Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 2 September 2024

Data Breaches Digest - Week 36 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 2nd September and 8th September 2024.


8th September

900,000 Americans on Medicare Warned of Data Breach

Centers for Medicare & Medicaid Services (CMS) Notifies Individuals Potentially Impacted by Data Breach

Cyber Expert Finds Phishing Campaign Targeting School Children

Exploring modern Hacktivist tactics, a threat to digital infrastructure

Huge data breach involving social security numbers could impact millions of Americans

Iranian hackers ramp up digital attacks on US political campaigns

Penpie Hacker Launders $27M Through Tornado Cash, Ignoring Bounty Offer

Penpie Hacker Launders Last Batch of the Stolen $27M Ether

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

Singapore: More than $100,000 lost in days to Singtel SMS scam

The adaptable Cicada3301 ransomware attacks Windows and Linux PCs

Threat Actor Claims to Sell Web Shell Access to a Major Rental and Retail Company

Whale phishing scam: IT firm’s HR manager duped into buying gift cards worth Rs 10 lakh

7th September

280 fake Android apps used to steal crypto wallets have been unearthed

Avoiding data breaches: New advice on reducing email related risks

Biggin Hill’s Charles Darwin School Closes After Major Cyber-Attack

Cyber attack: Islamabad Safe City, police internal records hacked

Disney data breach: Disneyland, Disney Cruise guests and employees personal info leaked

Divulge Stealer Unveiled: Advanced Info-Stealer Targets 25 Cryptocurrency Wallets

East Valley Institute of Technology reports January 2024 data breach

FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals

Free Russia Foundation to investigate data breach after internal documents published online

Hacker Behind $27 Million Penpie Attack Receives Compliment From Counterpart

New RAMBO attack steals data using RAM in air-gapped computers

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Ransomware demands exponentially increase, averaging $1.5 Million this year

Sextortion scam now uses your "cheating" spouse’s name as a lure

Social Security has suffered a historic attack: 272 million affected, and you may have lost this

Threat Actor Claims to Sell Unauthorized VPN Access to Taiwanese Bank and U.S. Company

6th September

4 Ways to Future-Proof Your Firm in the Digital Age

83% of organizations experienced at least one ransomware attack in the last year

26,500 Cyber Vulnerabilities Risk Southeast Asia’s Banks

33,928 Bank Customers Receive Data Breach Alerts As US Lenders Warn Personal Information Fumbled

A new malware named “Voldemort” may be a cyber espionage campaign

AI Firm’s Misconfigured Server Exposed 5.3 TB of Mental Health Records

Alleged Data Leak Exposes Sensitive Information of Dingding Talk Users

Almost a million Medicare beneficiaries potentially affected by data breach, Centers for Medicare & Medicaid Services (CMS) says

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

Average Data Breach Cost in Industrial Sector Surged by $860,000 Year Over Year

Avis Car Rental Customers Hit By Hack, Data Breach

Avis Rent A Car Experiences Cyberattack Leading to Data Breach

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Car rental company Avis discloses a data breach

Car rental giant Avis discloses data breach impacting customers

Charles Darwin School Bromley closes due to cyber attack

CISA, FBI, DC3 Issue Iran-Based Ransomware Attack Alert

Critical GeoServer Vulnerability Exploited in Global Malware Campaign

Critical RCE Vulnerability Patched in Apache OFBiz (CVE-2024-45195)

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Crypto Phishing Attacks Cost Consumers Millions Last Month

Cyber attack forces Transport for London (TfL) to restrict website and booking system access - full list of what's affected

Cyber attack-hit council 'rebuilding services'

Cyber attack on Illinois Bone & Joint Institute compromised patients’ healthcare data

Cyber-attack targets St. Charles Parish Government

Cyber-attack victim obtains injunction to prevent publication of stolen data

Data Breach Affects Rochester Honkers Fans

Euler Finance Exploiter Congratulates Penpie Hacker for Stealing $27 Million

Exposed: Russian military Unit 29155 does digital sabotage, espionage

Flint’s online bill-pay service restored 3 weeks after ransomware attack

Gamaredon APT Launches Spear-Phishing Campaign Targeting Ukrainian Military

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code

Hacker praised after $27M crypto heist from Penpie DeFi protocol

Hackers Target Ukrainian Army with Fake Military Apps to Siphon Authentication and GPS Data

How to Make Security Policies Truly Transparent to Users

Human firewalls are essential to keeping SaaS environments safe

Human operated ransomware is far more formidable for African enterprises

Is Cloud Security Ready for a Pivot to Behavioral Detection & Response

Linkedin scams on the rise: high-level phishing, romance scams and social engineering the most frequent cases

Lifting the Fog: Darktrace’s Investigation into Fog Ransomware

London transport chiefs restrict access to photocard portal for 60+ Oyster and other cards after cyber attack

Lowe’s home warehouse employees targeted in Google ad phish

Microchip Technology Announces Data Breach, Confirms Employee Information Affected

National Public Data Breach: Everything You Need To Know To Protect Yourself

Nearly 1 million Wisconsin Medicare users had information leaked in MOVEit breach

New malware shakes macOS security paradigm – hackers eying iPhones next

New research shows 12% of CISOs faced budget declines in 2024

Old habits, new threats - Why more phishing attacks are bypassing outdated perimeter detection

Online bill pay restored as City of Flint continues to recover from cyber attack

OnlyFans Hack Targets Naive Cybercriminals With Lummac Stealer

Overcoming the Challenges of Zero-Trust

Penpie DeFi Hack: $27 Million Stolen, Pushing Crypto Theft Over $1.2 Billion in 2024

Planned Parenthood of Montana confirms cyberattack in late August

ProPark Mobility suffers data breach: Consumer information potentially compromised

RansomHub claims Planned Parenthood cyberattack

RansomHub Claims Planned Parenthood Hack, Steals 93GB of Sensitive Data

Ransomware Attacks Reach Record Highs: Demands and Payments Continue to Soar

Ransomware rocked healthcare, public services in August

Red Nucleus Reports Data Breach to State Regulators

Riverside Resort & Casino Notifies Consumers of July 2024 Data Breach

Russian cyber militants responsible for damage to critical assets: US offers $10 million bounty

Russian dark web marketplace admins indicted after arrest in Miami

Scams, they steal money by phishing a company to pay their tax debts

Security leaders respond to the White House's internet routing guide

Service Access & Management Files Notice of Data Breach with the HHS-OCR

Should State Governments Ban Ransomware Payments?

SonicWall SSLVPN access control flaw is now exploited in attacks

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

SpyAgent Android malware steals your crypto recovery phrases from images

Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions

Tech budgets, testing routines requested after Columbus ransomware attack

Tewkesbury Council Shuts Down Systems After Cyberattack, Investigation Underway

The role of remote tools on email security attack strategies

The true cost of cybercrime for your business

Threat Actor Claims Breach of Tamil Nadu Labour Department Data

Threat Actor Claims to Sell 7.5 Million Bitfinex User Records for 25 BTC

Threat Actor Claims to Sell Unauthorized Access to American Company with $100 Billion Revenue

Threat Actor Offers Access to Spanish College IT Systems

Threat Actors Abuse Red Team Tool MacroPack to Deliver Malware

Transport for London cuts data feeds to travel apps amid cyber-attack

Transport for London outages drag into weekend after cyberattack

Transport for London staff faces systems disruptions after cyberattack

Transport for London (TfL) cyber attack disrupts internal networks, but transport services unaffected

Transport for London (TfL) restricts some customer data access amid ongoing cyber attack

U.S. oilfield giant Halliburton says cyber attack compromised customers’ sensitive personal information

UK staffing agency exposes gig workers: passports, visas, and more made public

United Services Automobile Association (USAA) data breach exposes more than 4,000 Texans

US and Allies Accuse Russian Military of Destructive Cyber-Attacks

US Charges Russian Military Members Over WhisperGate Cyberattack

Veeam Security Bulletin Fixes Critical Vulnerabilities for Backup & Replication, Veeam ONE and More

WazirX Hacker Continues To Launder Stolen Ethereum (ETH) Through Crypto Mixer Tornado Cash

West Virginia law enforcement sues data broker for publishing personal information online

What to do if your personal information is exposed in a data breach

Why leading cyber attack groups target sites like Nevada Gaming Control Board (NGCB) and 10bet

5th September

7 weeks after ransomware attack, still no answers why Columbus was targeted by hackers

AI Marketing Firm Relevvo Allegedly Breached

Alleged Cyber Attack on Countries Supporting Israel

Angel Drainer Resurfaces: New Phishing Toolkit AngelX Deploys 300+ Malicious dApps

Apache fixes critical OFBiz remote code execution vulnerability

Australia: Simmering anger from firefighters over cyber attack details

Bitcoin ATM scams on the rise: Americans lose $65 million in six months

Builders Mutual Insurance Co. data breach class action to proceed with settlement

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Choosing the Best Cybersecurity Prioritization Method for Your Organization

Cicada Ransomware - What You Need To Know

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks

Cisco Warns of Critical Vulnerabilities in Smart Licensing Utility

Cloud Access Security Brokers (CASBs): Are They Still Relevant?

Colombian president suggests prior administration illegally sent $11 million in cash to Israel for spyware

Costa Rica: The “new” bank card cloning phishing scam

Critical Update Alert! Patch Your Android Device Now (September 2024 Bulletin)

Crypto Phishing App Angel Drainer Returns, 300+ Malicious Decentralized Applications (dApps) Deployed in 4 Days

Cyberattack hits Planned Parenthood and RansomHub claims responsibility

Cybercrime: Here’s why the Middle East is losing so much money to hacker attacks

Cybersecurity Threats In Nigeria: Prevention And Response

Data breaches reported by three Californian healthcare providers

Despicable Hackers Hold Disabled Bus Users To Ransom In New Attack

Disabled travellers first victims of Transport for London (TfL) cyber-attack

Disney data breach: Financial, strategic, and personal information leaked

Don’t take the bait on phishing scams

Fake OnlyFans Checker Tool Infects Hackers with Lummac Stealer Malware

Fake OnlyFans cybercrime tool infects hackers with malware

FBI Issues Alert on North Korean Cyber Attacks Targeting Cryptocurrency

Federal Trade Commission (FTC) cites Verkada for alleged CAN-SPAM violations

File-sharing phishing attacks zero-in on the financial sector

Granville Recreation District offering free credit monitoring services after phishing scam

Hacker slip-up? 762,000 car owners have vehicles, home addresses exposed online

Hacker steals $20,000 from Kansas hotel

Hacker steals $234 Million from WazirX, impacting 4 million Crypto users

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords

Halliburton Confirms August Data Breach by Cyber Attacker

Hearing Aid Company WS Audilogy Breach: Patients Info, Employees’ Bank Details Leaked

Hong Kong Monetary Authority (HKMA) Warns Public About WeChat Pay Phishing Messages

How Do You Mitigate Information Security Risk?

How Microchip Technology Is Recovering After a Cyberattack: Lessons for All Businesses

How to gamify cybersecurity preparedness

How to Tell If Your Social Security Number Was Compromised in Massive Data Breach

India: Fake Ministry of Defence (MoD) Links Target Government Credentials

India: Phishing link that 'mimics' Ministry of Defence (MoD) to steal govt data located in Indian cyberspace

India: Security agencies detect phishing fraud that mimics Ministry of Defence's official website

Indian Cyber-Security Agencies Uncover Ministry of Defence (MoD) Phishing Fraud

Information Commissioner’s Office (ICO) proposes £6M fine on software provider to the NHS after ransomware breach

Iran pays threat actor’s ransom after cyber attack on nation’s banking system

Is Russian group APT28 behind the cyber attack on the German Air Traffic Control Agency (DFS)?

JAS Forwarding Hit by Ransomware Attack, Data Leaked

Lack of encryption for Columbus' data would be 'significant security oversight,' experts say

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks

Major incident as council hit by 'hostile actors' and works with GCHQ to assess full extent of cyber attack

Malaysia: Data protection commissioner probes Prasarana ransomware attack

Malaysia: Prasarana probed for Personal Data Protection Act (PDPA) compliance after data breach from ransomware attack

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Microchip confirms employee data stolen in August cyberattack

Microchip Technology Confirms Personal Information Stolen in Ransomware Attack

Microchip Technology confirms theft of employee data

Microchip Technology says employee contact info stolen by hackers during cyberattack

Moscow Hacker Extradited To US For Cybercrime Involvement

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers

Ongoing Transport for London (TfL) cyber attack takes out Dial-a-Ride service

OnlyFans hackers’ fate takes an ironic twist as they get attacked themselves

OnlyFans Hackers Targeted With Infostealer Malware

OnlyFans Porn Hackers Catch Surprise Infection For Their Efforts

Park ‘N Fly Data Breach Impacts a Million Customers

Penpie DeFi platform files reports with FBI, Singapore police after $27 million crypto theft

Penpie Releases Hack Report; Hacker Moves 1000 ETH to Tornado

Phishing in two out of five cases the first access method

Phishing Remains Top Cyber Threat Despite Drop in Incidents

Planned Parenthood confirms cyberattack as RansomHub claims breach

Planned Parenthood May Have Been Breached By RansomHub Group

Play ransomware group claims a major cyber attack on U.S. chipmaker Microchip

PyPI Revival Hijack Puts Thousands of Applications at Risk

RansomHub Emerges in Rapidly Evolving Ransomware Landscape

RansomHub gang stole 93GB of data from sexual health provider Planned Parenthood

RansomHub Leads, Lockbit Declines in Global Ransomware Attacks

RansomHub Ransomware Hits Planned Parenthood, Threatens with Data Leak

Ransomware attack compromises Microchip Technology employee data

Ransomware Group May Have Stolen Data From Planned Parenthood

Ransomware hackers threaten Montana branch of Planned Parenthood

Researcher Finds Unfixable Yet Tricky to Exploit Flaw in Yubikeys

Russia's largest social media platform VKontakte suffers data breach, exposing 390M user records

Russian military hackers linked to critical infrastructure attacks

Security Budgets Come Under Pressure as “Hypergrowth” Ends

Services disrupted as local council near GCHQ’s headquarters hit by cyberattack

Singapore: Over $9k lost to phishing scams impersonating FairPrice since August

Tewkesbury Borough Council: Major incident declared in cyber attack

Tewkesbury Borough Council hit by cyber attack

Tewkesbury Borough Council shuts website down following cyber attack

The biggest cyber attacks of 2024

The fingerpointing starts as cyber incident at London transport body continues

The fundamentals of API security

The future of automotive cybersecurity: Treating vehicles as endpoints

Threat Actor Claims to Sell Access to Thai Financial Company on Dark Web

Transport for London confirms cyber attack but normal operations remain unaffected

Transport for London (TfL) cyberattack affects Dial-a-Ride as expert says ‘could imply ransomware’

Transport for London (TfL) staff working from home as cyber attack continues - security experts explain what's happening

U.S. Places $1 million Bounty for Russian Hacker Tim Stigal

Ukrainian soldiers targeted with data-stealing malware to harvest GPS coordinates

US indicts Russian intelligence officials over cyberattacks targeting Ukraine

US offers $1 million for details on alleged Russian hacker

US posts indictments, rewards in Russia’s WhisperGate hacks against Ukraine

Use of Predator spyware rebounds after a dip from Biden sanctions, researchers say

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Veeam warns of critical RCE flaw in Backup & Replication software

WazirX hacker launders $2 million more through Tornado Cash

WazirX hacker launders $10 million through Tornado Cash

WazirX hacker transfers 1600 ETH to Tornado Cash

'We have to assume our systems are compromised': Tewkesbury Borough Council hit by cyber attack

4th September

Active Ransomware Groups Increase by 57% as Ransomware Landscape Fragments

Alert for Shein shoppers: Beware of phishing emails offering free clothing prizes

Alleged Columbus Ransomware Data Leak Triggers Legal Action Against Researcher

Alleged Data Breach at SchenkYou: A Threat Actor Claims to Sell 6 Million Records on Dark Web

Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw

Authorized Push Payment (APP) Fraud Dominates as Scams Hit All-Time High

Better Business Bureau issues warning about phishing scheme involving QR codes

Canada: Privacy Commissioner Decisions Impose Sweeping Notification Requirements for Ransomware and Email Account Compromise Incidents

CBIZ Benefits & Insurance Services discloses data breach affecting client information

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

Cicada3301 ransomware: How similar is it to ALPHV/BlackCat?

Cisco fixes root escalation vulnerability with public exploit code

Cisco warns of backdoor admin account in Smart Licensing Utility

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database

Clearview AI Fined €30.5m by Dutch Watchdog Over Illegal Data Collection

‘Critical’ cyber attack on pension fund ‘almost certain’

Crypto hackers want to chat. Here’s why the FBI thinks it‘s a bad idea

Crypto scammers hack Trump family members' X accounts

Cyber attack: Hackney residents’ anger over ongoing council tax ‘mess’

Cyber attack on Tennessee-based healthcare systems provider affected over 400k patients

DDoS Attacks Hit France Over Telegram’s Pavel Durov Arrest

European data privacy watchdog closes case against X over its Grok AI bot

Experts recommend layers of protection to stay safe after data breach

Fake GlobalProtect VPN Downloads Used to Spread WikiLoader Malware

Gemini users targeted in widespread phishing scam involving fake data breach claims

Google backports fix for Pixel Elevation of Privilege (EoP) flaw to other Android devices

Hackers inject malicious JavaScript in Cisco store to steal credit cards, credentials

Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

Halliburton Confirms Unauthorized Third-Party Access Led to Data Breach After August Cyberattack

Halliburton reveals data stolen in August cyberattack

High-Risk Vulnerabilities Discovered in Zyxel Firewalls: What You Need to Know

Hospital Sisters Health System Files Notice of Data Breach Affecting an Unknown Number of Patients

How Can You Stay Safe From Crypto Ransomware Attacks?

Initial Access Brokers Target $2 Billion Revenue Companies

Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US

Ireland’s privacy watchdog ends legal fight with X over data use for AI after it agrees to permanent limits

Irish Data Privacy Watchdog Concludes Case Against X After it Halts Grok AI’s Training on EU Data

Linux Ransomware Threats: How Attackers Target Linux Systems

Mad Liberator Added Logistics Company YCH as Their New Victim

Malaysia’s Data Protection Bill: Public Consultation on Data Breach Notification Ends on September 6

Malaysian Government, Politicians Targeted with Babylon RAT

Malicious Actors Possibly Used MacroPack Red-Teaming Tool to Deploy Malicious Payloads

Massive data breach from April potentially exposes sensitive information of millions of Americans

Massive DDoS poured 3.15 billion packets per second on Microsoft server

Massive QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials, 2FA Codes, Cookies

Microchip Technology confirms data was stolen in cyberattack

New ALPHV-like ransomware targets VMware ESXi servers

New Eucleak attack lets threat actors clone YubiKey FIDO keys

North Korea Targeting Crypto Industry, Says FBI

North Korean Hackers Targets Job Seekers with Fake FreeConference App

Only 25% of organizations are prepared to manage a DDoS attack

Over $110 million lost to Bitcoin ATM scams in 2023

Penpie hacker launders 26% of $27M stolen funds in 12 hours

Phishing scam targets Shein customers with fake clothing giveaway

Planned Parenthood confirms breach, RansomHub gang claims responsibility

Planned Parenthood confirms cyber-attack as RansomHub threatens to leak data

Radiological Society of North America (RSNA) reports data breach impacting sensitive information

Rage Stealer Rebranded as Angry Stealer, Now Uses Telegram Bot for Data Theft

Ransomware attack on Toronto District School Board compromised students' personal information

Ransomware attacks escalate as critical sectors struggle to keep up

Ransomware Group May Have Stolen Data From Planned Parenthood

Ransomware landscape changing, attacks down 16% since 2023

Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel

Red Teaming Tool Abused for Malware Deployment

Report Shows a 56 Percent Increase in Active Ransomware Groups in First Half of 2024

Researchers clone YubiKeys, many security microchips may be flawed

Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

RomCom Group Exploiting Microsoft Office 0-day To Deploy Ransomware

Scammers send out billions of phony emails every day. Here's how to recognize the signs

Security experts discuss CISA’s cyber incident reporting portal

Shein customers targeted by new phishing scam offering free clothes for survey completion

Shein phishing scam targets young customers with fake free clothes offer

That massive Pixel security flaw reported last month has been patched

The CEO’s Guide to Avoiding Phishing Scams

The New Effective Way to Prevent Account Takeovers

The number of active ransomware groups is on the rise, research finds

There was a 56% increase in ransomware groups in H1 2024

Threat Actor Claims Sale of Full Network Access to U.S. Lottery Corporation

Threat Actor Claims to Sell 1.4 Million Customer Records from Data Bilgi Islem

Trainee surgeon jailed for rape pleads guilty to data breach charges

Trio of Cybercriminals Behind $10 Million 2FA Bypass Operation Plead Guilty

US Government Set Out to Improve Internet Routing Security

VMware on macOS affected by high-severity flaw: attackers can run arbitrary code

Vulnerability allows Yubico security keys to be cloned

White House Wants to Tighten Internet Routing Security

Worried about the YubiKey 5 vulnerability? Here's why I'm not

Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers

Zyxel routers, access points, firewalls in danger: users urged to patch

3rd September

44% of foiled ransomware attacks are caught during lateral movement

59.6% of enterprises in Asia/Pacific hit by ransomware attacks in 2023

$234 million hacker of Indian cryptocurrency fraud begins the laundering of funds

A third of organizations suffered a SaaS data breach this year

Active Ransomware Groups Surge by 56% in 2024

Alleged Data Breach at EnglishCentral: Threat Actor Claims to Sell Customer Information on Dark Web

August sees $63m lost in crypto phishing despite fewer victims

August sees 215% rise in crypto phishing, $55M lost in single attack

Automating threat intelligence

Bank Rakyat stops possible data breach

Canonical Addresses Critical Linux Kernel AWS Vulnerabilities with New Patches

Canvey Infant School in Essex dealing with a significant cyber incident

CBIZ Discloses Data Breach: Vulnerability Exploited, Client Data Stolen

CERT-IN Warns About Critical Vulnerabilities in Palo Alto Networks Applications

City of Columbus Sues Researcher After Ransomware Attack

Civil Rights Groups Call For Spyware Controls

Clearview AI fined €30.5 million for unlawful data collection

Clearview AI fined $33 million and declared “illegal”

Clearview AI hit with its largest GDPR fine yet as Dutch regulator considers holding execs personally liable

Cobalt Strike deployment sought by covert China-targeted campaign

Columbus Sues Expert, Fueling Debate About Ransomware Attack

Cost of a data breach: Cost savings with law enforcement involvement

Could Russia be behind Transport for London (TfL) cyber attack amid rise in ransomware?

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

Crypto Phishing Attacks On the Rise Again

Crypto phishing scams surge 215% in August: $63 million stolen despite fewer victims

Cryptocurrency industry faces ‘difficult to detect’ North Korean social engineering scams, FBI says

Cyberattack hits agency responsible for London’s transport network

Cyberattack Hits Shoshone-Bannock Tribes: Key Services Unaffected, Recovery in Progress

Cyberattack paralyzes office communications at German air traffic control

D-Link says it is not fixing four RCE flaws in DIR-846W routers

Decoding the Puzzle: Cicada3301 Ransomware Threat Analysis

Dutch Data Protection Authority (DPA) Imposes €30.5M Fine on Clearview AI Over ‘Illegal Database’ of Facial Recognition

Dutch privacy watchdog fines Clearview AI $34 million for ‘illegal’ database of faces

Emerging RaaS group Cicada3301 identified with suspected links to ALPHV/BlackCat

Ethics for ransomware: To pay or not to pay?

Every Data Breach Is a Step Closer to Someone Else Stealing Your Life

Everything we know about the Transport for London (TfL) cyber attack so far

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt

FBI warns crypto firms of aggressive social engineering attacks

Federal Trade Commission (FTC) issues $3 million fine for security camera firm, issuing penalties for a range of violations

Forescout reports cyber threats surge, state-sponsored hackers target VPN vulnerabilities, ransomware attacks rise

Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network

Hacker Transfers $6.5 Million in Stolen WazirX Funds to US-Sanctioned Tornado Cash

Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

Halliburton Confirms Data Stolen in Cyberattack

Halliburton confirms data stolen in recent cyberattack

Halliburton confirms data was stolen in ongoing cyberattack

Halliburton says expenses incurred in response to August cyber attack

Halliburton says hackers removed data in August cyberattack

Housing charity’s data leaked on dark web after cyber attack

How could Tube passengers be affected by Transport for London's cyber attack?

How ransomware tactics are shifting, and what it means for your business

Indian Crypto Exchange WazirX Faces Uncertain Future After Cyberattack

Is Tornado Cash Illegal? WazirX Hacker Transferred 2500 ETH Tokens

JAS Forwarding recovers from cyber-attack, but saw 'many stolen credentials'

Joint cybersecurity advisory warns of Iran-based attacks

LulzSec Black Claims Cyberattacks on Emirati Government and Other Sector Targets

Managing low-code/no-code security risks

Musely AI Allegedly Breached 100K User Information is For Sale

National Crime Agency investigating Transport for London (TfL) cyber attack

National Public Data Breach Confirmed: Here’s What to Do Next

New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access

New Morphisec report finds links between emerging Cicada3301 ransomware and BlackCat

New ransomware variant has BlackCat-like similarities, report says

New Report Reveals Significant Surge in Active Ransomware Groups

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

Nigeria: Police arrest ‘anonymous hacker’ for leaking classified document

Nigeria: Police arrest hacker for leaking Federal Government’s classified documents

Number of active ransomware groups increases over 50 percent

Oil titan Halliburton confirms data was stolen in cyberattack

Palo Alto's GlobalProtect VPN Spoofed to Deliver New Malware Variant

Phishing, DDoS and ransomware

Qilin Ransomware Attack Used To Steal Chrome Browser Data

Ransomware Hackers Gain Access to Google Chrome Passwords

Rapid Growth of Password Reset Attacks Boosts Fraud and Account Takeovers

Rhithm Wellness App Allegedly Breached: 2 Million Data for Sale

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

Russian state-owned social network VK breached again, affecting 390 Million users

Schools, colleges faced record-breaking year of ransomware attacks in 2023

Searchlight Cyber Report Reveals Rapid Changes in the Ransomware Landscape Over Six Months

Seattle Tacoma Airport is Only Just Getting Flight Display Boards Working Again More Than a Week After Alleged Cyber Attack

Seattle-Tacoma International Airport Suffers a Cyber Attack Affecting Airlines and Maritime Facilities

Seattle-Tacoma International Airport yet to recover from August cyber attack

Secrets Exposed: Why Your CISO Should Worry About Slack

Security Camera Firm Verkada Fined US$2.95 Million by Federal Trade Commission (FTC) Over Cybersecurity Lapses

Security leaders discuss a sophisticated, ongoing phishing campaign

Should State Governments Ban Ransomware Payments?

Swan Bitcoin CEO Cory Klippsten Alerts Users to be Aware of Phishing Emails

The government isn’t ready for cyber chaos in the food and agriculture sector

Threat Actors Are Placing Ads On Google Search In New Phishing Attack Campaign

Three Plead Guilty to Running MFA Bypass Site

Top 5 CVEs and Vulnerabilities of August 2024: Key Threats and How to Respond

Transport for London Claims Cyber-Incident is Not Impacting Services

Transport For London Dealing With ‘Ongoing’ Cyber-Attack

Transport for London Faces Cyber Attack - Operation Disrupted

Transport for London hit by cyber attack

Transport for London hit by major cyber-attack; no customer data breached

Transport for London investigates cyber attack

Transport for London is dealing with a cyber security incident

Transport for London staff told to work from home following major cyber attack

Transport for London suffers ‘ongoing’ cybersecurity incident, leading to potential traffic issues

Transport for London (TfL) hit by major cyber attack as National Crime Agency launches investigation

Transport for London (TfL) reports it is dealing with a cyber-attack

Transport for London (TfL) staff asked to consider working from home due to cyber attack

Trio Admits Running “OTP Agency” Enabling Bank Fraud, and 2FA Bypass

U.S. oil giant Halliburton disclosed a data breach

US Authorities Issue RansomHub Ransomware Alert

VMware ESXi flaw leveraged by BlackByte ransomware

VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group

WazirX crypto exchange hacker moves $6.5M of Ethereum

WazirX Hacker Completed KYC Verification Weeks Before Hack

WazirX Hacker Funnels $6.3M of Crypto Theft Through Tornado Cash

WazirX hacker moves $6.5M in crypto to Tornado Cash

WazirX hacker moves $6.5 million in Ethereum to under fire mixer Tornado Cash

WazirX Hacker Moves $6.5 Million Worth ETH To Tornado Cash as Tension Grows

WazirX hacker moves 2600 Ether to Tornado Cash

WazirX Hacker Moves 2600 Ethereum Worth $6.5M to Tornado Cash

WazirX Hacker Resurfaces to Launder Stolen Millions

WazirX Hacker Starts Laundering Funds

WazirX Hacker Starts to Move Stolen Ether Using Tornado Cash

WazirX Hacker Transfers $6.5 Million In ETH To Crypto Mixing Platform Tornado Cash

WazirX Hacker Transfers $6.5 Million in Stolen Funds to Tornado Cash

WazirX hacker transfers loot into Tornado Cash

WazirX hacker who stole $234 Million starts laundering the money using Tornado Cash

WazirX Recovery Under Threat, Users Likely to Lose 50% Funds

White House calls attention to 'hard problem' of securing internet traffic routing

Windows and Linux vulnerable to oddly familiar Cicada3301 ransomware

Young Consulting and Blue Shield of California announce data breach

Zyxel warns of critical OS command injection flaw in routers

2nd September

59% of Asia/Pacific Enterprises Targeted by Ransomware in 2023, Exposing Cybersecurity Vulnerabilities

87% of executives are concerned about bot attacks and AI fraud

A new variant of Cicada ransomware targets VMware ESXi systems

A Threat Actor Claims to Sell Database of Boutiqaat

‘Accidental’ Data Breach Leaks Police Ombudsman for Northern Ireland Staff Details

Admins of Multi-Factor Authentication (MFA) bypass service plead guilty to fraud

AI Security and Automation Saw $1.8 Million Reduction in Average Data Breach Costs in 2024

Atlantic General Hospital reaches $2.25m settlement with patients over 2023 data breach

Average cost of industrial data breaches soars

Business services giant CBIZ discloses customer data breach

Canvey Infant School to re-open after 'cyber attack'

Cicada3301 Ransomware Attacks Windows and Linux/ESXi Hosts

Cicada3301 ransomware emerges, targets global companies with extortion tactics

Cicada3301 Ransomware Group Emerges From the Ashes of ALPHV

Consulting Radiologists says February data breach compromised close to 600,000 patients

Crypto hacks exceed $300 million in a single month

Customers of Indian crypto exchange WazirX unlikely to recover full funds

Cybersecurity Tips For Businesses Using Remote Workers

CyberVolk Allegedly Threatens National Oceanic and Atmospheric Administration (NOAA) with Data Leak and Ransom Demand

Data breach victims skyrocket over 1,100%: How to protect yourself

Data Breaches for the Month August 2024

Freight Forwarder JAS Worldwide Restores Operations After Cyberattack

German air traffic control agency confirms cyberattack, says operations unaffected

Global Phishing Scam Hits Canadian Pizza Chains for Credit Card Data

Hackers poison Google search results by spreading malware as spoofed VPN solution

Hackers stole over $313 million through Phishing and other crypto scams in August

How Ransomware Groups Weaponize Stolen Data

How to Stay One Step Ahead of Data Breaches and Master Cloud Threat Detection

Information Commissioner’s Office (ICO) reprimands Labour Party over delays in handling subject access requests

Investigation launched after data breach at Police Ombudsman’s office

Iran Government-Backed Hackers ‘Making Cash From Ransomware’

Irish Wildlife Park Warns Customers to Cancel Credit Cards Following Breach

Keeping up with automated threats is becoming harder

King’s Choice Allegedly Breached 22,961 Records Exposed

Kootenai Health faces federal class action over alleged data breach

LockBit Claims Attack on Canada’s Largest District School Board as Data Leak is Confirmed

Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems

Microsoft vulnerability that could enable data theft is now patched

Mobile numbers of Scottish NHS staff compromised following software company data breach

New ransomware group is hitting VMware ESXi systems hard

Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities

North Korean hackers exploit Chrome zero-day to target crypto users

Novel attack on Windows spotted in phishing campaign run from and targeting China

Passkey Adoption Is Accelerating in APAC - Except for Australia

Patelco Credit Union says ransomware attack impacted over 700,000 members

Phishing scams dominate August’s $300M crypto losses

Phone Tracking App Allegedly Breached: Over 1.4M Records Exposed

Police warn of terrifying new one-step scam that allows a hacker into your phone within seconds

RansomHub Gang Breaches More Than 200 Organisations

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

Ransomware crisis deepens as attacks and payouts rise

Ransomware Gangs Pummel Southeast Asia

Ransomware Study: 78% of Attack Victims Paid Ransom; 74% Suffered Multiple Strikes

Rhysida lists Aussie outfitter White Mountain Backpacks as ransomware victim

Russian Hackers Suspected in German Air Traffic Control Deutsche Flugsicherung Cyberattack

Scores of Organizations Hit By Novel Voldemort Malware

Security camera company Verkada fined $3M by Federal Trade Commission (FTC)

Software supply chain experiences almost 1 attack every 2 days

Strategies to Balance Frictionless User Experience with Robust Security

Telegram under investigation in South Korea over deepfakes

The global challenge of ransomware

Threat Actor Claims to Sell Xoxoday Data

Tracelo Location Tracker Data Breach: 1.4 Million Users’ Data Dumped Online

Transport for London Addressing ‘Ongoing’ Cyberattack

Transport for London dealing with cyber-attack

Transport for London discloses ongoing “cyber security incident”

Transport for London hit by cyber attack as National Crime Agency launches major TfL probe

Transport for London targeted in ongoing cyber attack

Transport for London (TfL) 'dealing with cyber attack' as National Crime Agency launches investigation

Transport for London (TfL) hit by cyber attack as National Crime Agency and online security experts launch probe into 'ongoing' incident

Transport for London (TfL) hit by huge cyber attack as millions of commuters sent important update

Transport for London (TfL) hit by major cyber attack as it issues important message to customers

US Authorities Issue RansomHub Ransomware Alert

Verkada Facing $3m Penalty After Hackers Viewed Sensitive Video Footage

Verkada to pay $2.95M for security failures leading to breaches

WazirX hacker moves $6.5 million in ETH to sanctioned mixer Tornado Cash

WazirX Hacker Transfers 2,600 ETH Worth $6M to Tornado Cash

What happens when you get caught hacking WiFi

Why Incident Response Planning is Critical for Cybersecurity Resilience