Data Breaches Digest - Week 18 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 29th April and 5th May 2024.

29th April

72% of CISOs believe AI solutions may lead to security breaches

90% of company attacks start with a phishing email

91% of ransomware victims paid at least one ransom in the past year

2023 Was the Year Threat Actors Disabused Our Trust in Digital

Agent Tesla and Taskun Malware Targeting US Education and Government Entities

AI is creating a new generation of cyberattacks

Avast fined nearly $15M for GDPR violations

Belarusian KGB allegedly breached, hackers dox over 8600 agents

Breaking 2FA authentication: demystifying your security

Britain bans simple passwords for smart devices

Catholic Diocese of Cleveland, Ohio announces data breach

Central Bank Argentina Data Breach: Hackers Allegedly Offer Customer Info for Sale

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale

Chinese hackers are now using this tactic for spying

Collection agency Financial Business and Consumer Solutions (FBCS) warns data breach impacts 1.9 million people

Compounded Crisis: Change Healthcare’s Breach Escalates with New Threats

Cyber-Partisans hacktivists claim to have breached Belarus KGB

Cyber crooks ramp up credential stuffing attacks

Cybersecurity incident forces closing of London Drugs stores across Western Canada until further notice

Essex County Council Compensation Payouts Increase

Experts weigh in on Omni Hotel ransomware incident

Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank

Financial Business and Consumer Solutions (FBCS) data breach impacted 2 Million individuals

Hackers Exploit WP-Automatic Plugin Vulnerability, Threatening WordPress Site Security

Hackers Took Just 29-Days From IcedID Infection to Dagon Locker Ransomware

Hunters Ransomware Claims Two: Rocky Mountain Sales, SSS Australia Targeted

ICICI Bank glitch gave access to other clients’ credit cards

JP Morgan employees access sensitive information they weren’t supposed to see

Junk Gun ransomware infiltrates dark web

KageNoHitobito Ransomware Attacking Windows Users Around the Globe

Kaiser Permanente suffers a data breach that may impact 13.4M members

KaliHunt Groups Allegedly DDoS Attacks on US Airports and Baltic Countries

Kaspersky reveals email is primary gateway for phishing attacks

Lazarus Group Poses As Fenbushi Capital For Phishing Scams, Lures Users Via LinkedIn

Lazarus Group Strikes Again: New Crypto Phishing Scam Targets LinkedIn Users

London Drugs shuts down all western Canadian stores 'until further notice' following cyber incident

Moldova Government Hit by NoName Ransomware: Websites Down

Navigating Data Breach Communication: A Blueprint For Executives

Navigating personal liability: post data-breach recommendations for CISOs

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

New banking malware gives hackers complete control of Android phones

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

New Ransomware Group “SpaceBears” Attacks: Multiple High-Profile Victims Targeted

New UK Smart Device Security Law Comes into Force

North Korea hackers Lazarus Group poses as Fenbushi partner on LinkedIn

Okta warns customers about credential stuffing onslaught

Okta Warns Customers of Credential Stuffing Barrage

Okta warns of surge in credential stuffing attacks

Paramedics' mobile numbers 'exposed' in data breach

Pennsylvania Insurance Department Urges Caution in Wake of Data Breach: Implications and Protective Measures

QNAP Unveils Three Critical Flaws in NAS Software Suite (CVE-2024-32764, CVE-2024-32766, CVE-2024-27124)

Report details impact of cyber attack on IT firm

Researchers Discover New Android Banking Trojan ‘Brokewell’ Disguised as Chrome Update

Researchers unveil novel attack methods targeting Intel’s conditional branch predictor

Romance scammers offer fake protection from sex offenders, FBI warns

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Security leaders respond to disruption of LabHost, a fraud website

Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack

Software supply chain risks for AI and ML models

SSS Australia falls victim to Hunters International ransomware gang

Staff taking legal action over Northern Ireland police data breach

States of Guernsey under investigation following data breach which saw 5,059 records leaked

Text phishing scam claiming unpaid tolls sent to Michigan residents

The Los Angeles County Department of Health Services disclosed a data breach

Thousands of PSNI officers and staff pursue legal action over data breach

Threat Actor Claims Sale of Dell Database Containing 49 Million Customer Records

UK becomes first country to ban default bad passwords on IoT devices

UK enacts IoT cybersecurity law

UK government introduces new laws in cyber-attack crackdown

UK’s new ‘world first’ laws crack down on smart gadget cyber attacks

‘Unprecedented Scale’ of Credential Stuffing Attacks Observed: Okta

USDoD Resurfaces with Alleged China Data Leak After Building New Content Delivery Network (CDN) Site

Voter Registration System Taken Offline in Coffee County Cyber-Incident

Washington State Casino Reopens Weeks After Apparent Cyber Attack

ICICI Bank: Indian Bank's Accidental Mobile Banking App Data Breach Results In 17,000 Credit Cards Linked To The Wrong Customers

India’s ICICI Bank exposed thousands of credit cards to ‘wrong’ users

[Update] ICICI Bank blocks 17,000 credit cards after data breach

Ransomware Operator Claims - Week 16 2024

Welcome to last week's ROC Report, an exclusive summary of Ransomware Operator's global victims that were claimed during the period between 15th April and 21st April 2024, kindly assisted by our partners.

For further analysis on these (and any historic) Ransomware Operator Claims, including the Victim Names and Industry Sectors attacked, please use our PRiSM application.

Flag Icons created by Freepik and provided by Flaticon.

Data Breaches Digest - Week 17 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 22nd April and 28th April 2024.

28th April

Billion-Dollar Bank Facing Class Action Compliant After Data Breach Exposes Customers’ Names, Social Security Numbers and Other Sensitive Information

Canadian Pharmacy Becomes Latest Victim of Cyberattacks on Healthcare Businesses

Coffee County hit by potential ransomware attack, officials say

Dutch cybersecurity experts warning companies about global ransomware attack

Essex County Council 'data breach' settlements revealed

Leaked LockBit builder-based ransomware impersonates employees and self-spreads

London Drugs closes stores until further notice due to cyberattack

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Threat Actor Selling for Exploit: Claims Access to Customer Data from Apple, Samsung, and 100+ Companies

US Post Office phishing sites get as much traffic as the real one

Why ICICI Bank Blocked 17,000 Credit Cards: Massive Data Breach Exposed!

27th April

17000 Credit Cards Blocked by ICICI Bank for Data Breach

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Cleveland Catholic Diocese confirms data breach

Data breach tsunami hits Australia

Hacker Group Claims It Penetrated Belarusian KGB Network

Hackers may have accessed thousands of accounts on the California state welfare platform

International Survey Reveals Over 70% Of Firms Fear Cyber Attack

Japanese police create fake support scam payment cards to warn victims

Kaiser notifies millions of its members of a privacy data breach

Okta warns of "unprecedented" credential stuffing attacks on customers

Ransomware attacks occur on average every 11 seconds

StarWallets Faces Major Security Breach: Hacker Exploits Vulnerability to Steal Significant BNB Liquidity

Threat Actor Allegedly Offers Database and Source Code of Egypt-Based Lucky App for Sale

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

26th April

7-Year-Old 0-Day in Microsoft Office Exploited to Drop Cobalt Strike

90% of company attacks start with a phishing email

93% of security leaders anticipate daily AI attacks by 2025

5,000 officers and staff involved in legal action after PSNI data breach

17,000 ICICI Bank credit cards blocked after data breach

AI, quishing and multi-channel attacks top phishing trends

AI-Powered Cyber Attack Predicted to Increase, Particularly Phishing Attacks

Alleged Data Breach: Threat Actor ‘netnsher’ Claims Leaks of Nota by M&T Bank and TTEC Databases

Almost 5,000 officers and staff involved in legal action after PSNI data breach

Berry, Dunn, McNeil & Parker Announces Third-Party Data Breach at Reliable Networks of Maine Affecting Over 1.1 Million Consumers

BerryDunn suffers third-party breach, 1 Million affected

BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023

Blackstone Valley Community Health Care Announces Data Breach

Cactus Ransomware Exploiting Qlik Servers Vulnerability

Cactus Ransomware Group Targets Qlik Sense Servers

Catholic Diocese of Cleveland Data Breach Leaks an Unknown Number of SSNs and Other Confidential Information

Check Point says 90% of phishing attacks come via email

China-linked PlugX malware infections found in more than 170 countries

CISA Helps Critical Infrastructure Organizations Prevent Ransomware Attacks Through Pilot Program

CISA is rolling out its ransomware warning program soon

CISA Launches Ransomware Vulnerability Warning Pilot to Protect Critical Infrastructure

CISA to launch ransomware warning program this year

CISA Warns of High-Risk Flaws in Honeywell Products

CISA’s ransomware warnings helped patch 852 vulnerabilities

Cisco says hackers subverted its security devices to spy on governments

Cisco Targeted By Sophisticated State-Backed Hacker Group

Cyber attack anxiety apologies

Cyber claims increasing, despite underwriting refinement

Cybercrime ‘A Thriving Business’ as US Claims Frequency Rises

Cybersecurity researchers spotlight a new ransomware threat - be careful where you upload files

DDoS attacks continue, post-election, against Russian independent media site Meduza

Despite complaints, Apple hasn’t yet removed an obviously fake app pretending to be RockAuto

Disruptions to small practices’ operations remain ‘severe and ongoing’ months after Change cyberattack

El Salvador’s Chivo Wallet Hit by Cyber Attacks and Data Leak

Ensuring the Security and Efficiency of Web Applications and Systems

Essex County Council pay out £15,000 in data breach claims amid 'worrying' national rise

ExtraHop report shows Singapore firms vulnerable to ransomware attacks

Facebook and Instagram travel insurance scam warning

Fake job interviews target developers with new Python backdoor

Feds Bust Privacy-Centric Samourai Wallet Over BTC Money Laundering

Fraudsters using fake online dating verification apps to scam lovers

Glendale teachers surprised to find their taxes already filed - fraudulently

Hacker Group Claims It Penetrated Belarusian KGB Network

Hackers Abuse Autodesk Drive For Hosting Weaponized PDF Files

Hackers accessed more than 19,000 accounts on California state welfare platform

Hackers attacked Indian firms on average 2,444 times per week in last 6 months

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Hackers leak World-Check, sanctions, and crimes database

Health conglomerate Kaiser notifies millions of a data breach

Healthcare app exposes sensitive patient data

Hernando County Recovering from Easter Ransomware Attack

HunterInternational Ransomware Group Attacked Chicony Electronics. Compromising Data of Space X, HP, Google and Amazon

ICICI Bank blocks 17,000 credit cards after data breach

ICICI Bank takes action after credit card data breach, promises compensation to affected customers

ICICI Credit Card Fiasco Explained: ICICI Blocks 17,000 Credit Cards Due To Data Breach Concerns

Impact of organizational structure on ransomware outcomes: Where does your organization fit in?

Introducing Coconut Botnet: A Comprehensive Overview of Its Features and Pricing

Kaiser Discloses Health Insurance Data Breach

Kaiser Foundation Health Plan Data Breach Affects 13.4 Million

Kaiser health plan reveals data breach impacting millions

Kaiser notifies 13.4M individuals of data breach

Kaiser Permanente: Data breach may impact 13.4 million patients

Kaiser Permanente data breach may have impacted 13.4 million patients

Kaiser Permanente notifies 13.4 million members of data breach. City of Hope also reported breach

Kaiser reports 13.4 million people affected by data breach

Kaiser Reports Data Breach of Over 13 Million Current and Former Members

Kaiser’s Data Breach: 13.4 Million Affected in Healthcare Conglomerates Privacy Crisis

Kaiser’s website tracking tools may have compromised data on 13 million customers

Label working with Snoop Dogg and Iggy Azalea faces cyberthreat

Lamont Hanley & Associates Confirms June 2023 Data Breach Leaked Confidential Atrius Health Patient Information

LivaNova Begins Sending Data Breach Letters Following October 2023 Data Breach

Medical Tech Company LivaNova Reports Cyberattack Compromising US Patients Data

Major Japanese Freight Forwarder Kintetsu World Express Allegedly Hit by Data Breach

Microsoft credentials targeted by phishing campaign using Autodesk Drive

Most people still rely on memory or pen and paper for password management

Multi-Year Cyberattack: Chinese Hackers Suspected in Breaching Volkswagen

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

'No instances of misuse reported thus far': ICICI Bank blocks 17,000 credit cards after data breach

Omni Hotels Data Breach: Why Are Hackers Targeting Hotel Chains?

OracleCMS faces cyber security breach; data exposed by Lockbit 3.0

Over 850 Vulnerable Devices Secured Through CISA Ransomware Program

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Phishing attack compromises LA County Health Services data

Plasma donation company Octopharma says cyber attack disrupted its U.S. operations

Police Service of Northern Ireland (PSNI) data breach: Almost 5,000 officers and staff in legal action

Professionals beware: phishing scams are getting much more sophisticated

Ransomware attacks occur on average every 11 seconds

Ransomware Trends: What Businesses Need To Know

Record ransomware attacks in March 2024, report finds

Report sheds light on food and agriculture sector cybersecurity threats

Ring to Pay Out $5.6m in Refunds After Customer Privacy Breach

Russian Hacker Groups Claim Responsibility for Coordinated Cyber Attacks on Moldova

Severe Flaws Disclosed in Brocade SANnav SAN Management Software

SpaceX Data Breach Back From the Dead: Hunters International Posts Alleged Stolen Information

St-Jerome Company Targeted in Alleged Ransomware Attack by Everest Group

Stuxnet: the first true cyberweapon

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

Thousands of Qlik Sense Servers Open to Cactus Ransomware

Time to ditch eight-character passwords - they may no longer be enough in 2024

US health giant Kaiser hit by data breach - millions of customers informed they could be at risk

What is ransomware?

Why Federal Agencies Must Learn from the Cyber Safety Review Board Report on Microsoft

25th April

56% of cyber insurance claims originate in the email inbox

73% of SME security pros missed or ignored critical alerts

90% of company attacks start with a phishing email

Action needed amid escalating ransomware attacks, record-high payments

Alcohol sales disrupted in Sweden after reported ransomware attack

Alleged data breach exposes employee records linked to job recruitment platform Glints

ANONYM∅US Group Launches DDoS Attacks on Saudi Websites in Protest Against Alleged Israel Support

Asbury Automotive Group Announces Data Breach Leaking Consumers’ Social Security Numbers

AT&T Class Action Lawsuit Alleges Security Failures Led to Release of Social Security Numbers, Customer Data on Dark Web

Beware! Zero-click RCE Exploit for iMessage Circulating on Hacker Forums

Bharat Sanchar Nigam Limited (BSNL) Leaked Data Resurfaces with 2.9 Million Records Exposed on Dark Web

Bogus post office texts deliver a ‘shocking’ amount of traffic to scam websites

Business Email Compromise (BEC) and Fund Transfer Fraud Top Insurance Claims

Central Power Systems & Services’ Website Down After Alleged Hunters Group Cyberattack

Combatting ransomware-as-a-service

Crypto Crackdown: Samourai Wallet Founders Arrested for Laundering Over $100 Million

Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Detections

Cyberattacks on the rise - key recommendations

Department of Homeland Security (DHS) asked to consider potentially 'devastating’ impact of hacks on rural water systems

Department of Justice (DOJ) Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

DragonForce Ransomware Group Uses LockBit's Leaked Builder

East Sussex Council pays out £26,000 in data breach claims amid ‘worrying’ rise

FBI warns against using unlicensed crypto transfer services

Federal Trade Commission (FTC) issues refunds to Ring customers following privacy settlement

Frontier Communications Cyber Attack Shuts Down Systems, Leaks Personal Data

Google Patches Critical Chrome Vulnerability and Additional Flaws

Health insurance giant Kaiser will notify millions of a data breach after sharing patients’ data with advertisers

How a crippling cyber attack on a U.S. healthcare company is impacting Pueblo physicians

India: ICICI Bank blocks cards, assures compensation to affected customers in latest credit card data breach

India’s ICICI Bank exposed thousands of credit cards to ‘wrong’ users

"Junk gun" ransomware: the cheap new threat to small businesses

Kaiser Permanente reports data breach impacting 13.4M health plan members

LA County Health Services: Patients' data exposed in phishing attack

Leicester streetlights on day and night following cyber-attack

LivaNova alerts U.S. patients of data breach

More than 800 vulnerabilities resolved through CISA ransomware notification pilot

Network Detection and Response (NDR) in the Modern Cybersecurity Landscape

New Brokewell malware takes over Android devices, steals data

New DragonForce Ransomware Emerged From The Leaked LOCKBIT Builder

New Qiulong Ransomware Well-Equiped To Make Waves

North Korea hacking teams hack South Korea defence contractors

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

Oklahoma man sues EMSA after private info compromised in data breach

Online Banking Security Still Not Up to Par, Says Which?

OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

Popular File Transfer Software CrushFTP Hit by Zero-Day Exploit

‘Project Melissa’ coalition reveals victims of Cactus ransomware

Psoglav Ransomware Partnership: The New Ransomware Threat Encrypting Your Files

Qiulong Ransomware Group Targets Brazilian Surgeon Dr. Willian Segalin, Citing Privacy Concerns

RansomHouse on the Move Again: Hirsh Industries Latest Target

Ransomware activity spikes 20%, hospitals now in crosshairs

Ransomware Group BlackBasta Targets TRUE Solicitors

Ransomware threats escalating in Southeast Asia

Ransomware triggers cyberinsurance claims increase

Researchers Discover Connection Between LockBit and DragonForce Ransomware Builders

Researchers sinkhole PlugX malware server with 2.5 million unique IPs

Samourai Wallet founders charged for laundering over $100M

Scammers bypassing Google ad checks to impersonate real brands

Social housing provider reprimanded after data breach of antisocial behaviour case files

South Korean Defense Industry Under Siege by North Korean Hacker Groups

State Spies Exploited Cisco Zero-Days to Intrude Government Networks

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

Supplement maker hack allegedly exposes 1 Million customers

Team 1956 Claims Breach of Microsoft’s Confidential Data, Threatens Escalating Cyber Attacks

These SMBs are hot threat targets but they're shrugging off security help

Third-party ransomware attack threatens Sweden’s liquor supply

Threat Actor Allegedly Offers Access to Source Code of 150 Companies, Priced at $7000

Threat Actor Offers Database of Coppel for Sale

UnitedHealth admits to paying a ransom to regain access to Change Healthcare's systems

University System of Georgia says MOVEit Transfer breach compromised students' personal data

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

Warnings Issued on Potential Neighbourhood Watch Data Breach

WP Automatic WordPress plugin hit by millions of SQL injection attacks

24th April

2 Iranian Firms, 4 Individuals Sanctioned For Cyber Attack On US Companies

8Base Ransomware Group Launches Cyberattack on Bieler Lang GmbH, Threatens Data Leak

73% of security professionals failed to act upon security alerts

A Thorn in Attackers’ Sides: How Darktrace Uncovered a CACTUS Ransomware Infection

AI set to play key role in future phishing attacks

Analysts have identified the favorite attack method of the hacker group Lazarus Group

Anti-Trump PAC Lincoln Project scammed for $35,000 after vendor email hack

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks

AT&T facing 2nd class action lawsuit over major data breach exposing 70 million customers’ data

Attacker dwell time dips, but firms grapple with ransomware, zero day attacks

Australian organisations face surge in ransomware attacks

Bank fraud ‘call center’ gang busted in Ukraine

BlackRock: A New Hacker Collective Emerges, Threatening Digital Chaos

BlackSuit ransomware gang claims hack on Octapharma Plasma

Bugs in keyboard apps revealing what users type

Cactus Ransomware Hits Singapore Garment Giant Ghim Li Global

Carpetright shuts down network infrastructure following a ransomware attack

CISA ransomware warning program set to fully launch by end of 2024

Cisco and CrushFTP vulnerabilities need urgent patches

Coalition reveals uptick in cyber insurance claims driven by ransomware in 2023

Coast Guard Reserve deals with data breach amid cybersecurity push

Consequences of Data Breach: Understanding the Cost of Insecurity

CoralRaider Group Delivers Three Infostealers via CDN Cache

CoralRaider Hacker Evades Antivirus Detections Using Malicious LNK File

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

Dark web inundated by cheap ransomware tools

Data breach at Bega Valley Council's after-hours customer service provider

Diagnostics giant Synlab Italia shuts entire network following a ransomware attack

DirectDefense Report Sees Shifts in Cyberattack Patterns

Dutch Chipmaker Nexperia Suffers a Data Breach That Exposed Sensitive Information

Educational Computer Systems Announces Data Breach Affecting Multiple Schools and Colleges

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

ExtraHop finds 77% of Australian organisations made ransomware payments last year

Feds accuse founders of cryptocurrency mixer of ‘large-scale money laundering’

Fifth of CISOs Admit Staff Leaked Data Via GenAI

GenAI can enhance security awareness training

Glints Data Breach: Alleged Leak of Sensitive Employee Data from Singapore’s Recruitment Platform

Global attacker median dwell time continues to fall

Hacker exposes source code for El Salvador bitcoin ATMs

Hackers were inside Change Healthcare’s systems 9 days before attack

Ho Chi Minh City alerts Ransomware malware attacks

How to Avoid Phishing Attacks Within a Business

Hunt3r Kill3rs Group Allegedly Infiltrates Israeli Government and Military Systems, Threatens Further Attacks

Law Enforcement Operation Takes Down LabHost Phishing Service, UK University Students Among Suspects Arrested

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Malaysia records 69% decline in ransomware detections in 2023

March Witnessed Record-Breaking Ransomware Levels for 2024

Maximum severity Flowmon bug has a public exploit, patch now

Megazord Ransomware Attacking Healthcare And Government Entities

Microsoft: Russian APT 28 exploits Windows bug with GooseEgg tool

New Ransomware Group APT73 (Eraleign) Raises Alarms in Companies

Nigeria, Romania, Russia, U.S. Among Top Cybercrime Nations

North Korean hacker group Lazarus uses LinkedIn to steal crypto

North Korean Hackers Target Dozens of Defense Companies

North Korean Lazarus hacker group using LinkedIn to target and steal assets

Nothing Admits to 2022 Data Breach Exposing Community Emails

Nothing Community Confirms Data Breach of 2,250 Members

Nothing Confirms Data Breach But Assures Customers Don’t Have To Worry: Here’s What It Said

Personal details of 200,000 people at risk after neighbourhood watch system data breach

Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools

Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack

Proof-of-Concept (PoC) for critical Progress Flowmon vulnerability released (CVE-2024-2389)

RansomHouse Strikes Again: Banten Regional Development Bank Tbk Targeted

Ransomware Evolution - How Cheated Affiliates Are Recycling Victim Data for Profit

Ransomware Groups are Rebranding - As ‘Services’

Ransomware payments surpass $1 billion in 2023

Ransomware rampage - how to fight back against attacks

Ransomware Task Force: We Need to Disrupt Operations at Scale

Ransomware Victims Who Opt To Pay Ransom Hits Record Low

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Ring customers get $5.6 million in privacy breach settlement

Russian Hackers Claim Responsibility for Cyber Attack on Indiana Water Plant

Security bugs in a popular phone-tracking app exposed users’ precise locations

Security Leaders Braced for Daily AI-Driven Attacks by Year-End

Steer Clear of the Iceberg: Navigating the Waters of New SEC Cyber Regulations

Sweden facing dry weekend as ransomware hits alcohol supplier

Sweden's liquor shelves to run empty this week due to ransomware attack

Synlab halts services over ransomware attack

The hacker group CiberInteligenciaSV brings the government of El Salvador to its knees and publicly leaks the source code of the Bitcoin Chivo wallet

The Phishing Emails Students And Teachers Are Falling For

The street lights in Leicester City cannot be turned off due to a cyber attack

This ransomware cyberattack will cost the healthcare sector more than $1 billion

Threat Actor Claims to Sell Windows 0-Day Exploit for $100,000

Threat Actor Offers MongoDB Remote Code Execution (RCE) Exploit for $100,000, Claiming Unidentified 0-Day Vulnerability

Tietoevry: conclusions on the ransomware attack

U.S. Reveals Charges Against Iranian Nationals in Extensive Cyber Attack Plot

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

University Systems of Georgia data breach, personal information compromised

US charges Samourai cryptomixer founders for laundering $100 million

US Designates Iranian Cyber Actors Targeting Companies And Government Agencies

US Sanctions Iranian "Fronts" for Cyber-Attacks on American Entities

Verizon customers need to be on red alert as a phishing campaign aims to steal their money

Volkswagen Hacked - Hackers Stolen 19,000 Documents From VW Server

Welsh Government data system infiltrated by ‘hacker’

Why Banks Should be Taking Quantum Security Very Seriously

You've been notified by a hospital that your information was stolen. Now what?

23rd April

91% of Organisations Made Ransomware Payments Last Year

A cyber attack paralyzed operations at Synlab Italia

A Massive Cyber Attack Disrupts Operations Across Numerous French Municipalities

Akira ransomware made US$42m in ransoms before its first birthday

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Are We Ready for a Cyber Attack on Food and Farming?

Attacker dwell time down, ransomware up in 2023

Authentication failure blamed for Change Healthcare ransomware attack

Behavioral patterns of ransomware groups are changing

Binance Labs-backed Velvet Capital repels potential phishing attack

Binance’s Velvet Capital Quick Reaction to Phishing Threat: Decreased Crypto Scams, Increased Ransomware and Darknet Activities

Blackbyte ransomware group hacked Kisco Senior Living, stole the data of 26k customers

Can a VPN Be Hacked?

Carpetright unable to trade after cyber attack

Catholic Medical Center Hit by Data Breach, Affecting Nearly 2,792 Patients

Change Healthcare Confirms Paying Ransomware Hackers, But Patient Data Leak Might Still End Up on Dark Web

Chinese, Russian espionage campaigns increasingly targeting edge devices

CoralRaider attacks use CDN cache to push info-stealer malware

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Cyber-attack leaves Leicester street lights permanently on

Cyberattacks are on the rise, and that includes small businesses. Here's what to know

Data breach affects thousands at Kisco Senior Living

Data theft 'on an industrial scale' is group's goal in Asia-Pacific

Democratic People's Republic of Korea (DPRK) hacking groups breach South Korean defense contractors

Details of 200k people at risk after data breach at Neighbourhood Watch system used by Lancashire Police

Discord Data Breach Exposes User Conversations

Double-extorted Change Healthcare says “a substantial proportion” of Americans exposed

End-to-End Encryption Sparks Concerns Among EU Law Enforcement

Facebook death notices: How to spot phishing attacks hitting social media users

Familiar North Korean groups cited in cyberattacks against South Korean defense firms

Four Iranian nationals charged in cyber campaign against US firms

From Caesar to Cyberspace: The Growing Menace of Obfuscated Phishing Scams

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

Hacker Groups GLORIAMIST, LAPSUS, and Anonymous Warn of Impending French Ministry of Agriculture Database Leak

Hacker leaks source code for El Salvador Chivo ATMs

Hackers Are Already Selling Change Healthcare Ransomware Data

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

Hackers hijack antivirus updates to drop GuptiMiner malware

HelloKitty ransomware rebranded and back in business, looking for employees

How Long It Would Take A Hacker To Brute Force Your Password In 2024, Ranked

Increase of nearly 60 percent in phishing attacks

Is Your Password Strong Enough? Brute Force Attack on the Rise!

'Junk gun' ransomware: New low-cost cyber threat targets SMBs

Leicester City Cyber Attack Leads to Street Light Burning All Day & Night

Leicester streetlights take ransomware attack personally, shine on 24/7

Lessons Learned from the Toronto Transit Commission (TTC) Ransomware Attack

Microsoft says a Russian hacker group has been exploiting an old Windows Print Spooler issue

Microsoft Uncovers GooseEgg Malware: A New Weapon in Russian State Hackers’ Arsenal

Millions of Americans' Data Potentially Exposed in Change Healthcare Hack

MITRE cyber attack saw threat actors exploit Ivanti Connect Secure zero-days

Modern Phishing Techniques Surge, Report Urges Zero Trust Adoption

Mozilla finds that most dating apps are not great guardians of user data

Navigating the Rising Tide of Phishing and BEC Threats

Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins

New research discovers vulnerability in an archived Apache project

New Research Shows a Continuing Increase in Ransomware Victims

NHS board apologises for 'anxiety' following major cyber attack

Nothing Community Data Leaked; Email IDs, Display Names, And More Exposed

Nothing data breach: Company says it is an old vulnerability that has resurfaced now

Nothing data breach comes to light, affecting community members

Path of Exile Developers Warn about Phishing Post That Appeared on Steam

People doubt their own ability to spot AI-generated deepfakes

Phishing attacks up 60 percent driven by AI

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

Post-ransomware disruptions continue at California county library system

Preventing Ransomware Attacks at Scale

Ransomware Attacks Hit More Small Businesses Throughout 2023, Verizon Research Says

Ransomware attacks rise in global food & agriculture sector

Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor

Ransomware menace plagues Indian businesses

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

Russian APT28 Group in New “GooseEgg” Hacking Campaign

Russian hackers claim cyberattack on Indiana water plant

Russian hackers target 20 energy facilities in Ukraine amid intense missile strikes

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

Russian Sandworm Group Hit 20 Ukrainian Energy and Water Sites

Russian state-sponsored hacker used GooseEgg malware to steal Windows credentials

South Texas Oncology and Hematology Experiences Data Breach Following Cyberattack

‘Substantial proportion' of US had data stolen in Change Healthcare ransomware attack

SYNLAB Italia Acknowledges Potential Data Compromise Following Cyber Incident

This Website is Selling Billions of Private Messages of Discord Users

Threat Actor Offers Database of Spanish Synergym for Sale at $2600

Threat Actor Offers Extensive Database of Chinese iPhone and Huawei Users for Sale

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

U.S. Issues Visa Restrictions on Individuals Linked to Commercial Spyware

United Nations Development Programme (UNDP) says data breach at Copenhagen office compromised sensitive human resources data

United Nations investigating potential ransomware attack after data ripped from IT systems

UnitedHealth: Ransomware Attackers Stole Huge Amount of Data

UnitedHealth admits IT security breach could 'cover substantial proportion of people in America'

UnitedHealth confirms data breach at Change Healthcare impacting millions

UnitedHealth confirms it paid ransomware gang to stop data leak

UnitedHealth confirms major cyberattack, says hackers stole "substantial" amount of patient data

UnitedHealth Confirms Massive Ransomware Hack Affects ‘Substantial Proportion’ of Americans

UnitedHealth Confirms Paying Ransom to Secure Patient Data After Change Healthcare Cyberattack

UnitedHealth confirms ransom payment, reports $872 million impact from attack in Q1

UnitedHealth Data Breach: Many Americans Exposed on Dark Web

UnitedHealth Group: Patient data compromised despite paying ransomware

UnitedHealth Group admits to paying ransom after Change Healthcare cyber attack

UnitedHealth Group Faces Major Data Breach: Healthcare Information Compromised

UnitedHealth Group Ransomware Attack: Hackers Stolen Patients Data

UnitedHealth subsidiary’s data breach could impact ‘substantial proportion’ of Americans

University Systems of Georgia announces data breach, personal information compromised

Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

US accuses four Iranians of targeting defense contractors

US government sanctions Iranians linked to government cyberattacks

US imposes visa bans on 13 spyware makers and their families

US Imposes Visa Restrictions on Alleged Spyware Figures

US Pressures Iran Over Phishing Campaign Against Feds

Valley Mountain Regional Center Announces July 2023 Data Breach Affecting Patients’ SSNs

Velvet Capital Goes Offline to Allay Frontend Phishing Attack

Velvet Capital Went Offline To Stop Phishing Attack

Velvet Capital, Backed by Binance Labs, Temporarily Offline Due to Phishing Attack Risk

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

Zscaler report warns of AI’s growing role in sophisticated phishing attacks

Zscaler Research Finds 60% Increase in AI-Driven Phishing Attacks

22nd April

5 things to know about LabHost, the fallen SMS scamming empire

10 Essentials Every Anti-Phishing Course Must Have

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Akira Ransomware Gang Obtained $42 Million From Over 250 Victims

Alert! Zero-day Exploit For WhatsApp Advertised On Hacker Forums

Alleged Cyberattack on Bureau van Dijk: US Consumer Data Compromised

Alleged Luxor Data Breach: Sensitive Information from Indian Stationery Giant Leaked

Android users are at high data tracking risk, study shows

Apparent Nothing data breach exposes community member email addresses

APT28 hackers exploit Windows flaw reported by National Security Agency (NSA)

AT&T Faces Class Action Lawsuit Over 70 Million Customers’ Data Breach

AT&T, Change Healthcare, others face class actions over data breaches

Australians arrested in worldwide phishing sting

Authorities investigate LabHost users after phishing service shut down

Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime

Belgian brewery Duvel Moortgat’s data made public because company refused to pay

Brewing Trouble: How Nespresso’s Open Redirect Made Way for a Phishing Frenzy

California library IT systems go dark weeks after ransomware attack

Carpetright Pulls Plug After Cyber-Attack

Catholic Medical Center (CMC) notifies patients of potential data breach

Change Healthcare Finally Admits It Paid Ransomware Hackers - and Still Faces a Patient Data Leak

Consol Energy Targeted in Cyberattack: Russian Cyber Army Claims Responsibility

Counting the Cost: The Price of Security Neglect

CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

CrushFTP urges customers to patch file transfer tool ‘ASAP’

Cyber Army of Russia Allegedly Targets CONSOL Energy in DDoS Attack

Cybercrime insurance in South Africa remains scarce despite soaring data breach costs

Cybercriminals posed as Microsoft, Google for most attacks in Q1

Cyberpunk 2077 and The Witcher 3: HelloKitty Ransomware group has opened the source code

Dead ransomware HelloKitty reanimates in rebrand and releases CD Projekt and Cisco data

Dependency Confusion Vulnerability Found in Apache Project

Despite Increasing Ransomware Attacks, Fewer Victims Are Paying

Digi Yatra Foundation drops app maker after ‘data-breach’

Digi Yatra sidelines legacy facial recognition app maker amid data breach rumors

Discover The Dark Secret of HelloKitty Ransomware’s Transformation

Educational Computer Systems Confirms Brandeis University Students Affected by Recent Data Breach

Email still the most popular phishing technique even on mobile

Ernest Health class action claims data breach was preventable

European police chiefs target End-to-End encryption (E2EE) in latest demand for ‘lawful access’

Family-Owned Music Store Targeted: MEDUSA Ransomware Strikes Ted Brown Music

Fraudsters Exploit Telegram’s Popularity For Toncoin Scam

French hospital Simone Veil cancels patient services following a major cyber attack

Frontier Communications Confirms Recent Cyberattack and Investigates Possible Data Breach

Frontier Communications forced to take systems offline following a major cyber attack

GitLab affected by GitHub-style CDN flaw allowing malware hosting

Grindr faces UK lawsuit for 'revealing users' HIV status' with thousands affected in alleged data breach

Grindr faces lawsuit over alleged data breach involving users’ HIV status

Grindr named in UK lawsuit over sharing HIV data

Grindr sued for allegedly revealing users' HIV status

Hackers Broke Into Change Healthcare’s Systems Days Before Cyberattack

Hackers Were in Change Healthcare System 9 Days Before Ransomware Attack

Health board apologises for cyber attack 'anxiety'

HelloKitty Ransomware Actors Return Under New Name

HHS strengthens privacy protections for reproductive health patients and providers

How to prevent a data breach

Indian businesses saw 235,472 ransomware incidents from Jan-Dec 2023

Jackson County's ransomware attack is just the latest cybercrime to target local governments

Kaspersky Blocked Nearly 300K Ransomware Incidents In Southeast Asia Last Year

Kisco Senior Living data breach could affect more than 26,000

LastPass Users Hit by Major Phishing Scam: Master Passwords Breached

Leicester street lights stuck on all day due to cyber attack

LockBit-leaked DC city agency data from third party

Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor

Massive data leak conducted by HelloKitty ransomware amid rebrand

Microsoft unmasks Russia-linked ‘GooseEgg’ malware

MITRE breached by nation-state threat actor via Ivanti zero-days

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

MITRE Reveals Ivanti Breach By Nation State Actor

MITRE says nation-state hackers breached its R&D network

Multi-year Volkswagen breach points to Chinese hackers

Munich Re on the impact of cyber rate changes

New Qiulong Ransomware Group Attacks Brazilian Businesses: Rosalvo Automóveis and Dr. Lincoln Among Victims

New tool used in China-linked attacks against Asia-Pacific

North Korean Hackers Turn to AI-Fueled Cyber Espionage

Nothing Phone 3 Leak Surfaces; Data Breach Compromises User Data

Nova Scotia Health fires worker for data breach

OctaPharma Plasma Closes Donation Centers While It Deals with Suspected Ransomware Attack

Only 28% of Ransomware Victims Choose to Pay Ransom

Pandemonium 2024 has Data Breach after Line-up Changes

Pandemonium Rocks Music festival hit by new blow as more than 400 ticket holders caught up in data breach

Pandemonium Rocks music festival hit with massive data breach; Refunds & all you need to know as organizers issues statement

Path of Exile studio warns of 'malicious' phishing post that appeared on Steam, tells players 'please take immediate action to secure your account'

People’s CyberArmy Groups Allegedly DDoS Attacks on Metro Madrid and Avanza Websites

Phishers use Nespresso links, exploiting redirect vulnerability

Phishing is more prevalent via email than SMS/voice

Police take down global phishing service used by 2,000 hackers

Police warn partnership with tech industry ‘at risk’ over end-to-end encryption

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

Ransomware Payment Rate Hits Record Low in Early 2024, despite Rising Extortion Amounts

Ransomware Payments Plunge To Record Low In Q1 2024, Don't Get Complacent

Ransomware victims increasingly refuse to pay

Record low ransomware payment prevalence observed

Red Ransomware takes credit for Targus attack

Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

Russian Sandworm hackers targeted 20 critical orgs in Ukraine

Scammers use Korean portals for complex phishing campaigns

Shiba Inu Team Sends Critical Phishing Warning To Users

St. Helena Public Library alerts community of potential data breach following cyberattack

Synlab Italia suspends operations following ransomware attack

TA547 Phishing Attack: German Companies Hit With Infostealer

Tesco shoppers targeted by £500 gift card scam email

The 2024 India Elections Cyber Crisis: AI, Deepfakes, and Democratic Integrity

The first steps of establishing your cloud security strategy

The Pandemonium Rocks music festival is hit hard again as more than 400 ticket holders are affected by a data breach

This Hacking Scam Uses a Free Game Cheat Tool to Hide a Ransomware Trojan from the User

Threat Actor Allegedly Offers 0-Day Exploit for iOS iMessage

ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft

Transamerica Life Insurance Company Client Information Leaked in WebTPA Employer Services Data Breach

United Nations (UN) agency ransomware attack claimed by 8Base

UnitedHealth Data Breach Could Affect 'Substantial' Number of Americans

UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’

US: City of Doral Officials Warn of Phishing Scam After Fraudulent Email Circulated to Residents

US government says security flaw in Chirp Systems’ app lets anyone remotely control smart home locks

US telco Frontier Communications reports major disruptions following cyber attack

Victorian Councils Hit by OracleCMS Breach: Multiple Australian Cities Report Data Exposure

Wave of ransomware on the cheap: junk guns still okay for small targets

Will the Change Healthcare case finally make providers do a business impact analysis?

Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities