Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 2 October 2023

Data Breaches Digest - Week 40 2023

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 2nd October and 8th October 2023.

8th October

74% CEOs globally worried about their firms' ability to avert cyberattacks

Android TV Boxes Infected with Backdoors, Compromising Home Networks

Avalanche-Backed Stars Arena Faces $3 Million Security Breach

Biotech firm 23andMe user data stolen in credential-stuffing attack

Boulder Office of Disaster Management's Twitter page hacked

Data Breach: Biotech Firm 23andMe User Data Stolen in Credential-Stuffing Attack

Facebook’s UK account hacked by a ‘Cricket-loving hacker’

Hackers focusing on small businesses. Here's how to protect yourself

HTX claws back $8M in stolen funds, issues 250 ETH bounty to hacker

Huobi Reclaims $8 Million In Stolen Ethereum After Offering Bounty to Hacker

iCloud and DVLA scams you need to know about

Indian Space Research Organisation (ISRO) Battles Over 100 Daily Cyber-Attacks, With Heightened Risk In Rocket Technology

Kaspersky provides update on Cuba ransomware gang

Local FBI office warns public of 'phantom hacker' scam

Maintainers warn of vulnerability affecting foundational open-source tool

MGM Resorts estimates $100M loss from cyberattack that led to data breach

PhilHealth seeks public’s cooperation after ransomware attack

Singapore: Hotel booking scam claims at least 30 victims since Sept, with losses totalling $41,000

Sony Admits To A Data Breach That Exposed Thousands Of Employees’ Personal Info

The Royal Family’s Official Website Targeted By Russian Hackers After King Charles Called War In Ukraine “Unprovoked”

Third Flagstar Bank data breach since 2021 affects 800,000 customers

Tips to prevent ransomware attacks

Were You Hit by the Duolingo Data Breach? Here’s What to Do Next

What Is The Relationship Between Privacy And Security Within Cybersecurity?

7th October

Attorney General Notifies Residents of McLaren Ransomware Attack

Beefing up cybersecurity for India’s energy transition

Blue Cross and Blue Shield of Illinois Discloses Data Breach

Congress probe sought on PhilHealth data breach

Crypto Hacker Strikes Web3 Platform Galxe With Domain Attack, Appears To Have Stolen Around $200,000

Data breach at MGM Resorts expected to cost casino giant $100 million

Data from “Motel One” hotel guests published on the darknet

Facebook’s Official Page Hacked; Demand Release of Pakistani PM Imran Khan

FBI sounds the alarm 'phantom hacker' campaigns sweeping the US...Here is how YOU can protect yourself

Fortifying Finances: Balancing Cybersecurity And Budgetary Realities

FTX hacker switches strategy after THORSwap suspends service

Hacker claims to have stolen genetic data from millions of 23andMe users and is trying to sell the information online

Hacker posed as Greek police to get into EU site

Hackers access voter information in DC Board of Elections data breach

Have You Changed the Default Passwords on Your IoT Devices?

How to protect you & your business from social media scammers

‘Human error’: Review finds Wellington City Council crash data breach was preventable

India amongst top three most targeted APAC countries as AI use, ransomware increases

Israel braces for potential cyber attacks amid Hamas operation

Metropolitan Police Investigating Possible Data Breach

National Privacy Commission (NPC) probes PhilHealth's possible violations after ransomware attack

Nova Scotia government estimates global data breach will cost $4 million

People illegally streaming movies, sport and TV in UK face having bank account emptied

What is a DDoS Attack and How Can You Prevent One on Your Website?

6th October

10UP San Francisco Employee Retirement System (SFERS) data breach class action settlement

23andMe scraping incident leaked data on 1.3 million users of Ashkenazi and Chinese descent

37% intimidated, 39% frustrated with online security

49 states secure $49.5 million settlement with Blackbaud over 2020 data breach

A cyber attack has left Telemadrid without a live broadcast: it has had to resort to canned programs

AI Poses Challenges, Opportunities for IT Security Leaders

Amazon Prime Big Deal Day is coming. Here's how to avoid getting scammed

Amazon Web Services (AWS) to Mandate Multi-Factor Authentication from 2024

API Financial Solutions data breach affected over 71,000 US customers

Apple Issues Emergency Patches for More Zero-Day Bugs

Australia’s home affairs department hit by DDoS attack claimed by pro-Russia hackers

Bangladesh: Personal info of 55 million breached

Best-practice cyber-security for accounting firms in Australia

Beware of bogus QR code images online and in public places

Blackbaud agrees to $49.5 million settlement for ransomware data breach

Blackhawk Engagement Solutions Facing Lawsuit Over 2023 MyPrepaidCenter.com Data Breach

Bufetex, Haeterbit, PayPal, and MORE: Top Scams of the Week

Canadian organizations unprepared for AI-driven cyber threats

Casino giant MGM expects $100 million hit from hack that led to data breach

CDW data to be leaked next week after negotiations with LockBit break down

CEOs lack confidence in their firm’s ability to avert cyber attacks

Cheapfakes and vishing: How targeted scams are evolving

China-based spies are hacking East Asian semiconductor companies

Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike

Christchurch Job Seekers' personal email addresses exposed in data breach

CISA and NSA Publish Top 10 Misconfigurations

Cyber advisory identifies a ‘trend of systemic weaknesses’ in digital configurations

Cyber hygiene explained: the most comprehensive list

Cyberattack Disrupts Operations at Johnson Controls International

Cybersecurity in the Age of Industrial 4.0

Cybersecurity Threats in a Hyperconnected World - Phishing (Deceptive Manipulation)

D.C. Board of Elections confirms voter data stolen in site hack

Deep Dive into YouTube Stream-Jacking Attacks

Digital Piracy Returns to Sea: Protecting Autonomous Ships from Online Attacks

Don’t Let Yourself Get Smished

'Embarrassing': Home Affairs Department website crippled by cyber attack, barring online access to visa applications

Fast Ransomware: One Day to Infection, Report Says

Federal Trade Commission (FTC) warns of ‘staggering’ losses to social media scams since 2021

FirstSun Bancorp, the Parent Company of Sunflower Bank, Guardian Mortgage and First National 1870, Reports MOVEit Data Breach

Fiserv attack exposes 837K Flagstar Bank clients

Flagstar Bank, N.A. Announces Third-Party Data Breach at Fiserv, Compromising as Many as 837k Social Security Numbers

Florida court pauses many proceedings following cyberattack

FTX Hacker Moves 75.6K ETH Worth $124M to Bitcoin Network as ThorSwap Pauses Swaps

FTX ‘Hacker’ Trades Prompt THORSwap to Pause Swaps

GenAI Is A Hit With Hackers. Here’s Why It Will ‘Benefit The Defense’ Even More

Generative AI: Cybersecurity’s Ally or Adversary?

Genetics firm 23andMe says user data stolen in credential stuffing attack

GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack

Global scam on WhatsApp and Telegram costs job seekers over $100M

Hacker Claims to Have Data of 7 Million 23andMe Users from DNA Service

Hackers claim voter information accessed in DC Board of Elections data breach

How CISOs can use security data lakes to drive accountability

How to check if your personal data has ever been breached online

How To Fix The Common Mistakes Organizations Make With Data Security

How to stop ransomware thieves WORMing their way into your data

INC Ransomware claims to have hit Federal Labor Relations Authority

India emerges as top-3 target for nation-state driven cyber-attacks

Israeli President Targeted by Cyber Attack

Johnson Controls data breach possibly compromised US Department of Homeland Security's classified data

KillNet launches DDoS attack against UK royal family

Limitations on the Strategic Use of Ransomware in Armed Conflicts

Lyca Mobile blames cyber attack for network outage and service disruptions

Lyca Mobile confirms cyber attack impacting multiple markets

Lyca Mobile says customer data was stolen during cyberattack

Medusa Hackers Release Stolen PhilHealth Data

MGM believes insurance “sufficient to cover” $100mn cyber attack hit

MGM cyberattack causes $100M 3Q loss

MGM faces $100M loss from ransomware attack

MGM Resorts and Caesars Entertainment Facing Post-Cyber Attack Lawsuits

MGM Resorts confirms hackers stole customers’ personal data during cyberattack

MGM Resorts cyberattack sparked customer data breach, cost the company $100 million

MGM Resorts ransomware attack led to $100 million loss, data theft

MGM Resorts says cyberattack cost $100 million, resulted in theft of customer info

Mississippi Coast orthopedic practice faces lawsuits over ‘massive’ patient data breach

Navigating The New Normal: Cybersecurity, Fraud Mitigation, Risk Strategies In A Mobile World

Navigating 5 top threats to web security

New cybersecurity center at UC San Diego to research ransomware mitigation

New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives

North Korea's Lazarus Group Launders $900 Million in Cryptocurrency

Ohio to Receive $1.3M from Data Breach Settlement

OrthoAlaska Announces Files Notice of Data Breach Affecting 176,203 with HHS-OCR

Persistent threat actor reappears after FBI takedown of QakBot

Personal data of almost 200 patients exposed in hack of Melbourne hospital staff member’s email

PharMerica and Amerita Sued in Class Actions for Breach of Patient Data

Phishing mimicking WormGPT surfaces on dark net

Poor cybersecurity habits are common among younger employees

Popular DNA testing service 23andMe investigates data leak claims

Practice and Reinforce Safe Cybersecurity Habits During Cybersecurity Awareness Month

Prospect Medical Holdings says August ransomware attack impacted over 190k patients

Qakbot Gang Still Active Despite FBI Takedown

Ransomware Gang Moves to Release Sabre Leak Data

Ransomware gang QakBot resurfaces after Feds’ botnet takedown

Reinsurers examining alternative ways to insure cyber

Rhysida ransomware gang claims attacks on governments in Portugal, Dominican Republic

Russia's KillNet group claims major DDoS attack on the Royal Family's website

Security researcher discovers exposed CRM database of Really Simple Systems

Shin Bet probes hack of Israeli President Herzog's Telegram account

SiegedSec hacker group claims second major cyber attack on NATO in four months

Sony confirms data breach affecting nearly 7,000 employees

Sony confirms hacker attack. During the attack, data of 6,800 employees were breached

Sony Contacts Nearly 6,800 Employees Following Security Breach

Sony Data Breach Impacted Thousands of Employees

Sony Discloses Data Breach That Exposed Info on Almost 6,800 Employees and Family Members

Sony notifies employees and families of data breach, investigates Second Security Incident

Storm-0324 Abusing Microsoft Teams To Gain Initial Access And Deploy Ransomware

Strong Password Best Practices and MFA

Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities

The Edge Of Browser Security: Why Proxies Aren't Enough

The hidden cost of the cybersecurity deficit in K-12 education

The Importance Of Navigating Cybersecurity Compliance For The C-Suite

THORSwap paused following FTX hacker's transactions claims

Thousands of NATO files stolen in data breach by ‘gay furry hackers’

Through the lens of fashion: India’s Digital Personal Data Protection Act 2023

Ukraine cyber-conflict: Hacking gangs vow to de-escalate

Ukraine, Israel, South Korea top list of most-targeted countries for cyberattacks

Unlock the Secrets of Employee Training for Phishing Emails

Unseen Costs of Ignoring Cyber Security for Small Business

US freight transporter Estes Express Lines says cyber attack caused significant service disruptions

Victims reported $2.7 billion in social media scam losses since 2021

What the Tech? How to set up a strong password that you can remember

Why Energy and Utility Companies Are a Hot Target for Cybercriminals

Why MFA Is Not the Panacea the Industry Is Touting it to Be

Yusen Logistics confirms cybersecurity incident leading to delivery delays

Zero-day bugs: what they are and how to defend against them

Zero-Day WhatsApp Hacking Vulnerabilities Worth Millions

5th October

23andMe Warns of Hacker Breaking Into User Accounts

After recovery from cyberattack, Clorox anticipates quarterly loss

Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024

Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities

Apple patches another iOS zero-day under attack (CVE-2023-42824)

Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw

Atlassian Confluence Hit by New Actively Exploited Zero-Day – Patch Now

Belgian intelligence fears Chinese tech giant Alibaba may be spying on logistics

Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states

Blackbaud Resolves Multi-State Attorneys General Investigation of 2020 Security Incident

BYOD should stand for bring your own disaster, according to Microsoft ransomware data

Canadian businesses have good reason to fear cyber threats

Casino giant MGM expects $100 million hit from hack that led to data breach

China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns

China-linked cyberspies backdoor semiconductor firms with Cobalt Strike

CISA and NSA Offer MFA and SSO Guidelines for Developers, Vendors

CISA and NSA Tackle IAM Security Challenges in New Report

CISA Warns of Active Exploitation of JetBrains and Windows Vulnerabilities

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Clorox cuts forecasts as cyber attack hits orders; shares fall

Clorox ransomware attack which caused product shortages linked to earnings loss

Congress examining ways to try to prevent ransomware attacks and protect your information

COVID stimulus card issuer attack exposes 800K clients

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

Critical Glibc Bug Puts Linux Distributions at Risk

Cyberattack against Johnson Controls sparks downstream concerns

Cybercrime gangs now deploying ransomware within 24 hours of hacking victims

Cybersecurity Awareness Month: 5 Simple Ways to Boost Your Security

Damage Control: Addressing Reputational Harm After a Data Breach

Defunct FTX Hacker Moves Funds Amid Ongoing Sam Bankman-Fried (SBF) Trial

Emerald Financial Services, LLC Announces MOVEit Data Breach at Third-Party Vendor Affecting 793,626 Cardholders

Espionage fuels global cyberattacks

Exploits released for Linux flaw giving root on major distros

False Amazon callers one of the top phone scams in 2023

FBI warns of dual ransomware attacks, and other cybersecurity news to know this month

Friend.Tech Targeted Again: Hacker Steals 234 ETH in Under 24 Hours

From AI with love: Scammers integrate ChatGPT into dating-app tool

FTX Issues Fresh Warning on Phishing Emails and Scam Sites

GoldDigger Android Trojan Drains Victim Bank Accounts

GoldDigger Android Trojan Targets Banking Apps in Asia Pacific Countries

Great Expressions Dental Centers Notifies Patients of February 2023 Data Breach

Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack

Hacked phone spyware shuts down...again

Hospital trio learns cybersecurity lessons the hard way

How government agencies conduct surveillance on smartphones

How Machine Learning is Vital in Successful Data Exfiltration Detection

How Security Partners Can Work with Healthcare IT Teams to Fight Ransomware

Human-operated ransomware attacks tripled over past year

Insider Identity Risk to Cloud Security

Large Language Models (LLMs) lower the barrier for entry into cybercrime

Legal aid refused for accused Nike ‘customer credentials’ hacker with ‘bigger bank balance than most lawyers’

List of Data Breaches and Cyber Attacks in September 2023 – 3,808,687,191 Breached Records

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts

Lyca Mobile investigates customer data leak after cyberattack

Major CRM Provider Really Simple Systems Leaked 3M Customer Records

Marietta Health data breach $1.75M class action settlement

Massachusetts To Receive Nearly $900,000 In Multistate Data Breach Settlement With Donor Database Company

McLaren Health Care Experiences Ransomware Attack Affecting as Many as 2.5 Million Patients, Raising Data Breach Concerns

Mental health consortium, which includes Douglas County, investigates cyber attack

Mobile customers unable to make or receive calls after firm hit by cyber attack

More than 6,000 Sony employees hit in MOVEit Transfer breach

NATO is investigating a new cyber attack claimed by the SiegedSec group

New York ranks third most vulnerable state for cybercrime, as ransomware grows

Nigeria: Federal Government investigates OPay, Meta, DHL over alleged data breach

Nonprofit service provider Blackbaud settles data breach case for $49.5M with states

NPM Typosquatting Attack Deploys r77 Rootkit via Legitimate Package

NSA and CISA reveal top 10 cybersecurity misconfigurations

Online Dating: Cybercrime Red Flags

'Operation Jacana' Reveals DinodasRAT Custom Backdoor

Patch now: This serious Linux vulnerability affects nearly all distributions

Pennsylvania Adult & Teen Challenge data breach class action settlement

PharMerica and Amerita Sued in Class Actions for Breach of Patient Data

Privacy nonprofit calls on Federal Trade Commission (FTC) to investigate Grindr’s data practices

Prolific cybercrime group reemerges following FBI takedown

Qakbot Hackers Delivering Ransomware Despite FBI Takedown

Qakbot hackers now pushing Cyclops/Ransom Knight ransomware, Cisco says

QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks

Quash EDR/XDR Exploits With These Countermeasures

Ransomware dwell time hits low of 24 hours

Ransomware dwell times now measured in hours

Record Numbers of Ransomware Victims Named on Leak Sites

Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers

Searching for Smishing Triad DNS Traces

SocialFi Platform Stars Arena Cries ‘Coordinated FUD’ as Hackers Attack

Soft skills continue to challenge the cybersecurity sector

Software company agrees to pay nearly $50 million in multi-state, data breach settlement

Sony confirms cyber-attack exposed details of nearly 7000 current and former employees

Sony Confirms Data Stolen in Two Recent Hacker Attacks

Sony confirms server security breaches that exposed employee data

Suspected China-linked hackers target Guyana government with new backdoor

Suspected phishing that mimicks WormGPT surfaces on the Darknet

The root cause of open-source risk

UK Education Sector Must Step Up its Cybersecurity Posture

Unveiling the Estes Express Lines Cyber Attack

US Police Recover $3M Stolen by Pakistani Crypto Scammers

4th October

69% of generative AI users are concerned their data might be misused

Amazon Web Services (AWS) root accounts must have MFA enabled

Apple emergency update fixes new zero-day used to hack iPhones

Are your emails safe? After PhilHealth cyber attack, here’s how to spot data breach

Arm and Qualcomm Chips Hit by Multiple Zero-Day Attacks

Atlassian patches critical Confluence zero-day exploited in attacks

Atlassian, Apple warn customers of zero-days used in attacks

Backdoored Android phones, TVs used for ad fraud – and worse!

Beware of SMS text scam impersonating couriers

Businesses, individuals urged to adopt cyber risk mitigation strategies

Check Point discovers new phishing scam on Dropbox

Cisco fixes hard-coded root credentials in Emergency Responder

Cyberattack on British telecom Lyca prevented customers from making calls, topping up

Cyberattacks in Arizona, Missouri limit access to community services

Cybersecurity Awareness Month 2023: Back to Basics – and Beyond

Cybersecurity preparedness pays big dividends for businesses

EvilProxy Phishing Attack Strikes Indeed, Targets Executives

Everything Nonprofits Need to Know About Mobile Device Management

EvilProxy Phishing Kit Targets Microsoft Users via Indeed.com Vulnerability

Factors leading to organizations losing control over IT and security environments

Gulf Cooperation Council (GCC) data in demand on the cybercriminal services market

Hacking the Hackers: The global cybersecurity stocks that fight back

How Healthcare Organizations Can Defend Against Ransomware

Hundreds of malicious Python packages found stealing sensitive data

LightSpy iPhone Spyware Linked to Chinese APT41 Group

Linux Vulnerability Exposes Millions of Systems to Attack

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

Lyca Mobile Suffers Cyber Attack, Investigating Ransomware Possibility

Macau Radio Taxi targeted by hackers in cyber attack

Malware-Infected Devices Sold Through Major Retailers

Michigan hospital system says it’s suffered ransomware attack

Microsoft: Hackers target Azure cloud VMs via breached SQL servers

Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance

Modern-day threats in the crypto gold rush

Navigating the Murky Depths: How Bad Actors Extract Your Personal Information via the Dark Web

Payment card details accessed in Motel One hack

PlayStation maker victimized in MOVEit Transfer breach

Police Issue “Quishing” Email Warning

Privacy commission probes possible negligence in PhilHealth cyberattack

Qualcomm patches 3 actively exploited zero-days

Ransomware: All the ways you can protect storage and backup

Ransomware double-extortion attacks increased 72%

Ransomware gang posts 30GB of data it claims belongs to a Victorian real estate group

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

Researchers warn of 100,000 industrial control systems exposed online

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack

Russia mistakenly doxxes its own secret bases and spies

Scammers hijack YouTube channels to promote Elon Musk-themed crypto schemes

Sony confirms data breach impacting thousands in the U.S.

Sony Data Breach via MOVEit Vulnerability Affects Thousands in US

Stream-Jacking: Malicious YouTube Livestreams Aid Malware, Crypto Scams

The most common cyber scams Australians are falling victim to - and how to protect yourself: 'Everyone is at risk'

Two Campaigns Drop Malicious Packages into NPM

UK SMEs' cybersecurity concerns surge amidst virus attacks

What is a Data Breach?

Zombie Zoom Meeting Links Expose Thousands of Organizations

3rd October

81% of security leaders say that API security is a higher priority

60,000 US government emails were stolen from Microsoft by hackers

$889,260,000 in Crypto Lost to Hacks, Scams and Rug Pulls in Q3 of 2023, According to Blockchain Security Firm

Account Takeover: The Silent Threat in the Digital World

Agenda ransomware threatens to resurface

AI: Threat or opportunity for cybersecurity?

AI-phishing Nearly Impossible to Detect, Even For AI

Akamai Sees Surge of Cyberattacks Aimed at Financial Services

Amazon warns of ‘ShellTorch’ issue affecting code related to AI models

Amazon Web Services’ MadPot Honeypot Operation Corrals Threat Actors

Android October security update fixes zero-days exploited in attacks

Anonymous-affiliate Discord leak spells bad news for Russia

API security importance increases with incidents

API Security Trends 2023 – Have Organizations Improved their Security Posture?

Appliance supplier confirms delays due to cyber-attack

Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation

Arm, Qualcomm warn GPU drivers are likely being exploited by hackers

Battling Phishing and Business Email Compromise Attacks

Binance Unmasks $277 Million Crypto Scam in Thailand

Businesses with government contracts ripe targets for cyber attacks

Canadian organizations are unprepared for AI-driven cyber threats, new Canadian Internet Registration Authority (CIRA) report finds

Chinese APT Actors Target WeChat Users

CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

Companies want to spend more on AI to defeat hackers, but there’s a catch

Cyber Threats Lurking on the Dark Web and How to Mitigate Them

Cybersecurity Awareness Month – Essential Cyber Hygiene

Cybersecurity Breaches at UK Pensions Soar More Than 4,000% in 1 Year

Data Breaches in Nepal: Understanding the Risks and Solutions

Data Doesn’t Deceive: Cyber Attacks and it’s Reality Check

EU Cyber Resilience Act Could be Exploited for Surveillance, Experts Warn

EU Parliament wants journalists to have better protections from spyware

EvilProxy uses indeed.com open redirect for Microsoft 365 phishing

Evolving conversations: Cybersecurity as a business risk

Facebook argues Australian users’ data harvested in Cambridge Analytica scandal is not ‘sensitive information’

FBI most-wanted Russian hacker reveals why he burned his passport

Fifth of Brits Suspect They've Been Monitored by Employers

Flagler School District Loses ‘Significant Amount of Money’ in Apparent Phishing Scheme Involving Vendor

Fort Myers health care billing company faces data breach; notifies patients

FortiGuard Uncovers Deceptive Install Scripts in npm Packages

France Closes in on Digital Safety Bill

Friend.tech Users Plagued by Phishing and SIM Swap Scourge

Germany-Based Motel One Group Confirms Data Breach

Greater Dallas Healthcare Enterprises Announces Data Breach Affecting Patients' Health and Medical Information

Greatest Cybersecurity Threats are Unknown

Hacker Exploits Friend.Tech’s 2FA Flaws, Drains Assets of Multiple Users

Hackers seen exploiting bugs in browsers and popular file transfer tool

Half of Cybersecurity Professionals Report Increase in Cyber-Attacks

Halifax warning over 'convincing' email designed to steal your bank details

Help small business clients deter cyberattacks

How AI-powered patch management protects remote and hybrid workers

Indiana Attorney General Sues CarePointe Over 2021 Ransomware Attack

Is Generative AI Redefining Phishing Tactics in Cybersecurity?

Ivanti Research Shows that One in Three Employees Believe Their Actions Don’t Impact Their Organization’s Security

Kenya hit by record 860m cyber-attacks in a year

Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption

McLaren Health Care confirms ransomware attack, investigates hackers' threats to release data online

Metro Transit steadily recovering from cyber attack

Microsoft Edge, Teams get fixes for zero-days in open-source libraries

Mobile threats in Middle East, Türkiye, and Africa rise in Q2 2023

Motel One Group discloses data breach

Motel One Group faces ransomware attack, 150 credit card details compromised

Motel One Group’s Swift Response Thwarts Ransomware Attack

Motel One says ransomware gang stole customer credit card data

NATO 'actively addressing' alleged cyberattack affecting some websites

NATO says it is addressing an apparent cyberattack after strategy documents posted online

NATO says it is tackling an apparent cyber attack after strategy documents were posted online

New 'Looney Tunables' Linux bug gives root on major distros

Open Redirect Flaws as a Phishing Tactic

Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers

PhilHealth admits data of some members compromised in data breach

Predator Spyware Linked to Madagascar's Government Ahead of Presidential Election

Preventing Data Breaches by Learning from Competitors

QR codes in emails? Watch out - it could be part of a 'Quishing' scam

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Ransomware Actors Exploit Critical Bug, Target DevOps Tool

Ransomware attacks on businesses spike 65% in 2023

Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot

Ransomware disrupts hospitality, healthcare in September

Ransomware gang posts 30GB of data it claims belongs to Victorian real estate group

Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection

Royal Family Website Targeted In Cyber Attack

San Francisco’s transport agency exposes drivers’ plate numbers and addresses

San Francisco’s transport agency Metropolitan Transportation Commission (MTC) exposes drivers’ plate numbers and addresses

ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities

ShellTorch flaws expose AI servers to code execution attacks

Software firms under cyber attack

Suspicious Activity: FTX Hacker Moves 22,500 ETH Worth $37 Million – What's Going On?

The MGM attack: What can be learned for your business

“The Phantom Hacker”: FBI San Francisco Warns Public of New Financial Scam

The year of DDoS: 2023 has seen a significant attack surge

They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating

Threat of US Government Shutdown Fuels Concerns About Cyber Vulnerabilities

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

UK businesses face tightening cybersecurity budgets as incidents spike

UK businesses see 25% increase in cyber incidents

Under the Radar: Phishing Websites Masquerading as UPI Gateways to Secretly Steal Customer Data

Upstream Supply Chain Attacks Triple in a Year

Visibility is Not Enough to Protect Organizations from Identity Threats

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Weather Network parent company decided not to pay a ransom after cyberattack took down operations for several days

What Is Endpoint Detection and Response (EDR)?

What is ransomware, and how can you protect yourself?

Why Businesses Need a Cybersecurity Playbook

Will generative AI really supercharge phishing attacks?

Wisconsin county dealing with ransomware attack on public health department

Working With AI: A Word On Today’s Corporate Cybersecurity

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)

2nd October

4 New Threats Targeting Macs in 2023 and How to Avoid Them

5 Common Assaults on Cryptocurrency Users in 2024

10 Emerging Cybersecurity Threats And Hacker Tactics In 2023

100K exposed systems endanger power, traffic, water utilities

$900 Million Has Been Stolen in Crypto Hacks This Year

AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds

Alert: Attackers Actively Exploiting WS_FTP Vulnerabilities

Amerita Named in Class Action Lawsuit Over Data Breach at PharMerica

Arm warns of Mali GPU flaws likely exploited in targeted attacks

API Financial Solutions Reports Data Breach Affecting 71k U.S. Consumers

APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries

AtlasCross hacking group posing as American Red Cross in new phishing scam

Boards are Finally Taking Cybersecurity Seriously

Budworm APT Attacking Telecoms Org With New Custom Tools

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

BunnyLoader Malware Targets Browsers and Cryptocurrency

CertiK report highlights crypto scam trend in September

Cisco warns of attempted exploitation of zero-day in VPN software

Class Action Says Honeywell Failed to Prevent May 2023 Data Breach

Cl0p study hints at gang‘s masking tactics

Clorox resumes normal plant operations in the wake of cyberattack

Cram school firm accused of data breach following pedophile case

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Critical zero-days in Exim revealed, only 3 have been fixed

Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group

Cyber Security Awareness and the Youth

Cybersecurity Awareness Month Celebrates 20 Years

Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers

European hotel chain says ransomware attack limited by quick response

European Telecommunications Standards Institute Discloses Data Breach

Exim patches three of six zero-day bugs disclosed last week

Exploit available for critical WS_FTP bug exploited in attacks

FBI Warns of Dual Ransomware Attacks and Data Destruction Trends

FBI warns of surge in 'phantom hacker' scams impacting elderly

Federal Trade Commission (FTC) warns tax preparation companies against sharing confidential data

Feds hopelessly behind the times on ransomware trends in alert to industry

Fighting AI Cybercrime with AI Security

Financial sector sees rise in digital identity verification

First Time Senders And The Threat Of Phishing Attacks: A Crucial Guide

FTX 'Hacker' Moved 15K ETH This Weekend

FTX Hacker Remains at Large, Moving Millions in ETH Before Sam Bankman-Fried (SBF) Trial

Furry hackers claim to have breached NATO, stolen 3,000 files

Global events fuel DDoS attack campaigns

Growth in cybersecurity spending sank by 65% in 2022-23, report finds

Hackers attack US healthcare giant, more than 190K people affected

Hackers Meddle With Bing Chat Ads To Promote Malicious Links

Hackers steal user database from European telecommunications standards body

Hackers Use ZeroFont Phishing To Target Microsoft Outlook Users

Healthcare top infrastructure target for cyberattacks

How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats

How to Identify Trojan Horse Viruses

IBM, Johnson & Johnson class action claims companies failed to safeguard protected health information

Indiana attorney general sues provider over violation of consumer protection, privacy laws

Johnson Controls International Suffered a Massive Ransomware Attack Potentially Impacting the DHS

Johnson Controls Ransomware Attack Could Impact DHS

Just Kids Dental to Blame for August 2023 Data Breach, Class Action Alleges

LastPass employees and customers targeted in “pervasive” phishing campaign

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm

LinkedIn Messaging used by APT to phish aerospace target and plant novel malware

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

Malicious HDMI Cables Steals Photos, Videos, and Location Data

Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server

MGM, Caesars face 9 lawsuits in wake of cyberattacks

Most dual ransomware attacks occur within 48 hours

Motel One discloses data breach following ransomware attack

Nearly 100,000 Industrial Control Systems Exposed to the Internet

New Android Banking Malware Pose as Government App to Target Users

New BunnyLoader threat emerges as a feature-rich malware-as-a-service

North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

Over 50% ETH To BTC Transactions On ThorSwap Are Stolen Funds

Over 70% of AI detectors fail to detect chatbot phishing emails

Over half of phishing emails now use obfuscation tactics to avoid detection

PhilHealth: Workstations hit in ransomware attack, but member data unaffected

PhilHealth seeks help from PNP, NPC, DICT to probe cyber attack

Phishing just keeps getting better

Playing Dress-Up? How to Train to Spot Websites in Disguise

Priority Health members informed of EyeMed incident, no fraudulent activity detected

Pro-Putin hackers behind Buckingham Palace cyber attack also sent NHS threats

Pro-Russia hackers claim responsibility for crashing British royal family's website

Proactive Security Practices for Digital Banking

Prospect Medical Holdings, Inc. Announces Data Breach Affecting 190k Employees and Dependents

Ransomware delayed pay for school staff in Arizona county

Ransomware Evolution Requires Teamwork from All Healthcare Stakeholders

Ransomware gangs now exploiting critical TeamCity RCE flaw

Royal Family Website Downed by DDoS Attack

Royal family website hit by cyber attack

Royal Family Website Targeted in DDoS Cyber-Attack

Royal Family’s Website Targeted by Denial-of-Service Attack

Safeguarding financial institutions from nation-state attacks

Seaports in India were left vulnerable to takeover by hackers

ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year

Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses

Smishing, vishing and phishing: The most confusing digital terms explained

Some Prospect Medical Hospitals in Dire State, Post-Attack

South Africa: State Security Agency (SSA) spooked after daring cyber attack

Staying protected and compliant in an evolving IT landscape

Survey Sees More Cyberattacks Targeting APIs

Texas amends data breach reporting requirements

The CVE-2023-5217 Deja Vu - Another Actively Exploited Chrome Vulnerability Affecting a WebM Project Library (libvpx)

The Future of Computing is...Confidential

“The Phantom Hacker”: FBI San Francisco Warns Public of New Financial Scam

The top 9 cyber security incidents in September 2023

'Think before you click' - Gardaí release tips on how to avoid falling victim to scammers

Threat Groups Accelerating the Use of Dual Ransomware Attacks

UK Royal Family Website Hit by DDoS Attack from KillNet

UK trio among 12 new LockBit ransomware victims?

Unmasking Zanubis: banking trojan's sneaky evolution and cryptocurrency threats unveiled

US, UK, and Democratic Nations Unite to Combat Cyber-Threats to Civil Society

Vi Living Confirms Recent Data Breach Affecting More than 61k Residents’ Sensitive Information

Virginia school district open despite LockBit ransomware attack

Why the Royal Family website was the target of a cyber attack

Windows Server Running SMB over QUIC Let Attacker Launch DoS Attacks

Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users