Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 4 March 2024

Data Breaches Digest - Week 10 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 4th March and 10th March 2024.

10th March

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages

These Crypto Scams Stole $47 Million from 57,000 People in February

9th March

Cyber attack: Exam boards told to introduce new security measures

Fidelity Faces Second Data Breach Linked to Third-Party Provider: Infosys McCamish

Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data

Health industry struggles to recover from cyberattack on a unit of UnitedHealth

International Women’s Day: Malware-infected websites & phishing pages targeting women

Leicester City Council shut down its computer systems and phone lines over "cyber incident"

Magnet Goblin hackers use 1-day flaws to drop custom Linux malware

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft Warns of Hacker Group’s Attempt to Breach its Systems

Microsoft warns of ongoing Russian hacker attempts to breach its systems

Microsoft warns Russian hackers are using execs' stolen emails to broaden cyberattacks

Paysign investigating reports of consumer information data breach

Ransomware Group Stormous Takes Responsibility for Cyberattack on Belgian Brewery

Redirection Vulnerability In ‘Indeed.com’

Scam revenue declines as phishing and romance scams increase

The clowns and fools behind ransomware attacks

UnitedHealth paid $22 million ransom to recover data

8th March

All stolen Lurie Children’s data claimed to be sold by Rhysida

ALPHV/BlackCat affiliate behind Change Healthcare attack examined

Are You Ready to Protect Your Company From Insider Threats? Probably Not

Assurance IQ Data Breach Affects an Unknown Number of Consumers

Banning Ransom Payments: Calls Grow to 'Figure Out' Approach

Belgium’s largest coffee roaster falls victim to cyber attack

Blackbaud data breach could result in class action lawsuit

BlackCat claim responsibility for Prudential cyberattack

California-Based Kids Care Dental & Orthodontics Experiences Data Breach Following Cyberattack

Capita suffers a £106m loss to a ransomware attack, plans to cut costs across the board

Change Healthcare begins to restore service after cyberattack – as lawsuits begin

Change Healthcare brings some systems back online after cyberattack

Change Healthcare Class Action Lawsuits Filed Over Data Breach

Change Healthcare cyberattack fallout continues

Change Healthcare Gets Pharmacy Systems Up After Ransomware Attack

Change Healthcare hacker may be linked to China espionage gangs

Change Healthcare registers pulse after crippling ransomware attack

Change Healthcare Restores Pharmacy Services Disrupted by Ransomware

China biotech firms amass Americans' genetic data, lawmakers warn

Chinese Evasive Panda Targets Tibetans with Nightdoor Backdoor

CISA expresses concerns with VPNs, and security leaders respond

CISA forced to take two systems offline last month after Ivanti compromise

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

CISA, FBI + MS-ISAC Issue Warning on Phobos Ransomware

Cisco Fixes High-Severity Code Execution and VPN Hijacking Flaws

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

City of Hamilton confirms Feb. 25 cybersecurity incident was ransomware attack

Critical Fortinet flaw may impact 150,000 exposed devices

Crypto Ransomware & Tornado Cash Emerge as Standouts in Cybercrime

Cybercrime and social housing – the risk is real

Data breach hits Jersey financial regulator, exposing non-public information

Dominican Republic: Adess cyber assault by hacker group ‘Blackcat’

Dozens of data brokers disclose selling reproductive healthcare info, precise geolocation and data belonging to minors

Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign

Duvel ransomware attack admitted by Stormous operation

FBI: Cybercrime Epidemic Costs Americans $12.5 Billion in 2023

FBI, CISA, and HHS Warn Healthcare Organizations of Targeted ALPHV/BlackCat Ransomware Attacks

How Does Cyber Security Work?

How new and old security threats keep persisting

How to prevent and recover from a ransomware attack?

Immediate AI risks and tomorrow’s dangers

Interior Health Contacting Former Employees Following Data Breach

Interior Health issues alert on employee data breach amid Royal Canadian Mounted Police (RCMP) investigation

Jersey’s financial services regulator suffers data breach

JetBrains vulnerability actively exploited in the wild: CISA urging users to patch

Law Firm Sues MSP Over Black Basta Ransomware Attack

Legitimate Services, Malicious Intentions: Getting the Drop on Phishing Attacks Abusing Dropbox

Leicester City Council IT system shut down as precaution due to cyber incident

Leicester City Council says 'cyber incident' forced phone lines and IT systems to be shut down

Leicester City Council systems shut down after 'cyber incident'

Leveraging AI and automation for enhanced cloud communication security

Lurie Children’s Hospital Restores EHR System a Month After Ransomware Attack

Maryland medical providers still assessing impact of United Healthcare cyber attack

Microsoft: Russians are using stolen information to breach company’s systems

Microsoft Confirms Russian Hackers Gained Access To Source Code And Internal Systems

Microsoft says a Russian hacker group got access to some of its source code repositories

Microsoft says Midnight Blizzard hacker group accessed source code and internal systems in January cyber attack

Microsoft says Russian hackers breached its systems, accessed source code

Microsoft Unveils Ongoing Efforts Against Persistent Russian Hackers and Data Breach Fallout

Overcoming the AI Privacy Predicament

Password pirates are after PetSmart accounts

Phantom Hacker Scams On The Rise, Target Elderly

Phishing scam reaches the inboxes of some Paso Robles residents

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration

Production of Duvel beer hit by cyber-attack

QEMU Emulator Exploited as Tunneling Tool to Breach Company Network

QNAP warns of critical auth bypass flaw in its NAS devices

Ransomware attack downs City of Hamilton's online payment systems and public computers

Ransomware Fraud Alert: Beware! Malware Attacks Can Empty Your Bank Account, Learn How to Protect

Russia claims of US cyber offense surface on X

Russian Hackers Access Source Code in Ongoing Attack on Microsoft

Scammers Deploy Emotional Tactics in Facebook Phishing Traps

Senator Calls for Emergency Funds for Hospitals Amid Cyber Attack

Sex, booze, and bribes: a sordid look inside a Chinese hacking company

Sharp rise in number of novel social engineering attacks

Significant Swiss government data leak conducted by Play ransomware

South Africa: Companies and Intellectual Property Commission (CIPC) restores IT systems after data breach, but security concerns linger

Swiss cheese security? Play ransomware gang milks government of 65,000 files

Tesla can be hacked via Man-in-The-Middle (MiTM) phishing attack

The Change Healthcare attack: Explaining how it happened

The rise of cyberattacks on financial institutions highlights the need to build a security culture

This simple, straightforward car insurance phishing scam is so basic, it's actually working really well

Top Ransomware Gangs In Disarray After Health Care, Georgia Hack

UC San Diego Health Notifies Patients of Phishing Event

UniCredit fined EUR 2.8 million for data breach

UniCredit hit with £2.3 million fine for data breach

UnitedHealth brings some Change Healthcare pharmacy services back online

UnitedHealth Rebuilds Halted Services Following Ransomware Attack

UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit

Unsecured Video Doorbells Sold on Major Platforms: Millions at Risk of Hacking

What do cities face when hit by a ransomware attack? Cyber experts explain, as Hamilton issue continues

What Is DNS Spoofing? + 5 Tips to Prevent It

7th March

78% of MSPs identify cybersecurity as prime IT challenge

A cybercriminal is sentenced, will it make a difference?

Alarm Over WordPress Zero-Day Vulnerability: Alleged Exploit Endangers 110,000 Websites

American Express announces data breach

AnyCubic fixes exploited 3D printer zero day flaw with new firmware

Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks

Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks

Duvel halts production following ransomware attack - but don't worry, it says there's still plenty of beer

Evasive Panda Targets Tibet With Trojanized Software

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

Five Unintended Consequences of the New SEC Cybersecurity Disclosure Rule

Flipper Zero WiFi attack can unlock and steal Tesla cars

Former Google Engineer Charged With Stealing AI Secrets

Google employee charged with stealing AI trade secrets

Google engineer caught stealing AI tech secrets for Chinese firms

Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks

Human vs. Non-Human Identity in SaaS

Hundreds of Rogue Users Added to Unpatched TeamCity Servers

Iran-linked ‘Lord Nemesis’ group appears intent on intimidating Israeli organizations, report says

Large online dictionary leaks nearly 7 Million records

Lithuania warns China has ramped up espionage campaigns

National Security Agency (NSA) Issues Guidance for Enterprises Adopting Zero Trust

New Python-Based Snake Info Stealer Spreading Through Facebook Messages

New research uncovers an emerging malware campaign

New SSH-Snake Worm-Like Tool Threatens Network Security

New York's Northeast Orthopedics says December data breach impacted close to 180,000 patients

Play ransomware leaked 65,000 Swiss government documents, investigation finds

Ransomware Attackers Leak Sensitive Swiss Government Documents, Login Credentials

Ransomware gang claims to have made $3.4 million after attacking children’s hospital

Remote Access Trojans (RATs) Spread Via Fake Skype, Zoom, Google Meet Sites

Researcher found millions of 2FA codes spilling online for tech giants

Rhysida ransom gang sells child patient data

Stormous claims cyberattack on Belgian brewer

Stormous ransomware gang takes credit for attack on Belgian brewer Duvel

Switzerland: Play ransomware leaked 65,000 government documents

Tibetans targeted by China-linked supply chain attacks using malicious language translators

Today’s biggest AI security challenges

Top US university data for sale on dark web

Tycoon and Storm-1575 Linked to Phishing Attacks on US Schools

U.S. lost record $12.5 billion to online crime in 2023

UnitedHealth paid an £18.3m ransom to the BlackCat group to recover stolen files

US Ransomware Losses Surge 74% to $59.6 Million in 2023

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware

Web-based Programmable Logic Controller (PLC) malware: A new potential threat to critical infrastructure

Why Ignoring Vulnerability Prioritization is a CISO’s Worst Nightmare

Xplain Hack Aftermath: Play Ransomware Leaks Sensitive Swiss Government Data

6th March

5 ways to keep API integrations secure

69% of financial services consumers prioritize fraud protection

AI tools put companies at risk of data exfiltration

Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries

Americans lost a record $12.5 billion to online fraud last year

Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)

Canada's anti-money laundering agency offline after cyberattack

Canadian city says timeline for recovery from ransomware attack ‘unknown’

Capita says cyberattack contributed to annual loss of more than £106 million

Critical TeamCity flaw now widely exploited to create admin accounts

Cyber Pros Turn to Cybercrime as Salaries Stagnate

Duvel says it has "more than enough" beer after ransomware attack

EU Agrees 'Cyber Solidarity Act' to Bolster Incident Response and Recovery

EU strikes political agreement on Cyber Solidarity Act in wake of Russian attacks

Europol, DOJ, NCA deny involvement in recent AlphV/BlackCat ‘shutdown’

Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout

Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs

Feds get second guilty plea in prosecution of Nigerian-led Business Email Compromise (BEC) case

Hacked WordPress sites use visitors' browsers to hack other sites

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Hackers impersonate U.S. government agencies in BEC attacks

Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

Healthcare Groups Push for Help in Wake of Ransomware Attack on Change

Insider-driven data loss incidents cost an average of $15 million

Insurance giant Fidelity hit by data breach - thousands of customers may have had data stolen

Law enforcement personnel say LexisNexis retaliated when asked to remove data

Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence

Moldova warns of Russian ‘hybrid attacks’ ahead of presidential election

New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities

New Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps

PetSmart warns of credential stuffing attacks trying to hack accounts

Renowned US Universities Targeted in Alleged Data Breach

Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign

TA4903 Phishing Campaigns Evolve, Targets US Government

The Critical Role of Real-Time Personal Cybersecurity in Thwarting Man-in-the-Middle Attacks

U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

US government to pay hospitals struggling in UnitedHealth hack, advocates want more

US Sanctions Predator Spyware Maker Intellexa

VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

Vodafone Egypt Outage: Cyberattack or Upgrade Hiccup?

Vulnerability Risk Management for External Assets

5th March

$100 million a day? Cash flow disruptions roil healthcare industry after cyberattack

ALPHV/BlackCat Ransomware Servers Go Down

American Express Clarifies Data Breach: Merchant Systems Impacted, Take Precautions

American Express Warns Credit Card Data Exposed in Third-Party Breach

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Authorities Strike: ALPHV/BlackCat’s New Leak Site Allegedly Confiscated by Law Enforcement

BlackCat ransomware shuts down in exit scam, blames the "feds"

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers

Cyberattack forces Canada’s financial intelligence agency to take systems offline

Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams

DDoS attacks against customers in the Americas increases by 196%

Discord military leaker pleads guilty, gets 16 years

Emerging Threats: Preparing for the Cybersecurity Challenges of 2024

'Exit scam' - hackers that hit UnitedHealth pull disappearing act

Following Taurus leak, Bundeswehr issues a statement using 1234 as password

GhostSec Evolves With Website Compromise Tools

Global Data Breaches and Cyber Attacks in February 2024 – 719,366,482 Records Breached

Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks

Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware

Human Error, Not Hackers, Top Cybersecurity Threat, Say CTOs

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

La Bonne Alternance Hit by Alleged Data Breach, Candidate Data Reportedly Exposed

Major data breach at Hathway Cable & Datacom Limited – Critical user data leaked on Dark Web!

Mr. Green Gaming Suffers Data Breach, Exposing Personal Information of 27,000 Users

New banking trojan spotted circulating among Brazilian targets

New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs

Organizations are knowingly releasing vulnerable applications

Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets

Report Uncovers Massive Sale of Compromised ChatGPT Credentials

Researchers Test Zero-click Worms that Exploit Generative AI Apps

Security leaders weigh in on the recent UnitedHealth cyberattack

TeamCity Users Urged to Patch Critical Vulnerabilities

U.S. sanctions Predator spyware operators for spying on Americans

Ukraine Claims it Hacked Russian Ministry of Defense (MoD)

UnitedHealth rumored to have paid $22M to ALPHV/BlackCat hackers

US sanctions Predator spyware makers for targeting government officials

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

Why cyber maturity assessment should become standard practice

4th March

1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked

95% believe LLMs making phishing detection more challenging

A Fake Ransomware Gang Claims It Extorted $85K, Calls Themselves Criminal Geniuses

Aetna Life Insurance Files Notice of Data Breach Impacting Tens of Thousands of Customers

ALPHV/BlackCat loses website after Change Healthcare breach

American Express Alerts Customers of Data Breach: Urges Vigilance Against Fraud

American Express card details exposed in third-party data breach

American Express Cardholders Impacted by Third-Party Vendor Data Breach

American Express credit cards exposed in third-party data breach

American Express credit cards EXPOSED in third-party vendor data breach - account numbers and names among details accessed in hack

American Express says customer data exposed in third-party breach

American restaurant chain Golden Corral says 2023 breach impacted 183k employees

American Vision Partners says data breach compromised the data of over 2.3m eye patients

As AI-Powered Phishing Gains Steam, Organizations Use Password Managers to Combat Threats

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

BlackCat Ransomware’s Bold Strike on Change Healthcare Risks Millions of Sensitive Records

Brazilian crypto influencer gets over $211,000 drained by airdrop-related phishing scam

Canada: London library 'almost fully recovered' from ransomware attack, CEO says

Change Healthcare attack latest: ALPHV bags $22M in Bitcoin amid affiliate drama

Chinese Hacker Group Targets Taiwan with Geopolitical Malware Emails: Cybersecurity Report Unveils

CISA Warns Phobos Ransomware Groups Attacking Critical Infrastructure

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

Cyber attack: Hackers steal confidential client information from auto software company Auxo, demand ransom

Cyber Attack on Auxo Threatens National Car Dealerships, Firm Seeks High Court Aid

Cyberattack on Change Healthcare Disrupts US Medical Sector, Urgent Calls for Ransomware Payment Ban

Cybersecurity Laws: Adapting to an Ever-Changing Threat Landscape

Epic Games Ransomware Attack Was Just a ‘Scam Operation’

Evolving cloud threats were observed in the last half of 2023

Exploit available for new critical TeamCity auth bypass bug, patch now

Fake Ransomware Gang Admits It Made Up Epic Games Hack

Federal Communications Commission (FCC) and crypto firms are being hit in advanced phishing attacks using fake Okta logins

Federal Communications Commission (FCC) Employees Targeted in Sophisticated Phishing Attacks

Former National Cyber Security Centre (NCSC) chief calls for ransomware payments ban, but cyber security experts aren't keen

Fresh call to ban ransomware payments divides cybersecurity experts

Fulton County services coming back on ‘rolling basis’ after LockBit attack

Georgia’s Largest County Is Still Struggling With January’s Cyber Attack; New Threats Launched From the LockBit Gang

Greece: Data Protection Authority (DPA) to investigate alleged data breach by conservative MEP

Greek EU Deputy Probed Over Voter Data Breach Claims

Hacker group admits Epic Games breach was scam to catch other criminals

Hackers steal Windows NTLM authentication hashes in phishing attacks

Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud

Hacking group claims Epic Games breach

Hacktivist Collective NoName057 Strikes European Targets

How Cybercriminals are Exploiting India's UPI for Money Laundering Operations

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

Industry in need of ‘immediate relief’ following cyberattack on Change Healthcare, hospital group says

Iowa electric, water utility says info of nearly 37,000 leaked in January ransomware attack

JetBrains releases urgent advisory on vulnerabilities affecting TeamCity

Latest Phishing Tactics Show Attackers Keep ‘Pushing The Envelope’

LockBit Hits Again: Renowned Fashion Brand Jovani Targeted in Ransomware Attack

LockBit Ransomware Bounty: US Offers $15 Million In Reward

LockBit Ransomware Group Expands Reach, Targets 8 New Victims

LockBit, Alphv/BlackCat highlight February ransomware activity

MEDUSA Ransomware Claims Cyberattack on Stoney Creek Furniture

Mobile-Driven Phishing Spoofs Federal Communications Commission (FCC), Cryptocurrency Giants

Mogilevich gang admits they faked Epic Games hack to scam other hackers, calls themselves “professional fraudsters”

Mr Green Gaming Community faces data breach: 27,000 members' details compromised

Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits Group Policy Object (GPO)

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials

New Yorkers Beware: Phishing Scams Mimic Tolls by Mail NY, Authority Warns

NoName Ransomware Claims Cyberattack on Denmark’s Key Websites

North Korea accused of hacking into chip makers

North Korea broke into South Korean chip equipment firms, Seoul's spy agency says

North Korea hacks two South Korean chip firms to steal engineering data

Ongoing Phobos ransomware threat prompts federal warning

Over 100 Malicious AI/ML Models Found on Hugging Face Platform

Phishers target Federal Communications Commission (FCC), crypto holders via fake Okta SSO pages

Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure

Predator Spyware Targeted Mobile Phones in New Countries

Ransomware attack behind over week-long City of Hamilton service disruption

Ransomware ban backers insist thugs must be cut off from payday

Ransomware group admits its Epic Games ‘hack’ was a hoax

Ransomware payments exceed $1 billion in 2023, reaching a record high

Ransomware Readiness: Steps to Boost Resilience for Your Business

Ransomware report reveals Caricom-wide attacks

Ransomware Ring Hits Pharmaceutical Industry, Limiting Drug Access for Millions of Americans

Risky business: why building the best line of cyber defence is key

Russia's chief propagandist leaks intercepted German military Webex conversation

Russian Operatives Expose German Military Webex Conversations

Scottish Ambulance Service investigates data leak: First responders' details compromised

ScreenConnect flaws exploited to drop new ToddlerShark malware

Securing Perimeter Products Must Be a Priority, Says National Cyber Security Centre (NCSC)

Self-Propagating Worm Created to Target Generative AI Systems

Should we ban ransom payments?

Some American Express customers’ data exposed in a third-party data breach

South Korea says semiconductor industry targeted by cyber-spies from North

TA577 Exploits NTLM Authentication Vulnerability

TalentLaunch Subsidiary, Alliance Solutions Group, Notifies 119,261 of Recent Data Breach

Threat actors hacked Taiwan-based Chunghwa Telecom

U.S. Government Offers $15 Million Bounty for Cybercriminal Masterminds Behind Ransomware Attacks

Ukraine claims it hacked Russian Ministry of Defense servers

US to probe if Chinese cars pose national data security risks

Virgin Hotels breach exposes thousands

WayForward Hit by Data Breach: Unreleased Game Prototypes Leaked Online

"We're scammers," Epic Games hack was fabricated; culprits explain why

WellNow Urgent Care Files Notice of Data Breach Following 2023 Ransomware Attack

Western National Notifies Consumers of June 2023 Data Breach

Yakima Valley Radiology Notifies 235,249 of Recent Data Breach Affecting