Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday, 29 April 2024

Data Breaches Digest - Week 18 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 29th April and 5th May 2024.


5th May

APT28: Hacker group attacks Germany and Czech Republic

Bitfinex CTO Dismisses Breach Claims as ‘Pure FUD,’ Says No Group Has Asked for Ransom

Bitfinex Data Breach Raises Concerns Amid Doubts on Hack’s Veracity

BitFinex narrowly escapes a major cyber attack, the hackers were bluffing

Change Healthcare hit by new cyberattack

Crypto Exploiters Utilize Uniswap for Phishing Attacks

Cybersecurity researchers find that fake USPS phishing sites account for at least as much internet traffic as the Postal Service itself

Dawson Creek among British Columbia libraries breached as hackers demand ransom after taking emails, phone numbers

Disabled woman horrified after Scottish prisoner given her details in data breach

Finland warns of Android malware attacks breaching bank accounts

From teenage cyber-thug to Europe’s most wanted

Germany accuses Russia of 2023 cyber attack and promises ‘consequences’

LockBit's seized darknet site resurrected by police, teasing new revelations

Millions of Spanish Individuals’ Data at Risk: Threat Actor Claims Unauthorized RDP Access of a Spanish Company

More than 380,000 additional New York City students had personal info hacked, bringing total to over 1 Million

Preventable Cyber Attack Impacts Io.net

Ransomware attacks in Singapore businesses decline this year

Ransomware drama: Law enforcement seized Lockbit group’s website again

Rise in ransomware: UnitedHealth’s 2.2M cyber attack and the urgency of robust cybersecurity measures

Your credit card data and other personal info is at risk if you respond to this fake Netflix email

4th May

Alleged Data Breach at This Giant Cryptocurrency Exchange

Bitfinex CTO denies new allegations of user data hack, assures funds are secure

Bitfinex CTO denies rumors of data breach from ransomware group

Bitfinex Suffers Data Breach, Tether CEO Says “Seems Fake”

Canada: Data breach at Cariboo library system

From A 13-Year-Old Hacker To Europe's Most Wanted 11 Years Later

Hacker strikes some British Columbia libraries

How does a data breach affect you and why should you care?

Iranian hackers pose as journalists to push backdoor malware

Italian energy giant Eni reports cyber attack on Mellitah Company

London Drugs begins 'gradual reopening' on 7th day after cyberattack

London Drugs to re-open stores gradually following last week's cyber attack

Massive Data Breach Affects Victims of Family Violence and Sexual Assault in Victoria

Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities

New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

Russian gang behind hack exposing family violence victims, government agencies

Singapore law firm allegedly paid ransom of S$1.89 million after being hit by cyber attack

Sydney Man Expected To Be Charged With Blackmail After Major Data Breach Investigation

Tamil Nadu Police Facial Recognition Portal Allegedly Breached, Exposing Millions of Records, Including Police Personnel Data

Threat Actor Allegedly Leaked Database of ISHOPPING.PK

WBTC Investor Loses $71 Million in Deceptive Phishing Attack

ZircoDATA hit by Black Basta ransomware in Feb, disclosure by government cyber-security czar in May

3rd May

9 in 10 Attacks Start With Phishing: Can AI Save The Day?

38 New Ransomwares are Detected by Malware Researchers in April

68% of Data Breaches Occur Due to Social Engineering Attacks

93% of security leaders have increased SaaS security budgets

Airsoft Data Breach Exposes Data of 75,000 Players

Android apps with 4 Billion installs leave open doors to code execution attacks

Android bug can leak DNS traffic with VPN kill switch enabled

Anonymous Collective Has Announced That the Group Will Target Saudi Arabia in the Cyber Realm

Australia: Canberra club members believed to be spared worst of data breach

Australia: Cybercrime detectives charge man with blackmail over an alleged data breach affecting NSW and ACT club patrons

Australia: Fairfield man released on bail after blackmail charge over data breach

Australia: Major Data Breach On Pub And Club Patrons

Australia: Man charged with blackmail over data breach of one million club patrons

Australia: New South Wales (NSW) Police Make Arrest in Clubs NSW Data Breach

Australia: NSW clubs’ data breach - 1,050,169 members affected

Australia: Qantas data breach

Australia: Revenge of the unpaid developers sees details of a million NSW club punters leak on the web

Australian ransomware payments average at $9.27 million

British Columbia library co-op seals leak after hacker obtained data, demanded ransom

Bug hunters can get up to $450,000 for an RCE in Google’s Android apps

Canada: Hacker breaches Cariboo libraries and demands ransom after taking emails, phone numbers

Cariboo Regional District Informed their Library Network Was Impacted By A Data Breach

Criminal assigned to ransomware group receives over 13-year sentence for 2021 incident

Cyber Attack On UnitedHealth Care Could Affect One Third Of U.S.

Cyber Attack Still Impacts San Bernardino County, California, Sheriff

Cybercrime doesn't pay: REvil hacker receives 13-year prison sentence and $16 million fine

Data breach impacts Airsoft community site

Data Breach Shakes UnitedHealth, Implications for American Healthcare

Dirty Stream Flaw Present in Android Apps with Millions of Downloads

Doncaster Council pays out £15K in data breach claims amid ‘worrying’ rise in the UK

Dropbox Data Breach Exposes Customer Data And More Details: Here's What The Company Said

Dropbox discloses data breach in electronic signature service

Email security loopholes are latest path for North Korean social engineering attacks

European raids shut down call centers used to ‘shock and cheat’ victims

Exploiter Steals $68M Worth of Crypto Through Address Poisoning

F Society Targets Rutgers University, Bitfinex in Latest Cyberattack

Feds warn of new Kimsuky phishing attack techniques

FIN7 Cybercrime Group Strikes US Auto Sector Using Carbanak

Five Families Back? Ransomware Group Claims Attacks on UAE Entities

Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks

Germany accuses Russian-backed APT28 of cyber attack on SPD

Germany Blames Russia for Cyberattack Targeting Ruling Party SPD

Germany blames Russia for 'intolerable' cyber attack

Germany Blames Russia for 'Intolerable' Cyber Attack on SPD Members

Germany says Russia behind massive cyberattack last year after Berlin decided to send Ukraine tanks

Germany summons Russian envoy over 2023 cyber-attacks

Germany summons Russian envoy over alleged cyberspying

Germany summons Russian envoy over Fancy Bear hacking

Germany warns of consequences for alleged Russian cyber attack

Global ransomware attacks grew by 53% in 2023

Google Announces Passkeys Adopted by Over 400 Million Accounts

Guernsey: Deputy faces 'formal reprimand' for data breach

Hacker breaches British Columbia libraries and demands ransom after taking emails, phone numbers

Hacker breaches British Columbia library system data, demands ransom

Hacker Breaches Dropbox Sign Database, Views Customer Data

Hacker demands ransom from British Columbia libraries after data breach

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Healthcare Provider Kaiser Permanente Discloses Online Tracking Data Breach Impacting 13.4 Million

Hooker Furniture Faces Potential Data Breach as LockBit Claims Cyberattack

Hospital Simone Veil says it won't give in to LockBit group's ransom demand

How to Protect Yourself from Rising Romance Investment Scams

How to spot a phishing email like a cybersecurity expert?

Illinois’ biometric data privacy law could soon be less costly for violators

Indonesia is a Spyware Haven, Amnesty International Finds

‘Junk gun’ ransomware: Peashooters can still pack a punch

Kaiser Permanente data breach may affect 13M+ patients

Kansas District to Mandate Cybersecurity Training After Phishing Attack

Microsoft goes passwordless on all consumer accounts

Microsoft rolls out passkey authentication for personal Microsoft accounts

Microsoft, Google widen passkey support for its users

Most companies changed their cybersecurity strategy in the past year

Mounting global ransomware attacks significantly impact US

MSP Reliable Networks Denies Responsibility for Data Breach

NATO and EU condemn ‘intensifying’ Russian sabotage and hybrid operations

NATO and EU condemn Russia's cyberattacks against Germany, Czechia

Nestle (Brazil) Alleged Data Breach: Threat Actor 888 Exposes Employee Information

NHS Dumfries and Galloway apologises for "anxiety" caused by cyber attack

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

NSA warns of North Korean hackers exploiting weak DMARC email policies

NSA warns users about email attacks by North Korean hacker group

NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources

One-fifth of Docker Hub repositories are malicious, researchers find

One-third of Americans may have been victims of a massive health care data breach

Operation Pandora Takes Down a Dozen Fraudulent Call Centers

Panda Restaurant Group says March data breach compromised customers' personal information

Phishing Statistics: The 21 Latest Phishing Stats to Know in 2024

Qantas confirms data breach was not a cyber attack, app back to normal

Qantas confirms technology issue caused data breach that exposed personal information of customers

Ransom recovery costs reach $2.73 million

Ransomware payments rise 500% amid $2.73m recovery costs

REvil hacker Yaroslav Vasinskyi given lengthy prison sentence

Singapore law firm Shook Lin & Bok hit by cyber attack; allegedly paid $1.89m in bitcoin as ransom

State-Sponsored North Korean Hackers Penetrated South Korean Defense Companies, Stole Sensitive Technical Data

Suspect Charged After ClubsNSW Data Breach

Sydney man arrested in connection with major data breach

Sydney man charged with blackmail over clubs data breach

Tech support scams top list of elder fraud, new FBI report

The Post Millennial Allegedly Faces Data Breach as Threat Actor Claims Compromise of Database

U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems

Ukraine records increase in financially motivated attacks by Russian hackers

Ukrainian Hacker Involved in Kaseya Ransomware Attack Receives 13-Year Sentence

Ukrainian intelligence disrupts Tatarstan’s networks in major cyber attack

Ukrainian REvil Hacker Gets 13 Years in US Prison for His Role in $700M Ransomware Scheme

Under the knife: Healthcare sector grappling with rising ransomware threat

Understanding the Link Between API Exposure and Vulnerability Risks

UnitedHealth data breach should be a wakeup call for the UK and NHS

UserSec Announces High Society Alliance: 20 Hacker Groups Unite to Target NATO and Europe

Verizon 2024 Data Breach Report shows the risk of the human element

What is Cybersecurity Mesh Architecture (CSMA)?

World Password Day: Experts Warn of Weak Passwords, Offer Security Tips

2nd May (World Password Day)

95% of organizations adjusted cybersecurity strategies this past year

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element

AI-driven phishing attacks deceive even the most aware users

Alleged China-based hackers using ‘Cuttlefish’ malware platform to target Turkey

Android Flaw Affected Apps With 4 Billion Installs

Anonymous Collective Allegedly Conducts DDoS Attacks on Israeli Real Estate Companies

Authorities urging immediate action against pro-Russian hacktivist attacks

Best Practices to Secure your Supply Chains

B1ack’s Stash Market Allegedly Leaked 1 Million Credit Card Information

Cannes hospital responds to LockBit ransom attack demands

Change Healthcare cyberattack fallout continues

Change Healthcare Data Breach May Affect a Third of All Americans - What Happened?

CISA urges software developers to weed out path traversal vulnerabilities

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

CL0P Lists McKinley Packing, Pilot, and Pinnacle Engineering as Latest Victims

Continuum Health data breach impacted close to 400,000 patients in the U.S.

Continuum reveals hack exposed 377K Consensus Medical Group patients

Cyber attack forces London Drugs to shutter all Canadian pharmacy stores

Cybersecurity consultant arrested after allegedly extorting IT firm

Data Breach Group UndergroundDataLeaks Increases Data Breach Operations

Data Breach of UAE Government: Massive Security Breach Exposes Sensitive Information

Dropbox Discloses Breach of Digital Signature Service Affecting All Users

Dropbox Reports Breach of Sensitive Authentication Data for its Sign Product

Dropbox says attackers accessed customer and MFA info, API keys

Dropbox Warns Hacker Accessed Customer Passwords And 2FA Data

Financial hacker transfers stolen funds after a year of dormancy

Five Ways to Dramatically Reduce the Risk of Password Compromise

Global Data Breaches and Cyber Attacks in April 2024 - 5,336,840,757 Records Breached

Hacker jailed over $700M REvil ransomware scheme

Hacker Makes Claim of Largest Attack on United Arab Emirates in History

Hacker Sentenced After Years of Extorting Psychotherapy Patients

Hackers Target New NATO Member Sweden with Surge of DDoS Attacks

Hacktivists Claim Cyberattack on Columbia University After Police Crackdown on Protests

Hundred Finance Hacker Resurfaces After Year-Long Hiatus

Investigation uncovers substantial spyware exports to Indonesia

Iranian hackers pose as journalists to breach victim systems

Iranian state-backed cyber spies continue to impersonate media brands, think tanks

Kaseya Ransomware Attacker Sentenced

Ladakh Social Welfare Department Data Hit By Alleged Cyberattack

LockBit publishes confidential data stolen from Cannes hospital in France

London Drugs says ‘no evidence’ of customer data breach amid 5th day of closures

Maine accounting firm sued after data breach exposes personal info of 1.1M people

Massive Data Breach in Australian Facial Recognition System Raises Alarm

Matryoshka 424 Emerges: New Pro-Russian Hacker Group Announces Recruitment Drive

Microsoft warns of "Dirty Stream" attack impacting Android apps

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw

New SOHO router malware aims for cloud accounts, internal company resources

New South Wales (NSW) Data Breach May Have Impacted a Million Pub and Club Patrons

Newly identified botnet targets decade-old flaw in unpatched D-Link devices

No MFA, Major Consequences: Simple Security Oversight Led to Change Healthcare Data Breach

NSA security designer goes to jail for sharing top secret files

Organizations patch CISA Known Exploited Vulnerabilities (KEV) list bugs 3.5 times faster than others, researchers find

Outabox Data Breach Exposes PII of more than 1 Million Australian Club Visitors

Panda Express breached, extent still unknown

Police shut down 12 fraud call centres, arrest 21 suspects

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

Questions continue regarding Robeson County data breach

Reported Australian biometric data breach prompts arrest and hysteria

REvil hacker behind Kaseya ransomware attack gets 13 years in prison

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Securing your organization’s supply chain: Reducing the risks of third parties

Security Breach Exposes Dropbox Sign Users

Thousands of Airsoft players under threat after data breach

Three-Quarters of CISOs Admit App Security Incidents

Two years in, Google says passkeys now protect more than 400 million accounts

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware

Understanding Scattered Spider, and how they perform cloud-centric identity attacks

US and UK Warn of Disruptive Russian Operational Technology (OT) Attacks

US warns of North Korean hackers using email security flaws for phishing attacks

World Password Day: Cybersecurity Best Practices and Tips for MSPs

1st May

1 in 5 US Ransomware Attacks Triggers Lawsuit

Adobe Adds Firefly and Content Credentials to Bug Bounty Program

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Are VPNs Legal To Use?

Australia's Qantas probing reports of data breach at loyalty app

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

Breach Alert: Alleged Sale of AutoCAD Files from US Air Force Academy (USAFA) and US Space Forces (USSF) Military Bases

CISA says GitLab account takeover bug is actively exploited in attacks

Critical infrastructure operators urged to harden systems against pro-Russia hackers

Dropbox reports data breach, user info compromised

Dropbox says hacker accessed passwords, authentication info during breach

DropBox says hackers stole customer data, auth secrets from eSignature service

Essential steps for zero-trust strategy implementation

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

French hospital Hôpital de Cannes - Simone Veil (CHC-SV) refuses to pay LockBit extortion demand

Gootloader Attacks Healthcare Down Under

Hewlett Packard Enterprise (HPE) Aruba Networking fixes four critical RCE flaws in ArubaOS

Lawsuits After Ransomware on the Rise

Lawsuits and Company Devaluations Await For Breached Firms

LockBit, Black Basta, Play Dominate Ransomware in Q1 2024

More than 100 arrested in Spain in $900,000 WhatsApp scheme

Muddling Meerkat Group Suspected of Espionage via Great Firewall of China

National Cyber Security Centre (NCSC) New Mobile Risk Model Aimed at “High-Threat” Firms

New Cuttlefish malware infects routers to monitor traffic for credentials

Panda Restaurants discloses data breach after corporate systems hack

Qantas app exposed sensitive traveler details to random users

Qantas probes data breach in frequent flyer app

Ransomware gang RAGroup activities increased by more than 300%

Recovering from ransomware attack could cost remote Scottish council £500,000

Telecoms company Magnet+ investigating possible cyber attack

Threat Actor Allegedly Leaks Database of Procuraduría General de la República

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

UnitedHealth CEO confirms company paid $22 million ransom in heated Senate hearing

UnitedHealthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack

UnitedHealth CEO tells Senate all systems now have multi-factor authentication after hack

US government warns of pro-Russian hacktivists targeting water facilities

Verizon Data Breach Investigation Report (DBIR) paints a bleak picture of data breach landscape

Vulnerability Exploits Triple as Initial Access Point for Data Breaches

Why cloud vulnerabilities need CVEs

ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

30th April

66SLAVS Group Allegedly Breaches UAE’s Largest Web Design Studio, LRB Info Tech

Against the advice of pros more companies than ever are paying ransoms

Almost 500,000 Individuals Affected by Designed Receivable Solutions Data Breach

Amount paid in ransomware attacks has risen five times compared to previous year

AT&T, Verizon, T-Mobile Slapped with $200 Million Fine Over Location Data Sharing

Aussizz Group Data Breach

Australia: Mt Hira College suffers alleged student email data breach

Baltic countries blame Russia for GPS jamming of commercial flights

Black Kite Research Reveals Growing Persistence, Sophistication and Aggression Within Cybercrime Ecosystem

Business email compromise: defending your organisation

Central Bedfordshire Council has paid out more than £70k in compensation for 450 data breach claims

Change Healthcare hacked using stolen Citrix account with no MFA

Change Healthcare hackers broke in using stolen credentials - and no MFA

Collection agency data breach affects millions of users

Congress circles UnitedHealth as effects of ransomware attack continue

Considerations for Operational Technology Cybersecurity

Critical steps to help school districts combat ransomware attacks

Cyber Heist Alert: North Korea Hackers Lazarus Group Use LinkedIn To Prey on Crypto Firms

Cyber-attack risks are real, no matter what business you’re in

DarkGate spreads to 30+ countries via novel HTML phishing

Data breach at Financial Business and Consumer Solutions (FBCS) exposes nearly 2 million individuals

Data breach at J.P. Morgan Chase exposes records of 451,000 retirement savers

Data Breach KISTI SMART K2C: Allegedly 7.79 Million Users’ Information Exposed

Debt Collection Agency Financial Business and Consumer Solutions (FBCS) Suffers Data Breach Affecting 1.9 Million People

Department of Homeland Security (DHS), CISA Partner to Secure Critical Infrastructure in the Age of AI

Federal Communications Commission (FCC) Fines Carriers $200m For Selling User Location Data

Federal Communications Commission (FCC) fines major wireless carriers over illegal location data sharing

Federal Communications Commission (FCC) slaps fines on wireless carriers for illegally selling location data

Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms

Finnish Hacker Kivimaki Found Guilty in Vastaamo Hack

Finnish hacker receives sentencing for extortion of therapy patients by obtaining thousands of records

Global Sting Disrupts $1 Million Phishing Ring

Google bans 2.3M apps and hundreds of thousands of accounts from its Play Store

Google Blocks 2.3 Million Apps From Play Store Listing

Hacker jailed for blackmailing therapy patients

Hacker who blackmailed psychotherapy patients sentenced to six years in prison

Hacking homework for exam breach suspect

Healthcare Cybersecurity: 5 Steps to Prepare for a Ransomware Attack

Healthcare Organizations Lose 20% of their Sensitive Data in Every Ransomware Attack

Hong Kong: No data leakage found yet as Arts Development Council condemns cyber attack

How much South African firms pay ransomware gangs

Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years

India Emerges as Third-Largest Target for Phishing Attacks Globally

India Faces Over 79 Million Phishing Attacks in 2023: What You Need to Know

India Ranked Third In Global Phishing Attempts

India recorded over 79 million phishing attacks in 2023, new study suggests

Kaiser Permanente Announces Data Breach Affecting Millions

Kaiser Permanente Cyber Attack Exposes 13.4 Million Users Data

Lazarus Hackers Group Use LinkedIn To Launch Phishing Fraud

LockBit, RAGroup Drive Ransomware Attacks in March

London Drugs Temporarily Closes All Western Canadian Stores After Cyberattack

Marriott admits to using weaker encryption during the 2018 data breach

Millions of Docker repos found pushing malware, phishing sites

Millions of Malicious Containers Found on Docker Hub

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

Nearly 2 Million impacted by Financial Business and Consumer Solutions breach

New Cyber Attack Targets Facebook Users Through Fake Ads On Google

New Latrodectus malware attacks use Microsoft, Cloudflare themes

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

New Wpeeper Android malware hides behind hacked WordPress sites

North Tyneside Council pays out staggering £65K in data breach claims amid ‘worrying’ rise in the UK

Over 70% of Small Businesses Worldwide Suffered a Cyber Attack in the Last 2 Years

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

Passwords under seven characters can be easily cracked

Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

Philadelphia Inquirer struck by cyberattack

Poloniex Hacker Moves Enormous $32 Million in Bitcoin

Poor cyber hygiene and budgets leave organizations ill-prepared

Q1 2024 Sets Record for Most Global Ransomware Attacks in a First Quarter

R language flaw allows code execution via RDS/RDX files

Ransom Payments Surge by 500% to an Average of $2m

Ransom payments surge to staggering $2M on average, a 500% jump from last year

Ransomware and extortion incidents surged by 67% in 2023

Ransomware Group LockBit Claims Responsibility for Cannes Hospital Cyberattack

Ransomware menace plagues Indian businesses, more than 200k attacks in one year

Ransomware Payments Soar 500% in the Last Year

Ransomware recovery cost averages $1.04m in South Africa

Ransomware Rising Despite Takedowns

Security Breach Exposes Italian Red Cross Network: Allegedly Threat Actor Shares Details of the Incident and Offers Backdoor Access

SiegedSec Allegedly Hacks Westboro Baptist Church, Leaks Data and Source Code

Singapore is 5th most targeted country for ransomware attacks in Asia

The Staggering Rise of Ransomware Attacks in 2023

The State of Ransomware 2024

There was an 81% year-over-year increase in ransomware attacks

Triangulation fraud: The costly scam hitting online retailers

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

UK Government Law Will Soon Prohibit Passwords Such As “admin” or “12345”

UnitedHealth hackers exploited Citrix bug, CEO says

Unverified: ANON SEC BD Claims Cyberattack on Saudi Water Facilities

Urgent Alert for Apple Users: A Surge in Phishing Attacks Demands Password Resets

US fines telcos $200M for sharing customer location data without consent

US Government Releases New Resources Against AI Threats

UserSec, NoName057(16), and Cyber Army of Russia Target UK’s Economic Sector

Vastaamo Hacker Sentenced for Blackmailing Thousands Over Stolen Therapy Notes

YMCA Fined for Data Breach, ICO Raises Concerns About Privacy for People with HIV

29th April

2 million hit in massive debt collector data breach - full names, birth dates and SSNs exposed

72% of CISOs believe AI solutions may lead to security breaches

90% of company attacks start with a phishing email

91% of ransomware victims paid at least one ransom in the past year

2023 Was the Year Threat Actors Disabused Our Trust in Digital

Agent Tesla and Taskun Malware Targeting US Education and Government Entities

AI is creating a new generation of cyberattacks

Avast fined nearly $15M for GDPR violations

Belarus secret service website still down after hackers claim to breach it

Belarusian KGB allegedly breached, hackers dox over 8600 agents

Breaking 2FA authentication: demystifying your security

Britain bans simple passwords for smart devices

Catholic Diocese of Cleveland, Ohio announces data breach

Central Bank Argentina Data Breach: Hackers Allegedly Offer Customer Info for Sale

China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale

Chinese hackers are now using this tactic for spying

Collection agency Financial Business and Consumer Solutions (FBCS) warns data breach impacts 1.9 million people

Compounded Crisis: Change Healthcare’s Breach Escalates with New Threats

Cyber-Partisans hacktivists claim to have breached Belarus KGB

Cyber crooks ramp up credential stuffing attacks

Cybersecurity incident forces closing of London Drugs stores across Western Canada until further notice

Cybersecurity researchers spotlight a new ransomware threat - be careful where you upload files

Data breach may have involved millions of patients, Kaiser Permanente says. What was leaked?

defi SOLUTIONS calls out ‘bluff’ of recent hacker threats

Designed Receivable Solutions Data Breach Leaks an Estimated 498,686 Patient Social Security Numbers

Essex County Council Compensation Payouts Increase

Experts weigh in on Omni Hotel ransomware incident

Experts weigh in on the MITRE nation-state cyberattack

Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank

FBI warns of fake verification schemes targeting dating app users

Federal Communications Commission (FCC) fines carriers $196 million for selling customer location data

Federal Communications Commission (FCC) fines carriers $200 million for illegally sharing user location

Federal Trade Commission (FTC) Strengthens Health Data Breach Notification Rule to Protect Consumers

Fighting Ransomware: Steps to Shield Your Business

Financial Business and Consumer Solutions (FBCS) data breach impacted 2 Million individuals

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google rejected 2.28 million risky Android apps from Play store in 2023

Hackers Exploit WP-Automatic Plugin Vulnerability, Threatening WordPress Site Security

Hackers Took Just 29-Days From IcedID Infection to Dagon Locker Ransomware

Hacktivists Claim Breach of Belarusian Intelligence Agency

Hunters Ransomware Claims Two: Rocky Mountain Sales, SSS Australia Targeted

ICICI Bank glitch gave access to other clients’ credit cards

Impact of cybersecurity organizational structure on ransomware outcomes: The most successful models

Interim Healthcare of Lubbock Notifies Patients of June 2022 Data Breach

JP Morgan employees access sensitive information they weren’t supposed to see

Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk

Junk Gun ransomware infiltrates dark web

KageNoHitobito Ransomware Attacking Windows Users Around the Globe

Kaiser Permanente data breach may have affected millions

Kaiser Permanente says data breach may affect 13.4M customers

Kaiser Permanente suffers a data breach that may impact 13.4M members

KaliHunt Groups Allegedly DDoS Attacks on US Airports and Baltic Countries

Kansas City system providing roadside weather, traffic info taken down by cyberattack

Kaspersky reveals email is primary gateway for phishing attacks

Lazarus Group Poses As Fenbushi Capital For Phishing Scams, Lures Users Via LinkedIn

Lazarus Group Poses as Fenbushi Exec on LinkedIn for Cyber-Hacking

Lazarus Group Strikes Again: New Crypto Phishing Scam Targets LinkedIn Users

London Drugs across Greater Victoria to remain closed after cyber attack

London Drugs closes all of its pharmacies following 'cybersecurity incident'

London Drugs pharmacy chain closes stores after cyberattack

London Drugs shuts down all western Canadian stores 'until further notice' following cyber incident

Moldova Government Hit by NoName Ransomware: Websites Down

Muddling Meerkat hackers manipulate DNS using China’s Great Firewall

Navigating Data Breach Communication: A Blueprint For Executives

Navigating personal liability: post data-breach recommendations for CISOs

Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM

New banking malware gives hackers complete control of Android phones

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks

New Ransomware Group “SpaceBears” Attacks: Multiple High-Profile Victims Targeted

New UK Smart Device Security Law Comes into Force

North Korea hackers Lazarus Group poses as Fenbushi partner on LinkedIn

Okta warns customers about credential stuffing onslaught

Okta Warns Customers of Credential Stuffing Barrage

Okta warns of surge in credential stuffing attacks

OrthoConnecticut Notifies Patients of Recent Data Breach Affecting Their SSNs

Paramedics' mobile numbers 'exposed' in data breach

Pennsylvania Insurance Department Urges Caution in Wake of Data Breach: Implications and Protective Measures

QNAP Unveils Three Critical Flaws in NAS Software Suite (CVE-2024-32764, CVE-2024-32766, CVE-2024-27124)

Ransomware payment bans need universal buy-in

Report details impact of cyber attack on IT firm

Researchers Discover New Android Banking Trojan ‘Brokewell’ Disguised as Chrome Update

Researchers unveil novel attack methods targeting Intel’s conditional branch predictor

Romance scammers offer fake protection from sex offenders, FBI warns

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover

Security leaders respond to disruption of LabHost, a fraud website

Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack

Software supply chain risks for AI and ML models

Spanish Bank EvoBanco Security Breach: Gradual Release of Data

SSS Australia falls victim to Hunters International ransomware gang

Staff taking legal action over Northern Ireland police data breach

States of Guernsey under investigation following data breach which saw 5,059 records leaked

Study Reveals Alarming Levels of USPS Phishing Traffic

Text phishing scam claiming unpaid tolls sent to Michigan residents

The Los Angeles County Department of Health Services disclosed a data breach

Thousands of PSNI officers and staff pursue legal action over data breach

Threat Actor Claims Sale of Dell Database Containing 49 Million Customer Records

U.S. Postal Service (USPS) Phishing Scams Generate Almost as Much Traffic as the Real Site

UK becomes first country to ban default bad passwords on IoT devices

UK enacts IoT cybersecurity law

UK government introduces new laws in cyber-attack crackdown

UK’s new ‘world first’ laws crack down on smart gadget cyber attacks

Ukrainian military intelligence claims attack on website of Russia’s ruling party

‘Unprecedented Scale’ of Credential Stuffing Attacks Observed: Okta

US Post Office phishing sites saw almost as much traffic as real website

USDoD Resurfaces with Alleged China Data Leak After Building New Content Delivery Network (CDN) Site

Voter Registration System Taken Offline in Coffee County Cyber-Incident

Washington State Casino Reopens Weeks After Apparent Cyber Attack

What is MFA bombing? Apple users were targeted using this phishing technique

What the U.S. Still Needs to Do to Combat Ransomware