Editor's Message

Welcome to DBD. On March 8th, DBD celebrated it's 5th anniversary and PRiSM celebrated it's 2nd anniversary. Little did I know when I started both of these ventures just how much an impact they would have on my life and I'd like to thank each and everyone of you who have supported me over the years, with a special thanks to those individuals who have kindly shared their knowledge with me, and continue to do so. Thanks again for your support. Stay safe. :)


“Data Breaches Digest and its PRiSM portal provide Dentons Global Security Team with valuable insights into the ransomware landscape, from the latest incidents to trends over time, as well as the ability to customize visual analytics. Timely reports and tracking by Data Breaches Digest help inform cyber intelligence for the world’s largest law firm and thus our cybersecurity posture across more than 80 countries worldwide.”
Dentons Senior Analyst, Washington DC



Monday, 21 October 2024

Data Breaches Digest - Week 43 2024

Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 21st October and 27th October 2024.


27th October

Fog ransomware targets SonicWall VPNs to breach corporate networks

Four REvil Ransomware members sentenced for hacking and money laundering

FTP Access to University of California Offered for Sale on Dark Web

In legal first, Japan convicts man of abusing AI to generate ransomware

Parkland Health data breach exposes sensitive information of over 6,500 patients

Protecting the Healthcare Sector from Phishing Attacks

Royal Thai Police Database Breached, Claims Dark Web Actor

26th October

33 Corporate RDP Accesses Offered for Sale on Dark Web

100 million people hit in largest healthcare data breach in history - medical info, SSNs and more

15,500 Bahrain Service Accounts Leaked on Dark Web

Australia: Passport, Visa Details Compromised In Cyber Attack On ZicroDATA

Black Basta Ransomware Operators Using Microsoft Teams To Breach Organizations

Cash App data breach settlement offers compensation for affected users

Cash App Users Eligible to Claim Thousands in Data Breach Settlement

CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities

Council avoids six-figure fine after data breach

Cybersecurity in Nigeria’s digital age: Securing the future of our nation

Data Breach Exposes Sensitive Information from Major Egyptian Clubs, Banks, and Real Estate Firms

Database Leak of 50,000 Records Reported in Brazil

FBI, CISA investigating China-linked telecom hacks following reports of intrusions on Trump, Harris phones

Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions

Hacker returns $19 million in stolen crypto to US government just one day after breach

Hacker Who Looted $20,000,000 From a US Government Address Returns the Vast Majority of Stolen Funds

Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement

Majority of Aussies caught in cyber attacks as threats surge

New Attack Lets Hackers Downgrade Windows to Exploit Patched Flaws

New Cisco ASA and Firepower Threat Defense (FTD) features block VPN brute-force password attacks

New Google Cyber Attack Warning As Russian APT28 Hackers Strike

New Windows Driver Signature bypass allows kernel rootkit installs

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

PrestaShop Admin Access Up for Sale on Dark Web

Unitedhealth Confirms That 100 Million Users Were Impacted in the February Ransomware Attack

25th October

1StopBedrooms.com Database Breach Exposes 1 Million Orders

3 Myths About Identity and Access Management

3 Tips for Organizations to Shore Up Their Cyber Resilience Strategies This Fall

7 essential password rules to follow in 2024, according to security experts

99% of CISOs report fear over losing positions due to a data breach

100 million US citizens officially impacted by Change Healthcare data breach

$240K Fine for Ortho Group Ransomware Attack

800,000 people just had their full names, SSNs and more exposed in massive insurance admin company data breach

Achieving peak cyber resilience

Addressing growing concerns about cybersecurity in manufacturing

Amazon seizes domains used in rogue Remote Desktop campaign to steal data

Amazon Web Services (AWS) breaks up massive Russian phishing operation

Amazon Web Services (AWS) Seizes Domains Used by Russian Threat Group APT29

Apple Opens Private Cloud Compute (PCC) Source Code for Researchers to Identify Bugs in Cloud AI Security

Beyond Business Email Compromise: Multi-Channel Phishing Is Here To Stay

Bitfinex wallet hacker returns most of the $20 million back to US government

Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

Cash App users can claim thousands of dollars in a data breach settlement

Change Healthcare Breach Affects 100 Million Americans

Change Healthcare Cyberattack Exposed Data of Over 100 Million People

Change Healthcare data breach exposed ‘only’ 100 million US health records

Change Healthcare data breach officially affects 100M people

Change Healthcare Ransomware Attack Impacts 100 Million People

Change Healthcare says 100 million people impacted by February ransomware attack

Change Healthcare's Massive Data Breach Impacted 100 Million People. What to Know

Chimienti & Associates Experiences Data Breach Following Compromised Email Account

China hacks Verizon to target Trump/Vance communications, new report says

Chinese Hackers Target Trump and Vance Phone Data via Verizon Hack

Chinese Hackers Tried To Break Into Trump And Vance’s Cellphones In Data Breach

Cisco Patches Critical Vulnerability Affecting VPN Services

Columbus agrees to resolve data breach lawsuit

Community Dental Files Official Notice of Data Breach After Cyberattack Exposed Patients’ Sensitive Info

Connecticut Attorney General settles $500,000 data breach case with Guardian Analytics

Countering ransomware: Ransomware gang disruptions do work

Critical Vulnerabilities Found in Siemens and Schneider Electric Products

Cyberattacks Against Sporting Events are Growing More Calculated

DDoS attacks surge to unprecedented levels, bombarding servers with 4.2Tbps

Easterseals reports breach as Rhysida ransom gang demands $1.3M

Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof?

Epic Telecom: No evidence of data breach amid online leak claims

Europol Details Pursuit of LockBit Ransomware Affiliates

Exploited: Cisco, SharePoint, Chrome vulnerabilities

Federal Prosecutors Offer Plea Deal to SEC X Account Hacker

Four REvil members sentenced to more than four years in prison

From bad to infamous: UnitedHealth says hack impacted 100 Million Americans

Gándara Mental Health Center Provides Notice of Recent Data Breach

Hacker behind fake Bitcoin ETF X post pleads not guilty

Hacker Drains $20 Million from U.S. Government Controlled Wallet?

Hacker Returns $19 Million After U.S. Government Crypto Wallet Breach

Hacker Returns $19.3 Million to Drained US Government Crypto Wallet

Hacker returns stolen funds to US government in less than 24 hours

Hacker Returns Stolen Funds to US Government Wallet

Hacker “USDoD” Arrested in Brazil for Long String of Data Breaches

Hackers put 350 Million Hot Topic customers’ records for sale: “largest retail breach in history”

Healthcare giant Henry Schein reveals data breach following major ransomware attack

Historic Healthcare Data Breach: UnitedHealth Confirms 100 Million Americans Affected in Change Healthcare Attack

HOMESTEEL Malware Emerges as the Latest Cyberthreat to Ukraine’s Data Assets

‘I’m not a Robot’ reCAPTCHA Trojanized by Russian Hackers to Target Local Ukrainian Government

Insurance admin services company data breach exposes details about 8 lakh US users

Internet Archive is back online, but for how long?

Internet Archive suffers second data breach within a month

Investigation confirms Floyd County Public Schools data breach

Irish Data Protection Watchdog Fines LinkedIn $336m

Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

Is the Blockchain Secure? Yes, and Here’s Why

Kremlin-linked hackers target Ukraine’s state, military agencies in new espionage campaign

MacOS-Focused Ransomware Attempts to Leverage LockBit Brand

Massive data breach hits UnitedHealth tech unit

Microsoft Reports Nearly 400 U.S. Healthcare Facilities Targeted by Ransomware Attacks

More than 100 Million impacted by record-breaking Change Healthcare hack

Nearly a million users affected by Landmark data breach

New Phishing Schemes To Watch Out For

No Recovery Prospects: Casio Systems Still Down Two Weeks After a Ransomware Attack

Oregon Department of Corrections (DOC) employee ‘mistakenly’ exposed personal data of 861 people

Oregon Department of Corrections waited 47 days to inform public of data breach involving hundreds

Parkland Health data breach exposes sensitive information of over 6,500 patients

Public Relations (PR) dos and don’ts for a company data breach

Qilin Ransomware Adds Encryption, Stealth Features

QR Codes Fuel Rising Phishing Threats

Radisson properties allegedly suffer data breach

Ransomware Attacks Down Month-on-Month

RansomHub gang allegedly behind attack on Mexican airport operator

ReliaQuest report reveals new cloud phishing tactics

Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite

Rumpke says its been hit with a cyber attack

Russia sentences REvil ransomware members to over 4 years in prison

Securities and Exchange Commission (SEC) Charges 4 Companies Over Misleading SolarWinds Cyberattack Disclosures

Securities and Exchange Commission (SEC) fines tech companies for misleading SolarWinds disclosures

SonicWall firewalls the common access point in spreading ransomware campaign

Southend Council 'reprimanded' following data breach

Suspected Hacker Steals $20M in Crypto From US Government Bitfinex Wallet

Sysdig Predicts Global Cyberattacks Costs Will Exceed $100 Billion in 2025

Telegram Argues Against Policing Role in Star Health Data Breach Case

Telegram says it can't police all chatbots in Star Health India data leak

The Change Healthcare Data Breach Is the Biggest Ever: Here’s What You Need to Know

The future of cyber insurance: Meeting the demand for non-attack coverage

The State of Cybersecurity: Challenges, Priorities and Insights

Transport for London (TfL) grapples with Cyber Attack: Concession card renewals delayed until IT systems repaired

Transport for London (TfL) update about London Underground refunds and discount cards as computer systems hit by cyber attack

Trump and Vance possible targets of China-backed cyber attack

Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data

UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575)

United Health confirms largest ever US healthcare data breach, says 100 million users had info stolen

UnitedHealth data breach leaked info on over 100 million people

UnitedHealth Ransomware Attack Exposed 100 Million People

UnitedHealth's Data Breach Affected 100 Million Americans. Here's What the Cyberattack Exposed

Updated Qilin Ransomware Escalates Encryption and Evasion

Urgent fraud warning for more than 300,000 Aussies after their details leak onto the dark web as retailer digiDirect is allegedly hacked in huge data breach

US government likely lost $20M in crypto hack

24th October

67% of organizations say employees lack basic security awareness

389 healthcare companies hit by ransomware this year, Microsoft finds

AI and deepfakes fuel phishing scams, making detection harder

AI honeypot hit 800K times and managed to trap six AI-powered hacking agents

Amazon Web Services (AWS) Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Apple Computers Targeted With macOS.NotLockBit Ransomware

Apple will pay security researchers up to $1 million to hack its private AI cloud

Bangladesh: Massive data breach exposes security flaws at Atif Aslam concert in Dhaka

Bangladesh: Night made less magical by data breach - We didn't pay attention to website security, organisers say

Brazilian police arrest National Public Data hacker

Change Healthcare Cyberattack Affected 100 Million Individuals

Change Healthcare data breach officially affects 100 Million

Cisco fixes VPN DoS flaw discovered in password spray attacks

Cisco Investigates Alleged Data Breach, Hacker Claims Big Firms' Involvement

Cisco Issues Urgent Fix for Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software Vulnerability Under Active Attack

Class action litigation in South Africa could spike with ‘non-attack’ data breach claims

Cyber attack affecting Texas Tech Health System's students, patients

Cyber attack on cryptocurrency payment processor Transak impacted 92,000 customers

Cybersecurity Teams Largely Ignored in AI Policy Development

Embargo Ransomware Actors Abuses Safe Mode To Disable Security Solutions

Embargo ransomware analysis exposes developing toolkit of new group

Exploring the Transformative Potential of AI in Cybersecurity

First credible ransomware variant detected for Macs: creeping evolution spells danger

Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Fraudulent DeFi game leveraged in new crypto investor-targeted Lazarus attack

From phishing to deepfakes and beyond: Tips to protect your small business

Hacker behind Radiant Capital Heist Moves $52M in Stolen Crypto Funds

Hackers Can Be Heroes: The Importance of Responsible Disclosure

Hackers Leak 180,000 Esport North Africa User Records a Day Before Tournament Begins

Have you stayed at a Marriott? Here's what its settlement with the FTC means for you

Healthcare Sees 300% Surge in Ransomware Attacks

Henry Schein discloses data breach a year after ransomware attack

How does revenue impact ransomware outcomes?

How the ransomware attack at Change Healthcare went down: A timeline

Increased stealth integrated into novel Grandoreiro banking trojan variants

Insurance admin Landmark says data breach impacts 800,000 people

Iranian hacker group focuses on US election websites, media, ahead of vote, Microsoft says

Iranian Hacker Group Focuses on US Election Websites, Media, Microsoft says

Iranian Hackers Target U.S. Election Systems Ahead of 2024 Presidential Race

Ireland Fines LinkedIn 310 Million Euros Over EU Data Breach

Ireland fines LinkedIn €310 million over targeted advertising

Ireland fines LinkedIn $335 million over EU data breach

Irish Data Protection Commission (DPC) Slaps LinkedIn with €310 Million Fine Over Data Processing Violations

Landmark Admin Announces Data Breach Affecting 806,519 Liberty Bankers Insurance Group Policyholders

Landmark, an administrator for insurance firms, says 800,000 affected by data breach

Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game

Lazarus Group Exploits Google Chrome Flaw in New Campaign

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices

LinkedIn fined €310 million for violating EU privacy rules

LinkedIn fined $335 million in EU for tracking ads privacy breaches

LinkedIn hit with $335 million fine for using member data for ad targeting without consent

Mallox ransomware decryption tool issued by Avast

Mandiant says new Fortinet flaw has been exploited since June

Manufacturing faces rising cyber threats, report reveals

Millions of Hot Topic shoppers have data stolen by "Satanic" hacker

Misconfigured UN Database Exposes 228GB of Gender Violence Victims’ Data

New generation of QR code phishing tries to evade detection with text-based codes and specially crafted URLs

New macOS vulnerability allows unauthorized data access

New Qilin ransomware encryptor features stronger encryption, evasion

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

NotLockBit: Ransomware Discovery Serves As Wake-Up Call For Mac Users

Over 940,000 Medicare Beneficiaries Impacted by Data Breach

Penn State Fined £1.25 Million for Cybersecurity Failures in Federal Contracts

Pennsylvania State University (Penn State) Settles for $1.25M Over Cybersecurity Violations

Pinterest accused of secretly tracking their users

Pokémon Developer Game Freak’s Data Breach Includes Thousands of Employee Records, Internal Nintendo Secrets

Radiant Capital hacker moves $52M in stolen funds

Radiant Capital hacker moves $52M worth of crypto funds into Ethereum

Radiant Capital Hacker Shifts Stolen $52M Days Post-Attack

Ransomware Gang Targets Easterseals, A Nonprofit for Disabled Individuals

Ransomware's ripple effect felt across ERs as patient care suffers

Report Shows Well-Known Threats Persist at Alarming Levels

Researchers out new Qilin ransomware-as-a-service variant

Rhysida demands $1.3M ransom from disability nonprofit Easterseals

Russia says unprecedented cyber attack hits foreign ministry

Russia says 'unprecedented' cyber attack hits foreign ministry amid BRICS summit

Russian foreign ministry suffers ‘powerful’ cyber attack

Securities and Exchange Commission (SEC) Fines Four Tech Firms for Downplaying SolarWinds Impacts

Security Breach: Preventing Phishing Attacks 'Not Rocket Science'

Singapore: Banks, telcos and scam victims to share liability for losses under new framework to kick in on December 16th

Singapore: New real-time fraud surveillance duty for financial institutions; loss-sharing framework to begin on December 16th

Source Code of TargetMaps Geo-Analytics Leaked on Dark Web

Swiss vocational training institute pauses operations following a ransomware attack

The alarming rise of voice phishing: How to protect your business in the age of AI-powered scams

The ransomware negotiation playbook adds new chapters

The University of Manchester avoided disaster in last year’s cyber attack – now it wants to set an industry example

Transport for London (TfL) cyber attack: applications for new Zip cards and 60+ Oyster cards to reopen 'shortly'

UK Government Introduces New Data Governance Legislation

UK Government Urges Organizations to Get Cyber Essentials Certified

UK proposes new data protection regime, hopes for £10 billion economic boost

UK revives plan to reform data protection rules with an eye on boosting the economy

Unauthorized access leads to data breach in Arkansas Blue Cross Blue Shield rewards program

UnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breach

UnitedHealth says data of 100 million stolen in Change Healthcare breach

Vendors responsible for almost half of breaches in the energy sector, study finds

What is URL phishing?

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

Why Should You Care About In-Memory Attacks?

Yearlong Henry Schein breach probe surges victim total five-fold

23rd October

4 organizations charged with misleading cyber disclosures

10 most common passwords you should never use according to an ethical hacker

14% Increase in Large Cyber Claims, Driven by Data Breaches and Privacy Violations

49% of CISOs plan to leave role without industry action

70% of Leaders See Cyber Knowledge Gap in Employees

140% Increase in Callback Phishing

Access to Rockwool’s Digital Assets Offered for Sale on Dark Web

Akira Double-Extortion Ransomware Tactics Return

API Vulnerabilities Jump 21% in Third Quarter

Arkansas Blue Cross Addresses Data Breach

Attackers Use Encoded JavaScript to Deliver Malware

Avast Releases Free Decryptor for Mallox Ransomware

Average data breach cost hit Rs 19 crore in 2024; 16% Indians know privacy rights

Campus.gov.il Data Breach Exposes Over 110GB of Sensitive Information

Casio yet to recover affected systems following a devastating ransomware attack

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

Cisco Data Breach Leaks Sensitive Infrastructure Information Impacting High-Profile Organizations

Columbus, Ohio’s messy ransomware saga underscores legal gray areas

Connecticut Obtains Settlement Over Data Breach Affecting Webster Bank Customers

Cyble Sensors Uncover Cyberattacks on Java Framework and IoT Devices

Data Breach Exposes Over 220,000 Users of TrueCalia.com

Data breach impacts insurer Johnson & Johnson

Detect ransomware in storage to act before it spreads

Dutch Police Infiltrate Telegram Groups, Arrest 4 for Illegal Data Trading

Effective strategies for measuring and testing cyber resilience

Embargo ransomware: Rock’n’Rust

Embargo Ransomware Disables Security Defenses

Embargo Ransomware Gang Deploys Customized Defense Evasion Tools

Enhanced Phishing, AI-Enabled Threats and Cloud Flaws Most Concerning for 2025

Flat networks and small cyber budgets left schools vulnerable, but analysts say there’s help

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Great Expressions Dental Centers agrees to $2.7M settlement over 2023 data breach

Greece’s ruling party fined over diaspora email data breach

Greek ruling party fined over data breach

Hacker May Have Breached Hot Topic, Stolen Data on Millions

Happy Hack-tober! Don’t be Scared: How to Protect Your Business from RaaS Threats

High-Risk ICS Vulnerability Exposes ICONICS and Mitsubishi Electric Products to Data Breaches

High-severity FortiManager bug being exploited by hackers

Hong Kong: Sports club data hack affecting 72,000 'could have been avoided'

Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration

Iranian hacker group focuses on US election websites, media, ahead of vote, Microsoft says

Lack of investment leaving firms open to cyber attack

Lansing Community College reaches $1.45M settlement over data breach affecting 750,000 individuals

Largest Retail Breach in History: 350 Million "Hot Topic" Customers’ Personal & Payment Data Exposed - As a Result of Infostealer Infection

Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

LockBit, Conti, and BlackCat: 166 Ransomware Attacks Put Brazil in the Crosshairs in 2024

London trains contactless key update for commuters after cyber attack

Mallox Ransomware Flaw Let Victims Recover Files Without Ransom Payment

Mallox Ransomware Vulnerability Lets Victims Decrypt Files

Millions affected in major health data breach caused by a missing password

Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys

'Missing' teen Hannah Green scam plagues Norfolk Facebook

Multiple High-Severity Vulnerabilities Found in Bitdefender Products: Patch Now

New Anti-Bot Services Bypassing Google’s Protective ‘Red Page’ Warnings

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

New malware family NotLockBit aims ransomware attacks toward macOS

New Malware WarmCookie Targets Users with Malicious Links

Novel PowerRAT, DCRat deployed via Gophish toolkit

Over 1,000 NHS Accounts Leaked on Dark Web Forum

Over 52,000 American car wash customers exposed in data breach

Penn State University fined $1.25 million for failing to meet cyber requirements in federal contracts

Phishing scams use QR codes in PDFs to bypass defences

Pinterest faces EU privacy complaint over tracking ads

PriceBlink Data Leak Exposes Information of Over 148,000 Users

Prove you’re not a robot by running malware: crooks delivering stealers with fake CAPTCHAs

'Quishing': That QR Code You Scan May Be Malicious

Ransomware attack on Leaders Staffing impacted close to 52,000 customers

Ransomware Gang Attack Tactics Have Shifted

Ransomware gang stoops to new low, targets prominent nonprofit for disabled people

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models

Rogue RDP Files Used in Latest Campaign Targeting Ukrainian Government, Military

Russia Came Close to Breaching U.S. Critical Infrastructure Before Ukraine War, CISA Official Reveals

Russia says 'unprecedented' cyber attack hits foreign ministry amid BRICS summit

Russia's foreign ministry hit by ‘unprecedented’ cyber attack amid BRICS Summit

Securities and Exchange Commission (SEC) fines four companies $7 million for “downplaying” cyberattack

September 2024 Healthcare Data Breach Report

SoftBank, Mastercard, and Anthropic cyber chiefs sound alarms on AI phishing and deepfakes - but those aren’t the only things keeping them up at night

TA866 Group Linked to New WarmCookie Malware in Espionage Campaign

The evolution of cybercrime: How ransomware became the weapon of choice

The Key Components For a Secure Password Policy (And Why Complexity Isn’t One)

Think You're Secure? 49% of Enterprises Underestimate SaaS Risks

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

Transak Data Breach Exposes 92K Users: Employee Phishing Attack, Ransomware Group Claims Responsibility

Trickle-down cyber economics: UK hails success of Cyber Essentials certification scheme

UK court says dissident can sue the Saudi government for targeting him with spyware

UK Government "Considering All Options" to Combat Cyberthreats, Says Security Minister

UK Government Weighs Review of Computer Misuse Act to Combat Cybercrime

US Energy Sector Vulnerable to Supply Chain Attacks

US Government Pledges to Cyber Threat Sharing Via TLP Protocol

Winning cybersecurity warfare is the ultimate millstone for CISOs

Wisconsin sued over voting system’s allegedly weak cyber protections

Zendesk Assists Internet Archive in Securing Account After Cyber Breach

22nd October

34% of Chief Information Officers (CIOs) ranked securing the network as their number one priority

75% of US Senate Campaign Websites Fail to Implement DMARC

Access to US-Based Finance Company Network Listed for Sale on Dark Web

AI-Powered Attacks Flood Retail Websites

Akira Ransomware Actors Developing Rust Variant To Attack ESXi Servers

Akira ransomware is encrypting victims again following pure extortion fling

Akira ransomware pivots back to double extortion, C++ code

All hospitals should be concerned about cyberattacks. Here's why

Amazon Web Services (AWS), Azure auth keys found in Android and iOS apps used by millions

Arkansas Blue Cross and Blue Shield providing protection after data breach of member personal information

Arkansas Blue Cross and Blue Shield warns of data breach involving member information

Bulk data collection on American citizens? US government wants your opinion

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

Bumblebee malware loader reemerges in new attacks

Callback Phishing Attacks Using Google Groups To Steal Login Details

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

CISA proposes new security requirements to protect government, personal data

Cisco confirms investigation into data breach claims

Cisco shuts down DevHub developer environment following data breach

Connecticut settles with machine learning company over Webster Bank data breach

Consumer Financial Protection Bureau (CFPB): New regulations will better protect consumers’ personal financial data

Consumer Financial Protection Bureau (CFPB) Finalizes Data Privacy Rule to Boost Competition, Protect Consumers

Critical Veeam CVE actively exploited in ransomware attacks

Crypto Payment Firm Transak Hit by Data Breach After Employee’s Laptop Hack

CVE-2024-9537: CISA Warns of Unpatched ScienceLogic SL1 Exploit in Active Use

Cyber attack prompts early dismissal at Nebraska school

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Dark Web Anti-Bot Services Let Phishers Bypass Google’s Red Page

Data breaches against financial services drop

Database Access for Brazilian Microcredit Organization Auctioned on Dark Web

Employee laptop hack leaves crypto firm customers exposed

Evolving Ransomware Threats: Why Offline Storage is Essential for Modern Data Protection

Exploit released for new Windows Server "WinReg" NTLM Relay attack

Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware

Gambling sector subjected to APT41 intrusions

Georgetown University faces class-action lawsuit following data breach

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Great Expressions Dental Centers Settle Data Breach Lawsuit for $2.7 Million

Greece’s ruling party fined over misuse of voter records

Greek Ruling Party Fined Over Data Breach

Hackers are finding new ways to leverage AI

Half of UK businesses experienced a cyber attack in the last year, experts share advice to stay safe and vigilant online

Hong Kong: 'Lack of care led to sports association data breach'

Hong Kong watchdog slams sports club for sloppy cybersecurity ahead of data breach

How enhanced classification of cloud data can minimize ransomware risk

Immutable storage essential to protect against ransomware attacks on backup data

Infosys McCamish Systems Updates Data Breach Victim Count to Over 6 Million and Adds Wells Fargo, Continental Casualty Company, and The Nolan Financial Group

Iranian cyber actors are targeting critical infrastructure entities

IT security and government services: Balancing transparency and security

Japanese electric car manufacturer Nidec confirms major cyber attack on internal systems

Lawmakers ask Department of Justice (DOJ) to prosecute tax preparation firms for sharing customer data with big tech

LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

Massive data leak hits Mexican healthcare sector with over 5 million at risk

Meta to Fight Celeb-Bait Scams with Facial Recognition

Microsoft reported nearly 400 ransomware attacks in fiscal year 2024

National Financial Services Announces Data Breach Affecting MassMutual Subsidiary, MML Investors Services LLC

Newly Acquired Varsity Brands Sued Over Pre-Acquisition Cyber Hack

Nissan to pay out $1.82 million in Canadian data-breach suit

Nearly Two-Thirds of IT Leaders Have Fallen For Phishing Attacks

Over 92K impacted by Transak data breach

Phishing Attack Impacts Over 92,000 Transak Users

Phishing scams and malicious domains take center stage as the US election approaches

Phishing Scams & Ransomware: Fortinet's Threat Intelligence Highlights Election Cyber Risks

Prigozhin links, Kremlin funding put another Russian media company on US list

Proposed settlement to compensate those impacted by Lansing Community College (LCC) Data Breach

Radisson’s Country Inn and Suites Allegedly Hit by Ransomware

Radisson’s Country Inn & Suites purportedly breached by Everest ransomware

Ransomware attacks on health care sector are driving increase in emergency patient care

Ransomware on the Rise: Arm your business with the tools to face the next ransomware attack

Research uncovers new attack method, security leaders share insights

Researchers link Polyfill supply chain attack to huge network of copycat gambling sites

Rocky Mountain Gastroenterology Reportedly Experiences Triple Cyberattack, Resulting in Data Breach Affecting Up to 169,000

Roundcube Vulnerability (CVE-2024-37383) Exploited in Phishing Attacks Targeting Government Agencies for Credential Theft

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

Samsung zero-day flaw actively exploited in the wild

Securities and Exchange Commission (SEC) charges tech companies for downplaying SolarWinds breaches

Securities and Exchange Commission (SEC) Charges Tech Firms Over Misleading SolarWinds Hack Disclosures

Securities and Exchange Commission (SEC) fines four companies $7 million for ‘misleading cyber disclosures’ regarding SolarWinds hack

Securities and Exchange Commission (SEC) Fines Major Companies for Misleading Cyber Disclosures Amid SolarWinds Fallout

Securities and Exchange Commission (SEC) hits security companies with massive fines for misdirection over SolarWinds Orion hack

Security Flaw in Styra's Open Policy Agent (OPA) Exposes NTLM Hashes to Remote Attackers

Schreck Financial Group Experiences Email-Related Data Breach

Sony’s blockchain venture Soneium has a phishing scam issue

Splunk’s Recent Security Advisory: Addressing Vulnerabilities in Splunk Enterprise

The struggle for software liability: Inside a ‘very, very, very hard problem’

Think Tanks Urge Action to Curb Misuse of Spyware and Hack-for-Hire

Threat actors increasingly using malicious virtual hard drives in phishing attacks

Threat actors prepare at least 1,000 new malicious domains ahead of US presidential elections

Transak Data Breach Exposes 92K Users: Employee Phishing Attack, Ransomware Group Claims Responsibility

UK 'considering all options' to tackle cyberthreats, says government minister

US justice department indicts two Anonymous Sudan operatives

US unveils new rules to block China, Russia and Iran from accessing bulk US data

VMware fixes bad patch for critical vCenter Server RCE flaw

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

WazirX moved over $73 million crypto after data breach

Wells Fargo named in Infosys attack affecting 6 Million

What do we know about the data breach at Intesa Sanpaolo?

Zendesk helped Internet Archive secure account after hacker breached email system

21st October

50,000 Files Exposed in Nidec Ransomware Attack

225,000+ German B2B Leads Database Leaked on the Dark Web

A CISO’s guide to creating a cyber resilience toolkit

Abbott Laboratories Employees Credit Union Data Breach Caused by Compromised Email Account

Active Directory Faces Greater Risks Than Ever in 2024

Addressing Vulnerabilities in Critical ICS Products: A Focus on Siemens, Rockwell, and Delta

AI scam targets Ripple holders and memcoin trader loses it all

AI-enabled voice phishing new threat to cybersecurity

Alleged Data Breach at PT Haleyora Power Exposes Employee Information

Anti-Bot Services Help Cybercrooks Bypass Google 'Red Page'

Australia’s New Scam Prevention Laws: What You Need to Know

Bank of Cyprus: Cyber-attack thwarted on Friday

Beast Ransomware Attacking Windows, Linux, And ESXi Systems

Biden administration proposes new rules governing data transfers to adversarial nations

Biggest Education Industry Attacks in 2024

BlackSuit ransomware claims to have hacked Kansas City Hospice

Brazilian Police Caught the Hacker responsible for one of the Largest Personal Data Breaches ever

Bumblebee malware returns after recent law enforcement disruption

Caleb & Brown Client Data Leaked and Up for Sale

Canada: Texts claiming to be from the 'Ministry of Transportation' are scams

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

Chinese Research Using Quantum System to Crack Encryption a ‘Cautionary Tale’

Cisco Confirms Security Incident After Hacker Offers to Sell Data

Cisco denies data breach exposed sensitive personal data

Community Day School (CDS) data breach spurs digital review and recommitment to student safety

Connecticut Attorney General Reaches Settlement In Webster Bank Data Breach

Critical Vulnerability at Epicor Software Corporation Exposes Sensitive Data of Over 6,300 Clients

Crypto Employee's Use of Laptop Outside of Work Cited in Data Breach Affecting 93K Transak Users

Crypto Hack: Transak Hit By Data Breach, 57,000 Users Affected

Crypto payment services firm says more than 92,000 affected by data breach

Cybersecurity in healthcare: How hackers get in and how organizations can protect themselves

Cyprus' critical infrastructure targeted by coordinated cyberattacks linked to pro-Palestine groups

Data Breach Statistics [2024] : Penalties and Fines for Major regulations

Data Resilience and Protection in the Ransomware Age

Did You Know? Email Remains First 'Go-To' for Cyber Attack

EigenLayer Twitter Account Hacked In Phishing Scam; Community Warned Of Risks

Fake WordPress Plugins on 6,000 Sites Prompt Users to Install Malware

FBI Arrested Hacker Behind the Takeover of the U.S. SEC X account

FBI’s Most Wanted Hacker Arrested in Malpensa

Fidelity data breach confirmed, impacting 77K customers

Fortinet releases patches for undisclosed critical FortiManager vulnerability

Gambling in South Korea: Paradise Company warns of phishing scams

Genomics company 23andMe to pay up to $10,000 per person to victims of data breach

Hacked access tokens leveraged to breach Internet Archive anew

Hacker Advertises “Top Secret US Space Force (USSF) Military Technology Archive”

Hacker targets ESET’s Israeli partner by sending malware capable of wiping out computers

Hackers exploit Roundcube webmail flaw to steal email, credentials

Half of Organizations Have Unmanaged Long-Lived Cloud Credentials

High-risk vulnerability affecting UniFi Network Server

How Microsoft outplays scammers with clever virtual ‘honeypot’ traps

How to Meet the NCSC’s 14 Cloud Security Principles

If you’ve emailed the Internet Archive, “your data is now in the hands of some random guy”

Insurance Data Breach: Insurance Regulatory and Development Authority of India (IRDAI) Steps Up IT Security Audits

Internet Archive (Archive.org) Hacked for Second Time in a Month

Internet Archive Faces Yet Another Data Breach. Here’s What Happened

Internet archive hacked again: mass mail campaign after attack

Internet Archive hacker claims to still have access, responds to Zendesk support tickets

Internet Archive hackers sending email replies to support tickets

Internet Archive Struggles with Third Cyberattack in October

Internet Archive suffers third October cyber attack

Internet Archive was breached twice in a month

Japanese tech giant Nidec confirms 8Base data breach, company data published

Japanese watchmaker Casio warns of delivery delays after ransomware attack

Major Australian mechanic Ultra Tune suffers alleged cyber attack

Microsoft builds fake IT environments to lure hackers

Microsoft Phishing Scams Soar

MoneyGram class action claims data breach stole customer data

More of Internet Archive is back online, despite hackers infiltrating its helpdesk

Netskope Reports Possible Bumblebee Loader Resurgence

New Anti-Bot Services on the Dark Web Help Phishing Pages Bypass Google’s Red Page

New Cybersecurity Warning As 1,000 Elite Hackers Embrace AI

New U.S. Rule Takes Aim at Foreign Access to Sensitive Data

New York-based pediatric group says hackers stole patients' sensitive personal data

Nidec confirms ransomware attack leaked company data online

Over 6,000 WordPress hacked to install plugins pushing infostealers

Paystack, VasTopUp Tell Customer to ‘Wait for Court Order’ After Hacker Stole His N130,000

Radisson's Country Inn & Suites hack claim, thousands reported breached

RANEPA University Systems Hacked, Sensitive Data Leaked

Ransomware threats surge in India: 90% of Indian respondents targeted by attacks in the past year, OpenText survey reveals

Ransomware-related breach disclosed by Nidec Corporation

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Russia subjected to intrusions with LockBit 3.0, Babuk ransomware

Should the CISOs role be split into two functions?

SolarWinds Help Desk software vulnerability added to CISA catalogue

South Korea: Paradise Company warns of phishing scams via mobile apps

Spate of ransomware attacks on German-speaking schools hits another in Switzerland

Stolen Access Tokens Lead to New Internet Archive Breach

The current state of ransomware risk

The Digital Battlefield: Ransomware Threats Looming Over India

The Internet Archive breach continues

The Internet Archive Has Been Breached, Again

Transak hit by data breach, 92K users exposed

Transak was hacked. Attacker takes responsibility

U.S. insurer Globe Life faces ransom demand following a major breach

UAE cybercrime: Abu Dhabi study exposes six electronic blackmail tactics

UK Biobank denies claims of data breach by 'race science' group

What is Vulnerability Management? Compliance, Challenges, & Solutions

What to do if you're hit by a cyber attack

Why hasn’t Fractal ID addressed its possible data breach?

Wiper malware deployed against Israel via spoofed ESET emails