Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)

Monday 20 May 2024

Data Breaches Digest - Week 21 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 20th May and 26th May 2024.

26th May

Belgium: Ransomware attack hits Cambio supplier

Beware! New York State Police Warn Residents of This Latest Scam! Here’s What You Need to Know

Decoding the Primary Devils Behind Data Breaches

Following a cyber attack, Normie meme coin crashed 99.99%

Hacker honeypots for the everyday person

Hackers phish finance organizations using trojanized Minesweeper clone

How Iranian hacker groups are combining psychological warfare with data destruction to target Israel and Albania

How to Identify Phishing Emails: 7 Easy Ways to Spot a Scam

Islamabad Safe City’s online system shut down after hacking attempt

Massive cyber attack against Eritrea’s Internet System

Ransomhub’s Latest Attack Raises Alarms for Industrial Control Systems (ICS) Security

Ransomware Attacks: Trends, Tactics, and Mitigation Strategies

ShrinkLocker Ransomware Exploits BitLocker to Target Companies

Threat Actor Claims to Sell WordPress Admin Authentication Bypass Exploit for $50,000

25th May

10 Cybersecurity Tips for Safe Online Shopping

Arc browser’s Windows launch targeted by Google ads malvertising

Data Leak Exposes 500GB of Indian Police, Military Biometric Data

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data

Indian man stole $37 million in crypto using fake Coinbase Pro site

LockBit Black ransomware is at the heart of new phishing emails

New ATM Malware Threatens European Banking Security

Singapore-based firm fined S$74K for data breach due to weak password affecting over 500K users

Spyware app pcTattletale was hacked and its website defaced

24th May

70 million-record-strong US criminal database allegedly posted online by infamous hacker

$1,800,000,000,000 Bank Says Customer and Employee Data Has Been Exposed and Accessed in Mysterious Breach

Affiliated Dermatologists struck by ransomware attack, 370K impacted

Alphv and LockBit lose top spot to a smaller ransomware group

Amid funding cuts, backlog of unanalyzed vulnerabilities in government database is growing

An ‘Unwelcome Development’ in MediSecure Data Breach Incident

Ascension Cyber Attack Leaves Healthcare Sector Reeling

Ascension slowly restoring network as nurses, doctors cite real-world dangers of attack

Association of California School Administrators Reports Ransomware Attack

Australia Communications and Media Authority (ACMA) Launches Legal Action Against Optus Over 2022 Data Breach: Latest Setback for Telecom Giant

Australia Communications and Media Authority (ACMA) Takes Legal Action Against Optus Over 2022 Data Breach

Australia Communications and Media Authority (ACMA) to Prosecute Optus over 2022 Data Breach

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

BlackMaskers Team Issues Warning to Jordan, Israel, and the Emirates

California school association hack hits nearly 55K

California school leaders' association says ransomware attack impacted over 50,000 members

Cencora data breach exposes US patient info from 8 drug companies

Cencora notifies individuals about data stolen earlier this year

Change Healthcare discloses $22M ransomware payment

Chrome Fixes Fourth Zero-Day in Two Weeks, Eighth in 2024

CISA Says 4-Year-Old Apache Flink Vulnerability Still Under Active Exploitation

CISOs in Australia Urged to Take a Closer Look at Data Breach Risks

Courtroom Recording Platform Abused to Deliver Backdoor Implant

Courtroom Recording Software Compromised in Supply Chain Attack

Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE) sued for information about sharing of noncitizens' biometrics

Cyberespionage schemes leveraged in escalating Moroccan gift card theft campaign

Dangerous New Browser Malware Detected on Forums: GhostHook v1.0

Data Breach at Merrill Exposes Personal Information of Walmart 401(k) Participants

Dell class action claims data breach affected 49M customers

Despite increased budgets, organizations struggle with compliance

Eight drug companies information stolen due to Cencora data breach

Emerging ransomware groups on the rise: Who they are, how they operate

EU wants universities to work with intelligence agencies to protect their research

Fake Pegasus Spyware Strains Populate Clear and Dark Web

FIRST Heritage Co-operative Credit Union Issues Alert Following Cyberattack

GLORIAMIST Group Targeted Science Po Paris, Claims to Breached Several of Their Database

Google fixes eighth actively exploited Chrome zero-day this year

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

Hacker defaces spyware app’s site, dumps database and source code

HackNeT and People’s Cyber Army Allegedly Launch DDoS Attacks on Canadian Airport Systems

Health Information Published Online After MediSecure Ransomware Attack

Hong Kong Monetary Authority (HKMA) Issues Alert Over Fraudulent Website and Phishing Emails Tied to Tai Sang Bank Limited

How Banks Can Safeguard Customers From Romance Fraud

How Can Small Businesses Alleviate Cyber Risks?

How Hoteliers Can Navigate Data Breach Insurance Claims

Information Commissioner’s Office (ICO) Issues Reduced Fine to PSNI Over Data Breach

Inside Team R70: An Interview with a Notorious Hacker Collective

JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware

Legal action looming for Optus following data breach

Lewisham residents' contact details published in data breach

London Drugs Data Breach: Ransom Refusal Leads to Release of Employee Files

London Drugs’ response to cyberattack a case study in crisis management

Malicious actors are cat-phishing targets in order to spread malware

MediSecure asks for government bailout after cyberhack, data advertised on dark web

Merrill employee exposes Walmart pension plan members

Microsoft: Gift Card Fraud Rising, Costing Businesses up to $100,000 a Day

New KnowBe4 phishing report reveals top choices for phishing scams

New ShrinkLocker ransomware uses BitLocker to encrypt your files

New York's Albany County investigating 'cybersecurity breach' ahead of holiday weekend

Novartis Patient Information Leaked in Third-Party Data Breach at Lash Group

Novel ShrinkLocker ransomware exploits Microsoft BitLocker

Optus Faces Legal Action Over 2022 Data Breach: Australian Communications and Media Authority (ACMA) Alleges Failure to Protect Customer Data

Optus sued by watchdog over 2022 data breach

Optus to defend itself against claims it failed its customers in 2022 cyber attack

Philippine National Police (PNP) suspends online services amid data breach probe

Phishing kit trends and the top 10 spoofed brands of 2023

Police service faces £750k fine for data breach

Police Service of Northern Ireland (PSNI) faces £750,000 fine for data breach impacting entire workforce

Ransomhub Attacking Industrial Control Systems To Encrypt And Exfiltrate Data

Ransomware & Extortion Trends Create Massive Shift in Cyber Threat Landscape

Ransomware attack on Victoria Eye Centre impacted over 80,000 patients

Ransomware Attacks Targeting VMware ESXi Infrastructure Adopt New Pattern

Researcher Indicates PCTattletale Stalkerware Found on US Hotels, Corporate and Law Firm Computers Leaks Recordings

Russian Hackers Shift Tactics, Target More Victims with Paid Malware

Self-managed VPNs targeted in 58% of ransomware attacks

Shein customers issued urgent 'do not open' warning over new phishing scam

Shein shoppers issued urgent 'be aware' warning over latest scam

ShrinkLocker Ransomware Exploits Microsoft's BitLocker

Singapore: Software firm fined $74k for data breach caused by weak password; half a million users affected

South Africa: Justice department suffers another cyber attack

Staff documents stolen in EU Parliament data breach

Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks

Stolen London Drugs data posted online in ransomware attack

The Philippines: Department of Information and Communications Technology (DICT) working on Philippine National Police (PNP) data breach

Thousands of rugby fans' data leaked in breach

Top Cloud Services Used for Malicious Website Redirects in SMS Scams

Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024

US Drug Distributor Cencora Reports Massive Cyberattack, Highly Sensitive Medical Data Compromised

US pharma giant Cencora says Americans’ health information stolen in data breach

US retailers under attack by gift card-thieving cyber gang

Vulnerable to ransomware? It’s not your servers - it’s your people

Walmart 401(k) data breach leaks names, Social Security numbers of plan participants

What is Black Basta, thought to be behind the Ascension ransomware attack?

What the FA Cup can teach businesses about ransomware

Worried about job security, cyber teams hide security incidents

23rd May

70% of CISOs worry their organization is at risk of a material cyber attack

300% Surge in Cyber Attacks - Here Is How Hacktivist Groups Are Targeting India’s General Election

400,000 Impacted by CentroMed Data Breach

Are Your SaaS Backups as Secure as Your Production Data?

Australia takes Singtel-owned Optus to court over 2022 cyber attack

Australia to sue Singtel-owned Optus in court over 2022 cyber attack

Australian Communications and Media Authority (ACMA) sues Optus for 2022 cyber attack

Australian Communications and Media Authority (ACMA) takes Optus to court over data breach that impacted 10m Aussies

Australian printing company suffers alleged 300Gb data breach

Bank of Guam alerts customers to recent vishing and phishing scheme

BianLian Ransomware Group Adds 3 American Companies to Victim List

Breach of staff data sees Northern Ireland police service hit with £750k fine

Canadian pharmacy London Drugs responding to a LockBit ransomware attack

CentroMed suffers data security incident, 400K patients exposed

Chinese Threat Actors Employ Operational Relay Box (ORB) Networks to Evade IOCs

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

CISOs pursuing AI readiness should start by updating the organization’s email security policy

City of Clarksville announces major breach of residents' personal data

Communications watchdog suing Optus over data breach

Compromised recording software was served from vendor’s official site, threat researchers say

Courtroom recording software compromised with backdoor installer

Cyberattacks on health authority, province, London Drugs not related

Cybercriminals Exploit Cloud Storage For SMS Phishing Scams

Data Breach At Mustafa Group In Singapore Prompts Police Probe

Data breach at Western Sydney University (WSU) exposes thousands to cyber threats

EU Parliament staff in uproar over breach of ID cards, personal records

European Parliament breached, IDs leaked

Facial recognition technology widely used at sporting events, privacy watchdog says

First Nations Health Authority in Crisis: Cyberattack Shakes British Columbia’s Healthcare Sector

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

GitHub Fixes Maximum Severity Flaw in Enterprise Server

GitHub Issues Patch for Critical Exploit in Enterprise Server

Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

Here's yet more ransomware using BitLocker against Microsoft's own users

HHS pledges $50M for autonomous vulnerability management solution for hospitals

High-severity GitLab flaw lets attackers take over accounts

How the Ascension cyberattack is disrupting care at hospitals

HR-related email subjects still top for phishing attempts

'I’ve been here too long’: Patients feel ransomware attack effects at Ascension

Indian Election Faces Cyber-Attacks, Data Leaks on Dark Web

Information Commissioner’s Office (ICO) plans to fine Police Service of Northern Ireland for data breach

Information Commissioner’s Office (ICO) Warns Police Service of Northern Ireland (PSNI) It Faces £750k Fine Over Data Breach

Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

Ireland: a prime target for Cybercriminals with Phishing leading the charge

Irish European Parliament staff among those with passports leaked in major data breach

Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager

Jumbo Group suffers ransomware attack

Jumbo Group, Mustafa hit by cyber attacks

Justice AV Solutions (JAVS) courtroom recording software backdoored in supply chain attack

Kakao fined $11.1 million for 2023 data breach

LockBit says that it’s behind the London Drugs attack

London Drugs confirms stolen employee data leaked online by hackers

Machine identities lack essential security controls, pose major threat

Malicious actors leak 70 million records from US Criminal database

MediSecure data breach: why is health data so lucrative for hackers?

Microsoft spots gift card thieves using cyber-espionage tactics

Morocco-based cybercriminals cashing in on bold gift card scams, Microsoft says

National Records of Scotland Data Breached in NHS Cyber-Attack

National Vulnerability Database (NVD) Leaves Exploited Vulnerabilities Unchecked

Naya Daur YouTube Channel Restored Following Cyber Attack

Nearly 90% of organizations suffer damage after a security incident

New Bitcoin Token Protocol “Runes” Carries Potential Phishing Risk

New Frontiers, Old Tactics: Chinese Cyber Espionage Group Targets Africa & Caribbean Governments

NHS Dumfries and Galloway cyber attack records published

Nissan North America targeted in data breach impacting more than 53,000 staff members

Northern Ireland: Police facing £750k fine over data breach

Nissan data breach impacts 50K+ employees

Nissan Oceania call centre impacted by OracleCMS data breach

Northern Ireland police faces £750k fine after exposing staff info

Northern Ireland Police Service Could Face £750K Fine Over Data Breach

OmniVision says Cactus ransomware attack in 2023 compromised client data

Online video downloader exposes user data, including explicit content

Optus says it will defend allegations it failed to protect confidential details of 9 million customers in cyber attack

Optus sued by regulator over 2022 cyber-attack

Optus to face Australian Communications and Media Authority (ACMA)-filed court case over data breach

Passports, criminal records leaked in EU Parliament data breach

Patriot Mobile data breach exposes subscribers’ personal details

Pharmaceuticals firm Cencora says data breach impacted Bristol Myers Squibb customers

Phishing attack spike fueled by generative AI

Police Service of Northern Ireland (PSNI): Federation welcomes initial findings into data breach

Police Service of Northern Ireland (PSNI) could be fined £750,000 for major workforce data breach last year

Police Service of Northern Ireland (PSNI) could be fined £750k over data breach

Police Service of Northern Ireland (PSNI) Faces £750,000 Data Breach Fine After Spreadsheet Leak

Police Service of Northern Ireland (PSNI) faces £750k fine for data breach which exposed personal information of entire workforce

Police Service of Northern Ireland (PSNI) faces £750,000 fine for massive data breach last year

Police Service of Northern Ireland (PSNI) faces trust rebuild after ‘avoidable’ data breach

Police Service of Northern Ireland (PSNI) Facing £750,000 Fine After Data Breach Exposes Officers’ Details

Police Service of Northern Ireland (PSNI) facing £750,000 fine as ‘tangible threat to life’ identified following data breach

Police Service of Northern Ireland (PSNI) facing €750,000 fine over data breach involving more than 9,000 serving officers and staff

Police Service of Northern Ireland (PSNI) facing £750,000 fine over major data breach

Police Service of Northern Ireland (PSNI) fined £750,000 over severe data breach that saw staff personal details published online

Police Service of Northern Ireland (PSNI) to face £750,000 fine as a result of data breach that could have been easily avoided

Police Service of Northern Ireland's Failure to Prevent Data Breach Could Bring Nearly $1 Million in Fines

Protect Your Multi-Factor Authentication Codes from Phishing Scams

QR Code-Based Attacks Are Growing in Popularity; Now Comprise 11% of All Malicious Emails

Ransomware Attack on Texas Ophthalmology Practice Exposes Data of 80,000 Patients

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

Ransomware fallout: 94% experience downtime, 40% face work stoppage

Report Reveals 341% Surge in AI-Driven Phishing and BEC Attacks

Richland, Washington issues data breach notification

Rise in ransomware accelerates cyber insurance adoption

Scottish national records data breached in NHS ransomware attack

Securities and Exchange Commission (SEC) Amends Reg S-P To Strengthen Data Breach Response Requirements and Protect Investor Information

ShrinkLocker: Turning BitLocker into ransomware

State and Local Governments Make Progress Against Ransomware

Stock exchanges fined for failing to report cyber intrusion

Tesla’s Ultra-Wideband Still Vulnerable to Relay Attacks Despite Upgrades

The Securities and Exchange Commission (SEC) slaps New York Stock Exchange's parent company with a $10M fine for not immediately reporting a hack

Threat Actor Allegedly Offers Unauthorized RDP Access to one of Congo’s Largest Mining Companies

Threat Actor Claims to Have Breached Catch News, 2 Million Users Data at Risk

Threat Actor Offers Baloo Stealer Source Code for Sale for $1500

Threat Actor Offers Database of MedSecure for Sale at $50000

Threat Actor “Unfading Sea Haze” Targeting South China Sea Nations

Trionfo Solutions Announces Data Breach Affecting Social Security Numbers of 65,787 Individuals

UK considering mandatory reporting for ransomware attacks

WhatsApp Engineers Fear Encryption Flaw Exposes User Data

22nd May

70% of CISOs Believe Their Company Is at Risk of a Cyber-attack

87% of medical practice data is digital

A hacker has created over $200 million worth of GALA tokens after a security breach

America's "only conservative cell carrier" hit by data breach

Ascension transitions to manual systems amid last week's ransomware attack

Atlas hack admitted by Black Basta ransomware group

Australia takes Singtel-owned Optus to court over 2022 cyber attack

Authorized Push Payment Fraud Cases Surge 12% Annually

Barings signs up 1,000+ claimants over recent Ministry of Defence (MoD) data breach

Blackbaud hit with new federal mandates following 2020 data breach

Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown

Business Email Compromise (BEC) and Healthcare Benefits Scammer Sentenced to 10 Years Over $4.5M Fraud

Business Email Compromise (BEC) Phishing Attacks Are Gaining Momentum

Canada's London Drugs confirms ransomware attack after LockBit demands $25M

CentroMed Data Breach Exposed 400,000 Patient Records

Chinese hackers compromising military and government entities around South China Sea

Chinese hackers hide on military and government networks for 6 years

Chinese Hackers Rely on Covert Proxy Networks to Evade Detection

Chucky Allegedly Leaks Gestion Kronos Database Containing 1.6 Million Records

Consumers file multiple Financial Business and Consumer Solutions data breach lawsuits

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Cyber attack on healthcare provider CentroMed exposes patient data

Cyberattack against London Drugs claimed by LockBit ransomware group

Cyberattackers using ‘cat-phishing’ techniques, says report

CyberNiggers Group Announces New Web Domain Following BreachForums Downfall

Cybersecurity Incidents and Ransomware Attacks: Cybersecurity and Infrastructure Security Agency (CISA) Proposes Reporting Rule

Data Breach Alert: Allegedly Saudi Shopping Platform Reefi.me Customer Data for Sale

Data breach impacts wireless provider Patriot Mobile

Detecting A Phishing Attack With Help Of Artificial Intelligence

Dissecting the latest DNS-based attack trends - What we're seeing and how to get ahead

Dohman, Akerlund & Eddy Notifies Consumers of February 2024 Data Breach

Don’t ignore data protection when developing AI, Information Commissioner’s Office (ICO) warns

Embracing collective defence against cyber-threats

Exploiter Returns Stolen Funds After Gala Games Froze $180 Million

Federal Trade Commission (FTC) orders Blackbaud to report on data practices

Feds continue to rack up convictions in BEC cases as Georgia man gets 10-year sentence

Gala Games recovers $22M of stolen crypto

Generative AI services have driven a huge surge in phishing attacks

German police warn of cyberattacks via Office 365

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

GitHub Enterprise Server Vulnerability Circumvents Authentication Protections

Hacker breaches 2 Philippine National Police online systems in series of attacks

Hacker from Gala Games returned USD 22 million! The team would effectively freeze most of the GALA tokens

Hacker Returns $22M to Gala Games Post GALA Token Exploit

Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

Healthcare’s Trillion-Dollar Data Breach Crisis: Cybersecurity is a Matter of Life and Death

HR and IT Related Emails are the Top Choices for Phishing Scams

HR and IT Related Phishing Emails Most Popular Subjects in Q1

In the last year, 70% of organizations were targeted with Business Email Compromise (BEC) attacks

Information Commissioner’s Office (ICO) Looks Into Microsoft’s New Recall Feature

Interactive Brokers Notifies 600 Clients of Data Breach

Intercontinental Exchange to pay $10M Securities and Exchange Commission (SEC) penalty over VPN breach

Is ChatGPT Driving the Rise in Malicious Emails?

Is Southeast Asia becoming the Silicon Valley of fraud?

IT Leaders Agree: Single Sign-On (SSO) Isn’t Enough

Lane Gorman Trubitt Notifies Consumers of January 2024 Data Breach

Latvia could criminalize deepfakes that target politicians

LockBit 3.0 Dethroned and New Players are Emerging

LockBit dethroned as leading ransomware gang for first time post-takedown

London council warns residents’ data may have been compromised by cyber attack on healthcare provider

London Drugs faces Thursday deadline if it doesn’t pay $25 million after ransomware hack

London Drugs ransom demand vanishes hours before looming deadline

Los Angeles Department of Mental Health (LACDMH) reports data breach

Mastercard Deploys AI to Preemptively Thwart Card Fraud

Mastercard Doubles Speed of Fraud Detection with Generative AI

Microsoft Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

Microsoft's new Windows 11 Recall is a privacy nightmare

Microsoft’s Quick Assist tool used to deploy ransomware

National Records of Scotland data leaked as part of NHS cyber-attack

National Records of Scotland data published in NHS cyber attack

National Records of Scotland reveals its data stolen in 'distressing' NHS health board cyber attack

Neighbourhood Watch data breach update as police confirm 'individuals are being investigated'

New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea

New Caledonia: Russian cyber attack just hours before French President Macron's arrival

New Cryptojacking Campaign Exploits Vulnerable Drivers to Evade Security and Gain Privileges

NoName057 Group Launches DDoS Attacks on Major German Websites

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

Over 200K likely vulnerable Confluence Data Center instances exposed

Proposals to Ban Ransomware Payments Rumoured

Q1 2024 Cyber Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices

QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances

Ransomware group says it will release stolen London Drugs data if it doesn't get $25M in 48 hours

Ransomware, Business Email Compromise (BEC), GenAI Raise Security Challenges

Reject all cookies but get them anyway? Websites abusing “legitimate interest”

Report Reveals 341% Rise in Advanced Phishing Attacks

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats

Rockwell Automation Urged Customers to Keep ICS Away from the Internet

Securities and Exchange Commission (SEC) slaps $10 million penalty on owner of New York Stock Exchange over 2021 cyber intrusion

Sensitive records office data accessed in cyber attack on health board

Sidewinder APT Group on the Prowl: National Computer Emergency Team (NCERT) Warns of Phishing Campaign Targeting High-Profile Offices

SlashNext Mid-Year State of Phishing Report Shows 341% Increase in BEC and Advanced Phishing Attacks

Spyware found on US hotel check-in computers

State hackers turn to massive Operational Relay Box (ORB) proxy networks to evade detection

Strengthening Your Multi-Factor Authentication: Tips to Thwart Phishing Attempts

Super Massive Data Breach Reveals 26 Billion Records & 12 Terabytes Of Information

Technological complexity drives new wave of identity risks

The last six months shows a 341% increase in malicious emails

The Under-Appreciated Threat of Authentication-in-the-Middle Attacks

Thousands at Risk in the U.S. from Critical GitHub Enterprise Server Flaw

Threat Actor Allegedly Offers Screen Connect Access to 3,256 Computers in 10 Companies

Threat Actor Claims to Have Breached Al-Rajhi Bank, Sensitive Data at Risk

Threat Actors Exploited Bitbucket Artifacts to Expose AWS Secrets in Plaintext

U.S. nonprofit BAMSI says data breach impacted over 20,000 individuals

UK Bank Fraud Losses Exceed £1 Billion in 2023 Despite Slight Decline

UK Government in £8.5m Bid to Tackle AI Cyber-Threats

US infrastructure crisis: a third illegally pay ransoms

US Unveils $50M Program to Help Hospitals Patch Cybersecurity Gaps

UserPro Plugin Vulnerability Allows Account Takeover

Veeam Addresses Authentication Bypass in Backup Enterprise Manager

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

Vishing Meets AI: The Changing Nature of Phishing Threats

WebTPA data breach compromised the data of close to 2.5 million individuals

Welsh Rugby Union member addresses, names exposed

Windows’ new Recall feature: A privacy and security nightmare?

21st May

10 E-commerce Security Threats to Save Your Business From

15 QNAP NAS bugs and one Proof-of-Concept (PoC) disclosed, update ASAP! (CVE-2024-27130)

$22 million in crypto swiped from Gala Games blockchain platform

49 Million Customers Impacted by API Security Flaw

70% of CISOs Expect Cyber-Attacks in Next Year

Anonymous Hacker Steals $200M Worth of GALA Tokens - Will Gala Games Recover?

Army personnel fear for their jobs after huge MoD cyber attack

Ascension nurse: Ransomware attack makes caring for hospital patients 'so, so dangerous'

Ascension patients: cyber-attack causing delays for medical results

Aston Villa’s gates have security gaps: fans exposed

Australian e-prescription provider MediSecure announces a significant data breach

Bitbucket artifact files can leak plaintext authentication secrets

Black Basta Ransomware Group Announced 7 New Victims

BreachForums Fallout: Secretforums Announces BF Ranks, USDoD Shares Update

CentroMed discloses a second data breach within one year

Comwave Networks Faces Alleged Cyberattack from Medusa Ransomware Group

Conservative cell carrier Patriot Mobile hit by data breach

Critical Fluent Bit Bug Impacts All Major Cloud Platforms

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

Cyber Attack Forces Michigan Hospitals to Use Paperwork

Cyberattacks Over Work Email Most Used; Ransomware Hits Victims Hard

Data protection top motivator for cloud-based backup

Dropbox faces new class action lawsuit over data breach

Emerging trends in ransomware: What to expect in 2024?

Environmental Protection Agency (EPA) Cyber Attack Still Hitting Water Utilities

Environmental Protection Agency (EPA) Steps Up Enforcement to Protect US Drinking Water from Cyber Attacks

Family offices become prime targets for cyber hacks and ransomware

Gala Games Recovers $23M Stolen By Hacker, Plans Token Buyback Program

Generative AI bots are susceptible to user manipulation

GIT (Version Control System) Vulnerability to Remote Access: CVE-2024-32002 RCE Exploit Disclosed

GitHub warns of SAML auth bypass flaw in Enterprise Server

Hacker could have personal information of every schoolkid in Helsinki

Hacktivists turn to ransomware in attacks on Philippines government

Homeland Security has collected DNA data from 1.5 million immigrants in four years, researchers find

How to protect your team against AI phishing emails

HR and IT related phishing scams still most popular according to KnowBe4’s latest Phishing Report

Ikaruz Red Team: Hacktivist Group Leverages Ransomware for Attention Not Profit

Iranian State Hackers Partner Up for Large-Scale Attacks

Just 6% of Brands Guard Against Digital Impersonation Fraud

Kansas City Cyberattack Disrupts KC Scout Cameras, Impacts Crash Investigations and Services

Kyivstar Cyberattack: Company Allocates $90 Million for Recovery Efforts

Lewisham admits data breach - but downplays impact of exposing contact details of residents

‘Linguistic Lumberjack’ Vulnerability Affects Major Cloud Services

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit

LockBit admits University of Siena cyberattack

LockBit says they stole data in London Drugs ransomware attack

London Drugs confirms employee data held for ransom

London Drugs confirms it was victim of ransomware attack

London Drugs hackers seek millions in ransom on claims of stolen employee data

Majority of Singaporean firms hit by ransomware sought law enforcement for help

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

Many-faced Iranian hackers stir destruction in Albania and Israel

Massive $200M Theft In Popular Web3 Game Drives Crypto Hack Losses Beyond $1B This Year

MediSecure data breach: Why hackers target health data

Monmouth County high school students may have had personal info stolen in data breach

More Than One in Four Ransomware Attacks on Healthcare Providers Impact Patient Care

NEC XON shares lessons learnt from ransomware attacks

New Jersey School Data Breach May Have Exposed Student Names, SSNs

New Jersey school reveals shocking data breach: Kept secret for a year

New KnowBe4 Phishing Report Reveals HR and IT Related Emails Are the Top Choices for Phishing Scams

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

Nissan North America Data Breach Leaked the Personal Information of Over 53,000 Employees

Office of the Australian Information Commissioner (OAIC) releases statement on MediSecure data breach

Over 60% of Network Security Appliance Flaws Exploited as Zero Days

Phishing statistics that will make you think twice before clicking

Phishing-as-a-Service (PhaaS): An Intriguing Threat On The Rise In 2024 And Beyond

Ransomware: What is it? How to protect yourself?

Ransomware and AI-Powered Hacks Drive Cyber Investment

Recent Healthcare Ransomware Attacks

Reddish Eagle Announces Formation of Black Hat Hackers Colony

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

Rockwell Automation warns admins to take ICS devices offline

Santander bank says data breach compromised European employees and customers

Security Breach at Gala Games: Hacker Mints $214 Million Worth of GALA Tokens

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

Strategies for combating AI-enhanced Business Email Compromise (BEC) attacks

The role of a lawyer when a cyber-attack strikes

Threat Actor Allegedly Leaked Database of Vasitam.com

Threat Actor Allegedly Offers Access to an American Business Service Company

UK data protection watchdog ends privacy probe of Snap’s GenAI chatbot, but warns industry

UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments

UK’s ICO Warns Not to Ignore Data Privacy as ‘My AI’ Bot Investigation Concludes

Walmart, Amazon-used utility bug permitting Remote Code Execution (RCE) attacks

WebTPA data breach compromises information of over 2.4 million individuals

Western Sydney University cyber attack: Emails and files hacked

Western Sydney University Data Breach: Impact on 7,500 Individuals

Western Sydney University data breach exposed student data

Western Sydney University discloses data breach, 7,500 ‘impacted individuals’ notified

Western Sydney University staff, students caught in cyber attack

What to do in the event of a data breach

With ransomware whales becoming so dominant, would-be challengers ask 'what's the point?'

YouTube Becomes Latest Battlefront for Phishing, Deepfakes

YouTube has become a significant channel for cybercrime

20th May

15 companies account for 62% of global attack surface

AI Chatbots Highly Vulnerable to Jailbreaks, UK Researchers Find

AI Python Package Flaw ‘Llama Drama’ Threatens Software Supply Chain

Amateur Radio Group Hit by Cyberattack, Key Database Offline

April 2024 Healthcare Data Breach Report

Bermuda tightens penalties for cyber-related crimes following major cyber attack last year

Birmingham Council-owned children’s services unit reprimanded over data breach of ‘criminal allegations’

Business email compromise: new guidance to protect your organisation

Cencora Provides Notice of Data Breach Affecting Bristol Myers Squibb Customers’ Information

Challenging Times Remain Among the Ever-Evolving Email Landscape

Chinese Duo Indicted For Laundering $73m in Pig Butchering Case

Christie's cyberattack forces shift to traditional bidding methods

Companies wary of AI-fuelled malware, phishing

Consumers continue to overestimate their ability to spot deepfakes

Critical Fluent Bit flaw impacts all major cloud providers

Cyber attack on Ausgrid could lead to costs of $2.9bn per day

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail

Cybercriminals shift tactics to pressure more victims into paying ransoms

Damage to reputation prevents victims from reporting ransomware attacks

Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse

Employees’ ‘mental wellbeing’ impacted by phishing threats

Environmental Protection Agency (EPA) says it will step up enforcement to address ‘critical’ vulnerabilities within water sector

Federal Trade Commission (FTC) Finalizes Order with Blackbaud Related to Allegations the Firm’s Security Failures Led to Data Breach

Fluent Bit Tool Vulnerability Threatens Billions of Cloud Deployments

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Grandoreiro Banking Trojan is back and targets banks worldwide

Grandoreiro Banking Trojan is Back With Major Updates

Growing number of ransomware attacks on hospitals could mean life or death for patients

Hacker Who Exploited Solana Meme Coin Factory Pump.fun Says He Faces Theft, Conspiracy Charges

HackNeT and NoName057 Allegedly Continue DDoS Attacks on Slovak Websites

Hacktivist Groups Target Indian Elections, Leak Personal Data, Says Report

Hacktivist Indonesia Group Allegedly Leaks Full Database of Centurion University

Hong Kong: Secondary school says it may have been hit by data breach

How a Doxxed Hacker Live-Tweeted Stealing $2 Million From pump.fun

Interactive Brokers Announces Data Breach Due to Compromised Employee Email Account

Iran-Linked Void Manticore Intensifies Cyber-Attacks on Israel

Iranian Ministry of Intelligence and Security (MOIS)-Linked Hackers Behind Destructive Attacks on Albania and Israel

Kaiser Permanente announces data breach, patient information compromised

Kyrgyzstan Unrest Escalates: Hackers Target Nation Amidst Mob Violence

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

LiteSpeed Cache Bug Exploit For Control Of WordPress Sites

Los Angeles Department of Mental Health Confirms Data Breach of Sensitive Patient Information

Malware that steals bank data is back despite arrests

MediSecure confirms data breach accessed personal patient and prescription details

MediSecure data breach: why is health data so lucrative for hackers?

Millions of customers affected by WebTPA data breach

New Antidot Android Malware Poses as Google Update to Steal Funds

New BiBi Wiper version also destroys the disk partition table

New Jersey high school students’ names, social security numbers may have been exposed in data breach

New 'Siren' mailing list aims to share threat intelligence for open source projects

Northeast Rehabilitation Hospital Network Announces Data Breach

OmniVision discloses data breach after 2023 ransomware attack

Patient information possibly accessed during data breach at LA County Department of Mental Health

Phishing, Business Email Compromise (BEC), and Beyond: Tackling the Top Cyber Threats to UK Banks

Phone-Based Phishing Grows Explosively, Shifting the Cybercrime Threatscape

Proof-of-Concept (PoC) exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

Pump Fun Implodes: Ex-Employee Turned Hacker Exposes Alleged Shady Practices

QNAP QTS zero-day in Share feature gets public RCE exploit

Ransomware attacks up more than 20% year on year

Russian Hacker Indicted for Cybercrime Activities in New Jersey

Securities and Exchange Commission (SEC) requires financial institutions to notify customers of breaches within 30 days

Shifting the Security Mindset: From Network to Application Defense

Sydney investment firm suffers alleged data breach affecting more than 400k customers

The 8Base Ransomware Group Has Announced Three New Victims: LEMKEN, Embellir, and Crooker

Threat Actor Chucky, Owner of LeakBase Claims Knowmad Mood Data Breach

Threat Actor Claims to Sell OpenSea Database for $30,000

Threat Actors USDoD and SXUL Claim 70 Million Rows of Sensitive Data in Alleged Prison Data Breach

Turla APT Group Suspected of Utilizing Tiny BackDoor Exploiting MSBuild for Stealthy Attacks

U.S. Department of Health and Human Services (HHS) launches $50M security initiative to thwart ransomware attacks at hospitals

U.S. Department of Health and Human Services (HHS) offering $50 million for proposals to improve hospital cybersecurity

U.S. Department of Health and Human Services (HHS) offers $50M to help providers patch ransomware vulnerabilities

University of Siena Cyberattack: LockBit Claims Responsibility, Sets Deadline

Unpatched vulnerabilities making bad ransomware outcomes worse: What you need to know

Unverified Claims of Cyberattack on Hamburg Airport Surface Amid Cybersecurity Concerns

USDoD Allegedly Leaks USA Criminal Database With 70 Million Rows

Void Manticore: Iranian Threat Actor Targeting Israel and Beyond with Data Wipers

Why Culture is the Bedrock of Cybersecurity

Workers are still overconfident in their ability to spot ransomware