

Estonian Gets 66 Months for Ransomware Conspiracy

Ethical hackers ‘hit the jackpot’ as tech groups pay for protection

Extended Threat Intelligence: A new approach to old school threat intelligence

Fastest ransomware found to encrypt 53GB of data in just over four minutes

Hacked WordPress sites force visitors to DDoS Ukrainian targets

Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware

Hackers Use Google reCAPTCHA To Hide Phishing URLs and Defeat Email Security Scanners To Steal User Credentials

How Much Is Your Stolen Credit Card Worth on the Dark Web?

How scammers posing as SingPost trick victims with SMSes, fake sites

How To Effectively Manage and Secure APIs

How to Protect Your Business Against Ransomware

Hundreds more packages found in malicious npm 'factory'

Insurers bracing for cyber claims from war in Ukraine

Is next-gen threat modeling even about threats?

Is Your Business Ready to Deal with the Impact of a Cyber-Incident?

Japanese firms face growing cybersecurity risks amid war in Ukraine

Leaked Details of the Lapsus$ Hack Make Okta’s Slow Response Look More Bizarre

Long Island schools have received more cyberattacks in recent years, according to state data

Man linked to multi-million dollar ransomware attacks gets 66 months in prison for online fraud

'Massive cyberattack' against Ukrainian ISP has been neutralized, Ukraine says

Metaverse will face security threats as old as the web

Microsoft Exchange targeted for IcedID reply-chain hijacking attacks

Morgan Stanley Wealth Management accounts breached in ‘vishing’ attacks

My own phone number is now spam texting me

New report suggests Ransomware payments skyrocketed in 2021

New York City (NYC) officials call for investigation after data of 820,000 students compromised in hack

Okta: 'We Made a Mistake' Over Data Breach Investigation

Okta: We made a mistake over Lapsus$ breach notification

Okta Says It Goofed in Handling the Lapsus$ Attack

One in 10 UK Staff Circumvent Corporate Security

Phishing Scam Targets Unemployment Insurance Claimants in Texts

'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks

Ransomware Attacks Soar by 100% in 2021

Ransomware Disrupts Payroll at Cheyenne, Wyoming, Hospital

Ransomware groups are driving Active Directory exploitation to unacceptable rates

Ransomware now encrypts so fast it ‘will burn the house down’

Ransomware payments: Here's how much falling victim will now cost you

Ransomware, endpoint risks are top concerns for DFIR professionals

Report outlines cost of data breach on enterprises, SMBs in 2021

Russia and China ‘most likely’ behind state-sponsored cyber threats

Senators Introduce Healthcare Cybersecurity Act

Small vs Large Practices: Who’s Better at Healthcare Data Security?

Social media sites most targeted by data breaches

Sophos patches critical remote code execution vulnerability in Firewall

STELCO hit with ransomware attack; interrupts services

SunCrypt ransomware is still alive and kicking in 2022

The Cloud as the New Data Center: What it Means for Security

The ten biggest threats to your Windows PC in 2022

This 4-word Facebook Messenger phishing scam is surging right now

To pay or not to pay: What to do if your business is hit with ransomware

TransUnion hack: Deadline passes for R220m extortion demand

Triton malware still a threat to energy sector, FBI warns

UK ransomware attacks double in past year

UK Ransomware Attacks Up 100% in 2021

Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards

Ukraine Doxes 620 Alleged Russian Spies by Publishing Names, Addresses

Update Chrome Browser Now – Google Releases Emergency Security Update

US Proposes Healthcare Cybersecurity Act

Washington Health District Suffers Another Data Breach

Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech’s Biggest Companies?

Why cybersecurity needs an urgent mind shift

Zelle Scammers Target Clients at Another Big Firm with Phishing Scheme

Zero-day Attacks Doubled in 2021

Zero-Day Surge Led to More Rapid Exploitation of Bugs in 2021