Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 15 April 2024

Data Breaches Digest - Week 16 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 15th April and 21st April 2024.


21st April

Akira Ransomware: FBI and Europol Sound Alarm Over $42M Loss

Akira ransomware received $42M in ransom payments from over 250 victims

Akira Ransomware Group Takes In $42 million from 250 Attacks in a Year

Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack

AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information

Beyond 24/7: How Smart CISOs are Rethinking Threat Hunting

Cheap, independently produced 'Junk Gun' ransomware infiltrates dark web

Consumer Alert: FBI Warns of Text Scam Targeting Toll Road Users Across Multiple States

Data breach rocks troubled Pandemonium Rocks music festival

Empowering Rapid Attack Path Analysis with Generative AI

Enhancing Cybersecurity Resilience: A Guide for Safeguarding Enterprises

Federal Investigation After Data Breach at Manchester Hospital

Fraudsters pose as taxman to target victims and raid bank accounts - What to look for

iPhone Phishing Scams: Fake Find My Device Website Can Hack Your Phone - How To Spot

Jackson County operations set to return to normal following ransomware attack

Macedonia: Remediation of the consequences of the cyber attack will cost MEPSO 8,7 million denars

Malware developer lures child exploiters into honeytrap to extort them

New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth

Online Shops Become The Top Three Entities Most Often Imitated By Phishing Perpetrators

Pandemonium Rocks music festival is hit with massive data breach as 'hundreds ticketholders' bank details are leaked'

Ransomware payments drop to record low of 28% in Q1 2024

South African agency waits three months to reveal data breach - importers and exporters furious

South Carolina data breach suits point at the perils of hoarding personal information

Sterling Holidays warns members of phishing scam, reassures on data security

The Reality of Ransomware Attacks in Agriculture

USDoD’s Latest Attack: Exposed Personel Data of Millions, Breaching Bureau van Dijk and US Consumer Database

What to do if your personal info has been exposed in a data breach

20th April

A French hospital was forced to reschedule procedures after cyberattack

Akira swells into a bloated, grotesque metaphor for modern society. Also, the ransomware is pretty bad

AT&T data breach: Here’s what is being offered to the millions of customers impacted

Carpetright is latest British business to be hit by cyber attack as hackers target company HQ to affect hundreds of customer orders

'Cheap ransomware that even beginners can use' is circulating in large quantities on the dark web

Critical Forminator plugin flaw impacts over 300k WordPress sites

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Cyber attack surge is “Tip of Iceberg”, expert warns

GitHub comments abused to push malware via Microsoft repo URLs

Google Ads Unwittingly Promotes Phishing Crypto Site, Leading to Significant User Losses

Hackers stole seven million people’s DNA. What they’ll do with it is baffling

Hong Kong: Union Hospital confirms cyber attack; sources say hackers want US$10m ransom

Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack

International investigation disrupts phishing-as-a-service platform LabHost

Know what to do if your personal info has been exposed in a data breach

Microsoft and Google top the list in Q1 2024 phishing attacks

MITRE Hacked - Attackers Compromised R&D Networks Using Ivanti Zero-days

MITRE Hit in Massive Supply Chain Attack: State-Backed Hackers Exploit Zero-Days

New Mexico institutions pay out thousands to recover from ransomware

One Click Catastrophe: City Services Paralyzed by Major Cyber attack

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

Ransomware Group ‘Akira’ Hits Over 250 Organizations, Nets $42 Million in Ransoms

Renewal of surveillance law clears Congress minutes after deadline

Shiba Inu Scam Watcher Sends Critical Warning To SHIB Community

Singapore: Data breach at vendor affects 127 schools, exposing Information of parents and staff

Singapore: Personal info of parents & staff from 127 schools accessed in data breach

St. Helena warns of potential data breach after Solano County library cyberattack

Threat Actor Allegedly Offers WhatsApp 0-Day Exploit for Android and iOS with RCE Capabilities

TransparentTribe: The Elusive Threat Targeting India’s Defense Sector

Warrantless spying powers extended to 2026 with Biden’s signature

19th April

51% of enterprises experienced a breach despite large security stacks

66% of IT leaders doubt the government can defend against cyberwarfare

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

A Home Depot Third-Party Data Breach Leaks the Personal Information of 10,000 Employees

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

Akira ransomware extorted $42M from 250-plus victims

Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers

Akira Ransomware Group Amasses $42 Million from Over 250 Global Attacks, FBI Warns

Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted

Akira Ransomware Makes a Play for VPNs Without Multi-Factor Authentication

Akira Ransomware rampage: $42 million looted from 250+ organizations

Akira Ransomware Siphons $42M from 250+ Companies

Akira’s Reign of Terror: Ransomware Gang Targets 250+ Organizations, Earns $42 Million

Alarming Decline in Cybersecurity Job Postings in the US

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

Anonymous Collective Launches #OpImmigration Against Japanese Government for Discriminatory Immigration Policies

Atlantic fisheries commission says cyber security incident disrupted email and phone communications

Attacks with CryptoChameleon phishing kit target LastPass users

Australians ‘exposed’ in smoke alarm service provider data breach

Bitcoin ransomware Akira drains $42M from more than 250 companies

BlackTech Targets Tech, Research, and Government Sectors with New 'Deuterbear' Tool

Carpetright customers hit by cyber attack as firm struggles to fill orders after hackers target company HQ

Cheap ransomware poses a massive threat to small businesses

China’s Hidden Threat: Hackers in U.S. Systems Since 2011, FBI Warns

City of Hope data breach leads to multiple class action lawsuits

CrushFTP warns users to patch exploited zero-day “immediately”

Cyber attack takes Frontier Communications systems offline, affecting millions of broadband customers

Cybercriminals targeting LastPass users

Cybersecurity agencies unite against Akira ransomware threat

Cybersecurity Alert: Akira Ransomware Strikes 250+ Companies, Drains $42M

Ernest Health faces lawsuit for failing to protect patients' data during January cyber attack

Europol teams up with state police to disrupt major phishing network

Eye care provider Cherry Health says data breach impacted close to 185,000 patients

FBI says Chinese hackers preparing to attack US infrastructure

FBI Uncovers Akira Ransomware Group behind Over 250 Business Breaches

FBI Warns of Bitcoin Ransomware Linked to $42 Million Extortion

FBI, Europol Say Akira Ransomware Has Drained $42M from 250 Firms

Fraud Alert: Beware of New Cheap Junk Gun Ransomware

Frontier Communications Shuts Down Systems Following Cyberattack

Frontier Communications Suffers Cyber Breach by Unknown Cybercrime Group

Frontier Hit by Cyberattack, Customer Data Potentially Exposed

'Gay Furries' Hacker Group Hits Far-right Media Outlet in Anti-Transphobia Crusade

Google Ads Promotes Fake Crypto Website Leading to Phishing Scam

Google Ads Used to Promote Phishing Scams in Crypto Websites

Hacker Threatens to Expose Sensitive World-Check Database

Hackers Posing as LastPass Employee to Steal Master Password & Hijack Accounts

Hackers Target Middle East Governments with Evasive "CR4T" Backdoor

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

HelloKitty Ransomware Takes on New Identity as HelloGookie: A Closer Look at Cyber Adaptability

How Attackers Can Own a Business Without Touching the Endpoint

How to Navigate the Risks of Generative AI

How to Protect Water Systems Against Cyber Attack

IntelBroker Allegedly Scraped Companies House Data, Exposing Data Related to Companies

International police team cracks down on phishing service 'LabHost' and arrests 37 people

Is the UK about to ban ransomware payments?

Israel: 'We broke into IDF, hold quarter of a million documents,' hacker group Anonymous claims

IT and Cybersecurity Jobs in the Age of Emerging AI Technologies

LabHost Phishing Platform is Latest Target of International Law Agencies

LabHost phishing service dismantled in international crackdown

LabHost phishing-as-a-service platform targeted thousands, with New Zealanders allegedly involved

LastPass users are being targeted via CryptoChameleon phishing kit

LastPass users targeted by vishing attackers

LastPass users tricked by hackers posing as staff to steal passwords

Latest Security Breach hits Arbitrum; Hedgey Finance Loses $1.9 Million in Hacker Attack

Le Slip Fran├žais discloses data breach, customer information compromised

Massive Data Breach as Pandemonium Rocks Exposes Hundreds of Bank Accounts

Millennials are key targets for phishing

MITRE says state hackers breached its network via Ivanti zero-days

MITRE was breached through Ivanti zero-day vulnerabilities

New Zealand caught up in worldwide phishing sting

Octopharma Plasma’s US operations shut down due to suspected ransomware attack

People’s CyberArmy Groups Allegedly Launch DDoS Attacks on Spanish Websites

Phishing Trends: Quishing and AI On the Rise

Ransomware feared in Octapharma Plasma’s US-wide shutdown

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

Red CryptoApp: New Ransomware Group Operating in the Shadows

Report finds a near 20% increase in ransomware victims year-over-year

Researchers find dozens of fake E-ZPass toll websites after FBI warning

Scammers exploit Google platform to promote phishing site

Security Alert: LastPass Users Targeted in Sophisticated Phishing Scam by Impersonating Staff

Senior citizens struck by data breach

Small Texas town foiled Russian hacker group that attacked its water systems

Students searching for scholarships the latest phishing target

Synlab victim of hacker attack: patient data compromised

Targus cyberattack claimed by ransomware group

Threat Actor Claims Breach of Spanish Online Sneaker Shop Footdistrict Database

TP-Link routers are exposed to massive bot and malware attacks

UK mulls fresh controls on ‘sensitive tech’ after China cyber attack claim

Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns

United Nations agency investigates ransomware attack, data theft

United Nations Development Programme hit by cyberattack

United Nations Development Programme (UNDP) investigates data breach

UnitedHealth Group says Change Healthcare attack cost $872 million to remediate

US Atlantic Fisheries Commission Goes Offline: Ransomware Attack or Routine Maintenance?

US firm Octapharma Plasma may have shut down US operations due to ransomware attack

Washington DC city agency says LockBit claims tied to third-party attack

18th April

92% of enterprises unprepared for AI security challenges

840-bed hospital in France postpones procedures after cyberattack

A whole new generation of ransomware makers are attempting to shake up the market

Akira ransomware gang made $42 million from 250 attacks since March 2023

Akira ransomware raked in $42 million from 250+ victims

Android could soon protect you from malicious apps by quarantining them

Asantee Games Acknowledges Security Flaw in Magic Rampage, Assures it’s Been Contained

AT&T Data Breach Lawsuits Seek Damages for 70M Customers Whose Information Was Released

Authorities take down LabHost, phishing-as-a-service platform

Black Basta Ransomware Group Targets Doyon, Compromising 700GB of Data

Bots dominate internet activity, account for nearly half of all traffic

Cannes Hospital Back to Basics: Pen and Paper Power Healthcare After Cyberattack

Caught in the Crossfire: Jordan’s Cyber Defenses Tested Amid Israel-Iran Clashes

Cheap ‘Junk-Gun Ransomware’ Emerging on the Dark Web

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate

Chinese manufacturer exposes data from surveillance devices

Cyberattack Disables Ukrainian Broadcaster 1+1 Media, Affecting 39 Channels

Cybercriminals pose as LastPass staff to hack password vaults

Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020

Dozens arrested and thousands of victims contacted after scam site taken offline

Europol-led task force shuts down LabHost phishing platform, arrests suspected hackers

Fake cheat lures gamers into spreading infostealer malware

Faulty decade-old OfflRouter virus targets organizations in Ukraine

FBI warns Chinese hacker infrastructure attack is coming

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

FIN7 cybercriminals targeted large U.S. automotive manufacturer last year

FIN7 targeted a large U.S. carmaker with phishing attacks

Five Australians among 37 arrested over global phishing scam following international investigation

France's Cannes Hospital in midst of major cyberattack

French underwear seller Le Slip Fran├žais hacked

Frontier Communications shuts down systems after cyberattack

Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide

Google ad impersonates Whales Market to push wallet drainer malware

Got a Phone Call From LastPass? Hang Up, It's a Phishing Scam

Hacker Groups Target Jordanian Companies with Cyber Attacks

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Homeowners urged to be vigilant for scams after ‘shocking’ data breach at major smoke alarm provider

International investigation disrupts phishing-as-a-service platform LabHost

Isle of Man: Medical records found in home of ex-health employee

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

LabHost: Authorities dismantle global phishing service charging $249 per month, utilized by 2,000 hackers

LabHost phishing service with 40,000 domains disrupted, 37 arrested

LabHost platform shut down by law enforcement

LastPass users targeted in phishing attacks good enough to trick even the savvy

MagicDot: A Hacker’s Magic Show of Disappearing Dots and Spaces

Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor

New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

New Zealand: Three Aucklanders arrested in worldwide phishing sting

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Over 17 billion personal accounts leaked worldwide since 2004

Phishing Attack Targets LastPass Users’ Master Passwords

Phishing-as-a-service platform LabHost shut down in global operation

Police take down $249-a-month global phishing service used by 2,000 hackers

Quishing Attacks Jump Tenfold, Attachment Payloads Halve

RansomHouse Allegedly Strikes Lopesan Hotels: 650GB Data Breach Unfolds

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

R00TK1T Claims to Have Breached Confidential Information Belonging to Nestle

Russia: Ex-FSB officer sentenced to 9 years in prison for helping Russian hackers

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Saint John settles $2M cyberattack insurance claim

Students turning to cyberfraud as huge phishing site infiltrated, police revea

Telecom giant Frontier shuts down some systems after cyberattack

Threat Actor Claims Sale of E-commerce Company’s Database Containing Personal and Transaction Data

Trust in Cyber Takes a Knock as Critical National Infrastructure (CNI) Budgets Flatline

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

UK police lead global operation against phishing website platform

UK Police Take Down LabHost Phishing Service

US: Data broker provisions in draft privacy legislation too weak, lawmakers say

US: House votes in favor of curtailing government transactions with data brokers

Vast online scam platform shut down

Void Interactive Data Breach: Developer of Popular SWAT Team Game Suffers Source Code Leak

Vulnerabilities for AI and Machine Learning (ML) Applications are Skyrocketing

What is Clop Ransomware?

What to do if your personal info has been exposed in a data breach

17th April

68% of Companies are More Vulnerable to DDoS Than They Think

A Threat Actor Allegedly Offers Microsoft Office RCE 0-day for $100,000

Ahoi Attacks: A New Threat to Confidential VMs in the Cloud

Authorities investigating ransomware attack on charity that works with vulnerable children

Bridewell research reveals UK Critical National Infrastructure (CNI) ransomware risks

Cactus Ransomware Strikes DRM Arby’s: Data Breach Exposes Sensitive Information

Cherry Health hit by ransomware attack

Cisco discloses root escalation flaw with public exploit code

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Criminals want to pay T-Mobile and Verizon staff for SIM swaps. Here's what you need to know

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

'Crude' ransomware tools proliferating on the dark web for cheap, researchers find

Cyber attack on Lebanon state internet provider Ogero disrupts services

Cyberattack disclosed by East Coast fisheries org following 8Base ransomware claims

Cyberattacks Surge 325% in Philippines Amid South China Sea Standoff

CyberNiggers hacker claims breach of US geospatial intelligence firm Space-Eyes

Data Center Ransomware Attacks on Rise: Microsoft SQL Server is Prime Target

Federal Trade Commission (FTC) Fines Cerebral $7 Million for Sharing Millions of Patients’ Data

FIN7 targets American automaker’s IT staff in phishing attacks

Google's Mandiant elevates Russian threat group Sandworm to APT44

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

HHS Scrambles to Patch Security Hole After $7.5 Million Cyberattack

Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

Investigation finds 18 data centers secretly mining crypto in Sweden

Ivanti Patches Two Critical Avalanche Flaws in Major Update

Linux Cerber Ransomware Variant Exploits Atlassian Servers

Malicious cyber activity spiking in Philippines, analysts say

Michigan healthcare organization says ransomware breached data of 185,000

Microsoft, Google, LinkedIn most mimicked in brand phishing attacks

Millions of Magic Rampage players at risk

Moldovan charged for operating botnet used to push ransomware

Multiple botnets exploiting one-year-old TP-Link flaw to hack routers

Nevada loses the most money to cybercrime

New York governor says cyberattack on legislative office is holding up state budget

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Patients Sue Ernest Health After Data Breach of 94,747 Exposed

Pentesting accounts for an average of 13% of total IT security budgets

Ransomware attacks against food, agriculture industry examined

Researchers warn updated Cerber ransomware is targeting critical Confluence vulnerability

Rethinking Phishing Tests: A Call For Trust And Control In Cybersecurity

Russia-linked backdoor targets Eastern European networks

Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks

Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

Russian Sandworm hackers pose as hacktivists in water utility breaches

Sandworm hackers play ‘central role’ in Russia’s cyberwar with Ukraine

SixtySixSlavs ️Group Allegedly Hacked National Energy Research Scientific Computing Center (NERSC), Selling Sensitive Data

SoumniBot malware exploits Android bugs to evade detection

Thinking outside the code: How the hacker mindset drives innovation

Threat Actor Claims Breach of T2 Tea Australia Database

Threat Group FIN7 Targets the U.S. Automotive Industry

To pay or not to pay the ransom?

Total ransomware payment ban requires more prep

United Nations (UN) agency says data stolen in ransomware attack

United Nations Development Programme (UNDP) Hit by Cyberattack: HR and Procurement Data Breached

UnitedHealth Beats Earnings Despite $1.6 Billion Cyberattack Hit

UnitedHealth says recent ransomware attack cost $872m

“We Will be Attacked”: Cybersecurity Challenges Loom Over Paris Olympics 2024

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

16th April

AI Helps Security Teams, But Boosts Threats

Atlantic fisheries body confirms cyber incident after 8Base ransomware gang claims breach

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

Bad Bots Drive 10% Annual Surge in Account Takeover Attacks

Blooms Today Alleged Data Breach: Threat Actor Offers 15 Million Records for Sale at $5000

Botnets continue exploiting year-old flaw in unpatched TP-Link routers

BreachForums Down, But Not Out: Hackers Claim Attack, Admins Remain Unfazed

BreachForums Website Suspended: Administrator Issues Statement and Announces Temporary Domain Amid DDoS Threats

Brute force attacks targeting VPNs on the rise, intel warning

Canadian discount retailer Giant Tiger announces customer data breach

Cerebral to pay $7 million settlement in Facebook pixel data leak case

Change Healthcare faces new ransomware threat following earlier breach

Change Healthcare’s ransomware attack costs edge toward $1 Billion so far

Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse

Cisco Duo Data Breach: Hackers Stolen VoIP & SMS for Multi-Factor Authentication (MFA)

Cisco Duo Data Breach Exposes Customer MFA Data Through Telephony Provider

Cisco Duo MFA logs exposed in third-party data breach

Cisco Duo says a third-party data breach stole MFA SMS logs

Cisco Duo warns of customer data breach through telephony provider attack

Cisco warns of large-scale brute-force attacks against VPN services

CISOs are still more worried about ransomware than AI-powered cyberattacks

Critical RCE Vulnerability in 92,000 D-Link NAS Devices

Crypto Ransomware Payments Surpassed $1 Billion, Surging 94% in 2023

Cybersecurity Pros Urge US Congress to Help NIST Restore National Vulnerability Database (NVD) Operation

Daixin Team ransomware group claims major cyber attack on Omni Hotels

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Federal Trade Commission (FTC) Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

Florida: Scammers target SunPass customers with phishing ploy

Food and agriculture sector hit with more than 160 ransomware attacks last year

Future proofing employee cyber-protections

Hackers access personal, medical info in cyber attack of southern New Mexico rehabilitation center

Hackers Customize LockBit 3.0 Ransomware To Attack Orgs Worldwide

Hackers start leaking stolen Change Healthcare data

Half of all internet traffic comes from bots, research shows

Handala Hacker Group Warns Israel: 500K Texts Sent Amid Alleged Iron Dome Security Breach

Here’s what AT&T is doing for more than 7 million customers who became data breach victims

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Hunters International ransomware group demands a $10m ransom from Hoya Corporation

Infamous BreachForums down, black hats claiming responsibility

IntelBroker Claims Channel Logistics LLC Data Breach: Space-Eyes Division Allegedly Impacted

IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data

Ivanti warns of critical flaws in its Avalanche MDM solution

LastPass Reports Voice Phishing Attempt on Employee Using Audio Deepfake of Company CEO

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials

Leaked LockBit builder-based ransomware impersonates employees and self-spreads

Lighttpd Bug Continues to Expose Vulnerabilities in End-of-Life Intel and Lenovo Hardware Firmware

LulzSec Muslims ️Group Allegedly Hacked Efrat Airlines, Compromising Banking and Credit Card Information

MGM files suit against Federal Trade Commission (FTC) to block cyber attack investigation

MGM sues to block Federal Trade Commission (FTC) investigation of its data security

Microsoft Most Impersonated Brand in Phishing Scams

Microsoft, Google and 8 other companies 'most frequently copied' by hackers

Navigating Personal Liability: Post–Data Breach Recommendations for Officers

New open-source project takeover attacks spotted, stymied

New Vulnerability “LeakyCLI” Leaks AWS and Google Cloud Credentials

Nexperia Confirms Data Breach, Launches Investigation with Cybersecurity Experts

Omni Hotels confirms data compromise in apparent ransomware attack

Omni Hotels says customers’ personal data stolen in ransomware attack

Omni Hotels Says Personal Information Stolen in Ransomware Attack

Open Source Leaders Warn of XZ Utils-Like Takeover Attempts

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

Over 500 people targeted by Pegasus spyware in Poland, officials say

PuTTY SSH client flaw allows recovery of cryptographic private keys

PuTTY Vulnerability (CVE-2024-31497): Immediate Action Required for Private Key Protection

Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion

Ransomware attack hits top chipmaker Nexperia, huge hoard of data set to be leaked

Ransomware attacks surge worries cybersecurity experts: 'Scattered Spider' group in focus

Ransomware gang publishes part of stolen Change Healthcare records

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Ransomware Group Posts Evidence It Holds Change Healthcare Files

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

Roku suffers second data breach with more than half a million accounts hacked

Sanggiero Allegedly Breaches Kameymall Database, Exposing Confidential User Data

Scammers stole almost $200 million from Coloradans in 2023

Sensitive US government data exposed after Space-Eyes data breach

South Africa: Trade commission falls prey to cyber attack

South Africa’s trade regulator International Trade Administration Commission (ITAC) hit by cyber attack

Strengthening Data Defense: Insights From Recent Ransomware Attacks

T-Mobile, Verizon workers get texts offering $300 for SIM swaps

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

Third-party breach hits MFA authenticator Cisco Duo

Threat Actor Offers Unauthorized RDP Access of Iranian Pipeline Company

Trust Wallet Urges Caution for Apple Users Amid Reports of Apple iMessage Zero-Day Exploit

Trust Wallet warns iOS users of zero-day exploit

UK royals fall victim to alleged data breach

UnitedHealth: Change Healthcare cyberattack caused $872 million loss

What Were the Most Impersonated Brands For Phishing in Q1?

Who Stole 3.6 Million Tax Records from South Carolina?

Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack

15th April

A critical vulnerability in Delinea Secret Server allows authentication bypass, admin access

Alleged Telecom Argentina Data Access Offered for $100 on Dark Web

AT&T Data Breach Victims Will Get A Year Of Free Protection

BHF Couriers denies credit card data breach

Bradford-Scott says data breach impacted over 43,000 Andovers Federal Credit Union customers

Change Healthcare cyberattack fallout continues

Change Healthcare Receives Threat from Second Ransomware Group After Paying the First

Change Healthcare stolen patient data leaked by ransomware gang

Chinese Chipmaker Nexperia: Gigabytes of Data Stolen

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

Chinese-owned semiconductor company Nexperia hit by ransomware attack

Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims

Chipmaker Nexperia confirms breach after ransomware gang leaks data

Cisco: Hacker breached multifactor authentication message provider on April 1

Cisco Duo warns third-party data breach exposed SMS MFA logs

Critical PHP Vulnerabilities Exposed: Urgent Updates Needed to Safeguard Against Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)

Cyber attack exposes Covid-19 vaccination records in Dominican Republic

Daixin ransomware gang claims attack on Omni Hotels

DAIXIN Ransomware Group Claims Data Breach at Omni Hotels, Threatens Leaks

Data leaked as Pak Suzuki comes under cyber attack

Data security, ransomware protection top priority for Indian firms

Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks

FBI and Australian Federal Police (AFP) Arrest Alleged Developer, Marketer of Firebird/Hive RAT

FBI Warns of Massive Toll Services Smishing Scam

Fraud on career networks like LinkedIn and Xing

Geopolitical tensions escalate Operational Technology (OT) cyber attacks

Hacker claims Giant Tiger breach

Hacker claims responsibility for Giant Tiger hack, leaks millions of records online

Health care providers dig out from ransomware attack

Hope Revived for UN Cybercrime Treaty as Negotiations Set to Resume

Identity Theft Resource Center (ITRC) 2023 Data Breach Report Is a Mixed Bag

Intel and Lenovo Baseboard Management Controllers (BMCs) Contain Unpatched Lighttpd Server Flaw

IntelBroker Allegedly Breaches Space-Eyes Database, Exposing Confidential Documents Related to US Government Agencies

Iran’s missile strikes against Israel bolstered by cyberattacks, multiple gangs involved

Las Vegas Casino Hacks Were Result of Cooperation Between Young, Western Hackers and Russians

LayerSlider Plugin Flaw Exposes 1 Million Sites To SQL Injections

‘Leak of corporate data’: Cyber-attack hits Pak Suzuki Motor Company

Microsoft and Google Top the List in Q1 2024 Phishing Attacks: Check Point Research Highlights a Surge in Cyber Threats

Microsoft Data Breach: Security lapse by employees? Passwords, credentials exposed - Should you worry?

Microsoft will limit Exchange Online bulk emails to fight spam

Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks

Nearly 3 Million Giant Tiger records exposed by purported hacker

New LockBit Variant Exploits Self-Spreading Features

New phishing Exodus campaign targets Chinese crypto investors

New SteganoAmor attacks use steganography to target 320 orgs globally

Over 50% global ransomware incidents in 2023 were detected in Southeast Asia (SEA)

Over 100 hotels in Japan fall victim to Booking.com phishing scams

Pak Suzuki Hit By Massive Cyber Attack

Palo Alto Networks fixes zero-day exploited to backdoor firewalls

Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

Palo Alto Networks Warns Customers of Actively-Exploited PAN-OS vulnerability

Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks

Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor

Ransomware gang starts leaking alleged stolen Change Healthcare data

Researchers stop ‘credible takeover attempt’ similar to XZ Utils backdoor incident

Roku: Credential Stuffing Attacks Affect 591,000 Accounts

Roku admits further subscriber data breach

Roku Cyberattack Affects 576,000 Customers

Roku Reports Over Half a Million Accounts Compromised in Credential Stuffing Attacks

Roku reports second data breach; over 500,000 accounts compromised

Russia and Ukraine Top Inaugural World Cybercrime Index

Security engineer guilty of hacking cryptocurrency exchanges

SN_Blackmeta Allegedly Launches Cyber Attack on Orange Israel, Says Group Will Continue Attacks on Israel

South Africa: Import tariff body International Trade Administration Commission (ITAC) was targeted in ransomware attack

South Africa: The system is offline - Government pension fund goes silent after data breach

Suzuki Pakistan Faces Cyber Attack on Corporate Database

Suzuki Pakistan reports data breach amid cyberattack

Technology use slowly coming back in Scranton School District amidst ransomware attack

Threat Actor Offers Database of Egyptian E-commerce Giant Curva for Sale at $250

Ukrainian hacktivists claim to breach Russian drone developer

US Treasury Targets Hamas Cyber Operations Leader with Sanctions

Wells Fargo discloses data breach affecting two customers, employee fired

What if we made ransomware payments illegal?

Yet another hacker group demands ransom from Change Healthcare

Zero-day exploit hits Palo Alto Networks