Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 12 June 2023

Data Breaches Digest - Week 24 2023

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 12th June and 18th June 2023.

18th June

91% of Indian firms faced ransomware attacks in 2022

Adur and Worthing Councils investigating after contractor data breach

Australia: Local Governments Become Unwitting Malware Vectors

Bringing IT & Operational Technology (OT) Security Together

Cops reveal 'methods' of scammers who skimmed crores off online gamers

Crypto Cyber Attack: Floating Point Group (FPG) Stops Withdrawals After Losing $20M

Department for Work and Pensions (DWP) issue warning over scam texts ahead of £150 cost of living payment being made

Department of Justice (DOJ) reports tens of millions extorted by Russian ransomware hacker

Derbyshire council sent confidential data to wrong person's home

Eisai Group Supply Chain Unaffected Amid Cyberattack

Facebook scam ad leads to downloading of malware: 2 people lose S$99,800 Central Provident Fund (CPF) monies

Harvard Pilgrim data breach affected millions, yet insurer struggled to contact many potential victims for months

How to Secure Your Browsing Data (and Why You Need To)

‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber-attack, warn campaigners

Microsoft confirms Azure, Outlook outages caused by DDoS attacks

Midas Capital Suffers Second Exploit in 6 Months, Loses Over $600K

Navigating the New Frontiers of Economic Security: Exploring the Implications of Cyber Threats

New Mystic Stealer malware increasingly used in attacks

Ransomware actors and scammers exploit cloud mining services for crypto laundering

Ransomware gang haunted US firms long before MOVEit hack

Ransomware thugs paying influencers to flaunt their brand tattoos

Scam Alert! Treasurer Warns of Malicious Emails Claiming to be from Pennsylvania Treasury Department

Singapore Police issues alert over malware scams as two victims lose nearly S$100k in Central Provident Fund (CPF) savings

The Critical Role of Employee Training in Anti-Phishing Strategies

The Evolution of Anti-Phishing Technologies: A Comprehensive Overview

Three months after Latitude cyberattack, some victims still not notified

Unmasking The Dark Side of AI: Unveiling Crimes, Risks, and Safeguarding Strategies

Websites of the Rheinische Post Mediengruppe Paralyzed Following a Cyber Attack

Why Exfiltration of Data is the Biggest Cyberthreat Facing Your Business

17th June

A Deep Dive into Email Security: Best Anti-Phishing Practices

Augusta mayor blames ‘threat actor’ for crippling cyberattack

Beware of these 4 Unassuming Mobile Threats

Combating ransomware: Strategies for defense

Cyberattacks on renewables: Europe power sector's dread in chaos of war

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Hashflow Faces $600K Crypto Exploits Confirm Users to Retrieve

How hackers gained access to Minnesota Department of Education data

Info from dozens of companies, millions of Americans compromised by Russian-speaking cybercrime group

Massive data breach compromised 3.5M drivers licenses, ID cards in Oregon DMV system

Microsoft admits June service disruptions to OneDrive, Outlook cyberattacks from mysterious hacker group

Microsoft says early June disruptions to Outlook, Cloud Platform, were cyberattacks

Oregon Department of Justice urges procactivity in wake of Driver and Motor Vehicles (DMV) data breach

Over 100 Brands Were Impersonated in This Massive Phishing Campaign

Phishing Scams Are Targeting Banks, Delivery Companies, and More: Experts Urge All Phone Users to be Vigilant

Russian hackers claim responsibility for University System of Georgia data breach

SMS delivery reports can be used to infer recipient's location

The US Department of Agriculture (USDA) is investigating a ‘possible data breach’ related to the global Russian cybercriminal hack

US government offers $10 million bounty for info on Clop ransomware

Warning: Fake GitHub Repos Delivering Malware as PoCs

What Do Data Breaches Reveal About The Status Of Cybersecurity In India?

16th June

3rd MOVEit flaw identified by CISA, patch now

20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona

75% of Operational Technology (OT) organizations had at least 1 intrusion in the last year

91% of Indian organisations experienced ransomware attacks in 2022

A New Crypto Scam Called the ‘Sleepdrop’ Puts Your ETH at Risk

A ransomware attack is hitting schools, businesses and government agencies. Here’s what you should know

A Russian ransomware gang breaches the Energy Department and other federal agencies

A simple bug exposed access to thousands of smart security alarm systems

Activities in the Cybercrime Underground Require a New Approach to Cybersecurity

AI: data protection and privacy

AI may not Destroy the World, but There are Other Risks

AI vs AI: Next front in phishing wars

Approximately 9 million dental patients in the USA affected by a data breach

Atrium Wake Forest Baptist reports data breach of patient records

Australia's privacy watchdog confirms data breach in HWL Ebsworth hack

Barracuda Zero-Day Exploited by Chinese Actor

Billions of Android users warned to delete horrifying apps that steal all of your texts – never click it

Bots, phishing and server attacks making commerce a cybersecurity hotspot

Canada: No similar incidents reported in most provinces after Nova Scotia data breach

Capita faces first legal Letter of Claim over mega breach

Capita facing class action law suit over data breach involving GP patients

ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert Command-and-Control

China-backed hackers exploited Barracuda zero-day to target government

Clop Starts MOVEit Extortion as New Bug is Discovered

Cloud Mining Scams Spread Banking Trojans

CoWIN data breach: CERT-In in discussion with 11 states that developed their own databases

Cyber Attack Alert: KillNet, Anonymous Sudan, and REvil Set Sights on Global Banking Systems!

Cyber-Criminals Are Using Mining Pools to Launder Crypto

Cyberattacks affect cities, universities, and government systems

Cybercrime Doesn't Take a Vacation

Cybercriminals Dive Into Cryptomining Pools to Launder Funds

Cybercriminals return to business as usual in a post-pandemic world

Cybersecurity culture improves despite the dark clouds of the past year

Darknet Parliament is now a thing

Department for Work and Pensions (DWP) warning over cost of living message scam as £150 to be paid next week

Development Bank of Southern Africa targeted by the Akira ransomware group

Every Louisiana driver’s license holder exposed in colossal cyber-attack

Federal Trade Commission (FTC) charges genetic testing organization for privacy concerns

Feds catch another LockBit hacker, Justice Department announces

Fortinet Discreetly Patches CVE-2023-27997, a Known Exploited Vulnerability

Fraud Alert: 40% Increase in Phishing, Smishing Attempts, Watch Out for IPFS Phishing

Genetic testing firm accused by Federal Trade Commission (FTC) of violating customers’ privacy

Good Samaritan Hospital data breach class action settlement

Hacker Saps Russian Special Service Wallets, Transfers Everything To Ukraine

Hackers Using ChatGPT & GoogleBard to Launch Sophisticated Email Attacks

How Do Cyber Criminals Launder Money?

How Do Some Companies Get Compromised Again and Again?

How MOVEit breach shows hackers' interest in corporate file transfer tools

Illinois Hospital First To Shut Down Completely After Ransomware Attack

India: More devious tricks by scammers, phone scams continue to pose risks to unwary

Ireland: Almost 16,000 state job applicants informed of possible data breach

Johns Hopkins Health System Suffers Cyberattack

Kaiser fined $450,000 after mailing California patients’ health info to outdated addresses

Kaspersky Uncovers Scam That Targets Cryptocurrency Wallet Theft in Latin America

LockBit claims ransomware attack on pharma giant Granules India

Main Security Challenges of Cloud Computing

Manufacturing Industry Cybersecurity Best Practices

Medical lab data breach exposes millions of patients’ data across states

MercyOne faces lawsuit for May data breach affecting 20,000

Millions affected by cyber attack targeting state and federal agencies

Millions of Oregon, Louisiana state IDs stolen in MOVEit breach

Mondelēz Global LLC Announces Third-Party Data Breach Involving Employee’s Social Security Numbers

MOVEit Attack Strikes US and State Governments

MOVEit Cyber Attack: Personal Data Of Millions Stolen From Oregon, Louisiana, U.S. Agency

MOVEit Ransomware Attack: Victim Count Climbs

New Version of Android GravityRAT Spyware Targets WhatsApp Backups

New Zealand’s Smartpay Hit With Ransomware in Latest Antipodean Cyber Attack

Ofcom says MOVEit Transfer hack compromised the data of employees and regulated companies

Oil and gas giant Shell is another victim of Clop ransomware attacks

Over 60,000 Android Apps Are Distributing Adware in an Aggressive Malware Campaign

Pentagon leaker indicted by federal grand jury

Phishing Attacks Are Becoming More Sophisticated. Here’s How to Bolster Email Security

Police cracks down on DDoS-for-hire service active since 2013

Preparing for Adversarial Machine Learning Attacks

Regulated industries and large enterprises lag behind in Multi-Factor Authentication (MFA) adoption

Russia-affiliated Shuckworm Intensifies Cyber-Attacks on Ukraine

Russian malware compromises Energy Department, other federal agencies

Russian national arrested for alleged involvement in LockBit operation

Russian National Arrested in Connection With LockBit Ransomware

Russian ransomware gang breaches Energy Department, other federal agencies

Shell latest victim in Cl0p MOVEit hacking spree

Social Engineering And The Disinformation Threat In Cybersecurity

Sturdy Finance reopens after $800,000 hack

Swiss Financial Center knocked offline by Russian hackers

The consequences of company data breaches and how to avoid them

The Critical Role of Safe and Secure Backup System Storage

The Impact of Cybersecurity on Business Operations

Think traditional cybercrimes are yesterday's news? Think again

Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack

Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted

Three serious cybersecurity incidents pose security questions for businesses

Turkey: Cybersecurity reassures public over data leak claims in e-Government

U.S. Energy Department gets two ransom notices as MOVEit hack claims more victims

Understanding Data Security In The Digital Age

US confirms federal agencies hit by MOVEit breach, as hackers list more victims

Verizon warns all Android and iPhone owners over bank-emptying ‘innocent click’ – simple mistake is very costly

WannaCry 3.0 Ransomware Aims At Enlisted Russian-speaking Players

What is MOVEit and who are the hackers who got access to Louisiana Office of Motor Vehicles (OMV) data?

What One Hospital’s Slow Recovery From a Cyberattack Means for Patients

What you should know about the MOVEit ransomware attack

You Received a “Notice of Data Security Incident” from the United States Patent and Trademark Office (USPTO) - Now What?

Zacks Investment Research Firm Data Breach Expands, Nearly Nine Million Impacted

15th June

3CX data exposed, third-party to blame

6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT

Adare SEC hit by cyber attack

Android GravityRAT malware now steals your WhatsApp backups

As Nova Scotia investigates data breach, expert says no software is infallible

Attacks on Barracuda Networks linked to China-backed hacking group

Authentication in the Time of Generative-AI-Strengthened Attacks

Barracuda ESG zero-day attacks linked to suspected Chinese hackers

Blogger calls Augusta ransomware attack 'perhaps one of the largest government data thefts in recent years'

Breaches Down as Security Culture Improves

ChatGPT Spreads Malicious Packages in AI Package Hallucination Attack

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway

CISA advisory on LockBit: $91 million extorted from 1,700 attacks since 2020

CISA and NSA Publish Baseboard Management Controller (BMC) Hardening Guidelines

CISA releases information on LockBit ransomware

City of Richmond warns of phishing emails mimicking city correspondence

Clop ransomware gang starts extorting MOVEit data-theft victims

Company Data Breaches: What We Can Learn So Far in 2023

Cost-of-Living Crisis Drives Insider Threat Concerns

Countering ransomware attacks to restaurants and retail

Cyber Attack Leads Crypto Broker FPG Halt Account Activities

Cyber debt levels reach tipping point

Cybersecurity at JBS was unusually poor before ransomware attack, records show

Ed Sheeran: Ipswich hacker who stole songs told to pay £100k

EMEA Retailers Experience Surge in Web Attacks, With Germany Heavily Targeted

Hacker gang Clop publishes victim names on dark web

Hacker groups reportedly team up to destroy European Banks in ‘world’s biggest cyber attack’

Hacker who stole and sold unreleased songs from Ed Sheeran given 3 months to pay £100K

Hackers infect Russian-speaking gamers with fake WannaCry ransomware

Have a Louisiana driver's license? Here's how your data could be at risk

Health Sector Cybersecurity Coordination Center (HC3) Advises Healthcare Sector to Prioritize Cyber Defense Against FIN11

Hospital data breach triggers two class-action lawsuits

How secure is your vehicle with digital key technology?

How Third-party Risks Increase Data Breach Vulnerabilities

How to Combat Rising Ransomware Attacks in the Public Sector

Illinois hospital links closing to ransomware attack

International Chapter of the P.E.O. Sisterhood Announces Recent Data Breach Following Ransomware Attack

‘Lockbit’ Digital Gang Named Top Ransomware Threat by US, 6 Other Nations

LockBit Makes $91m From US Victims in Two Years

LockBit Ransomware Extorts $91 Million from U.S. Companies

Louisiana’s Warned of Major Data Leak from Office of Motor Vehicles

Medical Device Security: Securing Information Technology (IT) and Operational Technology (OT) Healthcare

Microsoft identifies new hacking group controlled by Russian intelligence

Microsoft Names Russian Threat Actor "Cadet Blizzard"

Microsoft sued for alleged misuse of stolen Dark Web credentials

Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent

MOVEit Cyber Attack Hits UK Printing Firm Used by Insurers, Brokers and Banks

MOVEit Transfer customers warned of new flaw as PoC info surfaces

MOVEit vulnerability weaponised in ransomware attack

National Australia Bank (NAB) issues urgent warning over phishing scam targeting customers with fake website

New Diicot Threat Group Targets SSH Servers with Brute-Force Malware

New hacking unit within Russian military intelligence identified by Microsoft

New Hampshire residents file class action lawsuits against Harvard Pilgrim over data breach

New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organizations

New Study Takes a Deep Dive Into Lookalike Attacks

New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries

North Korea created very phishy evil twin of Naver, South Korea's top portal

Ofcom Becomes the Latest Victim of MOVEit Supply Chain Attack

Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks

Passkeys Can Make Passwords a Thing of the Past

Personal data for 233,000 Iowa Medicaid members compromised in cyber attack

Public sector application flaws increased in last 12 months

Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities

Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency

Ransomware tops malware-as-a-service offered on the dark web

Ransomware, Business Email Compromise and AI Among Top Cybersecurity Threats in 2023

Rhysida ransomware leaks documents stolen from Chilean Army

Russian aviation authority denies data breach speculations

Russian group appears responsible for cyberattack at John Hopkins

Russian hackers use PowerShell USB malware to drop backdoors

Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses

Russian national arrested in US for deploying LockBit ransomware

Russian ransomware hacker extorted millions from U.S. businesses, prosecutors say

‘Several’ US federal agencies affected by MOVEit breach

Small organizations outpace large enterprises in MFA adoption

Some of the Most Common Cyberattacks You Need to Know About

South African state-owned DBSA confirms ransomware attack by Akira Group

Stephen F. Austin University (SFA) communication tool back online as cyber attack recovery continues

Study Reveals Ransomware as Most Popular Cybercrime Service

Suspected LockBit ransomware affiliate arrested, charged in US

Suspilne media suffered a hacker attack, a Russian group claimed responsibility

Swiss federal agencies breached in a Play ransomware attack on IT provider Xplain

The US government buys your user data. Here's what it does with it

Turkish Silence over Data Breach Speaks Volumes, Says Lawyer

Two-step phishing attacks, cyber-espionage increasing

University of Georgia Likely Affected by Data Breach

Unreleased Music Stolen and Sold on Dark Web: Hacker Fined

US government agencies slammed by MOVEit hack

Use of Multi-Factor Authentication nearly doubles since 2020

Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)

Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files

What Are the Ramifications of the Meta GDPR fine for UK Businesses?

Why critical infrastructure remains a ransomware target

Workers regularly post sensitive data into ChatGPT

Xneelo Users Targeted in a Multi-stage Phishing Attack

14th June

42% of IT professionals aren't fully prepared for AI

33,000 patients caught in data breach at Maimonides Medical Center

A hospital in the US closes after a cyber attack: an unprecedented case

AI & Deep fakes becoming the latest surge behind phishing scams

Assessing Third-Party InfoSec Risk Management

AtlantiCare Notifies Patients of Third-Party Data Breach Leaking Their Social Security Numbers and PHI

Australia: Major toll road tunnel used by thousands of drivers a day is targeted by hackers - as they demand ransom in return for sensitive information

Beyond Multi-Factor Authentication (MFA): 3 steps to improve security and reduce customer authentication friction

Biopharma Confronts a Rising Tide of Ransomware Attacks

BreachForums is back – for real this time

Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems

Chinese hackers use DNS-over-HTTPS for Linux malware communication

CISA, FBI Publish LockBit Ransomware Advisory

Cl0P names first batch of alleged MOVEit victims

Clop’s MOVEit ransom deadline expires

Coinbase users urged to change passwords amid complex phishing scam

Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin

Cyber insurance premiums surge by 50% as ransomware attacks increase

Cyber liability insurance vs. data breach insurance: What's the difference?

Cyberattacks on Plastic Surgeons: An Emerging Frontline in Cybersecurity

Domain Takedown: Removing Spear Phishing Domains for Free

Dozens of healthcare providers affected by Virginia debt collector breach

Europol Warns of Metaverse and AI Terror Threat

Fake Researcher Profiles Spread Malware through GitHub Repositories as Proof-of-Concept (PoC) Exploits

Fake zero-day Proof-of-Concept (PoC) exploits on GitHub push Windows, Linux malware

Five Ways to Educate the National Workforce on Cyber Hygiene

Generations Federal Credit Union Files Notice of Data Breach Affecting Thousands of Customers

Great Valley Cardiology Files Notice of Fortra Data Breach Affecting Confidential Information Belonging to Over 181k Patients

Hacker ordered to pay back £100,000 after selling unreleased music by world-famous recording artists

Hackers create fake GitHub profiles to deliver malware through repositories

Hackers Swap Extortion Tactics as Police Bring the Heat

Health Service Ireland hit by MOVEit supply chain cyber attack

Henry Ford Health System Patient Data Exposed in mscripts, LLC Data Breach

HWL Ebsworth data breach: Hackers claim huge data leak

Illinois, Missouri latest states to investigate MOVEit incidents

IT providers become go-to for cybersecurity advice

Jailed hacker told to pay £100,000 after stealing unreleased Ed Sheeran music

Lack of trust reported as top security challenge

LockBit behind 1 in 6 ransomware attacks on US government in 2022

LockBit Most Active Ransomware Group

LockBit ransomware extorted $91 million in 1,700 U.S. attacks

Major Effects a Data Breach Has on Your Health

Malicious Actors Exploit GitHub to Distribute Fake Exploits

Maimonides Medical Center Posts Notice of Data Breach Following Recent Cyberattack

Massive impersonation campaign targets apparel firms including Nike and Adidas

Massive Phishing Campaign Uses 6,000 Sites to Mimic Popular Brands

Mercer University class action claims data breach compromised data of over 93K individuals

Microsoft links data wiping attacks to new Russian GRU hacking group

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Montclair township says cyber attack took down IT systems and disrupted public services

MOVEit Vulnerability Weaponized in Ransomware Attack

Multi-Factor Authentication (MFA) Bypass Kits Account For One Million Monthly Messages

New “DoubleFinger” Malware Strikes Cryptocurrency Wallets

New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs

New ‘Shampoo’ Chromeloader malware pushed via fake warez sites

New trap: Fraudsters send phishing email under garb of flight ticket

No Zero-Days but PGM Flaws Cause Patch Tuesday Concern

North Korea creates fake phishing site to steal South Koreans' personal data, says spy agency

One month after ransomware attack, Dallas reports 90% of its network has been restored

PII Exposed: Unauthenticated IDOR in WooCommerce Stripe Plugin

Popular email provider leaves systems wide open

Pro-Russian Hackers Target Website of Europe’s Busiest Port

Queensland government agencies have 'more to do' to be ready for future data breach reporting

Ransomware attack forces closure of St. Margaret's Health facilities

Researchers Uncover XSS Vulnerabilities in Azure Services

Russian groups target Switzerland with multiple cyberattacks

San Diego Unified School District Issues Yet Another Data Breach Notice

Setting Strong and Unique Passwords: The First Line of Defense for PS5 Security

Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

Spotify fined $5.4 million in Sweden over GDPR violations

State governments among victims of MoveIT Transfer breach

Switzerland under cyberattack

T-Mobile retailer suffers data breach affecting potentially thousands of customers

The psychological impact of phishing attacks on your employees

Threat actors back to cyber “big game hunting”

Trinity Health faces lawsuit for March data breach

Trinity Health hit with class action alleging 'inadequate safeguarding' to blame for March data breach

Two Prudential Subsidiaries In Malaysia Hit By Data Breach

WannaCry ransomware impersonator targets Russian "Enlisted" FPS players

White hat hacker exploits Hashflow for $600K, seemingly just to return funds

Where from, Where to - The Evolution of Network Security

Windows Users Alert: Skuld Malware Steals Discord and Browser Data

Xplain data breach impacts Swiss national railway FSS and canton of Aargau

13th June

2 Russians charged in Mt. Gox Bitcoin heist and BTC-e money laundering

47% of organizations struggle with detecting and mitigating threats

50+ Phishing Statistics You Need to Know – Where, Who & What is Targeted

68% of organizations expect employee churn-driven cyber issues in 2023

99% of organizations expect identity-related compromise this year

A Zero-Day Should Not Be a Crisis

Adversary-in-the-Middle Attack Campaign Hits Dozens of Global Organizations

API Security: Unveiling Best Practices for a Secure Digital Ecosystem

Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer

Bolloré subsidiary attack exposes Thales, Alibaba data

BreachForums Returns Under the Control of ShinyHunters Hackers

Bulletproof hoster gets 3 years for pushing Urfsnif, Zeus malware

Chinese hackers used VMware ESXi zero-day to backdoor VMs

CISA orders federal agencies to secure Internet-exposed network devices

CISA orders US civilian agencies to remove tools from public-facing internet

CL0P Ransomware Gang Hits Multiple Governments, Businesses in Wide-Scale Attack

COSMICENERGY Malware May be Artifact of Russian Emergency Response Exercises

CoWIN Data Leak: Hacker explains how he managed to get Aadhaar, PAN, address, other details of users

Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!

Crypto Wallets Under Attack By DoubleFinger Malware

CyberArk Survey Surfaces Identity Security Challenges

Cyberattacks surge to 61% of small and medium-sized businesses, says study

DDoS threats and defense: How certain assumptions can lead to an attack

Detecting Phishing Domains: A Quick Guide

FIIG Securities sees data stolen in Russian cyber attack

Fortinet Addresses Critical FortiGate SSL-VPN Vulnerability

Fortinet says VPN bug ‘may have been exploited in a limited number of cases’

Harvard Pilgrim Health Care Plan Sued After Massive Data Breach

Historic Zacks Breach Impacts Nearly Nine Million

How to achieve cyber resilience?

India: CoWIN ‘data breach’ highlights urgent need for data privacy law

Many Forces Want To Undermine CoWIN: Union Minister On Data Breach

Massive database leak exposes IDs of vaccinated Indians

Massive phishing campaign uses 6,000 sites to impersonate 100 brands

Microsoft Pays $20m to Settle Another Federal Trade Commission (FTC) Children’s Online Privacy Protection Act (COPPA) Case

Microsoft says Azure outage was caused by ‘anomalous’ traffic spike

New phishing and business email compromise campaigns increase in complexity, bypass Multi-Factor Authentication (MFA)

Ofcom Latest MOVEit Victim as Exploit Code Released

Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals

Padding Users’ Defenses Against ChatGPT

Pearland ISD data breach dates back to 2014, officials say

Pirated Windows 10 ISOs install clipper malware via Extensible Firmware Interface (EFI) partitions

Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam

Proof-of-Concept (PoC) exploit for exploited MOVEit vulnerability released (CVE-2023-34362)

Ransomware attacks hit 81% of UK healthcare providers in 2022

Ransomware Trends Say Dallas Was Vulnerable Target

RDP honeypot targeted 3.5 million times in brute-force attacks

Report highlights key threats disrupting businesses

Russian hackers steal data of thousands of Ulez drivers

School forced to close after cyber attack

Spotify fined $5M+ for GDPR violations

State-owned bank in South Africa confirms ‘Akira’ ransomware attack

Strava heatmap might reveal your home address, researchers claim

Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack

UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released

Understanding the Role of Identities in Cloud Breaches

Unveiling the Balada injector: a malware epidemic in WordPress

UPS latest Anonymous Sudan target, Microsoft time-out

What is the Lifecycle of a Ransomware Attack?

WordPress Stripe payment plugin bug leaks customer order details

12th June

61% of SMBs were victims of a cyberattack in the last year

18,000+ Ascension patients caught in data breach

A deep dive into the Petaluma Health Center data breach

A Holistic Approach to SaaS Security: Threat Detection and Configuration Management For Stronger Defense

An Illinois hospital is the first health care facility to link its closing to a ransomware attack

Apple's Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs

Are the kids alright? How European authorities want to tackle child hacking

Argentina: Massive ransomware attack hits National Securities Commission

As cyberattacks on young gamers increase, expert advice to keep your child safe

Bank fraud warnings are the most common text scam

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme

Carrington, Alvaria class action claims data breach exposed data of millions

CIBT, Inc. Notifies Employees and Customers of Recent Data Breach

Clop demands MOVEit users contact it to prevent the publication of stolen data

Clop ransomware group knew about the MOVEit zero-day vulnerability since at least July 2021

Columbus Regional Healthcare System Reportedly Experienced Data Breach Following Ransomware Attack

Confidential data downloaded from UK regulator Ofcom in cyberattack

Cortina reminds customers affected by data breach to be alert to scams, phishing attacks

CoWIN app or database not breached directly: Union minister after data leak claims

CoWIN Data Breach: Details Like Adhaar, Passport Numbers Available On Telegram

CoWIN portal completely safe, reports of breach mischievous in nature, says Government

Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now!

Cyber attack hits University of Manchester

Cyber attack on Californian healthcare clinic compromised patients' personal and medical information

Cyber extortion hits all-time high

Cyber security experts warn of a rise in money scams on WhatsApp

Cyberattack on German university takes ‘entire IT infrastructure’ offline

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

Data Flows Between UK and US to be Simplified Under New Agreement

Development Bank of Southern Africa (DBSA): Notification of Security Compromise

Development Bank of Southern Africa (DBSA) suffers ransomware attack

Didn't breach CoWIN, exploited linked platform’s holes, says hacker behind data leak row

Every 10th German company hit by cyber attack in 2022, says survey

Exploit released for MOVEit RCE bug used in data theft attacks

Fortinet: New FortiOS RCE bug "may have been exploited" in attacks

Fortinet patches critical flaw in Fortigate devices

Franklin, Tennessee suffered a cyberattack in March. Do employees know their information was involved?

Global Median Dwell Time Drops to Record Low

Globe warns vs phishing attempts targeting customers with fake SIM Registration email

Gloucester City Council: Some systems still affected by 2021 cyber attack but information unlikely to be published

Gozi malware hacker sentenced to three years in US prison

Hackers Impersonate Journalists to Steal Millions via Twitter and Discord

Half of businesses were victims of spear-phishing in 2022

Halifax Water customer information part of data breach

Have I Been Pwned warns of new Zacks data breach impacting 8 million

Have You Been Pwned? What Should You Do?

Health Sector Cybersecurity Coordination Center (HC3) Guidance Explores Cyber Threat Actors Targeting Healthcare

Health Service Ireland latest victim of MOVEit cyber attack

Here’s what your organization needs to know about cyber insurance

Illinois Impacted by Wide-Ranging Ransomware Attack

India: Baseless, mischievous, says health ministry on reports of CoWIN data breach

India: Congress seeks judicial probe into alleged CoWIN data breach

India: Government probes CoWin data breach claims

India: Government refutes media reports of data breach in COWIN platform

India: Health Ministry Denies Direct CoWIN Data Breach, Directs CERT-In To Probe

India: Online banking frauds see huge rise in Delhi post Covid-19 lockdown

India: Opposition parties demand inquiry into claims of CoWIN data breach

India denies massive data breach involving Covid vaccine website

Intellihartx data breach exposed the personal and health info of 490,000 individuals

Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach

It’s time to patch your MOVEit Transfer solution again!

JBS’s cybersecurity was poor prior to 2021 ransomware attack, homeland security records show

Lack of adequate investments hinders identity security efforts

LockBit group claims ransomware attack on Japanese zipper maker YKK

Log4J exploits may rise further as Microsoft continues war on phishing

Managed Detection and Response (MDR) use cases: Speeding up the time from intrusion to detection and response

Massive CoWIN Data Breach; Personal Details Of Vaccine Recipients Available In Telegram

Microsoft: Azure Portal outage was caused by traffic “spike”

Minding Your Data Leaks: Simple Steps to Help Prevent Leaks

Minnesota Department of Education swept up in global MOVEit cyberattack

MOVEit : The CLOP Ransomware Attacks

MOVEit hack: Media watchdog Ofcom latest victim of mass hack

National Cybersecurity Strategy: Disrupting and Dismantling Threat Actors Will Not Come Easy

New Banking AitM Phishing and BEC Attacks Financial Organisations

New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward

Nova Scotia government reveals details of cyber attack

Ofcom Confirms Cyber-Attack by Russian Ransomware Group

Ofcom data compromised in mass cyber attack

Ofcom data stolen in MOVEit cyber attack

Ofcom, UK’s media watchdog, was breached

One month after ransomware attack, Dallas reports 90% of its network has been restored

Ordinary Data Backups Are Not Enough Against Ransomware Attacks

Palo Alto Networks Finds Cyberattack Patterns Changing

Password Reset Hack Exposed in Honda's E-Commerce Platform, Dealers Data at Risk

Pink Drainer Posed as Journalists, Stole $3M from Discord and Twitter Users

Pioneer Valley Ophthalmic Consultants, PC Files Notice of Third-Party Data Breach

'Platform Completely Safe': Centre Rejects Reports Of CoWIN Data Breach

Posing as journalists, Pink Drainer pilfers $3.3M in crypto

Proactive protection: five steps for businesses and homes to mitigate cyber threats

Ransomware remains single biggest threat

Researchers Report First Instance of Automated SaaS Ransomware Extortion

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer

Richmond University Medical Center (RUMC) operating ‘normally,’ ‘at full service’ after cyberattack, but Staten Island patient says some issues linger

RomCom Threat Actor Targets Ukrainian Politicians, US Healthcare

Russian hackers claim responsibility for theft of data from Australian bond broker FIIG

SaaS Challenges and Security Risks

San Francisco 49ers agree to a settlement for victims of 2022 data breach

Sextortion, Deepfakes, and AI Scams: How to Protect Children from Cyberattacks

South Africa: Information watchdog sees data breach notifications double

'Staff training is crucial to reducing cyber attack risk'

'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware

Stephen F. Austin State University (SFA) reports online system targeted in cyber attack

Surprise! Staff don’t like receiving phishing tests from their firms that pose as salary increases

Swiss Government Targeted by Series of Cyber-Attacks

Swiss government warns of ongoing DDoS attacks, data leak

Switzerland warns that a ransomware gang may have accessed government data

The Answer to Optimizing Your Security Infrastructure? Consolidation

The Biggest Risks to the Software Supply Chain

The cyber risks hidden in plain sight in your organisation

The Dangers of AI Chatbots – And How to Counter Them

The insurance industry cyber crime report: recent attacks on insurance businesses

The key differences between ‘information privacy’ vs. ‘information security’

The multiplying impact of Business Email Compromise (BEC) attacks

Two Russian Nationals Charged in Connection with Mt Gox Hack

Ukrainian hackers claim attack on Russian banks

Ukrainian Hackers Take Out Russian Banking Infrastructure

University of Manchester Cyber Attack – Hackers Stolen Sensitive Data

Use of multi-factor authentication nearly doubles since 2020

What Is a Crypto Dusting Attack and How to Prevent It?

Why Healthcare Cybersecurity Requires a Multi-Layer Approach

Why Now? The Rise of Attack Surface Management

Xplain data breach also impacted the national Swiss railway FSS