Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 9 September 2024

Data Breaches Digest - Week 37 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 9th September and 15th September 2024.


15th September

23andMe Paying $30 Million to Settle Data Breach Suit

A Threat Actor Claims to Breach of DataGardener Database, 1.4 Million Records Exposed

Cybersecurity Firm Fortinet Confirms Data Breach and Ransom Demand

Dark web researcher warned Columbus, Ohio, residents ransomware attack was bigger than mayor said. The city is suing him

Data Breach at Retirement Insurance Affects 370,000 People

Educational Institutions Pay Huge Ransom to Hackers

‘FakeUpdates’ is August’s ‘most dangerous’ malware in India: These sectors most targeted

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Port of Seattle shares ransomware attack details

WazirX Hacker Now Holds 34,154 ETH Following Massive Laundering Effort

Windows vulnerability abused braille “spaces” in zero-day attacks

14th September

23andMe settles data breach lawsuit for $30 million

23andMe to pay $30 million to settle 2023 data breach lawsuit

23andMe will pay $30 million to settle 2023 data breach lawsuit

Data breach: Integrated Personnel and Payroll Information System (IPPIS) website hijacked by unknown hacker, workers personal information made public

FBI tells public to ignore false claims of hacked voter data

Fortinet admits hacker stole customer data from its servers

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Kawasaki Europe Confirms Cyber Attack, RansomHub Claims Responsibility

Malware locks browser in kiosk mode to steal Google credentials

Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance

National Social Security Fund of Cameroon (CNPS) Data Breach: SpaceBears Hack Confirmed, Government in Denial

Port of Seattle: Outage was ransomware attack; ransom hasn’t been paid

Port of Seattle Confirms August Cyberattack by Rhysida Ransomware

Seattle Tacoma Airport Says it Was Victim of Ransomware Attack That it Refused to Pay, Admits Some Data May Have Been Stolen

Singapore Customs issues scam alert on ‘parcel clearance’ fraud SMS and phishing link

Threat Actor Allegedly Leaks RobbinHood Ransomware C2C Tools, Exposing Sensitive Data

Whale Phishing Scam: What is it? How to stay safe

What is whale phishing scam and tips to stay safe

13th September

17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

23andMe Agrees To $30 Million Settlement For Last Year's Data Breach

23andMe agrees to pay $30 million to settle lawsuit over massive data breach

23andMe pledges $30 million to the 6.4 million people affected by data breach

23andMe settles data breach lawsuit for $30 million

23andMe to pay $30 million in genetics data breach settlement

64% of education IT workers say ransomware impacts education quality

A Threat Actor Claims to Data Breach of WeCloudData

Access Sports Medicine & Orthopaedics Data Breach Affects Over 88,000 Patients

Alleged We One Data Breach Exposes 13,000 Users’ Information

Apple seeks dismissal of its NSO Group lawsuit, citing risk of exposing ‘vital security information’

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Arrest made in National Crime Agency (NCA) investigation into Transport for London cyber attack

Arrest made for Transport for London cyber attack

Atrium apologizes after email scam fools workers, and patient info may have been exposed

Bank details compromised in Transport for London (TfL) cyber attack

Brunswick psychiatric hospital in New York latest ransomware victim

BT spots 2,000 potential attacks on its network a second

Clothing chain Lolaliza victim of cyber attack, customer data may be compromised

CosmicBeetle Ransomware Group Targets Small Businesses in Europe and Asia

Critical vulnerabilities found in Photoshop, Premiere Pro, and multiple other Adobe products

Cyber attack delays introduction of contactless payment at Kent stations including Dunton Green, Eynsford, Otford, Sevenoaks and Shoreham

Cyber attack delays pay-as-you-go train tickets

Cyber insurance set for explosive growth

Cyberattack compromises and shuts down Highline Public Schools

Cyberattacks on US utilities surged 70% this year

Employee benefits provider VeriSource says data breach impacted about 112k individuals

For ransomware, universities are paying more

Fortinet confirms customer data breach

Fortinet Confirms Customer Data Breach via Third Party

Fortinet confirms data breach after allegedly refusing to pay ransom

Fortinet Confirms Data Breach After Hacker Claims 440GB Heist

Fortinet confirms data breach, extortion demand

Fortinet Customer Files Accessed in Data Breach

Goodwin Living Files Official Notice of Data Breach Affecting Confidential Information of Residents and Employees

Hacker claims to have stolen 20GB data hoard from Capgemini, and is threatening to leak it all

Hackers steal nearly 1.7 million credit card numbers in breach

Health Network Reaches $65M Settlement Over Data Breach

How the New EU Regulatory Landscape Will Impact Software Security

How to make Infrastructure as Code secure by default

India Ascends to Tier 1 Rank in Global Cybersecurity Index (GCI 2024)

IntelBroker Allegedly Breached Washington DC Department of Motor Vehicles (DMV) and IAAI

Ivanti warns high severity CSA flaw is now exploited in attacks

Kawasaki’s European arm restores operation after cyberattack claimed by Ransomhub

KillSec Allegedly Breaches SuperCommerce.ai, Leaks Confidential Business Data

Largest crypto exchange in Indonesia pledges to reimburse users after $22 million theft

LOGE Camps Data Breach Impacts an Unknown Number of Consumers Sensitive Information

Malicious Actors Spreading False US Voter Registration Breach Claims

Meta Set to Un-Pause its AI Training in the UK

Meta to resume plans to harness UK users’ social media posts for AI model training

Microsoft Vows to Prevent Future CrowdStrike-Like Outages

Multiple French retail brands announce cyber attacks targeting their networks

New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

New Linux malware Hadooken targets Oracle WebLogic servers

Online Grocery Store Superbazaar Allegedly Breached 6 Million Records Exposed

Organizations still don’t know how to handle non-human identities

Port of Seattle hit by Rhysida ransomware in August attack

Port of Seattle refuses to pay Rhysida ransom, warns of data leak

Port of Seattle reveals details of ransomware attack, says it refused to pay criminal organization

Port of Seattle reveals recent cyberattack was ransomware, refuses to pay hackers

PRC-Saltillo Issues Letter Concerning August 2024 Data Breach

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

Ransomware attack on Riverside Resort & Casino impacted over 50,000 customers

Ransomware attacks are soaring to a new high

Ransomware targets London branch of China's ICBC

Record $65m Settlement for Hacked Patient Photos

Russian hacker groups hit Taiwan bourse, bank in surprise attack

Russian hackers attack Taiwanese government in response to president’s comments

Schools and universities are paying higher ransomware demands

Sea-Tac cyberattack caused by global ransomware gang, Port says

Security company Fortinet victim of data breach

Security measures fail to keep up with rising email attacks

Shamrock Trading Corporation Announces May 2024 Data Breach

Stealthy Fileless Attack Targets Attendees of US-Taiwan Defense Industry Conference

Stolen account info still chief risk for federal agencies, annual CISA audit finds

Teen Arrested in Connection with Transport for London Cyberattack

Teenager Arrested In Relation to Transport for London Cyber-attack

Tennessee school district loses $3.4 million to a fake curriculum vendor

Top 5 Vulnerability Management Mistakes Companies Make (Plus a Bonus Mistake to Avoid)

Transport for London data compromised, suspected hacker arrested

Transport for London doesn't know when it will recover from 'very sophisticated' cyber attack, admits tech chief

Transport for London (TfL) cyber attack: Thousands of passengers feared to have bank details exposed as teenager arrested

Transport for London (TfL) requires in-person password resets for 30,000 employees after hack

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Turkish government denies allegations of a massive data breach impacting 85 million citizens

UK Data Centers Gain Critical National Infrastructure Status Amid £4 Billion Investment

UK data centers to get new 'critical national infrastructure' label

UK to class data centres as 'critical national infrastructure

12th September

17-Year-Old Arrested in Connection with Cyber Attack on Transport for London (TfL)

A Threat Actor Alleged Data Breach at Chile’s National Sports Institute (IND)

A Threat Actor Claims to Breach of Fortinet, Compromising Over 440GB Data

Acadian Ambulance data breach impacted close to 2.9 million patients

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

Another case of ransomware data duplication as second group claims Myelec cyber attack

Arrest in Transport for London (TfL) cyber hack attack as TfL warns of customer data leak

August 2024’s Most Wanted Malware: FakeUpdates maintains its dominance in India, overtaking Qbot

Australia sends expert teams to Fiji as Chinese state-backed hackers attack Pacific Islands Forum

Avis Car Rental Suffers a Data Breach Impacting Nearly 300,000 Customers

Bank details for 5,000 Transport for London (TfL) passengers accessed in cyber attack

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

Boy arrested over London transport cyber hack

Boy, 17, arrested after Transport for London hit by ‘hugely disruptive’ cyber attack

Brazil’s largest forex bank vulnerable to attack

BT detects 2,000 cyber-attack signals per second as threats surge

Business Email Compromise Costs $55bn Over a Decade

Business email scam losses larger than Wyoming economy

CERT-In Issues High Severity Warning for Android Users, Recommends Patching

China And US Tensions Fuel Cyber Attack On Pacific Islands Forum

Chinese banking giant's London HQ targeted by cybercriminals, threatening to leak millions of files

Chinese-made port cranes in US included 'backdoor' modems, House report says

CISA Alerts Federal Agencies to Urgent Microsoft Vulnerabilities

City Hall staff told to disconnect from wifi and work from home after cyber-attack on Transport for London (TfL)

Cosmetics Company SACARA Allegedly Breached 692K Rows of User Data For Sale

Court in Poland blocks inquiry into previous government’s spyware abuses

Cyber attack on payment gateway provider Slim CD impacted about 1.7 million individuals

Cybercrime in the Education Sector

CyberVolk Claims Breach of U.S. Geological Survey Database

Educational Website Bookgenville Allegedly Breached

Evasion Tactics Used By Cybercriminals To Fly Under The Radar

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Ex-Ticketmaster boss sentenced for hacking rival company CrowdSurge

FBI: Reported cryptocurrency losses reached $5.6 billion in 2023

FBI Warns Crypto Companies of Sophisticated Social Engineering Attacks by North Korean Hackers

Florida Department of Health says security incident impacted over 725,000 individuals

Fortinet confirms data breach after hacker claims to steal 440GB of files

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

Fortinet suffers third-party data breach affecting Asia-Pacific customers

French Retailers Hit by Cyberattack, Customer Data Stolen

From Amazon to Target: Hackers Mimic Top Brands in Global Crypto Scam

German digital rights groups condemn government surveillance plans

GitLab Issues Critical Patch Releases: Versions 17.3.2, 17.2.5, and 17.1.7 Address Key Vulnerabilities

GitLab warns of critical pipeline execution vulnerability

Google AI model under scrutiny as EU launches probe over data privacy

Hackers accessed passenger data in cyber-attack, Transport for London (TfL) admits

Hackers targeting WhatsUp Gold with public exploit since August

Highline Public Schools forced to shut all activities following a cyber attack

Highline Schools, Washington, Resume Classes Without Internet

Hospital system to pay $65 million for dark web data leak, including images of nude cancer patients

Hospital to Pay $65M to End Suit Over Cyber Attack That Exposed Patients’ Nude Photos

How Can Individuals Protect Themselves from Ransomware Attacks?

How to spot a crypto "pig butchering" scam

‘Hunters International’ Ransomware Gang Hits Chinese ICBC Bank’s London Headquarters

Hunters Ransomware Group Allegedly Claims Breach of ICBC London

Indonesian Crypto Exchange Indodax Suspected Of Hack, $18.2 Million Stolen In Suspicious Transactions

Iran-linked hackers target Iraqi government in new campaign

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe

Irish Data Protection Regulator to Investigate Google AI

Kadokawa investigates new data leak following BlackSuit ransomware attack

KemperSports reports a data breach impacting 62,000 individuals

Law Firm Considers Suing Riverside Resort & Casino after Data Breach

Lehigh Valley Health Network agrees to $65M settlement over ransomware attack that leaked nude photos

Lehigh Valley Health Network (LVHN) reaches $65 million settlement over patient data breach. Here's what you need to do

Lazarus Group Targets Developers in Fresh VMConnect Campaign

Losses due to cryptocurrency and Business Email Compromise (BEC) scams are soaring

Majority of US parents tracking kids’ online activities: is it healthy?

National Crime Agency (NCA) Arrests Teenager in Walsall Over Transport for London (TfL) Cyber Attack

Nearly 1 Million Medicare Beneficiaries Hit by Major Data Breach: What You Need to Know and How to Protect Yourself

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

New but 'immature' ransomware group CosmicBeetle targets small businesses

New Vo1d malware infects 1.3 million Android streaming boxes

New Zealand-based Bennett Currie customer data published following ransomware attack

North Korean hackers target jobseekers, slipping malware into fake coding tests

Payment Processor Slim CD Notifies Nearly 1.7 Million People of Recent Data Breach

Private Malware to Ransomware-as-a-Service: the Rise of Mallox

Ransomware Attackers Exploit Education’s Desperation, Demand Excessive Payments

Ransomware Disguised as a Game: Kransom’s Attack Through DLL Side-Loading

Ransomware poses a threat to education

Repeated Cyber-Attacks on Schools - The Problem and Solutions

Schools Face Million-Dollar Bills as Ransomware Rises

Security firm warns Bing and DuckDuckGo users of ‘Etherscan’ phishing website

Shiba Inu Price at Risk as WazirX Hacker Launders $100M in Stolen Crypto

Suspect arrested over the Transport for London cyberattack

TD Bank Fined $28 Million by Consumer Financial Protection Bureau (CFPB) for Allegedly Sharing Inaccurate Customer Data

Teen Arrested in Connection with Transport for London Cyberattack

Teen arrested in Walsall over cyber attack on Transport for London

Teenage boy, 17, arrested in police raid after huge Transport for London (TfL) cyber attack hack hits customers' data, including addresses and bank details

Teenager Arrested in Connection with Cyber Attack on Transport for London

Teenager arrested in connection with Transport for London (TfL) cyber attack

Teenager arrested over Transport for London cyber attack

Teenager in Britain arrested over cyberattack on London transport agency

The chances of avoiding a cyber attack are increasingly rare

Threat Actors Are Finding it Easier Than Ever to Breach Cyber-Defenses: Enter Data-Centric Security

Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense

Transport for London confirms customer data stolen in cyberattack

Transport for London continues to struggle with cyber attack

Transport for London (TfL) confirms bank details hacked in cyber attack as boy, 17, arrested

Transport for London (TfL) Confirms Customer Data Breach, 17-Year-Old Suspect Arrested

Transport for London (TfL) confirms huge cyber attack did see hackers get customers' names, banking details and addresses

Transport for London (TfL) confirms huge cyber attack saw hackers get customers’ names and bank details

Transport for London (TfL) cyber attack: Thousands of passengers feared to have bank details exposed as teenager arrested

Transport for London (TfL) cyber attack means contactless roll out at 47 London commuter stations delayed

Transport for London (TfL) cyber security incident delays c2c contactless pay-as-you-go

Transport for London (TfL) cyber-attack: 17-year-old boy arrested as thousands of passengers details feared to be accessed

Transport for London (TfL) cyber-attack: teenager from Walsall arrested in connection with data breach

Transport for London (TfL) revises statement on customer data theft after cyber-attack

Transport for London (TfL) say data including bank details accessed in cyber attack after Walsall teenager arrested

Transport for London (TfL) says customer bank details may have been compromised in cyber attack as arrest made

Turkey: Communications Directorate denies data breach allegations involving 85M Turkish citizens

Turkey: Minister denies recent report of massive personal data breach, confirms earlier leak

Turkish minister confirms vast personal data breach of millions

UK arrests teen linked to Transport for London cyber attack

UK designates the data center sector part of its ‘Critical National Infrastructure’

UK Recognizes Data Centers as Critical National Infrastructure

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

US Healthcare Giant Settles for $65M in Ransomware Case After Nude Patient Photos Leak

US sanctions Cambodian tycoon for alleged human trafficking to cyber scam centers

WazirX Hacker Transfers Nearly $23M in Crypto to Tornado Cash So Far

Your Easytrip RFID account ‘may have been involved in a limited data breach’

11th September

72% of Business Email Compromise (BEC) attacks were from free webmail domains

300,000 users of a top car rental company had their data stolen

Adobe fixes Acrobat Reader zero-day with public PoC exploit

Ally Financial faces class action lawsuit following cyberattack and data breach

Aviben Data Breach Lawsuit Filed Against Educators Benefit Consultants Over 2024 Cyberattack

Change Healthcare Class Action Lawsuit Filed Over Repercussions from Data Breach

Chinese ‘Crimson Palace’ Espionage Campaign Targets Southeast Asian Governments

Chinese DragonRank Hackers Exploit Global Windows Servers in SEO Fraud

Chinese hackers linked to cybercrime syndicate arrested in Singapore

Columbus City Cyberattack: Feds Lead Probe as Council Vows Transparency

CosmicBeetle Ransomware Believed to be RansomHub Affiliate

Critical Windows vulnerabilities exploited: CISA urges users to update

Crypto Hack Alert: New SpyAgent Malware Targets Android

Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses

Cyber attack forces Transport for London (TfL) to suspend all Oyster card renewals

Cyber crooks exploit HTTP headers in massive phishing campaigns

Cyber crooks shut down UK, US schools, thousands of kids affected

Cybernews Business Digital Index reveals major shortcomings in corporate customer data security

Cybersecurity is a fundamental component of patient care and safety

Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures

Data Breach at Infosys McCamish Leaks Confidential Information Belonging to TIAA Clients

Data Breach Hits Immigrus: 7,000 Clients’ Personal Information Exposed

Deal made with whistleblower after Columbus’ data leak draws global attention

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

DragonRank Manipulates SEO Rankings To Direct Users To Malicious Sites

DuckDuckGo and Bing users warned of Etherscan phishing website

EngageMED Provides Notice of Data Breach Affecting Patients’ Confidential Info

Enzo Biochem Inc. Reaches Settlement With Connecticut, New Jersey, and New York Attorney Generals Over 2023 Data Breach

Fake password manager coding test used to hack Python developers

Ford Files Patent to Collect Driver Data, Including Conversations, for In-Car Ads

Gallup: Pollster Acts to Close Down Security Threat

Global Cybercrime Syndicate Busted in Singapore in Major Police Operation

Hacker uses unverified contract to drain $1.4m from CUT token pools

Hacker With $100 Million In Shiba Inu On The Move Again

Hackers Exploit HTTP Response Header to Launch Sophisticated Phishing Attacks

Hackers have sights set on four Microsoft vulnerabilities, CISA warns

Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam

How AI and zero trust are transforming resilience strategies

How Law Enforcement's Ransomware Strategies Are Evolving

How many dangerous permissions are too many? Popular apps see no limits

Hunters International cyber-gang extorts Chinese mega-bank's London HQ

India’s 5000 Cyber Commandos May Not Be Enough, Say Experts

Indodax Hacker Starts Moving Funds

Indonesian crypto exchange Indodax goes offline after suspected $22M hack

Indonesian crypto exchange Indodax suffers $22m cyber exploit

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Japanese media giant investigating another reported data leak by BlackSuit hackers

Kaspersky security tools hijacked to disable online protection systems

Lehigh Valley Health Network Agrees to $65M Settlement in Landmark Data Breach Lawsuit

Major sales and ops overhaul leads to much more activity...for Meow ransomware gang

Malicious Fake Recruiters Lure Python Developers with Fake Coding Tests

Massive data leak at MNA Healthcare exposes thousands of medical workers’ information

Microsoft Fixes Four Actively Exploited Zero-Days

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft September 2024 Patch Tuesday: Addressing 79 New Vulnerabilities and Product Updates

Nearly 1 million Medicare beneficiaries face data breach

New Class Action Lawsuit Targets Communication Federal Credit Union Over Massive Data Breach

New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vector of Attack

Operational Technology Leaves Itself Open to Cyber-Attack

Payment-processing company says data breach potentially affected 1.7 million people

Planned Parenthood Confirms Cyber-Attack as Ransomhub Threatens to Leak Data

Poland's Supreme Court Blocks Pegasus Spyware Probe

PopinBorder Database Allegedly Breached

Popular French retailers confirm hackers stole customer data

Progress Software issues fix for maximum severity vulnerability

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

RaaS: Rise of Ransomware-as-a-Service in Cybercrime

RansomHub ransomware gang relies on Kaspersky TDSKiller tool to disable EDR

Richland County to provide some credit monitoring after cyber attack

RipperSec and NoName057 Launch DDoS Attacks on Taiwanese Government Sites

Scammers Exploit Delhi Capitals’ X Account to Promote Fraudulent HACKER Token

Security Breach: Inside the Growing Complexity of Ransomware Hacking Groups

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

So you paid a ransom demand...and now the decryptor doesn't work

Social security data breach exposes millions

South Korean Human Intelligence Data Breach

TD Bank fined $28 million for sharing inaccurate and negative data on customers

Tewkesbury Council continues to respond to a significant cyber attack

Thousands of US medical professionals have data exposed in major data breach

Threat Actor Claims to Sell KFC Mexico Customer Database with Over 349,000 Records

Threat Actor Offers Network Access to Major Brazilian Real Estate Company

Threat operation behind Cicada3301 ransomware delivery examined

Transport for London CTO says hackers disrupted Dial a Ride service for the disabled

UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience

US Car Rental Service Avis Hit by Major Cyber Attack

Why Is It So Challenging to Go Passwordless?

Windows Security Function Bypassed By New 0-Day Threat, Microsoft Says

10th September

21 New Ransomwares are Detected by Malware Researchers in August

33 open-source cybersecurity solutions you didn’t know you needed

AI-Powered Deepfake Scams Wreak Havoc on Businesses

August 2024’s Most Wanted Malware: RansomHub Reigns Supreme While Meow Ransomware Surges

Avis notifies customers of data breach

Canadian Payment Gateway Slim CD Suffers Major Cyberattack, Impacting 1.7 Million Users

China-Linked Threat Actors Target Taiwan Military Industry

Chinese ‘Crimson Palace’ espionage campaign keeps hacking Southeast Asian governments

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

CMS notifies 946K individuals of third-party data breach

CMS notifies nearly 950,000 individuals of data breach linked to MOVEit vulnerability

Columbus City Council says the cyberattack is a federal ongoing investigation

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

'Could have resulted in the loss of lives': Cyberattack on OneBlood nearly cut off Florida's blood supply

Critical SonicWall Firewall Vulnerability Actively Exploited by Ransomware Actors

Critical SonicWall SSLVPN Bug Exploited By Ransomware Actors

Cyberstalkers sextort $1.9M from young men via Apple Pay and Cash App

Data Allegedly from Thai Hospital Listed for Sale on Dark Web Forum

Data leak exposes 14,000 US medical professionals: what we know so far

Department of Justice (DoJ) Distributes $18.5m to Western Union Fraud Victims

Don’t Delay: Patch LoadMaster Now to Avoid Exploitation

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

Enterprise mobile devices see increased attacks

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

FBI warns of increased losses from crypto scams as crooks deepfake Apple's CEO

Five Different Botnet Login Clusters Linked to Quad7 Operators

Highline Public Schools Forced to Close By Cyber-Attack

How Cybercriminals Are Exploiting Social Media to Target You

How human-led threat hunting complements automation in detecting cyber threats

India to Train 5,000 Cyber Commandos to Combat Growing Cybercrime

Ivanti fixes maximum severity RCE bug in Endpoint Management software

Just-in-Time Access: Key Benefits for Cloud Platforms

Kenya Calls for Increased Investment in Cybersecurity to Protect Savings and Credit Cooperatives (SACCOs)

London High School Sent Students Home Following Ransomware Attack

London’s transit agency drops claim it has ‘no evidence’ of customer data theft after hack

Lowe’s employees targeted with malvertising campaign

Massive Spike in Crypto Fraud: FBI Reports Over $5.6 Billion Losses in 2023

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

Microsoft fixes Windows Smart App Control zero-day exploited since 2018

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

Microsoft September 2024 Patch Tuesday Fixes 79 Flaws, Including 4 Zero-Days

Mounting Konni cyberespionage attacks involve similar techniques

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments

National Public Data breach underscores the need for stronger digital identities

New Lookout Threat Research Proves Mobile Security Should Be Central to Modern Data Protection Strategies

New PIXHELL acoustic attack leaks secrets from LCD screen noise

New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers

New York health clinic forced to shut internal network following a ransomware attack

No Ransom Demand by Rhysida Before Columbus Data Leak

NoName ransomware gang deploying RansomHub malware in recent attacks

Palo Alto Networks details new ‘Repellent Scorpius’ group distributing Cicada3301 ransomware

Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities

Payment Gateway Platform SLIM CD Data Breach, 1.7 Million Users Data Exposed

Phishing Threats Surround Trump Digital Trading Cards: How Attackers Are Exploiting the Trend

Planned Parenthood of Montana Responds to RansomHub Cyberattack

RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software

Researchers turn RAM into radio antenna, beaming secrets from air-gapped system

Russian pro-democracy nonprofit investigates alleged data breach by Kremlin-backed hackers

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Slim CD reports data breach affecting 1.7 million credit card holders

Tech stack uniformity has become a systemic vulnerability

Tewkesbury Borough Council: 'Still no evidence of data loss' from cyber attack

The Brotherhood Introduces BloodForge RaaS: A New Player in the Ransomware Scene

The Role of VPNs in Protecting Online Privacy

Transport for London staff face limited system access following cyber attack

Transport for London (TfL) Cyber Attack Disrupts Services, Forcing Staff to Work From Home

Trustwave Reveals the Financial Sector's Cyber Threats

U.S. chipmaker Microchip says hackers stole employees' sensitive personal information

Uncovering a sophisticated phishing attack via WordPress theme exploitation

“View Once” messages on WhatsApp can be accessed repeatedly, researchers warn

Was your Social Security number leaked to the dark web? Here's how to find out

Washington state school district closed for second day after cyberattack

WazirX hacker launders $30M in 8 days, still holds $115M in ETH

WazirX Hacker Moves Over $23 Million in Stolen ETH in 24 Hours

Western intelligence agencies warn of Russian GRU cyber-attacks on NATO and EU nations

Western Union fraud victims reimbursed, millions paid out

Whale Phishing: When Cybercriminals Go After the Big Fish

WhatsApp’s ‘View Once’ Feature Exposed: Bug Allows Users to Screenshot Photos, Videos

Wifi routers and VPN appliances targeted by notorious botnet Quad7

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

9th September

1.7 million people hit in massive credit card data breach - what to do now

7 Ways to Enhance Cybersecurity with Artificial Intelligence (AI) and Machine Learning (ML)

A Threat Actor Claims Data Breach of Muzu.co

Advisory warns of Iran ransomware threat

AI content-based threats not dominating yet, but the breaking point is coming

AI cybersecurity needs to be as multi-layered as the system it’s protecting

Akira Ransomware Actors Exploit SonicWall Bug for Remote Code Execution (RCE)

Akira ransomware exploiting critical SonicWall SonicOS bug

Avis alerts nearly 300k car renters that crooks stole their info

Avis Car Rental reports data breach affecting nearly 300,000 customers

Avis Car Rental suffers a data breach, exposing the personal information of customers

Avis Data Breach: Car Rental Firm Informs Customers that Cyberattack Leaked Sensitive Data

Avis hit by major data breach, customer data affected

Avis Rent A Car announces data breach

Best practices for implementing the Principle of Least Privilege

Biggin Hill School Closes Due to Ransomware Attack

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

CapCut-themed phishing campaign is stealing crypto and data

Car Giant Avis Reveals Breach Impacted 300,000 Customers

Car rental company Avis discloses cyberattack and data breach

Centers for Medicare & Medicaid Services (CMS) Notifies People Potentially Impacted by Data Breach

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

Chinese hackers use new data theft malware in government attacks

CISA says SonicWall bug being exploited as experts warn of ransomware gang use

CMS says data breach at contractor could affect more than 946,000 Medicare beneficiaries

Cobalt Strike Attack: Threat Actors Leverage Phishing Emails

Columbus’ head of tech claims ransomware group ignored city before data leak

Confidant Health database exposed 5.3 terabytes of patient information

Critical SonicWall SSLVPN bug exploited in ransomware attacks

Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks

Critical Vulnerabilities Disclosed in IBM webMethods Integration Server

Cyber Attack Shutters Seattle-Area School District for 2nd Day

CyberVolk Group Claims Cyber Attacks Against Chinese Companies

Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details

Data Breach Confirmed by Avis

Data of nearly 300,000 exposed in Avis cyberattack

DDoS Attacks Double With Governments Most Targeted

Did a Cyberattack Cause the Centrelink Outage? Twitter Speculates

Earth Preta Upgrades Attack Strategy Via Removable Drives

Emergency Fix Issued for 10/10 Severity Vulnerability in LoadMaster Products

Empowering Your School Against Cyber Attacks

End of an era: Security budget growth slows down

Florida IT security company inadvertently hires North Korean hacker

Fog Ransomware Group Attacking Employees of Financial Services Sector

From Ransomware to Ransom War: The Evolution of a Solitary Experiment into Organized Crime

German Cyber Agency Investigating APT28 Phishing Campaign

German intelligence says Russian GRU group behind NATO, EU cyberattacks

Hacker Hits Rental Car Provider Avis, Steals Data on 300,000 Users

Hackers Stolen 300,000 Users Personal Data in Cyber Attack at Car Rental Firm

Highline Public Schools closes schools following cyberattack

Highline Public Schools Hit by Cyberattack, Classes Canceled

How Safe Is Your Crypto? WazirX Hacker Moves 5000 ETH Via Tornado

Huge data breach involving Social Security numbers could impact millions of Americans

Ignoring The Bounty, Penpie Hacker Launders $27 Million In Ether – What’s The Endgame?

Iranian IT Company Reportedly Paying Ransomware in Installments

Iranian Vice President Highlights Fuel Station Vulnerability to Cyberattacks

Kimsuky-linked hackers use similar tactics to attack Russia and South Korea, researchers say

Lazarus Group Targets Blockchain Pros with Fake Video Conferencing, Job Scam

Library cyberattack leaves no student or employee data compromised

Major US car rental breach exposes hundreds of thousands

Malvertising campaign targets Lowe’s employees

Medicare data breach bared info of nearly 1M people

Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature

Metro Pacific Tollways Corporation (MPTC) confirms ‘limited’ data breach affecting Easytrip user accounts

Metro Pacific Tollways Corporation (MPTC) says it has been affected by data breach

Millions impacted by payment provider hack – here's how to stay safe

National Cyber Security Centre (NCSC) Calls Out Cyber-Attacks From Russia’s GRU

National Public Data Breach: One of the Largest Data Breaches in History Affects Billions

Nearly 1 Million More Medicare Beneficiaries May Be Affected in Year-Old Data Breach

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

New Loki Backdoor Developed As Private Version Of Open-Source Mythic Framework

New pre-auth RCE in Veeam Backup & Replication at risk of ransomware "abuse"

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW!

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

Ongoing Lazarus Group campaign sets sights on blockchain pros

Online bill pay restored, City of Flint continues to recover from cyber attack

Parablu’s Guide to 2024 Ransomware Playbook

Payment gateway data breach affects 1.7 million credit card owners

Payment Gateway Reveals Hack Affecting 1.7 Million Cards

Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted

Planned Parenthood of Montana experienced a cyber attack

Poland dismantles cyber sabotage group linked to Russia, Belarus

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

Quad7 botnet targets more SOHO and VPN routers, media servers

Ransomware attack forces high school in London to close and send students home

Reputational Hijacking with JamPlus: A New Technique to Bypass Smart App Control (SAC)

RetailData Data Breach Affects an Unknown Number of Consumers

Security Budget Growth Slows, but Spending Remains Elevated

Sefton Council Apologies For Data Breach As Drivers Details Posted Online

Systems still down at council hit by cyber attack

The Escalating Threat of Cybercrime and the Urgent Need for Advanced Defenses

Thousands of Avis car rental customers had personal data stolen in cyberattack

Threat Actor “888” Allegedly Leaks Plastix Marketing Database, Exposing Over 34,000 User Records

Threat Actor Claims Breach of Stoxkart Database

Threat Actor Claims Dibcase Data Breach, Exposes 4 Million Client Records

Three R’s of cyber insurance: Risks, regulations, resilience

TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign

Transport for London (TfL) Admits Some Services Are Down Following Cyber-Attack

Transport for London (TfL) Cuts Data Feeds Amidst Cyber-Attack Fallout

Turkish government seeks Google’s help after massive personal data breach

Two Arrested by FBI for Credit Card Fraud Could Face 20-Years Prison

U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks

UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

Welcome Health Data Breach Put Confidential Patient Information at Risk

Whale phishing scam explained: How it works and tips to protect yourself