Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 2 May 2022

Data Breaches Digest - Week 18 2022

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 2nd May and 8th May 2022.

8th May

6 Common Crypto Scams to AVOID in 2022

6 Ways to Implement Data Security Policies for Your Business

AGCO Ransomware Attack Disrupts Tractor Sales During U.S. Planting Season

Are RFID-Blocking Wallets Worth It?

Beyond data breaches, cybercriminals are focusing on a new target for identity theft: You

Caramel credit card stealing service is growing in popularity

Check your gems: RubyGems fixes unauthorized package takeover bug

Cyber crime rate in the UK higher last year than in other developed nations

Developments in phishing and how to protect your business

Exploits created for critical F5 BIG-IP flaw, install patch immediately

Google Chrome Will Automatically Change Your Stolen Passwords

Google made it much easier to change your compromised passwords

Hacking expert shares which social media posts to avoid to keep your data safe

Looking Back at the Colonial Pipeline Ransomware Incident

Pakistan: Digital threats

State Bar Notifies 1,300 People Identified in Data Breach

The surging threat of cyber-fraud

Tips To Protect Cryptocurrency From Cyber Attacks

United Arab Emirates: New SMS scam asks residents to pay Dh4 to claim parcel

US offers $15M reward for information on Russia-based ransomware group

What Is the Definition of a Data Breach?

7th May

Agriculture company AGCO Corp hit by ransomware attack affecting some production facilities

Canada on high alert for ransomware attacks amid Russia’s invasion of Ukraine

Countering the risk of ransomware with operational continuity

Cryptocurrency related crimes decreased in 2020

Fake crypto giveaways steal millions using Elon Musk Ark Invest video

False-flag cyberattacks a red line for nation-states, says Mandiant boss

FBI: Business Email Compromise Scams Cost $43 billion

Hackers target NIMHANS, but data remains safe

Implementing a Strong Cybersecurity Strategy in Your Manufacturing Company

One year on from the HSE cyber attack, could it happen again?

Protect yourself by using a strong and secure passwords

Ransomware: Fake Windows 10 Updates Might Get You In Trouble

Residents still feeling consequences of council cyber attack more than four months on

Shell Warns of Fuel Rewards Email Scam

The Colonial Pipeline ransomware attack a year on: 5 lessons for security teams

US offers $15 million reward for info on the Conti ransomware gang

Whale Phishing 2022: What is it and How to Protect Yourself From the Attack?

What Data Do VPNs Need to Send to the Indian Government?

6th May

3 cybersecurity priorities for digital transformation

5 hacks to keep your phone safe against viruses, malware, ransomware

5-Step Plan for Employers to Defeat Text Message ‘Smishing’ Scams

7 common identity theft scams

69% of Philippines organizations experienced ransomware attacks in 2021

85% of Australian Organisations Suffered a Ransomware Incident in the Past Five Years; 72% Tried to Keep it Quiet

A Loan App, Morphed Obscene Images & Sextortion: A New Phishing Crime That Could Strip You of Money

A Year After Colonial Pipeline, Threat of Ransomware Attacks Looms

A10 Networks’ Threat Research detects and tracks origins of DDoS weapons; Observes over 15 million weapons

Action Fraud warn people about fake McAfee scam emails

AGCO Announces Ransomware Attack

'All ventilators will be attacked' - Russian hackers threaten to target NHS in revenge plot

America’s Schools Face Mounting Threats from Cyberattacks

Another top NFT company has been hit by a phishing attack

Apple, Google, Microsoft to expand support for passwordless sign-in standard

As data breach becomes a battleground for class action litigation, companies need to take a risk-based approach to cyber security

As Ransomware Threats Mount, Focus Should be on Data-Centric Security

Attempted cyber-attack delays healthcare reimbursements in France

Authorities investigate as Belton Police Department computers hit with malware attack

China-backed Winnti APT siphons reams of U.S. trade secrets in sprawling cyber-espionage attack

Clues that a website or email may hide a scam or malware

Crypto Scammers Rise to Steal Charity Money, Investors Worried

Crypto Scammers Using Deepfakes To Trap Victims

Customer Passwords are a Target for Cybercriminals: How to Address the Threat

Cyberattacks Against Colleges Add to Financial Strain

Cybercriminals Are Targeting the Travel Industry

Cyberespionage: New Mustang Panda campaign targets Europe

Data breach Discovered at IKEA Canada impacts 95,000 Customers

DDoS Attacks by Hacktivists Disrupted Russian Alcohol Supply Chain

European media companies share experiences of cyberattacks

Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers

Ferrari subdomain hijacked to push fake Ferrari NFT collection

From 'rug pulls' to counterfeits, here are the biggest scams in the NFT space

Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware

Heroku fesses up to customer password theft due to OAuth token attack

How AI Can Save The Day

How Apple, Google, and Microsoft will kill passwords and phishing in one stroke

How can financial institutions better secure their workforce?

How your personal data can be weaponised against you

Huntress, Sophos, Kaseya See No Sign Of Widespread Coordinated MSP Attack Following ThreatLocker Bulletin

IKEA Canada hit by internal data breach

Illuminate Education Mega-Breach Affects K-12 Students

India Orders VPN Companies to Log & Hand Over User Data

Is Your Website Truly Protected?

Landmark amendments to international cyber crime treaty set to be signed next week

Latest Netflix scam claims you’ll get a free renewal

Lockbit 2.0, Conti Dominate Ransomware Attack Activity

Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List

Microsoft, Apple and Google Team Up on Passwordless Standard

Microsoft Discovers Nimbuspwn Privilege Escalation Vulnerability on Linux Systems Granting Hackers Root Permissions

Modern security software protects against today’s threats

MSPs, MSSPs Fill Cybersecurity Talent Gap, Research Finds

National Institute of Standards and Technology (NIST) updates guidance for cybersecurity supply chain risk management

New phishing scams targeting your bank account

New Third-Party Risk Management (TPRM) study shows that organizations are not equipped to handle increasing third-party security incidents

NHS inboxes were hijacked to send 1000+ phishing emails

NIST Published Updated Cybersecurity Supply Chain Risk Management Guidance

Norton finds deepfakes and crypto scams rising in Australia

Nothing personal: Training employees to identify a spear phishing attack

'Once they have access to your screen, they have complete control'. Watch out for these screen-sharing scams

One year removed from the Colonial Pipeline attack, what have we learned?

Online frauds: Do not scan QR code to ‘receive’ the money

Password management needs a rethink

Phishing scam involving Carousell sales re-emerges, public reminded to be alert

Potential Russian cyberattacks demonstrate the need for heightened security

QNAP fixes critical QVR remote command execution vulnerability

Ransomware groups keep healthcare in sights, selling access on the dark web

Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives

Responding To a Healthcare Ransomware Attack: A Step-By-Step Guide

Rise in phishing scams related to the Russian invasion of Ukraine

Russia pummelled by pro-Ukrainian hackers following invasion

Security researchers: Here's how the Lazarus hackers start their attacks

Social engineering, exfiltration and espionage activities by Chinese hackers unveiled

Software Supply Chain Security in the Digital Oil Field

Some South Florida hospitals came under cyberattacks. Here’s what you need to know

South African firms spend more on cybersecurity – and are most worried about remote workers losing laptops

State Bar begins notifying individuals identified in massive data breach

Student data breach in New York City (NYC) also impacted charter schools, districts

The critical importance for security automation

The Growing Danger of Data Exfiltration by Third-Party Web Scripts

The Main Security Challenges Standing in the Way of Crypto Payment Gateways

The rise of phishing

Three Clever Ways Cyber Criminals Hack Your Personal Data

Travellers warned of British Airways scam emails that could infect computers

U.S. offers $15 million reward for information on Conti ransomware group

Ukrainians DDoS Russian Vodka Supply Chains

US agricultural machinery maker AGCO hit by ransomware attack

US Agricultural Machinery Manufacturer Hit with Ransomware Attack

US sanctions Bitcoin laundering service used by North Korean hackers

USB-based Wormable Malware Targets Windows Installer

USB-based Wormable Raspberry Robin Malware Targeting Windows Installer

Voyager, Amazon, Costco, Walmart, and Louis Vuitton - Top Phishing Scams of the Week

What A Cybersecurity Shift-Left Means For SaaS Companies And Their Customers

What Are Dark Web Search Engines and How to Find Them?

What are some Security issues with Blockchains?

What are the most expensive cyber attacks of all time?

What is a social engineering attack?

What Is a Whaling or Whale Phishing Attack Online?

What SMBs are getting wrong about cyber security

What You Should Know About the Meta and Apple Data Breach

When it comes to security, is IoT the new OT?

Which Country Has the Most Cybercrime Per Capita? It's Not the US

Why it's so hard to protect the Texas power grid

Why You Should Strengthen Your SaaS Data Protection

Wind turbine maker Nordex delays Q1 financial report after cyber attack

5th May - World Password Day

5 top items your small business needs on its cybersecurity to-do list

7 threat detection challenges CISOs face and what they can do about it

9 most important steps for SMBs to defend against ransomware attacks

$43 billion stolen through Business Email Compromise since 2016, reports FBI

71% of Nigerian Organisations Suffered Ransomware Attacks in 2021

As ransomware threat increases, a shift in minimum cyber insurance standards is hardening digital defenses

Australia: New South Wales transport authority suffers second network attack

Avoiding Zelle Scams: Here Are 3 Ways To Keep Your Money Safe

AvosLocker Ransomware Uses Driver Files to Disable Anti-Virus Solutions

Benefit Recovery Specialists Data Breach Class Action Settlement

Beware Facebook users, don't fall for this devious phishing scam

Beware! This Fake Windows 10 update will infect your system with Magniber ransomware

Business email compromise costs $43 billion

Can “regular” threat actors become Quasi-APTs?

Celebrating World Password Day

China-linked APT Caught Pilfering Treasure Trove of IP

Chinese APT group Mustang Panda targets European and Russian organizations

Chinese hackers have been running riot on unsecured Windows devices

CIA Wants Russians to Share Secret Info with the Agency via its Darknet Site

CISA urges F5 users to address ‘critical’ vulnerability in BIG-IP software

Cloud Security: Have Issues with Your Cloud? Here Are Some Tips to Secure Your Cloud

Cloudflare Successfully Thwarted One of The Largest DDoS Attacks

Coles issues urgent warning about an email scam encouraging shoppers to fill out a survey for an 'exclusive reward'

Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)

Cyber Threats: What’s Coming (What You Need to Know to Get Ready)

Cyberattack takes down network of State Bar of Georgia

Cybercrime: A lurking threat to companies

Cybersecurity Without Automation Is A Losing Game

Data breaches still a concern for New South Wales (NSW) citizens

Data dilemmas: Why should you care about your device & user data?

Decade-old bugs discovered in Avast, AVG antivirus software

Education Sector Continues to Get Hit with Ransomware Attacks

Emotet, this is the dangerous malware that is becoming more and more active

Exploring Challenges, Benefits of Cyber Insurance in Healthcare

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

FBI: Cyber-scams cost victims $6.9 billion-plus worldwide in 2021

FBI: Email fraud keeps getting worse. Here's how to protect yourself

FBI: Thailand and Hong Kong Banks Used Most in Business Email Compromise (BEC)

FBI Alert Warns of BlackCat Ransomware That Compromised 60 Organizations in 4 Months

FBI warns workers to beware of BEC scams that have stolen $43 billion in five years

Federal Court finds RI Advice failed to manage cybersecurity risks in landmark decision

Four Data Privacy Missteps to Avoid in 2022 and Beyond

From Behavior Analytics to Security Education: 4 Ways Organizations Should Mitigate Modern Insider Attacks

Google, Apple, Microsoft Commit to Eliminating Passwords

Google, Apple, Microsoft make a new commitment for a "passwordless future"

Google, Apple, Microsoft promise end to passwords, courtesy of your mobile phone

Google Assistant’s delayed feature to fix your compromised passwords finally gets a wider rollout

Google fixes actively exploited Android kernel vulnerability

Google Introduces New Features To Automatically Change Your Passwords Found In Data Breach

Google to Add Passwordless Authentication Support to Android and Chrome

Hackers Created a Fake Yuga Labs Website to Trick Collectors Into Handing Over $6.2 Million Worth of Bored Apes and Other NFTs

Here Are 5 Ways In Which You Can Protect Yourself From Online Cyber Fraud

Heroku admits that customer credentials were stolen in cyberattack

Heroku Forces User Password Resets Following GitHub OAuth Token Theft

Heroku resets user passwords after concluding April cyber-attack ran deep

How Ransomware Complacency Could Cost Your Company

How to be proactive in the face of growing cyber threats

Illuminate Data Breach Impacts More School Districts

Importance of Web Filtering in Securing Privacy for Your Business

In the Event of a Cyberattack, Secure Your Data First

Incident of the Week: Car rental customers face chaos during Sixt cyber-attack

India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers

India to introduce six-hour data breach notification rule

Internal data breach discovered at Ikea Canada impacts 95,000 Canadians

It's World Password Day! Here's the one simple tip you need to keep your accounts secure online

Ledger Breach Leaves Shopify Facing Another Crypto-Focused Class Action

Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Microsoft, Apple, and Google to support FIDO passwordless logins

Microsoft, Google, and Apple to Expand Passwordless Logins Across All Major Platforms

National Cyber Security Centre (NCSC) calls on tech firms to tackle rogue apps, but has the ‘horse already bolted’?

National Institute of Standards and Technology (NIST) Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks

National Institute of Standards and Technology (NIST) Updates Cybersecurity Guidance for Supply Chain Risk Management

New fraud emails plague verified accounts on Twitter, user accounts may be in danger

New NetDooka malware spreads via poisoned search results

New Raspberry Robin worm uses Windows Installer to drop malware

NHS Inboxes Hijacked to Send 1000+ Malicious Emails

NIST updates guidance for defending against supply-chain attacks

Passwords aren't going away any time soon

Phishing operation hits NHS email accounts to harvest Microsoft credentials

Phishing scheme targets verified Twitter users; Vulnerability leaves millions of routers & IoT devices at risk

Please stop giving bad password advice

Post Office scam text warning - how to spot fake messages and report them

Ransomware attack: “BlackByte” hacks Swiss logistics group

Ransomware attacks are part of the cost of doing business

Ransomware Payments: Just 46% of Victims Now Pay a Ransom

Ransomware researchers are being targeted by the criminals they track

Researchers Disclose Years-Old Vulnerabilities in Avast and AVG Antivirus

Security Experts Just Issued This Urgent Warning to All Gmail Users

SentinelOne finds high-severity flaws in Avast, AVG

Serious Snipe-IT bug exploitable to send password reset email traps

Stop Naming Vulnerabilities – Just Stop

Tackling the threats posed by shadow IT

Telenor warns customers in Norway of new scam

Terrifying ransomware threat ‘a cat-and-mouse game’

The 10 largest data breaches ever reported in healthcare

The Importance of Defining Secure Code

The world’s biggest tech companies want to kill passwords on Password Day

This Study Shows How Woefully Underprepared Small Businesses Are for Ransomware Attacks

Thousands of Borrowers' Data Exposed from ENCollect Debt Collection Service

Toei Animation Claims Recent Hack Caused By Third-Party Software Download, Assures Fans “Anime Production Are More Or Less Functioning Normally”

Top 10 Cybersecurity Challenges in the Healthcare Industry

Top 10 Cybersecurity Vulnerabilities of 2021

Top Ransomware Attack Targets: Telecom Leapfrogs Healthcare

Top Threats your Business Can Prevent on the DNS Level

Trinidad & Tobago under attack

Types of password attacks

U.S. Passes New Cybersecurity Law for Critical Infrastructure Reporting

Ukraine’s IT Army is disrupting Russia's alcohol distribution

UNC3524: The nearly invisible cyberespionage threat sitting on network appliances

Upstart NFT Drops Scam Alert: Bored Ape Yacht Club & Moonbirds

US data compromises affected over 20 million people in Q1 2022

VHD Ransomware Linked to North Korea’s Lazarus Group

VM escape and root access bugs fixed in Cisco NFV infrastructure software

Wandering the dark web: What hackers can do with your data

WannaCry showed the world how not to write ransomware

Warning issued to every Apple or Android phone user over apps which could empty bank account

What to Do If Your Instagram Account Gets Hacked

White House: Prepare for cryptography-cracking quantum computers

White House: Quantum computers could crack encryption, so here's what we need to do

Why Authoritarian Governments Love Their ‘Patriotic Hackers’

Why backing up files is essential for preventing data loss

Why You Should Care About World Password Day

Will FIDO Replace OTP Multi-Factor Authentication?

World Password Day: 6 Ways Organizations Can Strengthen Employees' Password Practices

World Password Day: 9 Reasons to Adopt a Corporate Password Manager

World PASSWORD DAY 2022: Are You Investing in Password Managers and Biometrics?

4th May

3 Orgs Fall Victim to Separate Phishing, Email Security Incidents

4 steps to tackling ransomware

5 Cybersecurity Lessons We Learned From the Biggest 2021 Data Breaches

9 most important steps for SMBs to defend against ransomware attacks

A checklist to help healthcare organizations respond to a serious cyberattack

Airdrop Phishing, Beware of Scams

Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention

Ape-themed airdrop phishing scams are on the rise, experts warn

Attackers hijack UK NHS email accounts to steal Microsoft logins

Attackers Use Event Logs to Hide Fileless Malware

Australian state transport agency hit by cyber attack

Avoiding Data Breaches: A Guide for Boards and C-Suites

Benefits of Monitoring the Dark Web

Business Email Compromise (BEC) Attacks Explained: Are You at Risk?

Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies

Chinese hackers perform 'rarely seen' Windows mechanism abuse in three-year campaign

Cisco fixes NFVIS bugs that help gain root and hijack hosts

Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software

Coca-Cola at center of new Stormous hacking claims

Critical RCE Bug Reported in dotCMS Content Management Software

Cyber-security chiefs warn of malicious app risk

Cybercriminals love South Africa

Cybereason Discloses Attack Vector Used by Chinese Cybergang to Steal IP

Cybersecurity: Ransom attacks

Cybersecurity continues to be a top priority in Canada

Ethiopia ‘foils’ cyber-attack on Nile dam, financial institutions

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

FBI says business email compromise is a $43 billion scam

FBI to Remote Workers: Be Careful of This Easy-to-Miss, Costly Scam

Future factory: Protecting the plant from cyber-criminals

Gmail users are being fooled by nasty new scam - vital advice will stop you being next

Good end user passwords begin with a well-enforced password policy

Google Assistant can now automatically change your stolen passwords

Google Sees More APTs Using Ukraine War-Related Themes

Google TAG sees China PLA group go after multiple Russian defence contractors

Graham and Brown targeted in 'brutal' cyber attack

Hackers stole data undetected from US, European orgs since 2019

Has your official State Bank of India (SBI) account been blocked? Know the truth behind this SMS

Healthcare and Education Sectors Most Susceptible to Cyber Incidents

Healthcare and Education sectors most vulnerable to cyber risk

Heroku forces user password resets but fails to explain why

Heroku to begin user password reset almost a month after GitHub OAuth token theft

HHS Information Security Program 'Not Effective'

Hundreds of students affected by data breach at University of Essex

India faced over 18 million cyber threats in Q1 2022: Norton

Insurance Companies Start Refusing to Ransom Coverage As Average Amounts Demanded Cross $800,000

Is the financial sector still on cybercriminals’ radars?

It isn't just Israel that needs a 'cyber Iron Dome'

Less than one-third of APAC organisations publicly reveal ransomware attacks

Maintaining Business Continuity In An Age of Increased Threats

Malware identified used in RIPTA breach that affected 22,000 Rhode Islanders

Mozilla privacy survey finds mental health and prayer apps fail privacy test pretty spectacularly

National Cyber Security Centre (NCSC) Updates Code of Practice for Smart Building Security

New Dog, Old Tricks: Reducing Cryptocurrency Phishing Vulnerabilities

New Ransomware Variant Linked to North Korean Cyber Army

NHS email accounts hijacked for phishing campaign

NIMHANS files complaint over a month after ransomware attack

No ransom paid for GEBE attack, no firm date for reopening

One in 99 emails is phishing

Operation CuckooBees: Notorious Chinese hackers took trillions of dollars from about 30 companies

Over 7 In 10 Indian Firms Suffered From Ransomware Attack Last Year

Overcoming the data breach requires security practices with purpose

Perhaps not surprisingly, the most common security risk for businesses is phishing

Phishers taking advantage of Gmail’s SMTP relay service to impersonate brands

Phishing Takeaways from the Conti Ransomware Leaks

Phishing Threats Attempt to Hook New Government Victims

Pixiv, DeviantArt artists hit by NFT job offers pushing malware

Practices urged to step up fraud prevention as accountants warn of rising risk

Pro-Ukraine hackers use Docker images to DDoS Russian sites

Protect Users and Networks from Malware Hidden in Images and Attached Files

Quantum computing and risk to data security for enterprises

Ransomware attack cost freight firm Expeditors $60 million in IT remediation and lost shipping

Ransomware strains have been now linked to the APT38 hacker group known for financial focus

Rhode Island Public Transit Authority (RIPTA) releases note from hackers in ransomware attack

Rising Premiums and Ransomware: The Cyber Insurance Balancing Act

Russian cyber attack targeting Bulgarian post

Russian Hacker Group APT 29 Target Diplomats And Government Agencies

Russian Hackers Attacking Diplomatic Organizations in Europe, America, and Asia

Salusive Health Shuts Doors, Provides Data Breach Notification

Securities and Exchange Commission (SEC) Doubles Cyber and Crypto Assets Team

Securities and Exchange Commission (SEC) nearly doubles size of crypto and cyber enforcement unit

Securities and Exchange Commission (SEC) Plans to Hire More Staff in Crypto Enforcement Unit to Fight Frauds

Security and compliance rank as the top challenges for deploying cloud-native apps

Shields Up: Russian Cyberattacks Headed Our Way

Sixt Cyber-attack - What You Need to Know

South Africa ranked 6th country most affected by cybercrime, research finds

South Africa shows lowest rise in cybercrimes, finds new study

South African corporates over budget on security, but cyber risks mount

State Bar of Georgia reels from cyber-attack

State-Backed Chinese Hackers Target Russia

Stealthy APT group plunders very specific corporate email accounts

Students' private information leaked, Districts reveals details about data breach earlier this year

Texas power grid under constant Russian cyber threats while also facing peak demand as temps rise

The 6 steps to a successful cyber defense

The most common security issue for businesses probably isn't that big a surprise

The Rise Of Web3: What Cybersecurity Concerns Should We Look Out For?

The threat ICS malware poses to the electric power sector

This researcher just beat ransomware gangs at their own game

This sneaky hacking group hid inside networks for 18 months without being detected

This unpatched DNS bug could put 'well-known' IoT devices at risk

Three Key Ideas To Evaluate Your Security Strategy Differently

Tips to Protecting Yourself Against Crypto Scams

Top 3 Cloud security threats to watch out for

Top Questions from CISOs on Cyber Insurance

Transport for NSW struck by cyber attack

Trezor Wallet Users File Lawsuit Against Intuit: Digital Assets Stolen In A Phishing Attack

Twitter Blue Badge Phishing Scams Are Targeting Verified Accounts

UK to Place Security Requirements on App Developers and Store Operators

Ukraine cyberthreat activity ramps up against critical infrastructure, governments

Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

US Securities and Exchange Commission to Expand Cyber Investigations Unit Amid Growing Crypto-Threats

Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption

Web Application Firewall (WAF) Multi-Vector and DDoS attacks are spiking in Australia

What is Cyber Insurance and Does Your Small Business Need It?

When a Ransomware Attack Sends Students Home

Why cybersecurity isn't just tech's problem – it's HR's

Winnti APT group stole trillions in intellectual property

World Password Day 2022 – Password Tips and Best Practices

3rd May

5 Cybersecurity Threats That Aren’t Going Away

10 Biggest Healthcare Data Breaches in the World

A 3-step approach to cyber defense: Before, during and after a ransomware attack

Amid attacks, Israel urges companies to upgrade cyber defence

Analysis of BlackByte Ransomware's Go-Based Variants

April ransomware attacks slam US universities

Aruba and Avaya network switches are vulnerable to RCE attacks

Attackers Use Fake Windows 10 Update To Spread Magniber Ransomware

AvosLocker ransomware manages to avoid detection and disable AV tools

Businesses should be prepared for Russian escalation

Car Rental Giant Sixt Hit by Cyber-Attack

Chinese state hackers keep targeting Russian government agencies

CISA Extends Recommendations to Non-Federal Organizations

CMS-based sites under attack: The latest threats and trends

Conti ransomware group’s ‘used car salesmen negotiations’: discounts and limited-time offers

Conti, REvil, LockBit ransomware bugs exploited to block encryption

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

Crypto Cons: Scammers Make a Killing off War in Ukraine

Cyberattacks: What Radiology IT Departments Must Do Now

Data breach at university being taken ‘very seriously’

Deepfakes Are a Growing Threat to Cybersecurity and Society: Europol

Don’t Disclose Identity Verification Information to Avoid Cryptocurrency Phishing Traps

Ethiopia: Information Network Security Agency (INSA) says cyber attack on Grand Ethiopian Renaissance Dam (GERD), financial institutions foiled

EU legislation targets misinformation and fraud online

Even C-suite executives use terrible passwords like 123456

Evri warning over new phishing text message scam: How to report and what is smishing?

Experts Analyze Conti and Hive Ransomware Gangs' Chats With Their Victims

Five Security Lessons From the Lapsus$ Attacks

Geopolitical Cyber Attacks - The New Battlefield

Google: Nation-state phishing campaigns expanding to target Eastern Europe orgs

Hackers used the Log4j flaw to gain access before moving across a company's network, say security researchers

How the Ukraine conflict is reshaping the dark web

How To Safeguard Your Cryptocurrency Investments?

How XDR provides protection against advanced exploits

Hybrid working and cyber

Identity Theft: What Is It And How Does It Work?

Illuminate Education Data Breach Impacted At Least 24 Districts, 18 Charter Schools in New York; Investigation Launched

Increasing the effectiveness of multi-government cyber takedowns

Internal chats of ransomware cybercriminals reveal ways to avoid becoming a victim

Is India up for a major cybersecurity overhaul?

Kellogg Community College (KCC) to resume operations Wednesday morning after ransomware attack

List of data breaches and cyber attacks in April 2022 – 14.3 million records breached

Major Ransomware Attacks in Peru and Costa Rica Spell More Trouble for Region

Many CEOs Are Using These Ridiculously Simple Passwords, Cybersecurity Report Shows

Mental Health and Prayer Apps Fail the Privacy Test

Millions of Windows 10 users warned over dangerous ransomware threat

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

Multi-Factor Authentication (MFA) doesn’t stop ransomware

Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say

New phishing warns: Your verified Twitter account may be at risk

New ransomware strains linked to North Korean government hackers

Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google

Operational Continuity-Cyber Incident Checklist Published by Health Sector Coordinating Council (HSCC)

Over a month after cyberattack, National Institute of Mental Health and Neurosciences (NIMHANS) files police complaint

Password tips to keep your accounts safe

Phishers exploit Google’s SMTP Relay service to deliver spoofed emails

Phishing scam convinces US government to pay $23.5 million to cyber criminals

Plainfield cyber attack: What's been recovered and what's still lost, thanks to hackers?

Ransomware Attack Closes Michigan College

Ransomware attacks soar in a year, data shows

Ransomware Threat Actors Pivot from Big Game to Big Shame Hunting

Relentless ransomware disguised as Windows Updates takes aim at students

Rental car company Sixt confirms cyber attack, leaves scores of UK customers in the dark

Researchers tie ransomware families to North Korean cyber-army

Russian cybercriminals are attempting to compromise Europe’s renewable energy infrastructure

Russian Cyberspies Target Diplomats With New Malware

Russian hacker group APT29 targeting diplomats

Salusive Health Closes Business Following Cyberattack

Securities and Exchange Commission (SEC) ramps up fight on cryptocurrency fraud by doubling cyber unit

Security Think Tank: Solving for complexity in the network

Sextortion On A Rise, Beware Of ‘Enticing’ Video Calls And Chats

Shopping for cyber insurance? Six questions to ask before calling the insurer

SolarWinds hackers set up phony media outlets to trick targets

TA410: The 3-headed cyberespionage threat actor

The Italian Banking Association hit by a ransomware attack

The Ultimate SaaS Data Protection Checklist

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches

Two Law Firm Data Breaches And New Breach Stats

University of Essex data breach being taken 'very seriously'

Unpatched DNS bug affects millions of routers and IoT devices

Use Windows 10, Outlook or Word? Your Microsoft accounts face the biggest threat

What Should I Know About Defending IoT Attack Surfaces?

What to expect when negotiating with Conti and Hive ransomware gangs

Why World Password Day should become World Passwordless Day

You’re outraged — and that makes you vulnerable online

2nd May

10 most common Multi-Factor Authentication (MFA) excuses, and how to answer them

11 Ways to Prevent Data Loss and Data Breaches in 2022

55% of people rely on their memory to manage passwords

After ransomware, Austin Peay moves ahead with finals

Australia Post scam joins AusPost SMS, how to tell

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Bad Actors Are Maximizing Remote Everything

Bored Ape Yacht Club (BAYC) Experiences Phishing Attack: Hackers Targeted Their Instagram Account

Californian Phished $23.5m from Department of Defense (DoD)

Car rental giant Sixt facing disruptions due to a cyberattack

Chinese cyber-espionage group Moshen Dragon targets Asian telcos

Chinese Hackers Caught Exploiting Popular Antivirus Products to Target Telecom Sector

Chinese "Override Panda" Hackers Resurface With New Espionage Attacks

Chronic care startup myNurse shuts down following data breach

Cyber warfare, ransomware and remote working – the biggest cyber threats to businesses right now

Cyberattacks could affect planting season

Cybersecurity a crucial component of blockchain ecosystem

Cybersecurity metrics corporate boards want to see

Cyberspies breach networks via IP cameras to steal Exchange emails

Do phishing simulations work? Sometimes

Don’t panic! (Almost) everything you need to know about cyber risks, resilience and responsibilities

Getting Intelligent About Browser Security

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was "Highly Targeted"

Google SMTP relay service abused for sending phishing emails

Google Warns of Cyber Attack HACK: Your Phone Can Send Your MONEY In Just 2 Seconds

Health startup myNurse to shut down after data breach exposed health records

Health workers in privacy missteps: How-to guide to avoiding patient privacy breaches

How Advances in Cloud Security Can Help with Ransomware

How Log4j Reshaped Cloud Security Thinking

How ransomware shut down an English council

How Safe are Online Casinos in 2022?

How to avoid security blind spots when logging and monitoring

How To Protect Your Small / Medium Business From Cyber-attack

How To Solve the Machine Identity Crisis

Impact of the Russian-Ukraine Conflict on Cybersecurity

India mandates data breach notification within six hours

Indian education sector biggest target of cyber threats, remote learning among key triggers

Indiana Amends Data Breach Notification Law

Insider Threats And How To Protect Your Network

Kansas City, Kansas, Remains Relatively Silent on Cyber Attack

Kellogg Community College in Kalamazoo Victim of Ransomware Attack; Classes Cancelled

Liberty Partners Reports Data Breach From Hacked Corporate Email Accounts

Making Zero Trust security a frictionless experience for the users

Malaysia: Protect banking credentials against malware this festive season

Man Convicted in Phishing Scam That Cost U.S. Department of Defense (DoD) $23.5M

More than four million cyber-attack attempts against Costa Rica

Mozilla finds mental health apps fail 'spectacularly' at user security, data policies

New 'Bumblebee' Malware Loader Used by Several Cybercrime Groups

New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions

New OWASP Top 10: Beware of Poor Security Practices

New Regulations in India Require Orgs to Report Cyber Incidents Within 6 Hours

Only 40% of businesses have multiple solutions to protect against cybercrime

Onyx Ransomware Destroys Large Files Instead of Locking Them

Optimizing XDR Through MSSP Collaboration

Otherside Phishing Scams Successfully Steal Blue-Chip NFTs

Protecting Against Container Threats in the Cloud

Protecting CXOs From Whaling

Ransomware Study 2022: attacks are up, ransom payments are increasing

REvil ransomware group is back with a vengeance

Romania under cyberattack coming from Russia's Killnet

Russian Hackers Targeting Diplomatic Entities in Europe, Americas, and Asia

Spain’s PM mobile phone infected by Pegasus spyware

Spring4Shell Marks the end of ‘Snooze Button’ Security

Spyware Found on Spanish PM's Phone

The Art Of Phishing: Bait The Hook, Sit And Wait

Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline

U.S. Department of Defense (DoD) tricked into paying $23.5 million to phishing actor

Unpatched DNS Related Vulnerability Affects a Wide Range of IoT Devices

Urgent Windows 10 alert: Don't download this 'Microsoft' update, it will be costly

Using Favicons to Discover Phishing & Brand Impersonation Websites

Vulnerability, Threats, Exploits and their relationship with risk

What is a Security Operations Center (SOC) and Why Do You Need It?

What is malware?

What You Don’t Know About Cyber Insurance Can Cost You

Which Hole to Plug First? Solving Chronic Vulnerability Patching Overload

Which? and Action Fraud warning over fake Martin Lewis investment scheme scams

You Should Be Changing Your Password More Often Than You Think