Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 25 December 2023

Data Breaches Digest - Week 52 2023

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 25th December and 31st December 2023.

31st December

5 common hacking tactics to watch out for in 2024

Android game developer’s Google Drive misconfig highlights cloud security risks

Attention Xfinity Users! Michigan Hit with a Massive Data Breach

ChatGPT-aided ransomware in China results in four arrests as AI raises cybersecurity concerns

CHI Memorial alerts patients of possible data breach

Chinese authorities arrest four in ransomware case involving ChatGPT

Giant Iranian online food ordering platform hacked

How ransomware could cripple countries, not just companies

How to protect your Android from a banking threat that bypasses fingerprint unlock and steals your PIN

Identity theft: Seven tips to defeat online fraudsters

Microsoft disables 'App Installer' used by hackers to spread malware

Rising threats: Cybercriminals unleash 411,000 malicious files daily in 2023

Security Researchers Develop Decryptor for Black Basta Ransomware

St Vincent’s cyberattack work of sophisticated criminals, say investigators

US Government issues ‘New Year’ scam warning to avoid your bank being emptied by crooks

What is Quishing (QR Phishing)?

30th December

Africa grapples with surge in digital fraud

Best practices for ransomware protection in hospital groups

Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks

Beware of the new Phishing Attack Which Uses Google Forms; Here's how the Tactic Works

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

Complex Phishing Campaign Targeting Government Entities: A Detailed Analysis

Compound Finance suffers a breach of its X account

Exploring the Impact of AIoT on Security

How to protect yourself from cyberscammers

INC RANSOM ransomware gang claims to have breached Xerox Corp

Latest bank scam makes its rounds in southern Ontario

Major mortgage provider struck by cyberattack

Malware Alert: Meduza Stealer Has a New Version and It’s All Over the Dark Web

New Black Basta decryptor exploits ransomware flaw to recover files

New Year 2024: Beware of Cyber Threats - AI, Deep Fakes, and Festive Frauds

Parking App Data Breach Risks Thousands of Users

Protecting Children’s Online Identity in the Wake of Cyber Attacks

St Vincent's Health Australia warns cyber attack forensics could "take some time"

The worst malware, security and privacy breaches of 2023

Turkey Probes Security Vulnerabilities in iOS Devices: A Global Data Privacy Concern

Unraveling the Intricacies of QBit Stealer: A New Information Stealer on the Market

Web3 Projects Lose $2,020,000,000 in 2023 to Hacks, Rug Pulls and Phishing Attacks

29th December

23andMe hit with another class action lawsuit over data breach

2024 Healthcare Cybersecurity: Mastering The Fundamentals

AI Cybersecurity in Healthcare: Key Risks and Security Measures

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks

API security in 2024: Predictions and trends

Australia’s Largest Car Dealer, Eagers Automotive Halts Service Due to Cyberattack

Australia's largest car dealer group targeted by cyber attack

Be more hacker-savvy in 2024

Bermuda: Government Warns Public of Ongoing Phishing Scam - A Call for Digital Vigilance

BlackBasta Ransomware Targets American Alarm, Claims Breach of Sensitive Corporate Data

Builders Mutual Insurance Company Sends Data Breach to Additional Victims

Canada: Phishing alert - Fraudulent texts demanding toll payments for Highway 25 bridge

CBS, Paramount-parent National Amusements reports hack affecting over 80,000 people

Common Crypto Scams You Should Be Aware Of

Compound Finance’s X account hacked, promotes phishing site to steal crypto

Computer Emergency Response Team of Ukraine (CERT-UA) Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

Costco Christmas Gift, iCloud, Australia Post, and Capital One: Top Scams of the Week

Countering AI-driven cyberattacks with AI-driven cybersecurity

Crooks push holiday misery with ‘Leaksmas’ release of 50 Million PII records

Cyberattack on Massachusetts hospital disrupted records system, emergency services

Cybersecurity stocks surged in 2023 amid rising attacks

DataNet Systems suffers data breach

Europe’s Largest Parking App Provider Informs Customers of Data Breach

Financial service industries suffer more cyberattacks than any other

Four Chinese individuals arrested for ChatGPT-made ransomware

Fred Hutchinson Cancer Center Files Official Notice of November 2023 Data Breach

Getting the Board on Board: Explaining Cybersecurity Return On Investment (ROI)

Google accounts may be vulnerable to new hack, changing password won’t help

Google Cloud fixes major security issue

Google Cloud says it has fixed a significant security flaw

Google data breach costs tech giant £4 billion

Google settles $5 billion consumer privacy lawsuit

Google to settle class action lawsuit alleging Incognito mode does not protect user privacy

Hackers expose masses of personal data on dark web during Christmas

Here is how to avoid scammers this festive season

Hospitals ask courts to force cloud storage firm to return stolen data

Indian IT Leaders Identify Security Gap in Data Policies

iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks

L’OrĂ©al Faces Potential Cyber Threat as R00TK1T Claims Data Breach

Liberty Hospital is still recovering systems days after cyber attack

LoanCare Issues Alert After Fidelity National Financial Data Breach Impacts 1.3M Individuals

Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

MFA for Small Businesses: Key to Secure Multifactor Authentication

Microsoft Again Halts MS-App Installer Protocol Amid Growing Malware Threats

Microsoft disables App Installer after observing financially motivated threat actor activity

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks

Microsoft disables vulnerable Windows component following malware campaigns

Microsoft Edge blocked 127 million phishing attacks and saved $4 billion for shoppers in 2023

Microsoft Storm-1152 Crackdown: Stopping Threat Actors

Mint Mobile Announces Customer Data Breach

Mortgage Company Data Breach Exposes More Than a Million Americans

New data reveals the states at highest risk of cybercrime

New malware found in analysis of Russian hacks on Ukraine, Poland

New wave of phishing SMSes scam 103 victims of S$161,000 in December

New York Hospitals in Legal Action to Recover Stolen Patient Data: A Deeper Look into Ransomware Attacks and Cybersecurity in Healthcare

Pan-American Life Insurance Group Reports 105,000-Record Data Breach

Parathon by JDA eHealth Systems Announces Data Breach Affecting an Unknown Number of Consumers

Pink Drainer Hackers Drain $4.4 Million in LINK

Press and pressure: Ransomware gangs and the media

Pro-Palestinian operation claims dozens of data breaches against Israeli firms

Retina Group of Washington Files Notice of Data Breach Affecting Over 455k Patients

Rising ransomware attacks on education demand defense readiness

Russia-linked APT28 used new malware in a recent phishing campaign

Russian Military Intelligence Blamed for Blitzkrieg Hacks

Russian Ransomware Group BlackCat Seized by US: Decryption Tool Distributed to Over 500 Victims

Serbia Stays Silent About Alleged Ransomware Attack on EPS

Sophos reveals 62% surge in ransomware attacks in 1 year

Spotify music converter puts users at risk

The popular probiotic drink company the latest to fall victim to cyber attack

Top ten biggest security incidents of 2023

Two more Xfinity customers file class action lawsuits following Comcast data breach

UAE Banks on AI to Boost Cybersecurity

Ukrainian hackers claim Ukrainian strike on Russian ship killed 74 soldiers

Vishing: the New Business Scam On the Rise

Why you need to extend enterprise IT security to the mainframe

World Council of Churches (WCC) hit by hackers

Yakult Australia Data Breach Sees Employee Files Leaked in Dark Web; DragonForce Blamed For the Attack

28th December

3 tips for securing your smart home network

5 pivotal cybersecurity trends for 2024

39 Percent of IT Professionals Say Phishing is the Most Feared Cyberattack

2023: A Cybercrime Report

A practical guide to measurable phishing simulation testing

After Tyson Foods Cyberattack, Snatch Ransomware Leaks Personal Data of Top Executives

ALPHV Ransomware Claims Cyberattack on US Firm Ultra Intelligence and Communications

Amnesty supports Apple warnings about Indian government and Pegasus spyware

Anonymous Central Claims Leaking Ukrainian Water Transport Data

Anonymous Sudan’s Alleged DDoS Attack Cripples Pinterest, Echoes Previous ChatGPT Cyber Assault

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

Australia: Eastern suburbs council warns library users of potential data breach

Australia Faces Cybersecurity Challenge Amid Alleged Cyberattacks on Prime Minister’s Website

Barracuda Gateways hit by another vulnerability

Blur Hit With Another NFT Phishing Attack In Less Than Two Weeks

Careless oversight of Linux SSH servers draws cryptominers, DDoS bots

Clash of Clans gamers at risk while using third-party app

Coppell-based mortgage and loan company says 14.7 million affected in data breach

Cybersecurity Concerns Heightened as Albania Parliament Faces Another Cyberattack

Cybersecurity in the Crosshairs: Persistent Threats in a Digital World

Cybersecurity Landscape Shifts: From Ransomware to Data Extortion

Cybersecurity teams need new skills even as they struggle to manage legacy systems

Decoding zero trust in endpoint security: A practical guide for CISOs

Eagers Automotive halts trading in response to cyberattack

Eagers Automotive Hit by Cyber Attack: Remains Confident Despite Disruptions

Eagers Automotive Hit by Cyber Attack: Trading Halt and Potential Data Breaches

Eagers hit with cyber attack

EasyPark discloses data breach that may impact millions of users

First American says funds secure despite cyberattack

Fred Hutchinson Cancer Center Lawsuits Mount After Cyberattack and Data Breach

From Ransomware to Data Leaks: 2023 A Year of Cyber Challenges for India’s Digital Infrastructure

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google to settle class action lawsuit alleging Incognito mode does not protect user privacy

Hacker drains over $1m from Levana Protocol

Hackers steal EasyPark client data

Here’s Why You’ll Hear About a Lot More U.S. Data Breaches in 2024

How fraudsters are using fake ‘missing persons’ social media posts to dupe public into sharing personal information

In Finance, Escalating Threats Require New Cybersecurity Strategies

Is the era of Ransomware coming to an end?

Kroll reveals FTX customer info exposed in August data breach

Microsoft disables app installation protocol abused by hackers

Microsoft disables MSIX protocol handler abused in malware attacks

Most Sophisticated iPhone Hack Ever Exploited Apple's Hidden Hardware Feature

Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS

New Android malware infects 330K devices via malicious apps on Google Play

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

North Face, Vans maker, claimed by ALPHV gang

Ohio Lottery disconnects key systems after cyberattack

Ohio Lottery Hit by Ransomware, Hackers Claim Theft of Employee and Player Data

Online Platforms Could Be Obligated To Erase Data Of Users Inactive For 3 Years

Operational Halt at First American Financial Corporation, Subsidiary After Cyberattack

Ransomware attack rises by 62%, says Sophos

Ransomware Group Claims 100 GB of Data Stolen From Nissan

R00TK1T Announces Cyberattack on Sanofi, Raises Alarming Human Experimentation Claims

Russian military hackers target Ukraine with new MASEPIE malware

Securing Networks: Addressing pfSense Vulnerabilities

Steam game mod breached to push password-stealing malware

The Biggest Cybersecurity Threats of the Year and How to Stay Protected

The source code for Grand Theft Auto 5 was sold for a mere two thousand dollars

Thousands of residents in affluent Sydney suburbs affected by cyberattack

Unveiling the true cost of healthcare cybersecurity incidents

US Seizes BlackCat Ransomware Site, Offering Decryption Tool

What Integris Health Patients Can Do After Data Breach

Why attackers love to target misconfigured clouds and phones

With car privacy concerns rising, automakers may be on road to regulation

Yakult Australia targeted in cyber attack, employee files published on dark web

Yakult Confirms Cyber Attack: Over 95 GB of data Leaked on Dark Web

27th December

4 largest healthcare data breaches of 2023

4 pillars to amplify your cybersecurity awareness

767 sex crime victims affected by Norfolk police data leak

2023 Business Impact Report: Small Businesses and Cyberattacks

Albanian parliament, telecom company hit by cyberattacks

Another blow to Rockstar Games after GTA V source code leaked

Barracuda fixes new ESG zero-day exploited by Chinese hackers

Barracuda Networks Grapples with Two Zero-Day Vulnerabilities in ESG Devices

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

Corewell Health had two data breaches in two months, over one million patients affected

Corewell Health reports data breach affecting 1 million patients

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Crypto thieves will deploy more convincing AI scams in 2024, firms warn

Cyber fraudsters target Kerala police, swindled Rs 25,000

Cyberattack Tempo Ratchets Up in Israel

CyberAv3ngers Offers 1TB of Alleged Israeli Electricity Data for 5 BTC

Data Breach Costs New York Presbyterian Hospital $300K

Data breach impacts over 1 million Corewell Health patients

Dozens of high-profile Israeli firms' websites hacked by pro-Palestinian group

Entertainment giant National Amusements says more than 82,000 affected by cyberattack

ESO Solutions Data Breach Update: ESO Solutions Announces Data Breach

Essential DDoS statistics for understanding attack impact

FBI Director Christopher Wray Exposes China's AI-Driven Data Theft Operations

Fidelity National Financial attack exposes more than 1.3M subsidiary customers

Hacker Who Leaked GTA 6 Sentenced to Life in Psychiatric Hospital

Hackers expose thousands of parking app users to data breach risk

Hackers stole nearly $2 billion in cryptocurrencies in 2023

High-profile Israeli firms' sites hacked by pro-Palestine group

Holiday hack: Cyberattack forces National Insurance Board of Trinidad and Tobago (NIBTT) to shut down offices

How Can You Avoid Online Scams?

How to build an effective cyber attack response plan

How to incorporate human-centric security

How to Safeguard Your Cell Phone from Cyber Threats

India targets Apple over its phone hacking notifications

Insomniac Games hack leaks Wolverine, Venom game details

iPhone Triangulation attack abused undocumented hardware feature

Iranian-Linked Hacks Expose Vulnerabilities of US Water System

Israel and Iran are waging a cyberwar in the shadows

Kyivstar Cyber Attack: Ukraine Telecom Operator Paralyzed

Let's Put (Zero) Trust In Our Educational Future

LockBit Hits Richmont University: Breach Details Uncertain

Lockbit ransomware disrupts emergency care at German hospitals

Mortgage firm LoanCare warns 1.3 million people of data breach

MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023

National Amusement, owner of Paramount and CBS, is hacked

National Amusements Reveals Data Breach Amid Backlash Affecting 82,000+

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

New Xamalicious Android malware installed 330k times on Google Play

Next Crypto Hack Trend: AI Scams, BRC-20 Exploits, and Sneakier Hackers

NoName057 Launches DDoS Attacks on Lithuanian Websites, Criticizes Support for Ukraine

Ohio Lottery cyber incident on Christmas Eve compromises mobile cashing

Ohio Lottery hit by cyberattack claimed by DragonForce ransomware

Panasonic discloses data breach after December 2022 cyberattack

Posting personal information online is bad for cybersecurity

Potential data breach impacts Integris patient data

Prolific Ransomware Groups Intentionally Switch on Remote Encryption for Attacks

Putin-backed gangs could launch 'devastating' attack on UK, warns expert

Ransomware attack forces temporary closure of National Insurance Board of Trinidad and Tobago (NIBTT) offices

RingGo, ParkMobile Owner EasyPark Suffers Massive Data Breach, User Data Compromised

Ryan Reynolds-backed Mint Mobile discloses data breach

Second Half of 2023 Threat Landscape Dominated by AI and Android Spyware

St Vincent’s Health Grapples with Major Data Breach: Over a Million Patients in Limbo

Three hacked German hospitals shut down systems, LockBit suspected

Through The 2024 Looking Glass: Navigating Advanced Cybersecurity Terrain

Thunder Terminal claims funds safe after $240K attack, hacker says otherwise

Thunder Terminal Mitigates Attack, FBI Called in for Investigation

Trinidad and Tobago: National Insurance Board (NIB) closes all offices after cyber-attack

Trinidad and Tobago: Ransomware attack forces closure of National Insurance Board (NIB) offices

Trinidad and Tobago social security agency hit with post-Christmas ransomware attack

Ukrainian hackers’ cyber attack on biggest enterprise management system results in million-dollar losses for Russia

US President Data Leak Speculations Surface Amid Claims by Snatch Ransomware Group

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

What construction companies can do to protect themselves against cyber attacks

Yakult Australia confirms 'cyber incident' after 95 GB data leak

Yakult Australia Suffers Data Breach Amidst Holiday Season, DragonForce Claims Attack

26th December

3 main tactics attackers use to bypass MFA

5 Wackiest Cybersecurity Stories of 2023

10 Essential Cybersecurity Practices You Should Know

Abdali Hospital Cyberattack: Hackers Demand 10 BTC Ransom After Breach

Albanian Parliament’s Website Survives Cyber Attack: No Data Loss Confirmed

Android users warned over dangerous malware that can bypass your passcode and track your app usage

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

Comcast’s Xfinity Faces Data Breach: Citrix Bleed Vulnerability Exposes 36 Million Customers’ Information

Cybersecurity threats that could wreak havoc in 2024

Daily Malicious Files Soar 3% in 2023, Kaspersky Finds

Data Breach at St Vincent’s Health Group: Over a Million Patients Left in Uncertainty

Data leaks, AI and ransomware topped the headlines in 2023

Federal Trade Commission (FTC) Warns of QR Code Scams Amid Rising Usage

Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack

Holiday Online Shopping Sparks Surge in Phishing Scams and Email Fraud

Insomniac Games Under Siege: Ransomware Attack Unleashes Chaos During Holiday Season

Instagram Cyberattack Exposes Vulnerabilities in Online Security

Integris Health patients get extortion emails after cyberattack

Israel: Cyber directorate unveils Iranian phishing attempt disguised as security software update

MS Wallet Drainer Has Siphoned Over $58 Million Using Google and X Phishing Ads

National Amusements Confirms Cyberattack; Paramount & CBS Parent Says 82,000 People Affected

New Cyber Directorate Report Shows Rise in Cyber Attacks Against Israel Since War Began

Paramount Global Parent National Amusements Reports Cyber Attack Affecting 82,000 People

Parliament of Albania was temporarily suspended after a Cyber Attack

Pirated Games Install Malicious Chrome Extensions, Affecting 1.5 Million Users

Prolific Ransomware Groups Intentionally Switch On Remote Encryption for Attacks

Rhysida ransomware group hacked Abdali Hospital in Jordan

RingGo, ParkMobile Owner EasyPark Suffers Data Breach, User Data Stolen

Rising Cyber Threats: The Importance of Cybersecurity Trends and Preventive Measures

Rockstar Games Cyberattack: GTA 5 Source Code and Employee Data Leaked

Rockstar Games Leak: GTA 5 Source Code, GTA 6 Files and Bully Sequel Allegedly Exposed

‘Shadow IT’ use by employees put more Indian firms at cyber attack risk

SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs

St Vincent's Health suffers data breach in cyber attack

The Danger of Overreliance on Automation in Cybersecurity

Time to Rethink Cybersecurity? Qualcomm Vulnerabilities Exploited

Top 10 Cybersecurity Predictions for 2024 and Beyond

Ubisoft Hackers Scrambled for 900GB of Data Before Foiled

University of Innsbruck Hit by Cyberattack: Personal Data of 23,000 Students Stolen

Use Of AI In DeepFakes Accelerating Risks To Companies

25th December

5 steps to navigate cyberthreats during this holiday season

Blockchain the key to combating North Korean cybercrime

Britons warned to watch out for QR code scams in sales as risk of ‘attacks’ rise

Burlington, Ontario, recovers most of $500K lost in 2019 phishing scam

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

Crypto scammers use 'wallet drainer' ploy on Google and X ads, rake in $59 million in phishing scams

Generative AI is forcing enterprises - and policymakers - to rewrite the rules of cybersecurity

Grand Theft Auto 5 (GTA 5) source code reportedly leaked online a year after RockStar hack

GTA V source code allegedly leaked in a tribute to jailed Lapsus$ hacker

Hacker Steals US$30,000 From Premier Tobacco Auction Floors

How many times are you going to think about ransomware in 2024?

Integris health becomes target of cyber-attack, patient data potentially compromised

Kaspersky predicts new exploits from APT actors in 2024

Major crypto hacks of 2023: how industry lost over $1b within minutes

Marvel’s Spider-Man 2 PC WIP Screenshots Were Leaked

Ministers fear a cyber attack cutting all our electricity – this is why

Mint Mobile Data Breach Exposes Customer Information

Morocco Ranks 15th Among Counties Most Vulnerable to Cyber Threats

Navigating the Crossroads of Cybersecurity: Passkeys and Biometrics

Over 15 cyber attack groups affiliated with Iran, Hezbollah or Hamas are operating against Israel, says National Cyber Directorate

Ransomware Leak Site Victims Reached Record-High in November

Scammers on the rise: three on-chain cybersecurity predictions for 2024

Securing Your Smartphone: Essential Security Practices Unveiled

Shocking Report Of Cyber Attack In India

The hidden cyber security risks of smart devices

The Intersection of IoT and Financial Security: Expert Tips for Protection

The latest data breach that compromised customer information has been confirmed by Mint Mobile

Top 5 Cybersecurity Trends to Watch Out for in 2024 and Beyond

Vietnamese Group Hacks and Sells Bedroom Camera Footage