Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 30 January 2023

Data Breaches Digest - Week 5 2023

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 30th January and 5th February 2023.

5th February

5 Common Types of Cyber Attacks and How to Prevent Them

A few easy changes can protect personal information

Action Fraud warn people to be vigilant about fake McAfee emails

Birmingham medical practice informs patients of security breach

Civic chiefs in Gloucester 'told off' for making 'damning' confidential cyber attack report public

Concurrence of Cyberspace with Terrorism

Finland’s Most-Wanted Hacker Nabbed in France

Five Guys allegedly hit by ransomware

Funds Stolen in Phishing Attack Laundered at Secret Address

Gala Doggy Day Care Centre to get compensation from ex-employee

Hackers stole over Rs 31,200 crore from crypto investors in 2022; here's how to keep it safe

How do you know your cybersecurity is being handled?

India: DJVU Most Common Ransomware Impacting

India: 'Offer that seems too good probably can't be trusted'

Instant Checkmate, TruthFinder Data Breach: 20 Million Accounts Leaked

Is your organization cybersecurity ready?

Linux version of Royal Ransomware targets VMware ESXi servers

Malicious insider: Route for ransomware

New Dingo crypto token found charging a 99% transaction fee

New phishing attacks take aim at Telegram vulnerabilities

O2 issues warning over phone call and text that could drain your bank account

Ransomware attacks in Europe target old VMware, agencies say

Ransomware hacking campaign targets Europe and North America, Italy warns

Zero-trust security becoming a significant element for enterprises in adopting cybersecurity solutions

4th February

8 Pros and Cons of Penetration Testing

Australia Gives Its Crypto Watchdogs More Teeth To Fight Scammers

Australian Medical Association (AMA) calls for stronger laws to protect patient data

Banner Health paid $1.25 million to resolve federal data breach probe

Best passwords: Strong password ideas for greater safety

Beware! The Last of Us Download Scam Prey on the Innocent

ChatGPT is used by cybercriminals to write better phishing emails

ChatGPT lets scammers craft emails that are so convincing they can get cash from victims without even relying on malware

Cyber-attack results in more than $800K stolen from Houston business, lawsuit filed

Dark Web Developer Wanted: Malicious Actors Join IT Talent Hunt

Data Breach: Over 110,000 More Users Affected in ‘LG Uplus’ Data Breach

DHL Email Scams: How To Spot The Fakes

Digital Rights Ireland to sue for damages for Facebook users over dark web data leak

Dynamic Approaches seen in AveMaria's Distribution Strategy

Enbridge Gas Warning Customers Of Scam Emails

Feds Confirm Cyberattack Caused Nation’s Critical Suicide Helpline Outage

Four more attacks on the healthcare sector

Identifying and Managing Cybersecurity Risks in the Construction Industry

India: 50 government websites hacked, 8 data breaches in 2022

India’s Largest Truck Brokerage Company Leaking 140GB of Data

Infrastructure sectors hit hardest by ransomware

Iran Behind Cyber Attack On Charlie Hebdo: Microsoft

Massive Ransomware Campaign Targeting Unpatched VMware ESXi Servers

Massive Ransomware Campaign Targets VMware ESXi Servers

New Wave of Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

New York attorney general forces spyware vendor to alert victims

No victims were identified in the Russian inquiry into the REvil case, and the number of individuals who were stolen is unknown

North Korean Hacker Group Targeted Medical & Energy Sectors

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

'Ransomware Year' May Be The Most Devastating Ever

Tallahassee hospital takes IT systems offline, postpones procedures after apparent cyber attack

The five tell-tale signs in scam texts: From 'your eBay order has been despatched' to 'you have a new direct debit'...how to tell the fake from the real - and the iPhone trick to filter them out for good

U.S. reverse-hacks cryptocurrencies stolen by North Korea

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

What Are the Major Cybersecurity Risks Associated with Cryptocurrency?

What does it take to control cybercrime in Nepal?

What Is Data Scraping?

What Should Leaders Do To Prepare For The Future Of Compliance?

Why are US Legislators Still Using Apps That Can Collect Data for Foreign Governments?

3rd February

16 Effective Ways Tech Leaders Can Increase Cybersecurity Standards

A four-day working week still requires seven days security

Adversaries Using OpenAI’s ChatGPT Chatbot for Cyberattacks? Here are Some Clues

Africa must strengthen cyber defence in mining and energy

ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

API Leaks: Understanding The Threats

Apparent cyberattack forces Florida hospital system to divert some emergency patients to other facilities

AT&T iPad Scam, Southwest Airlines, Walmart / DHL Shipping Text, and MetaMask Phishing – Top Scams This Week

Atlassian Patches Critical Authentication Flaw in Jira Software

Atlassian warns of critical Jira Service Management auth flaw

Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability

BlackCat ransomware gang targeted Indian weapons manufacturer, stole classified military secrets

Businesses Bolster Defenses as Data Breach Concerns Grow

Canon USA Settles with Employees Affected by 2020 Ransomware Attack

Charlie Hebdo Hit by Iranian Cyber Attack

CISA adds Oracle, SugarCRM bugs to exploited vulnerabilities list

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

Claimed data breach: 'No confidential information disclosed'

Commodity Futures Trading Commission (CFTC) Chief Plots New Cyber Rules in Wake of ION Trading Hack

Commodity Futures Trading Commission (CFTC) issues statement on cybersecurity breach at ION Cleared Derivatives

Credential Stuffing - Protection Techniques for Organisations and End-Users

Customizable new DDoS service already appears to have fans among pro-Russia hacking groups

Cyber Forecast for 2023 and Beyond: Hang on for a Bumpy Digital Ride

Cyber Fraud in the Gaming, Travel and Leisure Industries

Cyber Insurer Sees Remote Access, Cloud Databases Under Fire

Cyberattacks: which brands are most used to steal information

Electric Vehicle (EV) Charging Stations at Risk of DoS Attacks

Evri text scam: parcel delivery tracking message explained - how to spot texts, what to do to avoid fraud

Fake ChatGPT Apps Start to Steal User Data: Delete These Apps Now

FBI Dismantles Hive Ransomware Network From the Inside, Thwarting Over $130m in Ransom Demands

FBI Seizes NFTs from Crypto Scammer

Finding the right cyber security strategy

Florida hospital takes IT systems offline after cyberattack

For Educational Institutions, Post-Ransomware Harassment Requires A+ Messaging

Former Ubiquiti employee pleads guilty to attempted extortion scheme

Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty

FTX Creditors Warned of Possible Online Scammers

GoAnywhere MFT zero-day vulnerability lets hackers breach servers

Google Ads in Search Results May Lead to Malvertising Attacks

Google Fi Data Breach – Hackers May Carry Out SIM Swap Attacks

Hacker Exploits BonqDAO Protocol of Over $120 Million

Hackers are using this new trick to deliver their phishing attacks

Hackers Posing as Ukrainian Ministry Deploy Info Stealers

Hackers who breached ION say ransom paid; company declines comment

Harmony hacker moves $726k worth of stolen WETH

High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation

Home Title Theft: How To Protect Yourself

How ChatGPT will influence cybersecurity

Inability to prevent bad things from happening seen as the worst part of a security job

Increased ransomware attacks on health care facilities impede patient care

India: 151 government websites hacked since 2020; 21 instances of data breaches

India: All India Institute Of Medical Sciences (AIIMS) hack resolved but some niggles remain

Indian Official Highlights Djvu Ransomware as Threat

Information Commissioner’s Office (ICO) Relaxes Breach Reporting for Comms Providers

Infrastructure sectors hit hardest by ransomware

Iranian OilRig Hackers Using New Backdoor to Exfiltrate Data from Govt. Organizations

Is Insurance the Solution to, or the Enabler of, Ransomware?

Is Your Electric Vehicle (EV) Charging Station Safe? New Security Vulnerabilities Uncovered

IT Leaders Reveal Cyber Fears Around ChatGPT

JD Sports cyber attack: why online retail is vulnerable and what can be done?

JD Sports Suffered A Cyber-Attack That Leaked 10 Million Customers’ Data

Julius ‘zeekill’ Kivimäki, former Lizard Squad hacker, arrested in France

Kellett School: How our school fought back after a cyberattack

LockBit gang confirms Ion cyber attack as disruption continues

Major Florida hospital hit by possible ransomware attack

Malaysia: Stopping cyberattacks

MalVirt Loaders Exploit .NET Virtualization to Deliver Malvertising Attacks

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Metro Detroit police departments targeted in ransomware attacks

Microsoft accuses Iran’s government of cyber operation against Charlie Hebdo

Microsoft Visual Studio add-ins could be used to deliver malware

Mitigating security risks with an evolving workforce

'More terrorists WILL enter the US now': Expert makes damning prediction after Transportation Security Administration (TSA) No Fly List with 1.5 million entries leaks on dark web

More than 11,000 employees, students and former staff affected by cyber attack, Queensland University of Technology (QUT) says

New Credential-Stealing Campaign By APT34 Targets Middle East Firms

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

New York attorney general fines developer of stalking apps

North Ayrshire Council 'likely' to have breached data law with facial recognition tech in schools

OilRig Hackers Exfiltrate Data From Government Agencies Using New Backdoors

OpenSea serves as an example of why crypto security must improve

Over half of organizations experienced an insider threat in 2022

Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)

PayPal scam: how to spot fake refund message, what to do if you get one, how to stay safe from phishing emails

Pembrokeshire: Top councillor accused of possible data breach

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

Pro-Russian hacktivist group is only getting started, experts warn

Quarter of CFOs Have Suffered $1 million+ Breaches

Queensland University of Technology (QUT) reports more than 11,000 IDs hacked in a cyber attack

Ransomware Attack Closes Nantucket Schools

Ransomware attack halts London trading

Royal Mail cyber attack is 'destroying' small businesses as overseas post still disrupted

Russia-linked hacking against national labs spurs inquiry from two House chairmen

Securities Exchange Commission (SEC) And Commodities Futures Trading Commission (CFTC) Legal Action Against Mango Markets Hacker Will Boost DeFi, Moody

Short-staffed SOCs struggle to gain visibility into cloud activities

Singapore: Man arrested for illegally obtaining personal particulars via fraudulent QR codes at Housing and Development Board (HDB) blocks

South Korea: 110,000 more users affected in LG Uplus' data breach

Star Wars: The hackers fight back

Swiss Prosecutors Looking Into 2022 Credit Suisse Data Leak

Switzerland’s largest university confirms ‘serious cyberattack’

T-Mobile data breach class action lawsuit investigation

T-Mobile Data Breach Includes Massive Compromise of Google Fi Service, Unknown Quantity of Customer Records Exposed

Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack

Tallahassee Memorial hospital victim of suspected ransomware attack

TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users

The black hat hacker trap: Why unethical hacking lures young people

The dangers of public wifi computer connection

The future of cybersecurity: Hacking the cloud

The importance of data retention policies

The One Security Mistake iPhone Users Shouldn’t Be Making Anymore In 2023

TruthFinder, Instant Checkmate confirm data breach affecting 20 Million customers

UK financial regulator says monitoring incident at Ion's clearing unit

University of Zurich hit with ‘serious’ cyberattack

Until further notice, think twice before using Google to download software

US Man Charged in $110m Crypto Trading Scheme

Vice media hacked, confidential data leaked

We can’t rely on goodwill to protect our critical infrastructure

Web3 Wallet MetaMask Update Adds Third Party Phishing Detection

What Kind of Malware Is the Most Dangerous?

Why Resetting Passwords May Not Be the Best Idea

Will Class-Action Lawsuits Force Companies to Get Serious About Cybersecurity?

Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being exploited

2nd February

6 Ransomware Trends & Evolutions For 2023

9 Internal Data Breach Examples to Learn From

40% of directors have experienced cyber-attack

50% of organizations have indirect relationships with 200+ breached fourth-party vendors

67% of home networks face cybersecurity threats each month

98% of organizations worldwide connected to breached third-party vendors

2022: A Year In Review For Enterprise Security

Acuity Brands allegedly failed to protect employee info during data breaches

Alarming breach: Nagpur's Solar Industries, making military weapons, hit by cyber attack

Andersen Corporation leaks customer home photos and addresses

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

Arnold Clark Confirms Customer Data Compromised in Breach

Arnold Clark customer data was stolen in Play ransomware attack

Australia: Black and White Cabs booking service offline after cyber attack

Bad Faith: The Battle of IT Company and Insurer Over Ransomware Coverage Ends in Settlement

Beware The BlackCat: Cyber Criminals Threaten Healthcare Industry

Cisco fixes bug allowing backdoor persistence between reboots

City of London on High Alert After Ransomware Attack

Cyber and mergers

Cyber Attack Campaign Targets Gambling and Gaming Companies, Israeli Cybersecurity Firm Warns

Cyber attack hits Arnold Clark

Cyberattack Impact “Catastrophic” for Third Parties

Cybersecurity budgets are going up. So why aren't breaches going down?

Cybersecurity roadmap: Threats proliferate but best practice still works

Data breach at Vice Media involved SSNs, financial info

Electric Vehicle (EV) Charging Management System Vulnerabilities Allow Disruption, Energy Theft

Federal Trade Commission (FTC) Imposes $1.5M Penalty on GoodRx Over Failure to Report Healthcare Data Breach

Feds get guilty plea in Ubiquiti data extortion case

Financial software firm Ion Group battles LockBit ransomware attack

Foreign states already using ChatGPT maliciously, UK IT leaders believe

Former Ubiquiti developer pleads guilty to trying to extort his employer

Four cyber resilience best practices to consider In 2023

Four public schools in Nantucket closed due to a ransomware attack

From instant essays to phishing scams, ChatGPT has experts on edge

Google bans 12 Android apps as millions urged to delete them immediately

Growth of cashless transactions increases cybersecurity threats

Guardian Australia staff details compromised in cyberattack

Hacker Exploits BonqDAO in $120 Million AllianceBlock Heist

Hacker Group Releases 128GB Of Data Showing Russia's 'Wide-Ranging' Illegal Surveillance Of Citizens

Hackers linked to North Korea targeted Indian medical organizations, energy sector

Hackers weaponize Microsoft Visual Studio add-ins to push malware

Health and Human Services (HHS) Office for Civil Rights Settles HIPAA Investigation with Arizona Hospital System Following Cybersecurity Hacking

Hospitals Hit by DDoS Attacks as Killnet Group Targets the Healthcare Sector

How to effectively communicate cybersecurity best practices to staff

How To Ensure Vendors Are Keeping Your Data — And Your Firm — Safe

Incident of the Week: Malicious actors gain access to GitHub source code

India: Top manufacturer of defence equipment faces cyber attack, police registers First Information Report (FIR)

Institute of Directors (IoD) Survey reveals 41% of Business Leaders Say Their Organisation Has Experienced a Cyber Attack

ION Ransomware attack hits markets — Here are some key lessons from an earlier attack

Italy: ACEA hit by hacker attack

KillNet, Royal, LockBit: The cybercriminal groups on hospital CISOs' minds

Last year was the worst on record for crypto hacks, as North Korean groups cash in

Lazarus Group Attack Identified After Operational Security Fail

LockBit takes credit for the ransomware attack on Sacramento PBS station

Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware

New Cyber Threat Report from STM: Ransomware Attacks Increase 62 Percent

New GOOTLOADER Malware Uses Fileless Technique to Deploy Ransomware

New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

North Korean hackers stole research data in two-month-long breach

Okanagan College ‘did not entertain conversations’ about paying ransom

‘0ktapus’ hackers are back and targeting tech and gaming companies, says leaked report

Options trading desks 'flying blind' after derivatives platform hit by ransomware attack

Organizations Preparing for Cyberwar

Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

Police in Maryland arrest man for phishing theft of $375,000 from Connecticut town

Prilex POS malware evolves to block contactless transactions

Q4 2022 DDoS attack trends

QNAP warns of new bug prompting worries of potential Deadbolt ransomware exploitation

Ransomware attack: Ammo, rocket audits and engineering plans on sale on the dark web

Ransomware attack on data firm ION could take days to fix

Ransomware attack on ION Group impacts derivatives trading market

Ransomware attacks on public sector persist in January

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware gang attempts to extort UK school by posting files about at-risk children

Ransomware hits major London stock market software supplier

Ransomware Is on the Rise: 10 Steps for Defending Your Business

Redcar & Cleveland Council ransomware attack could have cost millions

Record $3.8bn Stolen Via Crypto in 2022

Researchers Warn of Crypto Scam Apps on Apple App Store

Scammers managed to slip crypto apps onto Apple, Google app stores

Securing the metaverse: 3 cyber concerns

Social Media Enables Social Engineering Scams

Sophos details first fake apps found on Apple’s App Store

South African consumers lax when it comes to online security

Super Bock says 'cyber' nasty 'disrupting computer services'

Taking the Attacker View to Protect the Growing Attack Surface

The $10 Trillion Case For Decentralized Cybersecurity

The emergence of trinity attacks on APIs

The next cyber threat may come from within

Think of cyber risk as business risk

Threat Actors Use ClickFunnels to Bypass Security Services

Tokyo police: Suspected drugstore points hacker may have used cyberattack data

TrickGate: Malicious Software Outwitting Antivirus for 6 Years

Unsecure Messaging Platforms Put Enterprises At Risk For Huge Financial Burden

Urgent warning to millions of Facebook users – important setting could be switched off by account raider

What Does a Spam Email Look Like? 8 Phishing Examples

What is Phishing in Crypto?

What Really Happens In a Data Breach (and What You Can Do About It)

Why are Company Ransomware Payments Dropping Dramatically?

1st February - Change Your Password Day

70% of CIOs anticipate their involvement in cybersecurity to increase

2022 biggest year ever for crypto hacking, report says

Anker admits Eufy security cameras were not natively encrypted

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Arnold Clark customer data stolen in attack claimed by Play ransomware

Arnold Clark customer data 'stolen in cyber attack'

Charter Communications impacted by a vendor data breach exposing 550K customers

CircleCI and Slack Security Incidents Highlight Risks of Token Compromise and SaaS Integration Threats

CISA provides guidelines to safeguard K-12 groups from cyber threats

Counter-attacking ransomware hackers

Crypto Exchange Coinbase Adds New Wallet Security Feature To Protect Against Phishing and Scams

Crypto scam apps infiltrate Apple App Store and Google Play

Cyber attack on Indianapolis Housing Agency leaks sensitive data of 200,000 residents

Danish Banks Hit By DDoS Cyber-Attack: Is Your Financial Information Safe There?

Data Breaches Continue to Wreak Havoc on Healthcare – Here’s How to Make Security a Top Priority

Denmark Raises Cyber Security Alert Level After Attacks From Russian Hacker Groups

DocuSign scam targeted more than 10,000 inboxes

Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry

Facebook security bug allowed hacker to switch off two-factor authentication

Federal Trade Commission (FTC) Proposes Changes to Data Breach Rules and Reporting Requirements

Federal Trade Commission (FTC) slaps $1.5M fine on GoodRx for sharing users’ health data with Facebook and Google

Firms fear software stack breach as attack surface widens

Futures Industry Association (FIA) assessing impact of cyber attack on financial data firm ION

GitHub Reports Code-Signing Certificate Theft in Security Breach

‘Global markets’ impacted by ransomware attack on financial software company

GoodRx to pay $1.5 million fine for sharing customer health info with Google, Facebook

Google Fi data breach let hackers carry out SIM swap attacks

Google Fi hack victim had Coinbase, 2FA app hijacked by hackers

Google Fi User Data Breached Through T-Mobile Hack

Google looking into fix for SH1MMER exploit that can unenroll Chromebooks

Government “must avoid a ban on ransomware payments” say insurers

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Breach Corporate Email Accounts

Hackers use new IceBreaker malware to breach gaming companies

How Ransomware Attacks Changed the Threat Landscape

How ransomware works - and why cyber attacks are hitting schools

Intermittent Encryption Is A Growing Ransomware Threat That Requires A Proactive Cyber Defense

ION servers knocked out in ransomware attack

ION suffers cyber attack on derivatives platform

JD Sports data breach affects 10 million customers

K-12 schools in Tucson, Nantucket respond to cyberattacks

Large organizations are most susceptible to phishing attacks

'Large-scale' cyber-attack hits car dealer Arnold Clark with customers' banking and passport details stolen

List of Data Breaches and Cyber Attacks in January 2023 – 277.6 Million Records Breached

LockBit ransomware goes 'Green,' uses new Conti-based encryptor

Make Change Your Password Day an impetus to boost overall cybersecurity

Maryland Hospital Suffers Ransomware Attack

Microsoft: We are tracking these 100 active ransomware gangs using 50 types of malware

Microsoft disables phishing campaign after researchers flag OAuth app abuse

Microsoft notifies UK customers affected by hackers abusing ‘verified publisher’ tag

Microsoft OneNote, Evernote Phishing Attacks Are Threat To MSPs

Microsoft warning: These phishing attackers used fake OAuth apps to steal email

Mix of legacy OT and connected technologies creates security gaps

Nantucket Public Schools reopen as district copes with ransomware attack

Nantucket schools targeted by ransomware attack

Nearly 30,000 QNAP Devices Exposed Via New Bug

New cybersecurity BEC attack mimics vendors

New DDoS-as-a-Service platform used in recent attacks on hospitals

New HeadCrab malware infects 1,200 Redis servers to mine Monero

New Nevada Ransomware targets Windows and VMware ESXi systems

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

OneNote documents spread malware in several countries

Over 1,800 Android phishing forms for sale on cybercrime market

Predictable wins: designing for data breach containment

Prilex PoS Malware Evolves to Block Contactless Payments to Steal from NFC Cards

Ransomware Attack Forces Closure of Nantucket Schools

Ransomware Attack Shuts Down Nantucket Public Schools

Ransomware Offlines Arizona’s Largest School District

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Russia-backed hacker group Gamaredon attacking Ukraine with info-stealing malware

Sensitive data stolen in Okanagan College cyber attack now posted to dark web, ransomware group claims

Shipper sues Expeditors for losses due to lack of business plan after cyber-attack

Skyview Networks Suffers a Major Cyber Attack

Teen hacker Josh Maunder who crashed KSI-Logan Paul fight site sentenced

The headache of changing passwords

Thriving Dark Web Trade in Fake Security Certifications

TUI warning as holidaymakers targeted in phishing scam

Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware

US enterprises hit hard by short-staffed security operations centers

Zero-Trust Alone Won’t Save You

31st January

3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts

5 Cybersecurity Predictions for 2023

5 Security Experts Share Best Practices to Prevent Zero-Day Attacks

7 Ways To Improve Data Security In Your Organization

8 companies per day have data uploaded to dedicated leak sites

56% of Internet Users Fall for Phishing Scams

93% of security decision makers are being kept awake at night worrying about organisational security issues

Are we Losing the War Against Ransomware?

As hackers increase ransomware attacks, Michigan schools try to respond

Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts

British government minister told council to keep quiet after ransomware attack

Budget constraints force cybersecurity teams to do more with less

Can you spot the giveaway in this scam email?

Central Okanagan School District: Everybody at risk of cyber attacks

CertiK Report Reveals a Strange Twist Behind the ‘Monkey Drainer’ Scam

ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store

Circle K US spills partial credit card details, among other sensitive data

Computers Targeted by Malware Through Wi-Fi Routers

‘Concerning’ skills gap and working from home leaving north-east businesses open to cyber attacks

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)

Cyber criminal groups wooing hackers with seven-figure salaries and holiday pay

Cyber Insurance: Could Rising Premiums be a Step in the Right Direction?

Cyber risk alert raised in Denmark after Russian attacks

Cyber-attacks highlight need for appropriate cyber recovery capabilities

Cyberwar, Netwar: The Untouchable and Unpredictable

Dangers of cyber hacking in 2023

Data of ten million JD Sports customers compromised in cyber-attack

Data Protection Bureau Investigates Banks For Data Breach Allegations

Denmark raises cyber risk alert level after Russian attacks

DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000

Don't Wait on the Government, Protect Your Online Data Now

Exploit released for critical VMware vRealize RCE vulnerability

FanDuel says Mailchimp data breach compromised its users' names and email addresses

FBI Takes Down Hive Criminal Ransomware Group

Financial Services Targeted in 28% of UK Cyber-Attacks Last Year

Gen Z doesn't think anyone can keep them safe online, and one of their biggest concerns is photos getting leaked

GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom

GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them

Google bans 12 popular Android apps! Millions warned to delete them now

Google Fi Customer Data Accessed After 'Suspicious Activity'

Google Fi Customers Caught Up in T-Mobile Data Breach

Google Fi, possibly others affected by T-Mobile data breach

Guarantee Trust Bank (GTB), Zenith Bank Under Investigation Over Alleged Data Breach

Hacker Uncovers Flaw in Meta 2FA, Leaves Accounts Vulnerable to Attack

Hackers follow through with threats to release Okanagan College data

Hackers Made Cyber-Attack at Riot Games, Steal Game Source Codes and Demanded Ransom

Hijacked: Cyber attacks are costing Quad-City taxpayers

Hospital Investigating Significant ‘Ransomware Event’

How the war in Ukraine has strengthened the Kremlin’s ties with cybercriminals

Is Your Organization Security Resilient? Here’s How to Get There

JD Sports data breach impacts 10 million unique customers

JD Sports Server Hacked – Over 10 Million Customer’s Information Stolen

Killnet Attackers DDoS US and Dutch Hospitals

Kremlin-linked Russian businessman faces U.S. trial for hack-and-trade scheme

Latvia blames Russian hacking group for phishing attacks against its Ministry of Defence (MoD)

LockBit takes credit for November ransomware attack on Sacramento PBS station

Maryland hospital facing outages after ‘significant’ ransomware attack

Microsoft disables verified partner accounts used for OAuth phishing

Microsoft: Over 100 threat actors deploy ransomware in attacks

Millions of myGov users warned about $688.64 Medicare refund

Mount Lilydale Mercy College caught up in data breach hack

Nagpur unit making military weapons hit by hackers, says cybersecurity firm - ‘data up for sale’

Naming and shaming? The UK ICO is now naming most organisations it investigates

Nantucket Public Schools Close After Ransomware Attack

Nantucket Public Schools closed following ransomware attack

New Report Finds Increase in DDoS Attacks Targeting the Financial Services Industry

New Report Reveals NikoWiper Malware That Targeted Ukraine Energy Sector

New Sh1mmer ChromeBook exploit unenrolls managed devices

New US ransomware strategy prioritizes victims but could make it harder to catch cybercriminals

NFT company gets restraining order to freeze hacker’s online wallet

Omnipod DASH Insulin Pump Users Fall Victim to Data Breach

Over 29,000 QNAP devices unpatched against new critical flaw

Phishing attacks are getting scarily sophisticated. Here's what to watch out for

Point-of-Sale (PoS) malware can block contactless payments to steal credit cards

Portugal: “Restrictions” with Super Bock after cyber attack

Pro-Russian DDoS attacks raise alarm in Denmark, U.S.

QNAP: Patch Critical Remote Code Injection Bug

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

Ransomware attack closes schools in Nantucket

Ransomware attack on Appui Santé Nord Finistère locked files and deleted some archives

Ransomware attack on maritime software supplier DNV disconnected 1,000 ships from ShipManager servers

Redcar and Cleveland Council admits 'catastrophic' ransomware attack cost £7m

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

Russian APT groups continue attacks with wipers and ransomware

Russian millionaire on trial in hack, insider trade scheme

Safe Systems Alerts Financial Institutions of Major Phishing Scam

Selling your old phone? Expert tips to keep your data safe

Southern Arizona’s largest school district hit by cyber attack

Tax returns: scams are rising rapidly – how to spot a fake phone call and avoid falling victim

The Hidden Threat: 1Password Password Manager Phishing Ads on Google

Threats to Voice over Internet Protocol (VoIP) Security Are Rising

TV Licence scam email UK: what does the phishing message look like, how to protect yourself and report emails

United Arab Emirates: Embedding cyber resilience is key to a security strategy

University of Iowa Hospitals website possibly hit by cyber attack

Why do hackers target cryptocurrencies?

Why Traditional Approaches Don’t Work for API Security

Yandex data breach reveals source code littered with racist language

Zendesk data breach result of employee phishing attack

30th January

10 Million JD Sports Customers' Info Exposed in Data Breach

A glut of wiper malware hits Ukrainian targets

Active U.S. health care hackers 'Hive' disrupted by feds

As ransomware attacks evolve, agencies must find innovative ways to backup data

Atlantic General Hospital experiences ransomware event

Atrium Health reportedly part of widespread cyber attack

Bill targets suicide hotline vulnerabilities after cyberattack on Intrado

Britain's JD Sports says customer data accessed by cyber attack

British retailer JD Sports reveals 2-year-old intrusion affecting data of 10 million customers

Combating Cyber Threats with Cyber Resilience

Critical OpenEMR vulnerabilities may allow attackers to access patients’ health records

Critical Realtek Vulnerability Impacting IoT Devices Worldwide

'Cyber attack' at Galashiels Doggy Day Care Centre leads police to home of 'disgruntled' worker

Cyber threat takes down Tucson Unified School District's internet network

Cyber-attack targets University of Michigan Health

Cybercrime job ads on the dark web pay up to $20k per month

Devs on Dark Web Forums Paid Up to $20,000 For Illicit Activities

Dutch hacker obtained virtually all Austrians' personal data, police say

Fake Money Apps Garner Millions of Android Downloads

Five Data Wipers Attack Ukrainian News Agency

GitHub revokes code signing certificates stolen in repo hack

Hacker finds bug that allowed anyone to bypass Facebook 2FA

Hacker group hacks in Israeli Chemical factories

Hacker intercepts carpet company’s emails, retains customer’s $5000 deposit

Hackers Use TrickGate Software to Deploy Emotet, REvil, Other Malware

How organizations can keep themselves secure whilst cutting IT spending

How To: Fight Back Against Ransomware Attacks

Illinois Hospital Reaches $380K Settlement to Resolve Lawsuit Over Healthcare Data Breach

Illinois Social Services Organization Notifies 184K of Healthcare Ransomware Attack

Insider attacks becoming more frequent, more difficult to detect

Israeli chemical factories targeted by hacker group in massive cyberattack

JD Sports admits data breach

JD Sports Confirms Breach Affected 10 Million Customers

JD Sports cyber attack: what to do if your data has been leaked

JD Sports cyber attack: why online retail is vulnerable and what can be done?

JD Sports cyber attack may have exposed millions of names, numbers and addresses

JD Sports facing cyber attack, confirms customer data may have leaked

JD Sports hacked: UK retail company apologises after data leak - up to 10 million customers could be affected

JD Sports hit by cyber attack

JD Sports hit by cyber-attack that leaked 10m customers’ data

JD Sports says 10 million customers hit by cyber attack

JD Sports says hackers stole data of 10 million customers

KeePass disputes report of flaw that could exfiltrate a database

KeePass disputes vulnerability allowing stealthy password theft

LockBit green: Ransomware gang releases new malware and targets cloud

Mailchimp Falls Victim to Another Data Breach

Microsoft warning: Protect this critical piece of your tech infrastructure

Most data breach notices lacked detail in 2022

Most US data breach notices in 2022 left victims in the dark

Mounting cybersecurity pressure is creating headaches in railway boardrooms

Nepal: Stop that hacker

Nigeria: Federal Government investigates two Banks over data breach

Omnipod DASH Insulin Pump Users Affected By Data Breach

Pakistan minister says cyber attack could be behind nationwide power breakdown

Parent firm of Indian defence contractor hit by Windows Alphv ransomware

Porsche halts NFT launch, phishing sites fill the void

QNAP fixes critical bug letting hackers inject malicious code

Qulliq Energy stops short of labelling cyberattack another Nunavut ransomware incident

Ransomware attack on Indianapolis Housing Agency leaks sensitive info on 200,000 residents

Ransomware group follows through on threat and publishes Okanagan College information

Ransomware victims stand up to attackers

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

Royal Mail recovers more International Tracked services

Russian foreign ministry claims to be the target of ‘coordinated’ cyber aggression

Schools don't pay, but ransomware attacks still increasing

Secure code training ruled better investment than code scanning tools

Shift in ransomware attacks – South Africa and emerging markets more at risk

Software’s ‘intangible’ nature raises insurance concerns in court ruling

Ten million customer accounts at risk as JD Sports falls victim to cyber attack

The Hidden Threat: Bitwarden Password Manager Targeted by Phishing Scams

The LastPast Data Breach: Do Hackers Have Your Encryption Keys?

The Untold Story of a Crippling Ransomware Attack

Third-party data breach round-up: mscripts, Diligent, Mailchimp

Tips to Protect Windows from the New Ransomware

Titan Stealer: A New Golang-Based Information Stealer Malware Emerges

Transportation Security Administration (TSA) issues security directive to airports, carriers after ‘no-fly’ list leak

U.S. No Fly List Leaked on Hacker Forum

U.S. No Fly list shared on a hacking forum, government investigating

US extradites French ShinyHunters hacker, faces 123 years in prison

What’s the Best Threat Protection Against Ransomware?

Where Do Most Ransomware Attacks Happen in the USA?

Yandex data breach reveals source code littered with racist language