Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 22 January 2024

Data Breaches Digest - Week 4 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 22nd January and 28th January 2024.

28th January (Data Privacy Day)

17 Major Data Breach Cases Under Investigation, Says Nigeria’s Data Protection Agency

‘Akira' ransomware behind Bucks County emergency dispatch system cyberattack

Crypto Stealing PyPI Malware Hits Both Windows and Linux Users

Data Privacy Day: Data Privacy Enforcement Changes Impacting Businesses in 2024

Don’t let QR codes scam you: After phishing, quishing attacks on the rise

Exploits released for critical Jenkins RCE flaw, patch now

Massive Data Breach: Personal Information of 750 Million Users, Including Indians, Exposed on the Dark Web

Medusa ransomware attack hit Kansas City Area Transportation Authority

Swedish Government May Take Weeks to Recover from Ransomware Attack

Trello data breach exposes 15 million users' details on Dark Web

Ukraine Claims Destruction of 280 Russian Servers, 2 Petabytes Lost

27th January

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats

Data Privacy Week: Can Businesses Navigate the PII Labyrinth in the Age of Cyber Threats?

Kansas public transportation authority hit by ransomware

National Security Agency (NSA) found illegally buying private data of Americans

Ohio Lottery - Information Leaked in Cyber Attack

Ottawa-based cyberfraudster sentenced to 2 years

QR Phishing Alert: Government Alerting Citizens to Deceptive Quishing Scams

Shadowy world of ransomware-for-hire revealed by online account activity linked to the Medibank hack

26th January

23andMe confirms attackers stole raw genotype data

23andMe didnt notice data breach for months according to legal filings

23andMe’s data breach: cyberattack was missed for months

40% of litigators say data privacy disputes increased in 2023

Akira ransomware gang claims Lush cyber attack

Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist

Algorand CEO’s Social Media Hacked, Racial Slurs and Misinformation Posted

Algorand CEO's X account compromised, hacker posts satirical tweets

Algorand Foundation CEO Falls Victim to X (Twitter) Hack

Algorand Foundation CEO’s X Account Hacked

Algorand Foundation CEO’s X Account Hacked, Urges Caution

Algorand X account hacker brags they’re still in control after ‘taking a nap’

Anthropic data breach: account information misdirected to third-party

Artificial Intelligence to Amplify Global Ransomware Threat, Warns UK Government Agency

Budget cuts loom for data privacy initiatives

China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage

Class action alleges Massachusetts hospital responsible for December data breach

Columbus Regional Healthcare System Reports 133K Record Data Breach

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Cyber attack disrupts Nevada Gaming Control Board website

Cybersecurity researchers discovered database breach contained more than 26 Billion leaked records

Data Breach at Navvis & Company Affects 462k Customers of Hawaii Medical Service Association

Data breach exposes details of over 3.5 million FreshMenu customers

Data breach may extend to Fiji; public urged to secure online accounts

Data Privacy Week: Companies are Banning Generative AI Due to Privacy Risks

Data theft plaguing K-12 schools after holiday season attacks

Decoding the true cost of cyberattacks and the financial forces driving cybercriminals

Despite awareness, small businesses still highly vulnerable to cyber attacks

Developer jailed for aiding Trickbot ransomware behind $800M crypto theft

Equifax Text Scam, Netflix Payment Email, and Fake UPS Delivery Notification: Top Scams of the Week

EquiLend Confirms Cyber attack, Raising Concerns of Possible Data Breach

EquiLend confirms ransomware attack has crippled $2.4 trillion NGT trading platform

Equilend Ransomware Attack Puts Focus on Operational Resilience

Financial Industry Regulatory Authority (FINRA) receives reports from member firms about LockBit-related cyber incidents

Fort Lauderdale recovers $1.2 million it sent to phishing scammer

FreshMenu Faces Data Breach: Information of Over 3.5 Million Users Exposed

Hacker alleges to have stolen Telekom Malaysia’s customer database with ‘nearly 20 million effective user data’

Hacker Claims To Have Stolen “Nearly 20 Million Effective User Data” From Telekom Malaysia (TM)

Hacker mocks Algorand after maintaining control of CEO’s X account for 15 hours

Hewlett Packard Files Notice with SEC Confirming Recent Cyberattack and Investigates Possible Data Breach

Horne, LLP Files Notice of Data Breach Affecting Patients of University of Mississippi Medical Center

Huge Data Breach: 750M Users' Info, Including Indians, Exposed On Dark Web

Industrial Control Systems (ICS) Ransomware Danger Rages Despite Fewer Attacks

Information Commissioner’s Office (ICO) confirms data breach probe as UK councils remain downed by cyberattack

Jason's Deli says credential stuffing attack compromised the data of about 350,000 customers

Kahua Announces Data Breach Following Ransomware Attack

Kyiv data center says some services restored after attack affecting state-owned clients

Latest Cyberattacks Target Revenue Cycle, Financial Employees

Long passwords won’t protect your accounts, report finds

Longer passwords aren’t safe from intensive cracking efforts

Lovelace parent company notifying cyber attack victims

Lush claimed by Akira ransomware

Major Data Breach Exposes 26 Billion Records Across Major Digital Platforms

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Massachusetts Hospital Faces Class Action Over Christmas Cyber Attack

Microsoft Raises Red Flag For Others: Midnight Blizzard, A Russian State-Backed Hacker, On The Prowl

Microsoft reveals how hackers breached its Exchange Online accounts

Microsoft says Russian hackers used previously identified tactic to breach senior exec emails

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

Moses Lake Community Health Center Confirms Data Breach Related to Compromised Email Accounts

National Security Agency (NSA) purchase of Americans’ personal data from brokers is illegal, senator says

Nevada Gaming Control Board Website Target of Cyber Attack

Nevada Gaming Control Board’s website compromised in cyber attack

New Leaks Expose Web of Iranian Intelligence and Cyber Companies

New York FinTech giant EquiLend says cyber attack took portions of its network offline

Ohio Lottery services restored following data breach

OpenText Names the “Nastiest Malware”

QR Code Scammers are Changing Tactics to Evade Detection

Quebec City ambulance dispatch hit by ransomware attack

Ransomware Attack: Fitch Ratings Warns of Credit Implications As Cyber Attacks Pose Risks to Structured Finance Deals

Researchers Observe Increase in Emerging Ransomware Groups Targeting Healthcare

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

Sirius Federal Notifies an Unknown Number of Consumers of Recent Data Breach

Sweden Needs More Time to Recover From Series of Cyberattacks: What Did Akira Ransomware Gang Do?

Sweden's Riksbank Turns to Police Following Cyber-Attack On Tietoevry

Swedish central bank files police report after IT firm hit by ransomware attack

Telekom Malaysia (TM) files report after hacker claims stealing customer data

The 6 Key Ransomware Trends of 2023

The 23andMe data breach is getting messier by the day

The Misbourne School partially reopens after cyber attack

Third-party contractor leaks Anthropic account info just one day after the Federal Trade Commission (FTC) investigation

Thousands of Dark Web Posts Expose ChatGPT Abuse Plans

Trickbot Ransomware Developer Behind $833M Crypto Theft Gets Prison Term

Turkish hackers hijack cinema screens in Tel Aviv

Ukraine: Hack wiped 2 petabytes of data from Russian research center

Ukraine Arrests Hacker for Assisting Russian Missile Strikes

Ukraine’s security service detains member of Russian ‘Cyber Army’

UMC Health Notifies 127k Texas Residents of Recent Data Breach

Veolia’s Municipal Water division suffers ransomware cyberattack

‘We’re furious’: Seattle Housing Authority tenants get notice of October data breach

Web Vulnerability Submissions Exploded in 2023

Website claims responsibility of mass Thai data breach

What makes ransomware victims less likely to pay up?

Who is Alleged Medibank Hacker Aleksandr Ermakov?

Zero-day, supply-chain attacks drove data breach high for 2023

25th January

23andMe data breach: Hackers stole raw genotype data, health reports

164 million Vietnamese records found in world's historic data breach

198% Surge in Browser Based zero-hour Phishing Attacks

750 Million Indian phone numbers up for sale on dark web

2023 marked an 80 percent increase in ransomware activity

A Covert Cyberattack: MetaStealer Malware Targets US Asylum Seekers

"A limited amount of data has been published": Southern Water confirms ransomware attack as BlackBasta group claims responsibility

Addressing the Phishing Issue Within Manufacturing: Don't Take the Bait

AI expected to increase volume, impact of cyberattacks

AI Intensifying Global Ransomware Threat, Warns The NCSC

AI is hacker's delight while Operational Technology (OT) remains high-risk

AI predicted to boost global ransomware threat

AI Ransomware Will Surge in Next Two Years, UK’s GCHQ Warns

AI Will Fuel Rise in Ransomware, UK Cyber Agency Says

AI will increase volume and impact of cyberattacks in next 2 years says NCSC

Ardent Health Services Files Notice of Data Breach in the Wake of Ransomware Attack

Artificial intelligence Can Exacerbate Ransomware Attacks, Warns UK's National Cyber Security Center

BlackCat Hackers Hit Healthcare Provider BrightStarCare, Threaten Data Leak to HHS

Blackwood APT delivers malware by hijacking legitimate software update requests

Blackwood hackers hijack WPS Office update to install malware

Business Leaders Urged to Toughen Up Cyber Attack Protections

Call centers impacted, services continue after ransomware attack hits Kansas City Area Transportation Authority (KCATA) early Tuesday

China hackers hijack updates to plant NSPX30 spyware

China-Aligned APT Group Blackwood Unleashes NSPX30 Implant

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

Cisco warns of critical RCE flaw in communications software

City of Fort Lauderdale recovers $1.2 million after falling victim to phishing scam

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

Crypto Heist: Hackers Swipe $500K in Phishing Onslaught

Crypto Wallet Trezor Issues Major Warning About Phishing Attack Involving XRP and BTC

Crypto Wallets Drained Off $600K Due To Ignored Phishing Attack

Cyberattack shuts down Washington County's main computer server

Data Privacy Week: Navigating Data Privacy in the Age of AI

Data Privacy Week: US Data Breaches Surge, 2023 Sees 78% Increase in Compromises

Data Privacy Week: Will the US Adopt a Federal Data Privacy Law in 2024?

Des Moines Orthopaedic Surgeons Notifies Patients of Data Breach Caused by “Vendor Failure”

Emerging AI tech amplifies ransomware dangers, NCSC warns

Equilend hit by ransomware attack

EquiLend, Wall Street’s Stock Lendor, Hit by Cyberattack

Fighting insider threats is tricky but essential work

Global ransomware threat expected to rise with AI, NCSC warns

Government Security Vulnerabilities Surge By 151%, Report Finds

Hackers Stole $1.7B from Crypto Platforms Last Year

Hackers target WordPress database plugin active on 1 million sites

Hewlett Packard Discloses Russian Hackers Breached Cloud Email, Impacting Critical Business Areas

Hewlett Packard Enterprise (HPE) Discloses Cybersecurity Breach by Russian Hacker Group

Hewlett Packard Enterprise (HPE) Hacked - Investigating Cyber Attack Linked to Russian Nation-State Group

Hewlett Packard Enterprise (HPE) Says SolarWinds Hackers Accessed its Emails

How ransomware attacks at Kansas City hospitals threaten your privacy and health

How to Prevent Phishing Attacks with Multi-Factor Authentication

HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk

HP Enterprise breached by state-backed Russian hackers

HP Enterprise Discloses Russian Cyber Attack, Hack Linked to SolarWinds, Microsoft Breaches

HP Hacked by Russian ‘Cozy Bear’ Hacker Group

HPE’s corporate emails breached by Russian state-sponsored actor ‘Cozy Bear’

Identity Theft Resource Center 2023 Annual Data Breach Report Reveals Record Number of Compromises; 72 Percent Increase Over Previous High

iPhone apps abuse iOS push notifications to collect user data

Is AI Set to Supercharge Global Ransomware Threats?

Is Quishing the New Phishing? What it is and how to stay safe

Kansas State University Coming Back Online After Cyber Attack

Kansas State, Clackamas Community College respond to cyberattacks

Kasseika Ransomware Exploits Driver Functionality to Kill Antivirus

Large Mexican companies targeted by financially motivated hacking campaign

Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Major UK Water Provider Targeted By Bitcoin Ransomware Gang In Cyberattack

Massive cyber attack hits Ukrainian e-services

Massive data breach reveals 26bn records from LinkedIn, Snap, X, more

Massive Data Breach Unearthed Across LinkedIn, X And Snapchat

Microsoft Says State-Sponsored Attackers Accessed Senior Leaders’ Emails

Miracle leak exposes 11 million corporate messages

Mother of all Breaches: Unprecedented Data Breach Exposes 26 Billion User Records Of Twitter, Dropbox, Linkedin & Other Platforms

National Cyber Security Centre (NCSC) Warns AI Already Being Used By Ransomware Hackers

National Cyber Security Centre (NCSC) Warns That AI is Already Being Used by Ransomware Gangs

Navigating the evolving browser security landscape in 2024

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits

North Korea Hacks Crypto: More Targets, Lower Gains

Organizations are Embracing Cyber Insurance, But It’s Not Easy

QR Code Phishing Soars 587%: Users Falling Victim to Social Engineering Scams

Russian developer of Trickbot malware sentenced to five years in prison

Russian hackers breached Microsoft, HPE corporate maliboxes

Russian TrickBot malware dev sentenced to 64 months in prison

Sophisticated Phishing Scam Siphons $580K from Crypto Wallets

South Tees Hospitals NHS Foundation Trust reprimanded for “serious, harmful” data breach

Southern Water Confirms Data Breach Following Black Basta Claims

Southern Water says Black Basta ransomware attack compromised customer data records

St Vincent’s Health says there is ‘no evidence’ sensitive personal information was stolen by hackers in cyber attack

Stolen credentials are big business

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Telecom blackout hits Gaza, Israeli cell service cut by hackers

The Cybersecurity Horizon: AI, Resilience and Collaboration in 2024

The Sophistication of Cybercriminals Intensifies With Emerging Strategies for Cashing in or Causing Chaos

This massive data breach is being called “Mother of All breaches”

Tietoevry: systematic restoration work continues after the ransomware attack – first customer systems back up and running

Transformative Healthcare Sued Over Fallon Ambulances Service Data Breach

Trezor Issues Security Alert Post Phishing and Data Breach

Trezor Users Targeted by Phishing Emails Following Support Portal Breach

Trezor Users Targeted in Elaborate Phishing Scheme! Discover How the Latest Cyber Threat Almost Breached Security

Trezor Warns of Unauthorized Phishing Email Impersonating the Firm

Truepill hit with another class action over data breach

Ukraine: SSU detains hacker plotting cyberattacks on Ukrainian government websites and targeting Russian missiles toward Kharkiv

Ukrainian energy giant, postal service, transportation agencies hit by cyberattacks

Unauthorized phishing attempt targets Trezor users

Unveiling the Latest Threat: A MacOS Stealer Emerges on the Dark Web

US suffered cyberattacks from 168 threat actors in 2023

Users report new Trezor phishing emails days after support portal breach

Wall Street Stock-Lending Platform Crashes in Ransomware Attack

Wallet provider Trezor reports unauthorised phishing emails aimed at users

Washington County government, courthouse hit by cyberattack

Water services giant Veolia says ransomware attack impacted its North American backend systems

What is QR code phishing (quishing)?

Why cyber attacks are getting quicker and costlier

Why Microsoft’s Latest Breach is an Identity Threat Detection Wake-Up Call

With data breaches more common, know how to protect yourself

24th January

$2.4 trillion securities platform owner hacked. EquiLend admits “unauthorised access”

3.5 Million users' dinner habits exposed in data leak

26 billion private records leaked in ‘mother of all breaches’

26 Billion Records Exposed in Data Breach – How To Check if You’re Affected

AI Set to Supercharge Ransomware Threat, Says National Cyber Security Centre (NCSC)

AI to amplify global ransomware threat, warns GCHQ

Alleged Colombian Government Ministry Data Breach Sparks Concerns; Data Available For $1000

Artificial Intelligence Heightens Ransomware Threat, UK Cyber Security Center Warns

Attack on Swedish datacenter shocks multiple businesses

Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles

Aviation leasing company AerCap investigates ransomware incident

Black Basta claims hack on Southern Water

British intelligence warns AI will cause surge in ransomware volume and impact

Britons must 'strengthen defences' against growing threat of AI-assisted ransomware, cyber security chief warns

Browser-based phishing attacks increased 198% in H2 2023

Careful! This Facebook phishing scam wants your login info

ChatGPT Cybercrime Surge Revealed in 3000 Dark Web Posts

Cyber Attack Disrupts Classes at Clackamas Community College

Cybercrime will cost $12 Trillion next year, say experts

Cybercriminals stole $1.7 billion from crypto funds in 2023 as attacks proliferated

Double Eagle Energy Holdings Targeted by Hunters Ransomware Attack

EquiLend services knocked out by cyber-attack

EquiLend systems go offline amid cyber attack

Essential steps to prevent a ransomware attack

Exploit Code Released For Critical Fortra GoAnywhere Bug

Federal judge rejects NSO's effort to dismiss Apple’s Pegasus lawsuit

Fidelity National Financial Cyber Attack Exposed 1.3 Million Customers

Financial tech firm EquiLend says recovery after cyberattack ‘may take several days’

Finnish IT company Tietoevry blames Akira ransomware group for a major attack on its Swedish data centre

Global fintech firm EquiLend offline after recent cyberattack

Global ransomware threat expected to rise with AI, National Cyber Security Centre (NCSC) warns

Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters

Hewlett Packard Enterprise (HPE): Russian hackers breached its security team’s email accounts

Hewlett Packard Enterprise tells SEC it was breached by Russia’s 'Cozy Bear' hackers

Hewlett-Packard Confirms Data Breach by Russian-Backed Microsoft Hackers

Housing association confirms cyber attack

Huge Data Breach Exposes Estimated 2.6 Billion Records

Increased Volume and Sophistication of Cyberattacks Creating Higher Costs

Indian Legal Powerhouse S&A Law Hit by CL0P Ransomware Attack

Jason’s Deli Data Breach Exposes 344,000 Users in Credential Stuffing Attack

Kasseika Ransomware Using Bring Your Own Vulnerable Driver (BYOVD) Trick to Disarm Security Pre-Encryption

LoanDepot says ransomware attack compromised the data of 16.6 million customers

Menlo Security reports significant increase in browser-based phishing attacks in 2023

Major US, UK Water Companies Hit by Ransomware

Misbourne School closed due to cyber attack

‘Mother of All Breaches’: 26 BILLION Records Leaked

National Cyber Security Centre Study: Generative AI May Increase Global Ransomware Threat

NCSC warns ransomware attacks to intensify due to AI

News media, foreign affairs experts are targets of North Korean group’s latest campaign

One of world's largest water utility company hit by ransomware attack - water supplies could be affected, incident seems to have limited impact with no customer data leaks reported

Organizations invest more in data protection but recover less

Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

Proof-of-Concept (PoC) for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Putin's intel agencies lose internet, Ukraine IT Army takes claim

RailTel Under Siege: Dark Web User Claims Sale of Network and VPN Access

Ransomware Attack Targets Major North American Water Company

Ransomware Attacks Spotlight Need for FIs to Gauge Third-Party Risk

Ransomware defence for backups: Practical steps to ensure protection

‘Significant security loophole’ found in Google software container system

Software supply chain attacks are getting easier

Southern Water confirms cyber attack after Black Basta claims

State of Browser Security: Defending browsers against ever evolving zero-hour phishing attacks

Syracuse University agrees to settlement over 2020 data breach

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

UK Cyber Agency: AI Will Lead to More Ransomware Attacks

UK Cybersecurity Agency Says Scams Will Be Harder to Detect Due to AI

UK says AI will empower ransomware over the next two years

UK Water Utility Southern Water faces ransomware attack by Black Basta group

Ukrainian hackers claim attack on Russian scientific research center

Urgent call for cyber defence as AI-Driven Ransomware attacks surge, warns NCSC

VexTrio TDS: Inside a massive 70,000-domain cybercrime operation

Who pays, and why: A researcher examines the ransomware victim’s mindset

Why Bulletproof Hosting is Key to Cybercrime-as-a-Service

23rd January

26 Billion Records Compromised in Catastrophic Data Leak

88% of organizations use passwords as primary authentication method

2024 brings new risks, with cyber incidents in the spotlight

A new dawn: AI and cyber security

"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets

AerCap discloses cybersecurity incident

AI-driven cyberattacks and defences to create a battle of algorithms in 2024

Another phishing spree has hit crypto - ignore all emails about airdrops

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now

Australia: Government names, sanctions Medibank hacker

Australia Imposes Historic Cyber Sanctions on Russian Hacker for Medibank Ransomware Attack

Australia sanctions REvil hacker behind Medibank data breach

Australia Sanctions Russian Hacker Behind Medibank Breach

Australia, US, UK sanction Russian hacker over Medibank breach

Beware: Phishing Scams Target Crypto Users, $580K Stolen

Black Basta gang claims the hack of the UK water utility Southern Water

BlackBasta Ransomware Expands Victim List: Southern Water and Asahi Glass Co. Hit

Bon Secours Mercy Health, vendor hit with lawsuit after data breach

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

BreachForums owner Conor Fitzpatrick sentenced to 20 years of supervised release

Business leaders urged to toughen up cyber attack protections

Cambridge University Library (UL) begins restoration of legal deposit after hacking

CISA warns Apple users to update multiple products

Class Actions Filed Over Builders Mutual, Progressive’s Own Data Breaches

Columbus Regional Healthcare System says data breach impacted over 130,000 patients

Conditional QR Code Routing Attacks

Customer files class action over Comcast data breach

Cyber attack cases in India rise 15 per cent in 2023

Cyber Attack Cripples Bucks County 911 Communications Center

Cyber sanctions in response to Medibank Private cyber attack

Cybercriminals claim to have stolen data from Southern Water

Cybercriminals crave cookies, not passwords

Cybersecurity experts warn of new vulnerabilities affecting Apple, Atlassian and Fortra products

Data Breach Strikes Hathway: 41.5M Data Exposed

Data from Indian Online Gaming Platforms Teenpatti.com and Mpl.live on Sale

Data of 15 million Trello users scraped and offered for sale

Data Privacy Day sees phishing risk surge

Data Privacy Week: AI Has Put Data Privacy Top of Mind

Data Security: Leveraging AI for Enhanced Threat Detection and Prevention

Deepfake Phishing: The Dangerous New Face Of Cybercrime

DENHAM confirms cyberattack; swift response ensures minimal impact

Even more cyberattacks on hospitals!

Exploit released for Fortra GoAnywhere MFT auth bypass bug

Fortra warns of new critical GoAnywhere MFT auth bypass, patch now

French regulators levy €32 million fine against Amazon for surveilling employees

French Watchdog Slams Amazon with €32m Fine for Spying on Workers

From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks

Hacker claims 15 Million Trello client records exposed

Hacker Drains $2.5 Million BUSD from Uranium Finance Exploit

Hackers steal data of 7,300 students, employees of Carnegie Mellon University

Hackers Target Atlassian Confluence With RCE Exploits

Half of organizations have suffered a cyberattack or incident that prevented access to data in 2023

Here's why you need a unique password for every online lock

Identity-based incidents accounted for 64% of all incidents

In wake of 23andMe DNA data breach, privacy concerns reemerge

Japan Foods gets hit by ransomware attack

Jason’s Deli breach exposes almost 350K users

Jason’s Deli says customer data exposed in credential stuffing attack

Kaspersky forecasts dark web cyber-crime surge in 2024

Kasseika ransomware uses antivirus driver to kill other antiviruses

LoanDepot Cyberattack Update: Data of Over 16 Million Customers Exposed

LockBit Ransomware Gang Claims Subway as New Victim

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Malicious npm Packages Used to Target GitHub Developer SSH Keys

Massachusetts Hospital Faces Class Action Over Christmas Cyber Attack

Medibank hacker identified to be Russian national

Mega-Breach Database Exposes 26 Billion Records

Microsoft Says State-Sponsored Attackers Accessed Senior Leaders’ Emails

Navigating the New Waters of AI-Powered Phishing Attacks

Nearly 40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

New Cybersecurity Governance Code Puts Cyber Risks on Boardroom Agenda

New KnowBe4 Report Shows Major Spike in Public Sector Attacks in 2023

North Korean Hackers Attacking Cybersecurity Professionals to Steal Threat Research Reports

Organizations need to switch gears in their approach to email security

Personal Details Of 15 Million Trello Users Up For Sale

Phishing & Smishing: the Difference & How to Protect Yourself

Phishing and Vishing on the Rise in Trucking

Ransomware attacks surged by 45% in 2023, report finds

Russian Hackers Suspected Of Sweden Cyber Attack

Securities and Exchange Commission (SEC) Confirms Cyberattack on X Account via SIM-Swapping

Securities and Exchange Commission (SEC) Confirms SIM Swap Attack Behind X Account Takeover

Securities and Exchange Commission (SEC) says X account hack was due to SIM swapping

Southern Water: Cyber investigation

Subway Sandwich Chain Investigating Ransomware Group’s Claims

Suspected Pegasus spyware found on Togolese journalists’ phones

TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware

Trello API abused to link email addresses to 15 million accounts

'Tsunami' of AI-powered phishing, scams forecast in 2024

Twitter, LinkedIn and other platforms face massive data breach, 26 billion records exposed

Types of Medical Identity Theft and Ways to Protect Yourself

UK Gmail and Yahoo users beware - check your inbox for these dangerous new emails now

UK tells business leaders to ‘toughen up’ against cyberattacks

UK water giant admits attackers broke into system as gang holds it to ransom

UK, US and Australia sanction Russian citizen over Medibank hack

Ukraine’s largest mobile-only bank, Monobank, faces severe DDoS cyberattacks

Ukrainian police detain suspected cybercriminals behind bank fraud scheme

United States, Australia, and the United Kingdom Sanction Russian Cyber Actor Responsible for the Medibank Hack

US healthcare provider hack exposes patient records

VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates

Water facility operator says ransomware attack affected North America division

Water services giant Veolia North America hit by ransomware attack

What is Lateral Movement in Cybersecurity?

Why cyberattacks mustn’t be kept secret

Why is Cybersecurity Important?

Why Ransomware Payments Should Be Outlawed. (And Why They Shouldn’t Be)

22nd January

52% of Serious Vulnerabilities are Related to Windows 10

AerCap discloses cybersecurity incident

AerCap ransomware attack latest to hit aviation sector

Akira ransomware hits cloud service Tietoevry; numerous Swedish customers affected

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Apple fixes first zero-day bug exploited in attacks this year

Attackers can steal NTLM password hashes via calendar invites

BianLian Ransomware Group Strikes Again, Targeting Three U.S. Companies

Blackhawk data breach $985K class action settlement

BreachForums Admin Pompompurin Gets 20-Year Supervised Sentence

Chattanooga Imaging Notifies 569k Patients of Possible Data Breach Following Cyberattack

Chinese Espionage Group Has Exploited VMware Flaw Since 2021

CISA Emergency Directive Demands Action on Ivanti Zero-Days

Columbus healthcare provider: we were hacked

Cracked macOS apps drain wallets using scripts fetched from DNS records

Cyberattack attempts increased 104% in 2023

Data Privacy Week: Lack of Understanding, Underfunding Threaten Data Privacy and Compliance

Dawson James Securities Announces Data Breach After Unauthorized Party Accesses the Company’s IT Network

DDoS Barrage Hits Monobank, Ukraine’s Largest Mobile Bank, in Unprecedented Attack

DENHAM the Jeanmaker Confirms Cyberattack

Douglas County Libraries hacked by overseas criminal group

Federal Communication Commission (FCC) matches its data breach notification policies with US state regulations

Federal Trade Commission (FTC) Bans InMarket for Selling Precise User Location Without Consent

From Phishing to Friendly Fraud: Anticipating 2024’s Fraud Dynamics

Global cyber inequity skyrockets

Hackers Scammed $7.5 Million From HHS Grant Payment System

Hackers start exploiting critical Atlassian Confluence RCE flaw

Huge data leak dubbed the 'Mother of all Breaches' sees 26 BILLION records leaked from sites including Twitter, Linkedin, and Dropbox - here's how to check if you've been affected

InMarket is Second Data Broker to Settle with Federal Trade Commission (FTC) This Month

Ivanti: VPN appliances vulnerable if pushing configs after mitigation

Lincare Holdings data breach $7.25M class action settlement

LoanDepot cyberattack causes data breach for 16.6 million people

LoanDepot Data Breach Hits 16.6 Customers

LoanDepot ransom attack exposes sensitive data of 16.6M customers

LoanDepot ransomware attack exposes data on almost 17M customers

LockBit Ransomware Group Expands Operations with New Cyberattack Victims

Malicious web redirect scripts stealth up to hide on hacked sites

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed

New macOS Malware Targets Cracked Apps

New method to safeguard against mobile account takeovers

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

North Korean Hackers Weaponize Fake Research to Deliver RokRAT Backdoor

Prosecutors Add to Evidence Against Alleged Vastaamo Hacker

Russian cybercriminal sanctioned over Medibank data hack

Russian hackers behind Solarwinds breach accessed emails of senior Microsoft leaders

Russian is sanctioned over the hacking release of Australian health insurer client data

Russian sanctioned by Australia over Medibank breach

Russian Spies Brute Force Senior Microsoft Staff Accounts

Securities and Exchange Commission (SEC) Confirms SIM Swap, Lack of 2FA Helped Hacker Hijack Twitter Account

Securities and Exchange Commission (SEC) confirms X account was hacked in SIM swapping attack

Security; More than Awareness

Singing River Health System releases update regarding recent cyber-attack, falsely addressed letters

Slug slimes aerospace business AerCap with ransomware, brags about 1TB theft

Smartphone ambient light sensors allow spying

Subway Data Breach: LockBit Ransomware Gang Claims Responsibility

Thailand Court Blocks 9near.org to Avoid Exposure of 55 Million Citizens

The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads

The reality of hacking threats in connected car systems

Tietoevry ransomware attack halts Swedish organizations

Tietoevry, Finnish IT Giant, Hit by Cyberattack; Launches Probe

Trezor Data Breach Exposes Email and Names of 66,000 Users

Trezor Issues Security Alert Following Phishing Attack and Data Breach

Trezor support site breach exposes personal data of 66,000 customers

Ukrainian mobile bank sees a spike in ‘non-stop’ DDoS incidents

US footwear giant VF Corporation says December data breach impacted over 35 million customers

US Securities and Exchange Commission's X account hacked with 'SIM swapping,' agency says

Veon says compensation to customers for 2023 Kyivstar cyber attack could cost $95 million

Victim Loses $4.2 Million to Yet Another Phishing Attack

What Is The Main Cybersecurity Concern For School Districts?

Without clear guidance, SEC’s new rule on incident reporting may be detrimental