Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 2 January 2023

Data Breaches Digest - Week 1 2023

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 2nd January and 8th January 2023.

8th January

Blind Eagle Hacker Group Launching Indiscriminate Attacks Using Powerful Toolset

Charlie Hebdo Website Hacked after Cartoons Insulting Islamist Iranian Regime

Chick-fil-A urges customers to take action, investigates ‘fraudulent activity’ on mobile app accounts

City of Johnstown computer system hacked; police department most affected

Data Breach Warning: Hackers Exploiting ChatGPT To Write Malicious Codes To Steal Your Data

DeFi-type projects received the highest number of attacks in 2022

Do You Know What Is Cyber Hygiene?

Fake Pokemon NFT game installer lets hackers hijack your PC

Google reveals three golden rules to help you spot a cybercriminal and protect your money

How to Protect Yourself After Deezer Data Breach

How to protect yourself, company from email ‘attacks’

Kenya: Beware of the dangers of using email as a communication tool

Mass Student Data Breach as ‘Oxshag’ Website Launched

Nationwide warns of ‘worrying’ actions as scammers need ‘few pieces of data’ to strike

Operations resume at Princeton’s Copper Mountain Mine, following computer attack

Phishing attacks are increasing and getting more sophisticated

Ransomware Statistics and Facts You Need to Know in 2023

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

Serbia reports massive cyberattack on interior ministry

Ten signs your computer may contain malware and is being spied on, according to cyber security experts

Twitter: Hacker Offers Over 200 Million Stolen User Details For Free

7th January

Central Bank of Iran foils cyber attack

Chick-Fil-A Is Investigating Potential Fraud After Alleged Data Hacks

Digital India under Cyber Attack

Federal Communications Commission (FCC) Aims To Beef Up Data Breach Rules

Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware

Increase in ransomware, zero-day vulnerabilities, and supply chain attacks top cyber threats for 2023

Los Angeles housing authority hit by ransomware attack

Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls

Moldovaʼs government hit by flood of phishing attacks

Rise in number of phishing victims

Russian hackers launched attacks on 3 US nuclear research laboratories, says Reuters investigation

Russian Hackers Reportedly Attacked US Nuclear Labs

Tehran: Cyber-attack on Central Bank of Iran thwarted

Urgent warning for PC and Mac users over 10 'red flags' you're being spied on

6th January

10 of the biggest ransomware attacks of 2022

15 Ways to Protect Your Smart TV from Cyberattacks

235 million Twitter accounts were leaked in a huge data breach

Air France and KLM notify customers of account hacks

Amex, Amazon, Netflix, Costco, and Walmart – Top Phishing Scams This Week

Another Twitter data breach: Over 200 million users dumped on Dark Web earlier sold for $200K

Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots

'Bad Actors Have Won The Jackpot': Twitter Hack Exposes Data From Over 200 Million Accounts

Blind Eagle Hacking Group Targets South America With New Tools

Bluebottle hackers target financial institutions using Microsoft-signed driver

Chick-Fil-A Denies App Data Breach After Customers Report Mass Fraud

Chick-fil-A investigates reports of hacked customer accounts

Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices

Consulate Health Care chain hit by Hive

Copper Mountain reopens mine after ransomware attack

Cultivating a cybersecurity culture will help businesses to sustain themselves in the digitally evolving world

Cyber attacks on UK organisations surged 77% in 2022, new research finds

Cyber-attack Disruption to The Guardian Still Ongoing

Dark Web Monitoring For Law Firms: Is It Worthwhile?

Data stolen after Hackers hit 14 UK schools

December DeFi exploits were the lowest in 2022

Defending data breach claims in Ireland

Devon school hit by cyber attack as highly confidential documents leaked

Digital Transformation Driving Increased Cybersecurity Costs

Dridex Malware Now Attacking macOS Systems with Novel Infection Method

Email address of 200 million Twitter users leaked online: Here’s how you can check

FBI: Hackers Are Using Search Engine Ads for Phishing and Malware Distribution

FBI Investigates Cyber Attack Against Ohio County Vendor

Federal Communications Commission (FCC) to mull changes to telecom data breach notifications

Freedom for MegaCortex ransomware victims - the fix is out

Government agencies embrace the "zero trust" cybersecurity future

Hackers Leak Email Addresses of More Than 200 Million Twitter Users, Researchers Say

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

HAW Hamburg with big problems after cyber attack

How False Positives Burn Security Teams Out

How Financial Institutions Can Manage Third-Party Ransomware Risk

How Has Cybercrime Evolved? A Brief History of Cyberattacks

How to Hacker-Proof IoT Components and the Devices Linked to Them

How To Protect Consumer Data In Financial Services Industry

Kenyan hacker syphons $20M from Zimdef bank account

LastPass Hit With Class Action Lawsuit Following Data Breach

London schools hit by cyber attack and pupil data leaked - here's the full list

Los Angeles Housing Authority May Have Fallen Victim to Ransomware

Macs are under attack from this Windows malware — what you need to know

Microsoft doc details the dos and don’ts of Mac ransomware

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

More than 200 million Twitter email addresses leaked

New Jersey Health System Diverts Ambulances Amid “IT Network Issue”

Over 200 million email addresses stolen in Twitter cyber attack

Over 200 Million Twitter Users’ Data Dumped On Dark Web Earlier Sold For $200K

Personal Storage Table Files Accessed in Rackspace Attack

Play ransomware gang behind recent cyber attack on Rackspace

Preventing Insider Attacks on Your HR System

Rackspace: Hackers Obtained Customer Data In Ransomware Attack

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Rackspace says customer data was accessed in ransomware attack; email service won’t be rebuilt

Ransomware attacks on health care systems are increasing in frequency, sophistication

Ransomware decryption tool: Victims of MegaCortex can now unlock their files for free

Ransomware Disruption at The Guardian to Last at Least a Month

Ransomware Hit 200 US Government, Education and Healthcare Organizations in 2022

Recent 2022 cyberattacks presage a rocky 2023

RIHousing announces data breach from 2022

Schools hit by cyber attack and documents leaked

Security Industry Hits Back with MegaCortex Decryptor

SickKids: 80% of hospital priority systems back online after LockBit ransomware attack

SickKids Hospital systems back up and running after ransomware attack

Social Security numbers stolen in ransomware attack on maternal health org

SpyNote malware spies on Android users, steals banking credentials

SSP mocked by ransomware group over alleged $400,000 offer

T-Mobile’s $350M Settlement and the Future of Data Breach Consequences

Tech Ecosystem Is “Really Unsafe” According to Cybersecurity Official

Texas County EMS Agency Says Ransomware Breach Hit 612,000

The ransomware problem isn't going away, and these grim figures prove it

The Robins & Morton Group Files Notice of Recent Data Breach, Compromising Thousands of SSNs

The US cybersecurity imperative: fortifying critical infrastructure

This new Linux malware floods machines with cryptominers and DDoS bots

Toronto SickKids lifts Code Grey as recovery from ransomware attack continues

Trustwave report says businesses need to get more proactive about ransomware

Twitter data breach shows APIs are a goldmine for PII and social engineering

Twitter hacked: Email addresses of more than 200 million users stolen, according to cybersecurity expert

Twitter hacked, 200 million user email addresses leaked

Twitter Hacked, More than 200M Email Addresses Leaked, Researcher Says

Twitter hacked and data of 200 million users leaked on dark web, says researcher

Twitter leak exposes 235 million email addresses from hack

Twitter Scraping Breach: 209 Million Accounts Leaked on Hacker Forum

Twitter's mushrooming data breach crisis could prove costly

UK: Schools hit by cyber attack and documents leaked

UK Schools Hit by Mass Leak of Confidential Data

US Family Planning Non-Profit Maternal & Family Health Services (MFHS) Confirms Ransomware Attack

Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans

Vietnam: Ho Chi Minh City hacker jailed for robbing cryptocurrency exchange platform

VSCode Marketplace can be abused to host malicious extensions

Wabtec Announces Global Data Breach In LockBit Attack

Wabtec Corporation Files Notice of Data Breach Leaking Vast Amounts of Information

What to consider when budgeting for 2023’s OT cybersecurity needs and wants

Why is Cyber Security failing?

Why remote and hybrid work could fuel cyber attacks in 2023

You'll never guess how many types of malware exist

5th January

Are Business Logic Flaws Leaving Your APIs at Risk?

Bitdefender releases decryptor for MegaCortex ransomware after Swiss police raids

Bitdefender releases free MegaCortex ransomware decryptor

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations

Bluebottle hackers used signed Windows driver in attacks on banks

CircleCI Urges Customers to Rotate Secrets Following Security Incident

CircleCI warns of security breach - rotate your secrets!

Cloud email services bolster encryption against hackers

Criminal Hackers Leak Email Addresses of 220 Million Twitter Users

Cyber Insurance: A Must Have, Not a Nice to Have

Cybercrime group targeting banks in African Francophone countries

Data backup is no longer just about operational fallback

Data Breach: CircleCI Says Immediately 'Rotate Your Secrets'

DevOps platform CircleCI suffers breach, urges immediate user action

East Ayrshire Council launch immediate 'data breach' probe after claims 'vulnerable' child's picture was used on social media

Fallout from Guardian cyber attack to last at least a month

Feds Boost Cyber Spending as Security Threats to Data Proliferate

Ferrari, BMW, Rolls Royce, Porsche and more fix vulnerabilities giving car takeover capabilities

Five Guys Discloses Data Breach Affecting Employee PII

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities

France fines Apple for targeted App Store ads without consent

Hacker collective Anonymous downs Serbian defence ministry website

Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month

Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware

Incident of the Week: Almost 50,000 UK government ministers vulnerable to cyber attacks

Irish DPC Adds Late December Data Breach of 400 Million Twitter Users To Existing Probe of API Vulnerabilities

Irish Regulators Fine Facebook $414 Million for Forcing Users to Accept Targeted Ads

LockBit ransomware gang says sorry, gives free decryptor to SickKids hospital

Meta to Appeal €390m GDPR Fine

Morocco’s CIH Bank Warns Customers of Phishing Scam

Now this password-stealing Android malware wants to grab your bank details too

Onondaga County Records System Back Online After Cyber Attack

Over 200 Million Twitter Users' Details Leaked on Hacker Forum

Patient sues CommonSpirit over ransomware attack

Predictor or Pitfall? Third Party Security Evaluators

Rackspace: Customer email data accessed in ransomware attack

Rail Tech Giant Wabtec Discloses Global Data Breach

Ransomware: Protect Your Data Backups, Too

Ransomware Attack Disrupts Classes for Massachusetts School System

Ransomware gangs are exploiting Fortinet Devices vulnerabilities. Patch these high-severity command injection flaws

Romanian hospital victim of ransomware attack

Slack's private GitHub code repositories stolen over holidays

Some of Slack's private GitHub code was stolen following a data breach

SpyNote Android malware infections surge after source code leak

SpyNote Strikes Again: Android Spyware Targeting Financial Institutions

Taiwan: Chungshan institute denies data breach

The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media

Things to know and do before you switch from VPN to Zero Trust Network Access (ZTNA)

Twitter: Millions of users' email addresses 'stolen' in data hack

Twitter data breach: Hacker put 200M users’ private information up for grabs

US family planning non-profit Maternal & Family Health Services (MFHS) says patient medical data stolen in ransomware attack

Volvo data breach sees information offered for sale on hacking forums

Wabtec data breach exposes sensitive customer information

What Is A Data Breach?

What is Malware?

4th January

9 steps to protecting backup servers from ransomware

200 million Twitter users’ email addresses allegedly leaked online

Arkansas Hospital Notifies Patients of Healthcare Data Breach

Arnold Clark hit by cyber attack in late December

Attackers evolve strategies to outmaneuver security teams

Attackers use stolen banking data as phishing lure to deploy BitRAT

Billion-dollar rail firm confirms data breach after suspected ransomware attack

Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure

CommonSpirit Health sued over data breach involving 600,000 patients

CommonSpirit Health sued over ransomware attack

Cook EBITDA slumps £2m following Christmas 2021 cyber-attack

Cyber attack leaves school board’s employee data compromised

Data From 200 Million Twitter Users Offered For Free On Hacker Forum

December ransomware disclosures reveal high-profile victims

Deezer admits data breach that potentially exposed over 220 million users’ info

End User Scams and Phishing Attacks in Web3: Are They Being Underreported?

Financial institutions in Portugal and Spain targeted by new Raspberry Robin malware

Five Guys Data Breach Puts HR Data Under a Heat Lamp

General Electric Insider Handed Two Years for IP Theft

GMX Tokens Worth $3.4 Million Stolen in Phishing Attack on Whale

Hacker Selling Data Allegedly Stolen From Volvo Cars Following Ransomware Attack

Hackers abuse Windows error reporting tool to deploy malware

Hackers target L.A.'s Housing Authority in a suspected ransomware attack

Implementing a Cybersecurity Strategy in the Banking Sector

Investigation launched into Twitter after 400m user details posted on hacking forum

Irish privacy watchdog fines Meta $400 million amid disagreement among European authorities

LockBit ransomware gang strikes the Port of Lisbon, demands a $1.5m ransom

LockBit ransomware group 'apologizes' for children's hospital cyberattack

Machine-Learning Python package compromised in supply chain attack

Malicious PyTorch Package Downloaded Thousands of Times

Massachusetts school district, community college dealing with fallout from ransomware attacks

Medstar Mobile Healthcare Files Notice of Data Breach Affecting 612k Patients

Meta to fight €390 million fine for breaching EU data privacy laws

Meta violates GDPR with non-compliant targeted ad practices, earns over $400 million in fines

New Jersey Hospital Cyber Attack Disrupts Patient Admissions

New Phishing Campaign Impersonates Flipper Zero to Target Cyber Professionals

New SHC-compiled Linux malware installs cryptominers, DDoS bots

New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner

NHS is Most Scammed UK Government "Brand"

Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws

Rackspace confirms Play ransomware was behind recent cyberattack

Ransomware predictions in 2023: more government action and a pivot to data extortion

Rhode Island housing and mortgage finance agency hit by data breach

RTFKT COO loses NFTs worth $170K to phishing attack

Study Finds Average Cost of Data Breaches Reaches All-Time High in 2022

Swansea schools will reopen on Thursday after cyber attack

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

The FBI's Perspective on Ransomware

The Guardian ransomware attack hits week two as staff told to work from home

These grim figures show that the ransomware problem isn't going away

Toyota, Mercedes, BMW API flaws exposed owners’ personal info

Toyota Discloses Data Breach – Customers’ Personal Information Exposed

Toyota Motor's Indian unit warns of a possible customer data breach

Train ticketing platform RailYatri hit by data breach

Twitter said to have suffered data breach as hackers expose 235 million users' information

US Regulators Warn Banks About Cryptocurrency Security Risks

Weaponizing the Law in the Fight Against Cyber-Criminals

Why Phishing-Resistant MFA is Critical in 2023, And How Certificate-Based Authentication (CBA) Can Help

Zero-Trust 101: What it Is and How to Implement It

Zoho urges admins to patch critical ManageEngine bug immediately

3rd January

5 Easy Steps to Secure Your Small Business’s Network

Arnold Clark’s Christmas cyber attack recovery a ‘mammoth task’

BitRAT malware campaign uses stolen bank data for phishing

BlackCat gang clones victim's website for data leak

Carousell, banks in Singapore take steps to tackle spike in phishing scams

Cyber attack hits Port of Lisbon

Cyber attacks in Italy up 138% after Ukraine war

Data breach: How to check if your personal details are compromised and what to do to stay safe

Enforcement vs. Enrollment-based Security: How to Balance Security and Employee Trust

Hackers target Arnold Clark in Christmas Eve cyber attack as bosses insist customer information is safe

Hackers Use Excel Add-Ins as Initial Penetration Vector

Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware

Hacking the metaverse: Why Meta wants you to find the flaws in its newest headsets

How Does Artificial Intelligence Reduce the Chance of a Cyber Breach?

How Much Has Cybercrime Increased in 2023?

How Scammers Are Impersonating Singapore Post and Singtel With Phishing Messages

How to secure personal data amid a breach: Here's a list of dos and don'ts

How to stay digitally secure during holiday season

India: Government's 2-factor authentication system 'Kavach' targeted in cyber attack

Ireland: Twitter woes continue as DPC investigates data breach

List of data breaches and cyber attacks in December 2022 – 31.5 million records breached

LockBit Hands Ransomware Decryptor to Kids' Hospital

Los Angeles housing authority says cyberattack disrupting systems

Mitigating cybersecurity threats in education institutions

More than 200 U.S. institutions hit with ransomware in 2022

No Major Spike in Reported Ransomware in 2022

Ongoing Flipper Zero phishing attacks target infosec community

Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks

Pakistan Cricket Board’s official YouTube channel briefly hacked

Poland warns of attacks by Russia-linked Ghostwriter hacking group

Rail giant Wabtec discloses data breach after Lockbit ransomware attack

Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe

RedMart slapped with SG$72,000 for data breach

Researcher finds Google Home speaker vulnerable of getting hacked and snooping on conversations

Researchers Discover New Linux Malware Targeting WordPress Sites

Royal ransomware claims attack on Queensland University of Technology

Security teams expect breach and incident reporting requirements to create more work

Synology fixes maximum severity vulnerability in VPN routers

The cybersecurity industry will undergo significant changes in 2023

The Guardian contacts data protection regulator after suspected ransomware incident

The Significance of Health Care Data Security

The Importance of Cyber Resilience in the Communications Sector

Tips to overcome the limitations of MFA

Top ERP Firm Exposing Half a Million Indian Job Seekers Data

Ukrainian Cops Bust Major Vishing Call Center

2nd January

3Commas is Reportedly Under FBI Investigation for Data Breach

85% of IT Pros Fear Cybersecurity Issues in 2023

2022 in review: 10 of the year’s biggest cyberattacks

Advanced AI Will Make Scams Harder to Spot: Here's Why

Attack Path Analysis: A Key to a Secure Hybrid Cloud

Attackers never let a critical vulnerability go to waste

Australia: Aussies lost $526 million to scams in 2022

Bitcoin ($BTC) Core Developer Loses $3.6 Million to Hacker, Calling Into Question Crypto Mass Adoption

Bristol Community College investigates attempted data breach

Cloud Phishing: New Tricks and the Crown Jewel

Copper Mining Firm Shuts Down Mill after Ransomware Attack

Crooks monitor Twitter complaints to target users via phishing

Cyber attack halts operations at Lawrence County Recorder’s Office

Cyberhackers get bigger playground for attacks, says expert

Data Breach At Toyota-Kirloskar Motor Could Expose Customer Data: All You Need To Know

FBI Looking Closely Into Data Breach At 3Commas

Four cyber concerns looming in the new year

Getting data loss prevention right

Google Home speakers were vulnerable to eavesdropping hackers

Google to Pay $29.5 Million to Settle Lawsuits Over User Location Tracking

Hacker Lexicon: What Is a Pig Butchering Scam?

Hackers may have accessed some patient info at Kelberman Center

How is AI (Artificial Intelligence) Revolutionizing the Cybersecurity Industry?

How Protected Is Your Organization Against Cyberattacks?

How Reliable Is Cloud Computing?

How To: Manage ‘Dark Data’ in Organizations

How to identify and curb phishing attacks

LockBit ransomware attacks port infrastructures, releases free decryptor for children's hospital

LockBit Ransomware Extends Decryptor to SickKids Hospital, Apologizes for the Cyberattack

Malaysian Agencies Investigate Alleged Breach Affecting 13 Million

MasquerAds - The Latest Malware Campaign That Leverages Google Ads

More than 200+ BTC stolen by hacker, claims Bitcoin's core developer

Navigating Crypto: Here’s How to Prepare Yourself for Big Hacks

Netgear urges users to update popular router models to address vulnerability

North Korean hackers are posing as venture capital firms to steal crypto

PyTorch Machine Learning Framework Compromised with Malicious Dependency

Rackspace identifies hacking group responsible for early December ransomware attack

Ransomware ecosystem becoming more diverse for 2023

Ransomware Gang Says It Leaked Data from Xavier University Students, Staff

Ransomware group claims to have encrypted Centro Médico Virgen De La Caridad

Ransomware group LockBit apologizes saying ‘partner’ was behind SickKids attack

Ransomware impacts over 200 government, education, healthcare orgs in 2022

RedZei Chinese Scammers Targeting Chinese Students in the U.K.

Remember to Regularly Change Your Passwords for Enhanced Security

The Issue of Overreliance on Detection Solutions in the Security Stack

The 6 Most Common Cyberattacks That Could Impact Companies In 2023

The role of email spam in 2023 for cybercrime

Think like a hacker: Offensive cybersecurity approaches

Those holiday scams - Staying digitally secure this season

Toyota's Indian unit warns of a possible customer data breach

Twitter Faces Probe After Data On 400m Users Offered For Sale

Warning for all Android and iPhone owners – you may be a ‘butchered pig’ about to lose thousands

Watch out for ‘Meta-Phish’: New scam seeks to collect data on Facebook users

What Is Cyber Resilience and Why Does It Matter?

What is ethical hacking?

Why Do Ransomware Victims Pay for Data Deletion Guarantees?

Why we need global rules to crack down on cybercrime

WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws

Zero trust security solutions for zero-day threats