Editor's Message

Welcome to DBD. On March 8th we celebrated our 4th Anniversary and the 1st Anniversary of our PRiSM application, officially endorsed by the SANS Institute. Despite recent personal issues that have impacted the amount of time I have been able to dedicate to both projects, I have been doing my best to keep everything as up-to-date as possible, and I would like to take this opportunity to thank everyone for their patience and support whilst I navigate through this very difficult time. Stay safe. :)



Monday 16 September 2024

Data Breaches Digest - Week 38 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 16th September and 22nd September 2024.


22nd September

Alleged Data Breach Hits EasyMPS, Exposing Sensitive Information of Millions

Data resilience and protection in the ransomware age

Hackers Claim Second Dell Data Breach in One Week

Hong Kong Journalists: Hong Kong-based journalism professionals suffer cyber attack in Britain

Mega breach hits Star Health; medical reports, PAN, more sensitive info leaked

Shezmu Recovers Stolen Crypto Funds After Bold Negotiation with Hacker

Snowflake Hacker Remains Active As Of This Week

Uber Eats Data Breach Allegedly Exposes Over 280,000 Records

21st September

Chinese National Charged in Major “Spear-Phishing” Espionage Campaign: What You Need to Know

Crypto lender Shezmu recovers hacked funds through negotiation

Crypto scam: hacker attack on Indian Supreme Court YouTube channel to promote cryptocurrency

Cybercriminal Takes Over Decentraland’s X Account, Phishing Scam Ensues

Dell Investigates Employee Data Leak Claims Made By Hackers

Global infostealer malware operation targets crypto users, gamers

Hacker behind Snowflake customer data breaches remains active

Hacker Uses Telegram Chatbots to Leak Data of Star Health Insurance

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks

India: Supreme Court’s YouTube Channel Taken Down After Hack, XRP Scam Videos Appear

LinkedIn Halts AI Data Processing in UK Amid Privacy Concerns Raised by Information Commissioner's Office (ICO)

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Philippines concerned over data breach risk at passport printer

Ransomware threats more than doubling every year

Shezmu recovers hacked crypto funds by negotiating with the hacker

Sneaky scammers drain bank account in sinister phone phishing scheme

Star Health Data Breach Exposes Millions of Customers’ Info

The dark side of AI democratization: You no longer need to be a hacker to hack

Threat Actor Claims to Leak SpaceX Data Containing Emails, Hashes, and IPs

Ukraine Bans Telegram Use for Government and Military Personnel

Ukraine bans Telegram use on state-issued devices

20th September

11 Common Cyberattacks You Should Be Aware Of

75% of Organisations Hit by Ransomware More Than Once

A Threat Actor Claims to Sell Data of Star Health Insurance, Compromising data of 31 Million Customers

Airline executive settles hack-for-hire case against law firm, pledging to ‘vigorously’ prosecute other alleged conspirators

Ascension Ransomware Attack Hurts Financial Recovery

Ascension’s Financial Comeback Stalled by Costly Cyberattack, Resulting in $1.8 Billion Loss

Asia Pacific Tops the Charts for Phishing Threats Against Financial Institutions

At least S$616,000 lost in 2024 amid spike in Singapore's parcel delivery phishing scams

AT&T To Pay $13 Million After Data Breach Hits 9 Million Customers

Australian Compass Group confirms second hack

BingX Confirms Attack on Its Hot Wallets, Initiates Emergency Plan

BingX Hack: Hackers Drain $43 Million, Exchange Commits to Full Refund

BingX Pledges User Compensation After a $43M Hack on Its Hot Wallet

Californian school district says December cyber attack compromised students’ data

Companies Often Pay Ransomware Attackers Multiple Times

Configuration flaw puts ServiceNow Knowledge Base articles at risk

Content creation platforms leveraged for phishing attacks

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks

Crypto Exchange BingX loses over $43m to fresh Hacker exploit

Crypto exchange BingX suffers hacker attack, losses surpass $40m

Cybercrooks strut away with haute couture Harvey Nichols data

Cybersecurity issues put 28 million passports at risk of data breach

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Data Breach Fallout: Disney Severs Ties after Slack Hack?

DDoS overtakes ransomware as most active cyber threat in Europe

Dell Allegedly Breached +10K Employee Information Exposed

Dell hit by “minor” data breach, over 10,000 employee records exposed

Dell investigates data breach claims after hacker leaks employee info

Department of Justice (DOJ) charges hackers for stealing $230 million in crypto from individual

Disney ditching Slack after massive July data breach

Disney ends Slack use over 1 TB data breach

Disney To Stop Using Salesforce's Slack After Data Breach

Disney To Stop Using Slack Following July Data Breach

ENISA Threat Landscape 2024 identifies availability, ransomware, data attacks as key cybersecurity threats

Europol busts massive criminal phishing network, over 480K affected

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Fake shelter alerts and death threats: phishing attack targets Israelis

Federal Trade Commission (FTC) investigates video streaming and social media for data collection

Fylde Coast Academy Trust: Schools threatened by hackers in cyber attack

Genetic Testing Company 23andMe Settles Data Breach Lawsuit for $30 Million

Germany Shuts Down 47 Cryptocurrency Exchange Services Linked to Cybercrime

Germany shuts down 47 cryptocurrency exchange services used by cybercriminals

Hacker exploits Telegram chatbots to leak data from leading Indian insurer Star Health

Hacker selling 7 TB of Star Health Insurance’s customer data using Telegram

Hacker uses Telegram chatbots to leak data of Star Health Insurance

Hacker uses Telegram chatbots to leak data of top Indian insurer Star Health

Hackers exploit content creation platforms for phishing attacks, warn experts

Hardware chain Total Tools suffers major data breach after cyber attack

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

How to Address Shortcomings in API Security

How to detect and stop bot activity

Huge phishing network which claimed 480K victims broken by Europol

In a major cyber attack, hackers target WHO and British parliamentarians on X

INC ransomware hits US healthcare, linked to Vanilla Tempest

Indian Supreme Court under Cyber Attack as Hackers Hijack YouTube Channel to Promote XRP

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East

Joint EU, Americas Effort Dismantles iServer Phishing Network

Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones

LinkedIn Halts AI Model Training in the UK Amid Privacy Concerns

Major retail banks in Singapore to introduce Singpass Face Verification (SFV) to mitigate phishing

Maryland Police Warn Gmail Users of Phishing Scam Demanding Bitcoin

More than $44 million in cryptocurrency stolen from Singaporean platform BingX

More Than Two Million Stolen VPN Passwords Discovered

Mr Hamza Launches Campaign Against Turkey

Nearly 8,000 claimants file high court case against Capita over 2023 cyber attack

New SambaSpy malware spread in phishing campaign

One-third of the US population’s background info is now public

Operation Kaerb, Masterminds Behind iServer Phishing-As-A-Service Platform Arrested

Passwordless AND Keyless: The Future of (Privileged) Access Management

Philippines concerned over data breach risk at passport printer

Police bust Vietnam-based phishing ring in 10 Billion Won scam

Providence Public School District yet to recover from debilitating ransomware attack

Providence school officials are quiet on data breach details

Republicans demand FBI hearing on Iran theft of Trump documents

Rising identity security risks: Why organizations must act now

Several organisations purportedly attacked by novel Valencia Ransomware gang

Seventeen Arrested in International Phishing Takedown Targeting Nearly Half a Million Victims

Singapore: Victims lose $616k amid spike in parcel delivery scams in 2024

Star Health Data Breach Exposes Millions of Medical Records on Telegram

Star Health Hit By Massive Data Breach, Millions Of Customers' Data Leaked On Telegram

Star Health Insurance Faces Allegations of Data Breach Affecting Over 3.1 Crore Customers

Star Health Suffers Mega Data Breach, Medical Records Of Over 31 Million Customers Up For Sale On Telegram

Stolen Star Health customer data exposed via Telegram chatbots, raising security concerns in India

Striking the balance between cybersecurity and operational efficiency

Text message phishing scammers extradited to Korea from Vietnam

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

This Phishing Service Helped Criminals Break Into 1 Million+ Stolen Phones

Threat Actor Claims Repeated Breach of Port of Seattle Website

Threat Actor Selling Access to Saudi Arabia’s Neom Project and MiSK Foundation Systems

Transport for London (TfL) sends letters to 5,000 cyber attack customers whose details were hacked

Transport for London (TfL) writes to 5,000 cyber attack customers

U.S. elections: Four cyber threats organizations can expect

UK regulator stops LinkedIn from training AI models with British users’ content

Ukraine bans Telegram on military, government devices over security risks

Ukraine bans Telegram on state and military devices

Ukraine Bans Telegram on State-Issued Devices

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Vanilla Tempest (Vice Society) Threat Group Using INC Ransomware to Attack Healthcare Orgs

WazirX Cyber Attack: Binance Distances Itself from Ownership and Responsibility

Why Disney may have decided to stop using Salesforce’s Slack communication platform

19th September

5 New Vulnerabilities Added to CISA’s Known Exploited List: Urgent Action Required

6 Million Taxpayer IDs, Including President's, Allegedly Leaked and Sold for $10,000

10 Critical Indicators Your Company is Vulnerable to Cyberattacks

17 arrested in takedown targeting phishing service with nearly 500,000 victims

23andMe $30M Data Breach Settlement: How Valuable Is Genetic Data?

23andMe Agrees to $30M Settlement That Could Pay $10,000 to Data Breach Victims

52% of consumers have an increased fear of becoming a fraud victim

8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach

A smartphone exploded at a Muscovite on Arbat Street during an Israeli cyber attack on Hezbollah

A Threat Actor Claims to Sell Police Complaints from 52 Police Stations in Rawalpindi

Alleged Data Breach Hits Egyptian Restaurant Chain Bazooka

Altman Plants Notifies Thousands of Data Breach Involving Their SSNs and Medical Information

APAC receives highest median threat score for phishing attacks against financial institutions

AT&T to Pay Federal Communications Commission (FCC) $13M for Vendor Data Breach

Attention Travelers! Beware of Booking.com Themed Phishing Attacks

Behind a data breach: the cost of cybersecurity incidents for Australian businesses

Beneath the surface - exploring the hidden costs of a cyber attack

Better Department of Justice (DOJ), FBI anti-ransomware efforts sought

Binance detaches itself from any liabilities days after WazirX cyber attack

British Authorities Arrest 17-Year-Old In Connection With Transport for London (TfL) Cyber Attack

Can the US safeguard user data from Meta’s AI training?

Canada: Watch out for 2FA phishing texts pretending to be from Rogers

Cashless toll payments end with massive data leak

Cencora Faces Criticism After Paying Rp1.15 Trillion Ransom In Bitcoin Due To Cyber Attack

Chinese marketplace Temu denies breach after hacker claims major customer data heist

CISA warns of actively exploited Apache HugeGraph-Server bug

City increasing security after thousands of Wichita Police records are compromised in cyber attack

Clever 'GitHub Scanner' campaign abusing repos to push malware

Combined Hardware-Cyber Attack Annihilate Hezbollah Command Network

Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America

Cryptojacking Gang TeamTNT Makes a Comeback

Cyber Attack on Security Firm Dr.Web Forces Servers Disconnection

Cyber Essentials: The 5 Cost-Effective Security Controls Everyone Needs

Cyberattacks Plague the Health Industry. Critics Call Feds’ Response Feeble and Fractured

Cybercriminals Exploit Content Platforms For Phishing Attacks And Data Breaches

CyberVolk Threatens Universities with Deleting Their Data

Data Breach Surge: A Wake-Up Call for Privacy

Data disposal and cyber hygiene: Building a culture of security within your organization

Data from Major Chinese Oil Company Allegedly Leaked on Dark Web

Decentraland X account hacked, phishing scam targets MANA airdrop

Decentraland’s X Account Hacked: Scammers Use Phishing Links to Target 607,000 Followers

Department of Justice (DOJ) and FBI Urged to Improve Ransomware Tracking, Says New Audit

Differential privacy in AI: A solution creating more problems for developers?

Disney Cuts Ties With Slack After Data Heist

Disney to ditch Slack following July data breach

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

Essential metrics for effective security program assessment

European, Latin American authorities arrest 17 in crackdown on phishing network with 483,000 victims

Exploding pagers - should we be worried?

Failed crypto scammers nominated for 'most incompetent hacker' award

Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware

FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices

FBI forced Flax Typhoon to abandon its botnet

FBI Shuts Down Chinese-Backed Hacker Group Targeting U.S. Universities and Agencies

FBI Takes Down China-Backed Botnet, Facilitates Ransomware Negotiations

Fedbank Financial Services clarifies on ransomware attack rumors: No breach of IT infrastructure

Federal civil rights watchdog sounds alarm over DOJ, DHS and HUD use of facial recognition technology

Federal Communications Commission (FCC) fines AT&T $13 million over cloud data breach

Federal Communications Commission (FCC) Fines AT&T $13 Million Over Massive Data Breach and Lax Security

Federal Trade Commission (FTC) exposes massive surveillance of kids, teens by social media giants

Federal Trade Commission (FTC) report on predatory social media data hoarding hints at future regulations

Fireworks Software Notifies 27k Individuals of Recent Data Breach

Fortinet Confirms “Limited” Data Breach That Leaked 440 GB

Germany seizes 47 crypto exchanges used by ransomware gangs

GitLab Patches Critical SAML Authentication Bypass Flaw in Community Edition (CE) and Enterprise Edition (EE) Editions

Global Phishing Network Busted in Major Cross-Continent Operation

Global Police Operation Dismantles 'Ghost' Encrypted Communication Platform

Group-IB contributes to international “Operation Kaerb” that led to the arrest of the masterminds behind the iServer phishing-as-a-service platform which claimed more than 483,000 victims globally

Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details

Hackers are seeking $6 million for files stolen in a cyberattack on Seattle airport operator

Hackers deliver popular crypto-miner through malicious email auto replies, researchers say

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

Hackers need your credentials so they can have spicy chats with AI models

Handala Hacktivist Group Claims Breach of Two Israeli Defense-Related Companies

Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene

How hackers are using legitimate tools to distribute phishing links

How the National Crime Agency (NCA) Controlled a Ransomware Operation

Indonesia: Finance Minister Sri Mulyani Orders Investigation into Taxpayer Data Breach

Indonesia’s tax agency probes alleged data breach affecting President Jokowi, 6 million taxpayers

Indonesia's tax agency probes alleged personal data breach

Infostealers Cause Surge in Ransomware Attacks, Just One in Three Recover Data

Initial Conference Takes Place for Consolidated Change Healthcare Data Breach Lawsuit

Insecure APIs and Bot Attacks Cost Global Firms $186 Billion

International Raids Shut Down Ghost Encrypted Messaging App

Iran backdoors planted across Middle East telecoms, government agencies

Iran tried to hand stolen Trump campaign data to Biden's campaign, agencies say

Iran’s Passive Backdoors Lurk in Middle Eastern Networks

Is Tor really safe? Law enforcement surveilling and unmasking users on the dark web

Ivanti warns of another critical CSA flaw exploited in attacks

Justice Department Crushes Chinese-Hacker Controlled 'Raptor Train' Botnet in Cybercrime Crackdown

Lockbit says it has hit eFile.com, again

Lumma Stealer Malware: New Threat Targeting Windows Users

Malicious actors target UK motorists with QR code scams

‘Marko Polo’ hackers found to be running dozens of scams

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft warns of ransomware attacks on US healthcare

Microsoft Warns Of Vanilla Tempest Hackers Attacking Healthcare Sectors

Mt. Carmel Behavioral Healthcare suffers data breach, exposing sensitive patient information

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

New TeamTNT Cryptojacking Campaign Targets CentOS Servers with Rootkit

Novel backdoor leveraged in North Korean hackers’ global aerospace, energy attacks

Pagers used in Hezbollah attacks: who still uses them and why?

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

Pennsylvania Launches Online Portal for Mandatory Data Breach Reporting

Phishing Espionage Attack Targets US-Taiwan Defense Conference

Police dismantles phone unlocking ring linked to 483,000 victims

Port of Seattle Won’t Pay Ransomware Demand

RansomHub Ransomware Targets 210 Victims Since February 2024

Ransomware is Most Significant Threat to UK and Most Overwhelming Issue

Ransomware payments: Ever present or on the decline?

Repsol suffers a cyber attack on its customer database

Richland County says 2023 data breach impacted more than 75,000 county residents

Risky Recovery: Ransomware “Decryption” Scams Remain in 2024

Russian cybersecurity firm Dr.Web suffers cyberattack, temporarily suspends virus database updates

SambaSpy Attacking Windows Users With Weaponized PDF Files

Seattle Airport Hack: Hackers Demand $6M Bitcoin Ransom For Stolen Files

Second cyber-attack leaves Hezbollah reeling; citizens fear war

Security Firm's North Korean Hacker Hire Not an Isolated Incident

Security leaders consider banning AI coding due to security risks

Selling ransomware breaches: Four trends spotted on the RAMP forum

Social media and video streaming companies violate user privacy on 'vast' scale

Spanish Police Arrest Hacker Wanted by Morocco for Cyber Fraud

Suspects behind $230 million cryptocurrency theft arrested in Miami

Suspicious teaser: Kaspersky warns that scammers hide phishing links behind images

Temu denies 87m record data breach claims

Temu Fights Back Against Massive Data Breach Allegations - Is It Enough To Rebuild Trust?

Temu threatened by hacker claiming data breach that company denies

Tewkesbury Borough Council IT systems deemed 'safe' after cyber attack

Tor says it’s "still safe" amid reports of police deanonymizing users

Total Tools customers warned of major data leak that impacts more than 38,000 tradies

U.S. Taxpayer Data at Risk? LockBit Ransomware Claims Attack on IRS-Authorized eFile

UK spyware victims file criminal complaint against NSO Group

United States says thwarted Chinese 'state-sponsored' cyber attack

US agencies say Iran offered hacked Trump documents to Democrats but was ignored

US Disrupts Alleged Chinese ‘State-Sponsored’ Cyber Attack Network

US healthcare sector subjected to attacks with INC ransomware

US Indicts Chinese Aerospace Employee for Spear Phishing Attack on Government, Private Sector

US Sanctions Intellexa Spyware Network Over Threat to National Security

Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims

Vanilla Tempest leverages INC ransomValencia Ransomware explodes on the scene, claims California city, fashion giant, more as victimsware to target healthcare sector

Vanir Group ransomware gang’s leak site seized by German authorities

Vanir ransomware site sequestered by Germany

Vice Society Pivots to Inc Ransomware in Healthcare Attack

Virgin Islanders Grow Frustrated With Lack of Access to Medical Records Following Schneider Regional Medical Center (SRMC) Ransomware Attack

WazirX Funds on the Move as Hacker Shifts $33 Million to Tornado Cash

WazirX Hacker Launders $12M in Ethereum Via Tornado Cash

WazirX Hacker Moves $32M in ETH to Tornado Cash in 4 Days, Binance Refutes Founder’s Claims

WazirX Hacker Moves $32M Stolen Ether in Four Days to Tornado Cash as Binance Denies Founder’s Claims

Western Agencies Warn Risk from Chinese-Controlled Botnet

What more can be done to stop ransomware attacks?

Why the National Cyber Security Centre (NCSC) Cyber Assessment Framework is Important to the UK Public Sector

Windows users targeted with fake human verification pages delivering malware

18th September

23andMe agrees to $30m settlement over data breach targeting Jewish and Chinese users

23andMe agrees to $30M settlement over data breach that targeted Jewish and Chinese users

23andMe to pay $30 million to settle class action lawsuit over October data breach

75 percent of organizations affected more than once by ransomware

A Threat Actor Alleged Data Breach of Relevvo

Ally Bank May Have Compromised Your Personal Data in an April Data Breach

Alleged DATASUS and DETRAN Database Breach Exposes Millions of Records

Almost 500GB of data allegedly leaked in RansomHub attack on Kawasaki

Analysis Identifies Web Servers as Weakest Cybersecurity Link

AT&T Agrees $13m Federal Communications Commission (FCC) Settlement Over Cloud Data Breach

AT&T ordered to pay $13M settlement in latest setback for company

AT&T Reaches $13 Million Federal Communications Commission (FCC) Settlement Over Massive 2023 Data Breach

AT&T to Pay $13 Million in Settlement Over 2023 Data Breach

AT&T to Pay Federal Communications Commission (FCC) $13 Million for Vendor Data Breach

Atrium Health data breach: Phishing attack exposes sensitive consumer information

Australia Arrests Mastermind Behind Global Crime App, Ghost

Bharat Petroleum Database Allegedly Breached 148M Records for Sale on Dark Web

CafePress data breach victims are getting money, Federal Trade Commission (FTC) says

Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group

Chinese botnet infects 260,000 SOHO routers, IP cameras with malware

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military

Chrome extension hides malware to steal crypto: new operation uncovered

Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

CISA Issues Advice to Help Eliminate XSS Bugs

City of Wichita reveals whose information is compromised from cyber attack

Claims of hacked voter data aims to cause distrust in elections

Cohesity reveals ransomware costs in cyber resilience report

Columbus says no IT Department employees have been fired since July ransomware attack

Company listed on Shanghai stock exchange accused of aiding Chinese cyberattacks

Critical Infrastructure at Risk From Email Security Breaches

Critical VMware vCenter Server bugs fixed (CVE-2024-38812)

Cyber attack on city of Wichita limited to police records, internal investigation finds

Deadly cyber attack in Lebanon reveals the new face of warfare

Deja blues...LockBit boasts once again of ransoming IRS-authorized eFile.com

Department of Justice (DOJ), FBI need better metrics for tracking ransomware disruption efforts, audit finds

Detecting vulnerable code in software dependencies is more complex than it seems

Europol takes down "Ghost" encrypted messaging platform used for crime

Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack

Everything you need to know about VPN tracking

Exploding Hezbollah pagers have bitcoiners worried, too

Fair Ball or Foul Play? EU’s Digital Markets Act Puts App Security on Shaky Ground

FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds

FBI Disrupts Another Massive Chinese-Linked Botnet

FBI disrupts major Chinese hacking group, director says

FBI says it recently dismantled a second major China-linked botnet

FBI warns about China-controlled botnet affecting thousands of Americans

Federal Communications Commission (FCC) Fines AT&T $13 Million for Data Breach Last Year

Federal Communications Commission (FCC) imposes $13m penalty on AT&T over 2023 vendor data breach

Federal Communications Commission (FCC) reaches $13 million settlement with AT&T over 2023 data breach involving third-party vendor

Federal Communications Commission (FCC) reaches settlement with AT&T for data breach

Germany seizes leak site of ‘Vanir’ ransomware operation

Ghost: Criminal communication platform compromised, dismantled by international law enforcement

GitLab releases fix for critical SAML authentication bypass flaw

Global Crime Hit as Europol Shuts Down Encrypted Chat App Ghost

Google Street View Images Used For Extortion Scams

GSM Association (GSMA) Plans End-to-End Encryption for Cross-Platform Rich Communications Services (RCS) Messaging

Hacker claims to have stolen 20GB data hoard from Capgemini, and is threatening to leak it all

Hacker targets NASA, faces 300+ years behind bars

Hackers breaching construction firms via specialized accounting software

Hackers demand $6 million for files stolen from Seattle airport operator in cyberattack

Hackers hold Blackpool academies and primary schools to ransom after cyber attack

Hacking group Dark Angels received $75 million in bitcoin, marking the largest known ransomware attack to date

Hezbollah walkie-talkies targeted by Israel in new round of coordinated fatal blasts

Hezbollah’s Pager Explosions Trigger Questions of Similar Threat to Smartphones

How did Israel’s Mossad plan the Hezbollah pager cyberattack? Here's what we know so far

Infostealers: An Early Warning for Ransomware Attacks

Japanese automaker Kawasaki says ransomware attack impacted European operations

LinkedIn scraped user data for training before updating its terms of service

Median payments for ransomware attacks by schools exceed $4m

Microsoft Azure tools increasingly leveraged in ransomware attacks

Most Educational Organizations Paid More Than the Original Ransom Demand, Says Sophos Survey

New Akamai State of the Internet Report reveals Asia Pacific received highest median threat score for phishing attacks against financial institutions

New Data Breach Notification Obligations for Pennsylvania – and a New Reporting Portal

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

New research finds rise of infostealer malware and digital identity exposure creates the perfect storm for ransomware attacks

North Korea-linked hackers target energy and aerospace companies in new espionage campaign

North Korean Group Uses Fake Job Offers to Target Energy, Aerospace Sectors

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware

Novel phishing attack uses "no-escape" kiosk mode in Chrome to extract passwords

Organizations overwhelmed by numerous and insecure remote access tools

Pagers Explode in Lebanon Killing 9 In Likely Israeli Cyber Attack

Pakistan: Government organisations are being attacked with phishing emails

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Police announce takedown and arrest mastermind behind criminal comms platform 'Ghost'

Preventing ransomware by fully remediating infostealer attacks

Providence public schools still struggling with internet outages after ‘irregular activity’

RAMBO Attack: Electromagnetic Waves Steal Data from Air-Gapped Systems

Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’

Russian security firm Dr.Web disconnects all servers after breach

Seattle-Tacoma Airport Says Criminal Hacker Group Attacked Computer Systems

Sensitive Data of Indonesian Government Officials Allegedly Leaked on Dark Web

Server Misconfiguration at Fuel Industry Software Provider Exposes SSNs, PII Data

ServiceNow warned customers of Knowledge Base (KB) article data breach

Seven Ways Hackers Can Access Company Information

Singapore: Major Retail Banks to Introduce Singpass Face Verification, Further Strengthening Resilience Against Phishing Scams

Singapore mandates face authentication for 'higher risk' bank transactions

Spain arrests Moroccan hacker sought by Morocco

SpyCloud Unveils Massive Scale of Identity Exposure Due to Infostealers, Highlighting Need for Advanced Cybersecurity Measures

Sydney-based Compass Group confirms Medusa ransomware attack

The clock is running on ransomware attack against Providence schools

The proliferation of non-human identities

Think twice before you click: this captcha might steal your money

Threat Actor Claims to Sell 600GB of Chunghwa Telecom Data

Two-Thirds of Security Leaders Consider Banning AI-Generated Code

U.S. Intelligence Agencies Say Chinese Botnet Compromised 260,000 Devices

U.S. says Iran sent Biden camp stolen Trump info in election interference bid

UK and allies issue cyber attack warning over China-backed 'botnet' of 260,000 compromised devices

Ukraine: Hacker who sold databases of thousands of users detained in Dnipropetrovsk region

US charges Chinese national over spear-phishing attacks against agencies

US FBI disrupts second Chinese hacking group, director says

US government ‘took control’ of a botnet run by Chinese government hackers, says FBI director

US Imposes Fresh Sanctions on Intellexa Spyware Maker

Vanilla Tempest hackers hit healthcare with INC ransomware

X hacking spree fuels "$HACKED" crypto token pump-and-dump

17th September

6% of media websites have robust bot protection

23andMe agrees to $30 million settlement after data breach affected nearly 7 million users

23andMe agrees to $30 million settlement after major data breach

23andMe settles data breach lawsuit for US$30 million

80% of critical infrastructure entities affected by email breaches

80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year

100s of injuries following pagers exploding in Lebanon

280K Customer Records from Alshaya Group Allegedly Leaked on Dark Web

A Threat Actor Alleged Data Breach of Didi Chuxing

A Threat Actor Claims Admin Access to Corporate Analytics Software Used by Major Companies

Access Sports Data Cyber Attack, 88,000+ Users Data Impacted

AI to supercharge deepfakes, ransomware and phishing attacks

All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them

Apple Urges Users to Install iOS 18 to Fix 33 iPhone Vulnerabilities

AppOmni Surfaces Configuration Flaw in ServiceNow SaaS Platform

Aramark Provides Notice of myPay Data Breach Affecting an Unknown Number of Employees

AT&T pays $13 million Federal Communications Commission (FCC) settlement over 2023 data breach

AT&T to Pay $13 Million and Add Safeguards After 2023 Data Breach

AT&T to pay $13 million Federal Communications Commission (FCC) settlement for 2023 data breach

AT&T to pay $13 million over 2023 customer data breach

AT&T to pay $13 million to settle FCC probe over cloud data breach

AT&T to pay out $13m over hack that affected millions - here's how you can claim

Australia: Local medical centre the victim of phishing attack

Bank Rakyat assures its system remains secure after attempted data breach on September 3rd

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Blasts in Beirut: Hezbollah communication equipment explodes, over 3,000 injured, 8 dead

Broadcom fixes critical RCE bug in VMware vCenter Server

Charles Darwin School forced to cancel classes following a BlackSuit ransomware attack

Chinese Citizen Allegedly Spent Years Trying to Hack NASA, US Research

Chinese Hacker Targeted NASA, U.S. Military to Steal Critical Software

Chinese man charged for spear-phishing against NASA and US Government

Chinese man stole NASA source code using spear phishing

Chinese national accused by Feds of spear-phishing for NASA, military source code

Chinese national accused by US of NASA and military spear-phishing campaign

CISA urges software developers to weed out XSS vulnerabilities

CISA’s FOCAL Plan: Federal Agencies Unite Against Cyber Threats

‘Click Here’: Investigators Struggle to Shed Light on Balkan-Wide Phishing Scam

Columbus data breach: 21% of city systems still down, IT chief says

Construction firms breached in brute force attacks on accounting software

Construction companies potentially vulnerable through accounting software, report says

Content platforms exploited for phishing attacks

Cyber Attack: Hezbollah blames Israel as pager explosions kill nine, over 2750 injured across Lebanon

Cyber Attack: Many killed, 2,750 wounded as pagers explode in Lebanon

Cyberattacks plague health care. Critics call the federal response 'inadequate'

David’s Bridal Data Breach Leaks an Unknown Number of Social Security Numbers

Death toll rises after Israeli cyber-attack on Lebanese communication network

Department of Justice (DOJ) indicts Chinese national for spear phishing campaign against NASA, FAA, Air Force

Email Security Breaches Rampant Among Critical Infrastructure Organizations

Express Services suffers data breach; unauthorized access confirmed

Financial Services sector tops charts for Phishing and DDoS in EMEA

Fines and lawsuits for businesses after a data breach might be worse than the attack itself

Gateways to havoc: Overprivileged dormant service accounts

Gen reveals 24% rise in ransomware attacks on consumers

GitLab releases security updates to fix 17 vulnerabilities

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Hacker Drains $6M from Delta Prime in Token Minting Exploit

Hacker Gains Access to T-Mobile’s Internal Files Via Third-Party Firm

Harmonizing Security and Usability to Tackle Account Takeover

Hezbollah pager devices remotely exploded in Israeli operation, thousands of members severely injured

Hezbollah vows "fair punishment" for major Israeli aggression

Hospitals need “tribal approach” to protect against hackers, says expert

Information Commissioner’s Office (ICO) Acts Against Sky Betting and Gaming Over Cookies

Instagram Introduces ‘Teen Accounts’ with Enhanced Protections for Young Users

Instagram to bolster privacy and safety features for millions of teen users

Iranian ambassador reportedly injured in Israeli cyber-attack targeting Lebanon and Syria

Iranian envoy injured in Beirut cyber attack

Is a $13 million fine enough to resolve AT&T’s data breach?

Israel Will Be Punished - Hezbollah Issues Statement on Cyber Attack in Lebanon

Lebanon: 'We condemn Israeli cyber attack and will submit complaint to UN Security Council'

Lebanon's Foreign Ministry condemns Israeli cyber attack, prepares complaint to UN Security Council

Little girl among martyred in Israeli regime cyber attack

Major Exchange Loses Billions of Shiba Inu (SHIB) to Hackers

Marko Polo cybercrime gang targets cryptocurrency users, influencers with scams

Mass Pager Explosions in Lebanon: Hezbollah Suspects Israeli Cyber Attack

Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Misconfigured ServiceNow Knowledge Bases Expose Confidential Information

Most Cyber Leaders Fear AI-Generated Code Will Increase Security Risks

Over 1,000 ServiceNow instances found leaking corporate Knowledge Base (KB) data

Over Half of Breached UK Firms Pay Ransom

Over Half of Hacked UK Firms Pay Ransom

Over half of UK companies hit by ransomware opt to pay

Phishing Attacks Exploit Content Creation Platforms

Phishing Campaigns Surge with New Header Refresh Technique, Targeting Financial and Government Sectors

PKfail Secure Boot bypass remains a significant risk two months later

Port of Seattle blames the Rhysida ransomware group for August cyber attack

Port of Seattle Identifies Hacker Group Behind August Cyberattack

Pro-Ukraine hackers claim attack on agency that certifies digital signatures in Russia

Proof-of-Concept (PoC) exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

Providence Schools Facing $1M Ransomware Demand, Says Cyber Threat Monitoring Company

Qilin ransomware attack on Synnovis impacted over 900,000 patients

RansomHub Ransomware Group Leaks Alleged Kawasaki Motors Stolen Data

RansomHub releases 487GB of data allegedly stolen from Kawasaki

Ransomware gangs now abuse Microsoft Azure tool for data theft

Ransomware whistleblower: Columbus could have avoided its mistakes

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks

Rhysida ransomware gang demands US$5.8m ransom for Seattle-Tacoma data

Rhysida ransomware gang ships off Port of Seattle data for $6M

Scam victims in Singapore lose SGD 28,000 in OneMotoring e-mail phishing; police issue alert

Seattle Port and Airport Cyberattack Takes Ransomware to Another Level

Seattle-Tacoma International Airport taunted by Rhysida ransomware gang over 100 bitcoin

Sibanye-Stillwater Mining Company Confirms Data Breach Exposing Information of 7,258 Employees

Singapore: At least $28k lost through phishing scam involving fake OneMotoring website

Singapore: Police warn of phishing scams impersonating OneMotoring site

Singapore: Victims lose $28K due to phishing scams impersonating OneMotoring

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

Sophos report reveals education sector's ransomware battle

T-Mobile virtual machine logs allegedly exposed in Capgemini data breach

Temu Allegedly Breached 87M Records for Sale on Dark Web

Temu denies breach after hacker claims theft of 87 million data records

Temu refutes data breach allegations by unknown threat actor trying to profit

The cybersecurity workforce of the future requires diverse hiring practices

The growing danger of visual hacking and how to protect against it

The Maids International reports a data breach affecting sensitive consumer information

Thousands of Hezbollah Fighters, Iranian Ambassador Injured by Exploding Pagers Across Lebanon

Threat Actor Offers Access to US Cosmetics Company for $12K

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

UK Data Regulator Cracks Down on Sky Betting and Gaming’s Unlawful Cookie Practices

UK Organisations Tout Government Help in Ransomware Incidents

US Department of Justice (USDOJ) Charges Chinese AVIC Engineer With Phishing To Hack NASA, FAA & US Military

US Looks to Align Security Across Government

US Ramps Up Sanctions on Spyware-Maker Intellexa

Widespread phishing exfiltrates credentials via HTTP header abuse

16th September

23andMe Agrees to $30m Data Breach Settlement

23andMe agrees to $30 million settlement over data breach that affected 6.9 million users

23andMe agrees to pay $30M to settle lawsuit over 2023 data breach

23andMe is ready to pay $30 million to settle a data breach lawsuit in 2023

23andMe set to pay millions to settle data breach lawsuit

23andMe Settles $30 Million in 2023 Data Breach Lawsuit Impacting 6.4 Million Customers

23andMe Settles Data Breach Lawsuit for $30 Million

23andMe settles data breach lawsuit for US$30 million

23andMe Settles Data Breach Lawsuit for $30 Million Amid Ongoing Cybersecurity Concerns

23andMe to Pay $30 Million Following Major Data Breach Impacting 6.4 Million Users

23andMe to Settle Data Breach Lawsuit with $30 Million Payout

23andMe Will Pay $30 Million To Settle Lawsuit Over 2023 Data Breach

$30 Million Compensation for 23andMe Data Breach Victims

86% of organizations allow data compliance exemptions in non-production

A Threat Actor Claims to Breach of SAP Database, 2,600 Employees Information Exposed

A Threat Actor Claims VPN Access to a Major Spanish University Network

A Wake-Up Call for AI Safety: ChatGPT’s Vulnerability Exposed

Advanced Phishing Attacks Put X Accounts at Risk

Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Apple Seeks to Drop Its Lawsuit Against Spyware Maker NSO

Apple to Drop Spyware Lawsuit Over Security Concerns

Australia Faces Surge in Data Breaches to Highest Level in 3.5 Years

Australian government one of leading victims of data breaches, report finds

Australian Law Firms Failing to Protect Against Cyber Threats, Report Reveals

Azure API Management Vulnerability Let Users Escalate Privileges

Bad actors already have your data, but there’s something you can do about it

Bank Rakyat assures its system remains secure after attempted data breach on September 3rd

Brunswick Hospital Center attack claimed by 3AM ransomware gang

Cameroon's pension fund refutes cyber-attack claims

Caterpillar Inc. Allegedly Breached 80GB of Sensitive Data Exposed

CBI-FBI Join Hands to Bust Global Cybercrime Network, 57 Gold Bars Seized

China suspected of hacking diplomatic body for Pacific islands region

Circle Under Fire for Not Blacklisting North Korean Hacker-Linked Funds

CISA warns of Windows flaw used in infostealer malware attacks

‘Clipper’ malware is being used to steal crypto, Binance warns

Crypto Broker DeltaPrime Drained of Over $6M Amid Apparent Private Key Leak

Cyberattacks against manufacturing sector increased 105% in H1 of 2024

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Cybercriminals exploit popular content creation platforms for phishing attacks

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers

Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals

Delta Prime DeFi hacker exploited token minting bug, managed to drain $6M

DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum

Don Laughlin’s Riverside Resort Casino data breach affects over 55,000 customers

Dubai Municipality Allegedly Breached +60GB Data is For Sale

DuckDuckGo ranks Etherscan phishing websites in top results

Everything old is new again? MCNA Dental allegedly suffers second big data breach of PHI

Exploit code released for critical Ivanti RCE flaw, patch now

Express Services Provides Notice of Data Breach Leaking Consumers’ Social Security Numbers and Financial Information

Feds: US voter registration data breach claims false

Feds sentence 12 crypto thieves behind SIM swaps, home invasions

Fortinet confirms data breach

Forum secretary-general confirms cyber attack against Fiji offices

Genealogy Website to Pay $30 Million Over 2023 Data Breach

German radio station forced to broadcast 'emergency tape' following cyberattack

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

Hacker Claims Breach of UK’s Experience Engine, Data Sold Online

Hacker Group Loses $5 Million in Frozen Stablecoins

Hackers from North Korea use Python test tasks to spread malware

Half of UK Firms Lack Basic Cybersecurity Skills

Hunters International Claims Breach of ICBC London

Internal T-Mobile files and other confidential info allegedly stolen by hacker and put up on a forum

Kawasaki says cyber attack unsuccessful despite RansomHub publication

Konni, the alleged Kimsuky-linked hacker, increases its activity

Massive Data Breach Hits 3.1 Million Medicare Users in MOVEit Cyberattack

Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks

Meta Goes Ahead With Controversial AI Training in UK

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

North Korea's Lazarus Group has $5M frozen in stablecoins

North Korean hacker group using false coding tests to spread malware

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware

Northern Ireland: Police Ombudsman launches independent investigation over data breach

Office of the Australian Information Commissioner (OAIC) received data breach reports nearly daily in first half of 2024

Office of the Australian Information Commissioner (OAIC) Says Data Breach Notifications at Three-Year Highs

Owner of only US platinum mine confirms data breach after ransomware claims

Pacific Islands Forum's General Secretary Baron Waqa confirms cyber attack on PIF’s office in Fiji

Payment processor’s data breach affects 1.7M consumers

Pennsylvania Launches Online Portal for Data Breach Reporting

Port of Seattle attack attributed to Rhysida ransomware group

Port of Seattle Confirms Ransomware Attack Disrupted Operations, Raises Data Breach Concerns

Port of Seattle confirms recent cyberattack was ransomware assault

Port of Seattle Hit by Rhysida Ransomware in August Attack

Port of Seattle officials pin attack, data theft to Rhysida ransomware group

Port of Seattle says August cyberattack was Rhysida ransomware

RansomHub Ransomware Gang Leaks 487GB of Alleged Kawasaki Europe Data

Ransomware attack on Access Sports impacted over 88,000 patients

Ransomware attacks against educational organisations drop, but victims are paying more

Ransomware group releases screenshots in attempted extortion of Port of Seattle

Ransomware groups weaponise stolen data

Rhysida Hackers Blamed for Ransomware Attack on Seattle Airport

Riverside Resort & Casino Notifies Customers of Data Breach

Security giant Fortinet suffers data breach

Settlement reached in genetic-data-breach class action

Sky Betting and Gaming gets wrist slap for “unlawfully processing people’s data”

T-Mobile’s VM logs allegedly leaked in 20GB Capgemini data breach

The cybersecurity paradigm shift: AI is necessitating the need to fight fire with fire

The Maids International Notifies Consumers of the January 2024 Data Breach

Thousands of Vastaamo leak victims seek higher compensation amid ongoing legal battle

Top 10 ransomware groups to watch

Toyota customer data leak: 240GB of sensitive information exposed by hacker group ZeroSevenGroup

Transport for London says cyber attack resulted in a customer data breach

Transport for London (TfL) cyber attack delays contactless Watford train stations

Transport for London (TfL) directs 30,000 employees to verify identities and reset passwords after data breach

Transport for London (TfL) requires in-person password resets for all staff after cyber attack

Trends and dangers in open-source software dependencies

U.S. Deepens Crackdown on Predator Spyware Maker Intellexa Consortium

U.S. government expands sanctions against spyware maker Intellexa

UK’s privacy watchdog takes credit for rise of ‘consent or pay’

US cracks down on spyware vendor Intellexa with more sanctions

US hits Intellexa spyware maker with more sanctions

US Indicts Chinese National for Phishing for NASA Tech

Walsall teenager arrested over ‘hugely disruptive’ Transport for London (TfL) cyber attack

What Is Phishing-Resistant MFA?

What Is Quishing? A new way scammers are phishing

ZeroSevenGroup Allegedly Breached Israeli Systems, Price of Stolen Data is 200K XMR