Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 29th April and 5th May 2024.
29th April
72% of CISOs believe AI solutions may lead to security breaches
90% of company attacks start with a phishing email
91% of ransomware victims paid at least one ransom in the past year
2023 Was the Year Threat Actors Disabused Our Trust in Digital
Agent Tesla and Taskun Malware Targeting US Education and Government Entities
AI is creating a new generation of cyberattacks
Avast fined nearly $15M for GDPR violations
Belarusian KGB allegedly breached, hackers dox over 8600 agents
Breaking 2FA authentication: demystifying your security
Britain bans simple passwords for smart devices
Catholic Diocese of Cleveland, Ohio announces data breach
Central Bank Argentina Data Breach: Hackers Allegedly Offer Customer Info for Sale
China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale
Chinese hackers are now using this tactic for spying
Collection agency Financial Business and Consumer Solutions (FBCS) warns data breach impacts 1.9 million people
Compounded Crisis: Change Healthcare’s Breach Escalates with New Threats
Cyber-Partisans hacktivists claim to have breached Belarus KGB
Cyber crooks ramp up credential stuffing attacks
Cybersecurity incident forces closing of London Drugs stores across Western Canada until further notice
Essex County Council Compensation Payouts Increase
Experts weigh in on Omni Hotel ransomware incident
Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank
Financial Business and Consumer Solutions (FBCS) data breach impacted 2 Million individuals
Hackers Exploit WP-Automatic Plugin Vulnerability, Threatening WordPress Site Security
Hackers Took Just 29-Days From IcedID Infection to Dagon Locker Ransomware
Hunters Ransomware Claims Two: Rocky Mountain Sales, SSS Australia Targeted
ICICI Bank glitch gave access to other clients’ credit cards
JP Morgan employees access sensitive information they weren’t supposed to see
Junk Gun ransomware infiltrates dark web
KageNoHitobito Ransomware Attacking Windows Users Around the Globe
Kaiser Permanente suffers a data breach that may impact 13.4M members
KaliHunt Groups Allegedly DDoS Attacks on US Airports and Baltic Countries
Kaspersky reveals email is primary gateway for phishing attacks
Lazarus Group Poses As Fenbushi Capital For Phishing Scams, Lures Users Via LinkedIn
Lazarus Group Strikes Again: New Crypto Phishing Scam Targets LinkedIn Users
London Drugs shuts down all western Canadian stores 'until further notice' following cyber incident
Moldova Government Hit by NoName Ransomware: Websites Down
Navigating Data Breach Communication: A Blueprint For Executives
Navigating personal liability: post data-breach recommendations for CISOs
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM
New banking malware gives hackers complete control of Android phones
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
New Ransomware Group “SpaceBears” Attacks: Multiple High-Profile Victims Targeted
New UK Smart Device Security Law Comes into Force
North Korea hackers Lazarus Group poses as Fenbushi partner on LinkedIn
Okta warns customers about credential stuffing onslaught
Okta Warns Customers of Credential Stuffing Barrage
Okta warns of surge in credential stuffing attacks
Paramedics' mobile numbers 'exposed' in data breach
Pennsylvania Insurance Department Urges Caution in Wake of Data Breach: Implications and Protective Measures
QNAP Unveils Three Critical Flaws in NAS Software Suite (CVE-2024-32764, CVE-2024-32766, CVE-2024-27124)
Report details impact of cyber attack on IT firm
Researchers Discover New Android Banking Trojan ‘Brokewell’ Disguised as Chrome Update
Researchers unveil novel attack methods targeting Intel’s conditional branch predictor
Romance scammers offer fake protection from sex offenders, FBI warns
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover
Security leaders respond to disruption of LabHost, a fraud website
Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack
Software supply chain risks for AI and ML models
SSS Australia falls victim to Hunters International ransomware gang
Staff taking legal action over Northern Ireland police data breach
States of Guernsey under investigation following data breach which saw 5,059 records leaked
Text phishing scam claiming unpaid tolls sent to Michigan residents
The Los Angeles County Department of Health Services disclosed a data breach
Thousands of PSNI officers and staff pursue legal action over data breach
Threat Actor Claims Sale of Dell Database Containing 49 Million Customer Records
UK becomes first country to ban default bad passwords on IoT devices
UK enacts IoT cybersecurity law
UK government introduces new laws in cyber-attack crackdown
UK’s new ‘world first’ laws crack down on smart gadget cyber attacks
‘Unprecedented Scale’ of Credential Stuffing Attacks Observed: Okta
USDoD Resurfaces with Alleged China Data Leak After Building New Content Delivery Network (CDN) Site
Voter Registration System Taken Offline in Coffee County Cyber-Incident
Washington State Casino Reopens Weeks After Apparent Cyber Attack