Cyber Security Blog

August 2023: Recent Cyber Attacks, Data Breaches & Ransomware Attacks

Written by Aditi Uberoi | 1 September 2023

Our monthly roundup of the Biggest Cyber Attacks, Ransomware Attacks and Data Breaches is here for the month of August 2023. Healthcare, educational institutions, VPN products, city administrations continue to dominate the list of victims. Big names like American Express, the Metropolitan Police, Toyota and Microsoft Teams were also amongst those impacted by cyber crime in the month gone by. 

  1. Ransomware Attacks in August 2023
  2. Data Breaches in August 2023
  3. Cyber-Attacks in August 2023
  4. New Ransomware/Malware Detected in August 2023
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in August 2023

If you check the tables below carefully, you'll know that there was a news piece on a cyber attack, ransomware attack, data breach or a new vulnerability being exploited almost every day of August 2023. Unfortunately, this month was no different from the earlier 7 months of the year. 

While we, as a community, were just about wrapping our heads around the MoveIT and Barracuda attacks that have done widespread damage, news of the Ivanti zero-day vulnerability started making headlines. Amongst the few things that are certain in this world is the fact that there isn't a moment of rest in the world of cybersecurity. 

It is hard to match pace with the advanced criminal, but there are certain things you can do as a business to keep yourself as protected as possible. Our Virtual Cyber Assistants can help you get your technology infrastructure in order, audit your existing cybersecurity health, help you achieve compliance, recommend enhancements on your existing Information Security Management System and much more. 

Importantly, our highly experienced cyber consultants will help you create or review and update your Cyber Incident Response Plans - a critical component of your cyber resilience strategy in the vicious threat landscape we inhabit today. Because let's face it - sooner or later, almost everyone is going to be attacked. What can save you, however, is better preparation to control the damage when it's your time.    

Ransomware Attacks in August 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

August 01, 2023

Mattress giant Tempur Sealy

Mattress giant Tempur Sealy hit with cyber rattack forcing system shutdown

AlphV/Black Cat Ransomware group

The attack forced the company to shut down its systems as hackers claimed to have access to sensitive documents.

Ransomware attack on mattress giant Tempur Sealy

August 02, 2023

West Oaks School, in Leeds, England

Russia-linked cyber criminals target school for children with learning difficulties

LockBit Ransomware

The stolen information is unknown but the ransomware group has warned that if the school remains unable to pay the ransom, the group will publish stolen data. 

Ransomware attack on West Oaks School, a school for children with learning difficulties 

August 05, 2023

Prospect Medical Holdings

FBI investigating ransomware attack crippling hospitals across 4 states

Rhysida Ransomware

When Prospect Medical Hospitals network faced issues at its hospitals nationwide, it took its systems offline and diverted patients to other facilities and stopped operation at its affected hospitals.

Prospect Medical Holdings ransomware attack

August 08, 2023

Mayanei Hayeshua Medical Center

Israeli hospital redirects new patients following ransomware attack

Unknown

The ransomware attack shut down the medical centre's administrative computer systems but didn’t affect the medical gear. The hospital advised new patients and those needing emergency care to visit other medical centres.

Ransomware attack on Mayanei Hayeshua Medical Center

August 14, 2023

German Federal Bar (BRAK) Association

Germany’s national bar association investigates ransomware attack

NoEscape Ransomware group

German Federal Bar (BRAK) Association's Brussels office fell victim to a criminal cyber attack, which led to a failure of the IT systems. The hackers allegedly encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data.

Ransomware attack on German Federal Bar (BRAK) Association's Brussels office 

August 16, 2023

Cleveland City Schools

Tennessee school hit with ransomware as gangs ramp up attacks ahead of new academic year

Unknown

The ransomware attack affected 5% of faculty and staff devices and the school printers remained down.

Cleveland City Schools ransomware attack

August 17, 2023

French town of Sartrouville

French town of Sartrouville recovering from cyber attack claimed by ransomware gang

Medusa Ransomware

Hackers targeted IT systems of hospitals, small businesses, schools, and local communities in the French town of Sartrouville as the town hall of Sartrouville (Yvelines) was paralyzed by a cyber attack, carried out by hackers who demanded a ransom. The intranet computer system of the town hall simply stopped as all data was encrypted and a ransomware-type virus named "Medusa" infected the municipality's work and backup servers.

Ransomware attack on French town of Sartrouville

August 18, 2023

Raleigh Housing Authority

Ransomware gang threatens Raleigh Housing Authority months after devastating attack

Black Basta Ransomware gang

The ransomware gang started posting sensitive personal information connected to a devastating attack on the Raleigh Housing Authority (RHA) that disrupted the organisation for weeks in May as the attack crashed the organisation’s entire system and stopped its ability to function for several days — seven cybersecurity officials from the National Guard were sent to help the organisation recover with additional assistance from the FBI.

Raleigh Housing Authority ransomware attack 

August 22, 2023

The Public Center for Social Action (CPAS) in Charleroi, Belgium

Cyberattack on Belgian social service centres forces them to close

Unknown

The cyber attack forced the Public Center for Social Action (CPAS) in Charleroi, Belgium, to close its social branches including its debt mediation service and Energy House service.

Ransomware attack on Belgium’s Public Center for Social Action (CPAS)

August 22, 2023

Danish Cloud Hosting firms CloudNordic and AzeroCloud

The firm, which owns both entities, says it lost all customer data after the ransomware attacks

Unknown

The ransomware attacks caused the loss of the majority of customer data forcing the hosting providers to shut down all systems, including websites, email, and customer sites.

Ransomware Attacks on CloudNordic and AzeroCloud

August 22, 2023

Cisco VPN

Akira ransomware targets Cisco VPNs to breach organisations

Akira Ransomware

Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data.

Akira ransomware attack on Cisco VPNs

August 24, 2023

St Helens Borough Council in Northwest England

English council warns residents after suspected ransomware attack

Unknown

The ransomware attack affected internal systems of St Helens Borough Council.

Ransomware attack on St Helens Borough Council in England

August 25, 2023

The Ohio History Connection

Thousands have SSNs leaked after ransomware attack on Ohio state archive organisation

Unknown

When the victim society refused to pay the ransom demand, hackers leaked the names, addresses and Social Security numbers of people employed by the organisation from 2009-2023. Hackers also accessed documents related to OHC vendors, checks provided to OHC by donors since 2020.

Ohio state archive org ransomware attack

August 27, 2027

Prospect Medical Holdings

Rhysida claims ransomware attack on Prospect Medical, threatens to sell data

Rhysida Ransomware

Hackers claimed to have stolen 500,000 social security numbers, corporate documents, and patient records.

Ransomware attack on Prospect Medical Holdings

August 28, 2023

PurFoods, which conducts business as 'Mom's Meals'

Mom’s Meals discloses data breach impacting 1.2 million people

Unknown

Hackers stole and encrypted personal information of 1.2 million customers and employees of Mom’s Meals.

Ransomware attack on Mom’s Meals

 

 Back to Top 


Data Breaches in August 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

August 01, 2023

Retail chain Hot Topic

American apparel Retailer, Hot Topic, discloses wave of credential-stuffing attacks

Unknown

Hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data. The information that may have been exposed to hackers includes: Full name, Email address, Order history, Phone number, Date of birth, Shipping address, last digits of saved payment cards etc. 

Data breach attack on retail chain, Hot Topic

August 02, 2023

Serco

US govt contractor Serco discloses data breach after MoveIT attacks

Clop Ransomware

The attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server.

Serco data breach

August 10, 2023

The Belt Railway Company of Chicago

Largest switching and terminal railroad in US investigating ransomware data theft

Akira Ransomware gang

The ransomware gang claimed to have stolen 85 GB of data.

Data breach attack on Chicago’s railroad company 

August 10, 2023

The California city of El Cerrito

California city investigating data theft after ransomware group’s claims

LockBit Ransomware gang

The City Manager Will Provost said they were aware that cybercriminals alleged to have taken data from certain City of El Cerrito systems and were threatening to post the information to a website outside the confines of traditional internet.

Data breach attack on the California city of El Cerrito

August 17, 2023

Tesla

Tesla blames data breach affecting 75,000 on ‘insider wrongdoing’

Insider Error (Human Error)

The data breach affected more than 75,000 current and former employees after two insiders allegedly shared information taken from its internal systems with a German newspaper. Tesla blamed “insider wrongdoing” for the breach which included compromised personal data and Social Security numbers.

Tesla data breach

August 18, 2023

Morris Hospital & Healthcare Centers

Illinois hospital notifies patients, employees of data breach after Royal Ransomware attack

Royal Ransomware 

In this data breach, about 250,000 people potentially had their personal information exposed which included names, addresses, dates of birth, social security numbers, medical record numbers and account numbers, and diagnostic codes of current and former healthcare patients and employees at Morris Hospital. 

Morris Hospital & Healthcare Centers data breach

August 18, 2023

Siemens Healthineers

Siemens Healthineers responds to alleged data theft by LockBit ransomware gang

LockBit Ransomware

In this attack, LockBit ransomware group stole data related to the Varian business segment of Siemens Healthineers and published it on the group's leak site.

Siemens Healthineers data breach

August 21, 2023

Alexander Babakov, a deputy chairman of Russia’s parliament

Ukrainian hackers claim to leak emails of Russian parliament deputy chief

Ukrainian hacking group “Cyber Resistance”

Ukrainian hackers claimed to have broken into the email account of a senior Russian politician and exposed documents that allegedly prove his involvement in money laundering and sanction evasion schemes. The threat actors calling themselves Cyber Resistance leaked 11 GB of emails allegedly belonging to Alexander Babakov, a deputy chairman of Russia’s parliament.

Data breach attack on  Russian parliament deputy chief

August 21, 2023

Watchmaker Seiko

BlackCat ransomware gang takes credit for Seiko data breach

AlphV/BlackCat Ransomware

The ransomware gang shared screenshots of the stolen data that included spreadsheets and presentations.

Seiko data breach

August 21, 2023

An organisation that manages Australia’s internet domain .au known as auDA

Australia’s .au domain administrator denies data breach after ransomware posting

NoEscape Ransomware

The NoEscape ransomware gang claimed to have attacked the organisation and stolen 15 GB of sensitive data that included personal information and more.

Data breach attack on an Australia’s .au domain administrator

August 23, 2023

University of Minnesota

University of Minnesota confirms data breach

Unknown

The University of Minnesota confirmed that the sensitive personal information of students, faculty and employees was leaked in a data breach.

University of Minnesota data breach

August 25, 2023

France's government unemployment registration and financial aid agency, Pôle emploi

Data breach at French govt agency exposes information of 10 million people

Clop Ransomware (This agency became victim of MOVEit data breach)

The data breach exposed data belonging to 10 million individuals.

Data breach at Pôle emploi

August 25, 2023

Leaseweb 

Leaseweb is restoring ‘critical’ systems after security breach

Unknown

Leaseweb took down some of the impacted systems to mitigate security risks and says that its teams are now working to restore critical systems affected in this incident.

Leaseweb data breach

August 25, 2023

Financial and risk advisory company Kroll

Kroll data breach exposes info of FTX, BlockFi, Genesis creditors

Unknown

Hackers stole the Kroll employee's phone number and used it to gain access to some files with personal data of bankruptcy claimants.

Kroll data breach incident 

August 25, 2023

American Express

American Express Confirms Data Leak Of APAC Employee Details

Former Employee

A former employee gained access to employee data after accidentally being given access to a third-party payroll company. The data reportedly involved bank account details, names and addresses, payment histories, and tax file numbers.

American Express data breach

August 26, 2023

Metropolitan Police

Metropolitan Police on red alert after details of officers and staff hacked in massive security breach

Unknown

All 47,000 personnel were warned of the risk that their photos, names and ranks had been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes.

Metropolitan Police data breach

August 27, 2023

Hospital Sisters Health System

Hospital Sisters Health System Confirms “Temporary System Outage,” Raising Concerns of Possible Data Breach

Unknown

Due to system outage, patients remained unable to access either company’s phone system, and MyChart and MyPrevea communications were not available.

Hospital Sisters Health System data breach

August 28, 2023

Trading Paints

Trading Paints Data Breach Exposes Usernames and Passwords

Unknown

Trading Paints, a platform used for customised liveries in iRacing, has experienced a data breach, exposing over 270,000 usernames and passwords.

Trading Paints data breach

August 28, 2023

Blue Cross and Blue Shield of Illinois

Blue Cross and Blue Shield of Illinois Files Notice of Recent Third-Party Data Breach

Unknown

The incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names, addresses, email addresses, phone numbers, dates of birth, Social Security Numbers, claim numbers, bank account numbers and medical service information.

Blue Cross and Blue Shield of Illinois data breach

August 29, 2023

CLEAResult

CLEAResult Data Breach Investigation

Clop ransomware

The CLEAResult data breach resulted in the names, Social Security numbers and financial account numbers of certain individuals being compromised.

CLEAResult data breach

August 29, 2023

Energy provider Eversource

Eversource confirms data breached due to vendor CLEAResult being exposed to software vulnerability

Clop ransomware

Eversource's vendor CLEAResult was impacted by MOVEit vulnerability, potentially exposed customer data. Information like energy usage, names and addresses may have been part of the exposure.

Eversource data breach

August 29, 2023

New York Life

New York Life Clients become latest victims of massive MOVEit data breach

Clop ransomware

Almost 26,000 New York Life customers had their names and Social Security numbers exposed to a data breach.

New York Life data breach 

August 29, 2023

Chevron Federal Credit Union

Chevron Federal Credit Union Files Notice of Data Breach Affecting Over 90k Consumers

Clop ransomware

The incident resulted in an unauthorised party being able to access consumers’ sensitive information, which includes their names and financial account information.

Chevron Federal Credit Union data breach

August 30, 2023

Entertainment company Paramount Global

Paramount discloses data breach following security incident

Unknown

During this breach, attackers gained access to personally identifiable information (PII) including  name, date of birth, Social Security number or other government-issued identification number and information related to the relationship with Paramount. The company has said that less than 100 individuals were apparently affected. 

Paramount data breach

August 31, 2023

Clothing company Forever 21

Hackers accessed information of 500,000 current and former employees

Unknown

Hackers had intermittent access to Forever21's systems between Jan and March 2023 and they have potentially exposed personal information of 539,207 individuals including Full name, Social Security Number (SSN), Date of Birth, Bank Account Number, Forever 21 Health Plan information etc. 

Forever 21 data breach

Back to Top 

Cyber Attacks in August 2023

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

August 02, 2023

Microsoft Teams

Russian hackers target govt orgs in Microsoft Teams phishing attacks

Hacking group APT29

According to Microsoft, the campaign affected fewer than 40 unique global organisations as the organisations targeted in this activity likely indicated specific espionage objectives by Midnight Blizzard directed at government, non-government organisations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

Microsoft Team phishing attack on government and NGOs, etc.

August 02, 2023

The websites of at least five banks, including Intesa Sanpaolo

Pro-Russian hackers claim attacks on Italian banks

The group, NoName057(16)

A pro-Russian hacking group has claimed responsibility for cyber attacks on Italian banks, businesses, and government agencies. The attacks flooded networks and disrupted services.

DDoS attack on the websites of at least five banks, including Intesa Sanpaolo

August 03, 2023

The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory – also known as NOIRLab

Hawai'i's Gemini North observatory suspends operations following cyber attack

Unknown

The cyber attack hindered the operations of an observatory in Hawai'i.

Cyber attack on Hawai’i’s Gemini North observatory 

August 04, 2023

The government, financial, and transportation industries in India and Israel

Bangladeshi hacktivists target India, Israel with DDoS attacks

Mysterious Team Bangladesh

Mysterious Team Bangladesh launched more than 750 distributed denial-of-service attacks (DDoS) that overwhelm websites with junk traffic, as well as over 70 defacement attacks that change website appearances to show unauthorised content. Thirty-four percent of those targeted India, while 18 percent focused on Israel.

Bangladesh’s DDoS attacks on India and Israel

August 12, 2023

A South African Power Generator with an undisclosed name

Southern African power generator targeted with DroxiDat malware

Unknown

The hackers used a Cobalt Strike tool and DroxiDat (a new variant of the SystemBC payload) to profile compromised systems and establish remote connections on the electric utility.

Droxidate malware attack on a South African Power Generator

August 14, 2023

Prince George's County Public Schools

Suburban DC school district responds to cyber attack

Unknown

The broad network outage knocked out email and other services as the district released a statement saying 4,500 of the system’s 180,000 accounts were impacted.

Suburban DC school district cyber attack

August 14, 2023

Cleaning product giant Clorox

Clorox takes servers offline, notifies law enforcement after ‘unauthorised activity’ detected

Unknown 

The cybersecurity incident forced Clorox to take several of its systems offline.

Clorox cyber attack

August 18, 2023

Zimbra email

Hackers compromise Zimbra email accounts in phishing campaign

Unknown

According to a report from Slovak software company ESET, the attackers have been gathering credentials of Zimbra account users since at least April. The hackers appear to be targeting organisations largely at random, with Zimbra use being the only common factor among them.

Phishing attack on Zimbra email accounts

August 20, 2023

Ecuador’s national election council 

Ecuador’s national election agency says cyber attacks caused absentee voting issues

Unknown

The cyber attacks originating from seven different countries disturbed the voting process which comes under Ecuador’s national election council for citizens living abroad.

Cyber attack on Ecuador’s national election agency

August 21, 2023

Australian software provider Energy One

Australian software provider Energy One hit by cyber attack

Unknown

The incident affected Energy One’s systems in Australia and the U.K.

Cyber attack on Energy One

August 21, 2023

Hong Kong based organisations

Carderbee hacking group hits Hong Kong organisations in supply chain attack

Carderbee hacking group

A previously unidentified APT hacking group named 'Carderbee' was observed attacking organisations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware.

Carderbee hacking group’s attack on organisations based in Hong Kong

August 21, 2023

Singing River Health System

Major Mississippi hospital system takes services offline after cyber attack

Unknown

Cyber attack forced Singing River Health System to take certain internal computer systems offline.

Cyber attack on Singing River Health System

August 23, 2023

Daily Maverick

South African News Website says it faced cyber attack after publishing a news report on Indian Prime Minister, Narendra Modi

Unknown

Due to a DDoS attack from Indian servers the news website remained down for hours.

DDoS attack on South African News Website Daily Maverick

August 27, 2023

Poland Rail

Poland investigates cyber-attack on rail network

Unknown

Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight as the signals were interspersed with a recording of Russia's national anthem and a speech by President Vladimir Putin.

Cyber attack on Poland’s rail network

August 29, 2023

University of Michigan

University of Michigan shuts down network after cyber attack

Unknown

The University took all of its systems and services offline to deal with a cybersecurity incident that caused a widespread impact on online services the night before classes started. The outage disrupted access to vital online services, including Google, Canvas, Wolverine Access, and email.

The University of Michigan cyber attack

August 29, 2023

Toyota Japan

All 14 Toyota factories in Japan halt operations due to massive glitch

Unknown

Toyota Motor Corp said it halted operations at all 14 of its factories in Japan due to a system glitch as it affected fourteen vehicle factories and 25 lines that remained unable to process orders for parts.

Cyber glitch at Toyota Japan


Back to Top 

New Ransomware/Malware Discovered in August 2023

New Ransomware

Summary

Source Link

A new malware belonging to the 'FourteenHi' malware family

Chinese state-sponsored hackers have been targeting industrial organisations with new malware that can steal data from air-gapped systems.

Hackers use new malware to breach air-gapped devices in Eastern Europe

MMRat Malware 

A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.

New Android MMRat malware uses Protobuf protocol to steal your data

Qakbot Botnet

Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI, known as Operation 'Duck Hunt.'

Qakbot botnet dismantled after infecting over 700,000 computers

DreamBus Malware

A new version of the DreamBus botnet malware exploits a critical-severity remote code execution vulnerability (tracked as CVE-2023-33246) in RocketMQ servers to infect devices.

DreamBus malware exploits RocketMQ flaw to infect servers

Whiffy malware

This malware uses scans of Wi-Fi access points within range of infected machines to geolocate them.

Whiffy malware stinks after tracking location via Wi-FI

New malicious framework named ‘Infamous Chisel'

Hackers working for the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, more commonly known as the GRU, have been targeting Android devices in Ukraine with a new malicious framework named ‘Infamous Chisel'.

GRU hackers attack Ukrainian military with new Android malware

Back to Top 

Vulnerabilities/Patches Discovered in August 2023

Date

Flaws/Fixes

Summary

Source Link

August 01, 2023

CVE-2023-35078

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that state hackers have been exploiting two flaws in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core, since April.

CISA issues new warning on actively exploited Ivanti MobileIron bugs

August 02, 2023

CVE-2023-20583

A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak as the researchers warned that the flaw is low-risk and will likely not be used in attacks on end users.

New Collide+Power side-channel attack impacts almost all CPUs

August 02, 2023

CVE-2023-3519

Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability.

Over 640 Citrix servers backdoored with web shells in ongoing attacks

August 02, 2023

CVE-2023-35082

IT software company Ivanti disclosed a new critical security vulnerability in its MobileIron Core mobile device management software.

Ivanti discloses new critical auth bypass bug in MobileIron Core

August 04, 2023

CVE-2023-39143

PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain RCE on unpatched Windows servers.

New PaperCut critical bug exposes unpatched servers to RCE attacks

August 22, 2023

CVE-2023-38035

IT giant Ivanti is advising some customers to make changes to dodge a new zero-day vulnerability affecting one of its products.

Ivanti: Customers ‘impacted’ by new zero-day vulnerability

August 23, 2023

CVE-2023-32315

Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts.

Over 3,000 Openfire servers vulnerable to takeover attacks

August 23, 2023

CVE-2023-38831

A WinRar zero-day vulnerability was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.

WinRAR zero-day exploited since April to hack trading accounts

August 24, 2023`

CVE-2022-47966

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organisations.

Hackers use public ManageEngine exploit to breach internet org

August 29, 2023

CVE-2023-36846 and CVE-2023-36845

Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.

Hackers exploit critical Juniper RCE bug chain after PoC release

 Back to Top 

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.

Hackers steal Signal, WhatsApp user data with fake Android chat app

Report

Researchers have found that an Iranian technology company is providing infrastructure services to ransomware gangs and an array of nation-state hackers.

Iranian cloud company accused of hosting cybercriminals, nation-state hackers

Report

Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts.

Hackers exploited Salesforce zero-day in Facebook phishing attack

Report

Slack is investigating an ongoing incident preventing users from accessing the instant messaging platform and making shared images blurry for those already logged in.

Slack down: Outage causing connection errors, blurry images

Report

A site impersonating Flipper Devices promises a free Flipper Zero after completing an offer but only leads to shady browser extensions and scam sites.

Fake FlipperZero sites promise free devices after completing offer

Report

Hacktivist groups that operate for political or ideological motives employ a broad range of funding methods to support their operations.

Hacktivists fund their operations using common cybercrime tactics

Report

The Federal Communications Commission (FCC) has announced a record-breaking $299,997,000 fine imposed on an international network of companies for placing five billion robocalls to more than 500 million phone numbers over three months in 2021.

Extended warranty robocallers fined $300 million after 5 billion scam calls

Report

According to a senior official, ransomware attacks targeting Finnish organisations have increased fourfold since the Nordic country began the process of joining NATO last year.

Finland sees fourfold spike in ransomware attacks since joining NATO, senior cyber official says

Warning

The FBI warned of fraudsters posing as Non-Fungible Token (NFT) developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets.

FBI warns of scammers posing as NFT devs to steal your crypto

Report

The phishing-as-a-service platform 16shop was taken down  as part of a global investigation led by Interpol. Law enforcement arrested a 21-year-old Indonesian man accused of administering the platform, along with two other individuals involved in its operation — one in Indonesia and one in Japan.

Interpol takes down phishing-as-a-service platform used by 70,000 people

Warning

Researchers have found that threat actors have been using the phishing toolkit EvilProxy to take control of cloud-based Microsoft 365 accounts belonging to executives at prominent companies.

Attackers use EvilProxy phishing kit to take over executives’ Microsoft 365 accounts

Warning

Germany’s domestic intelligence service published a cyber espionage warning that Iranian dissident organisations and individuals in the country were being targeted by a suspected state-sponsored threat group.

Iranian cyber spies are targeting dissidents in Germany, warns intelligence service

Report

Researchers have discovered multiple zero days affecting major cryptocurrency platforms like Coinbase and Binance.

Multiple zero days found affecting crypto platforms

Report

DHS said the Cyber Safety Review Board will focus its attention on the malicious targeting of cloud computing environments, including the recent intrusion into Microsoft Exchange Online by China-based hackers.

Microsoft Exchange hack is focus of cyber board’s next review

Report

Rep. Don Bacon (R-NE), a member of the House Armed Services Committee said his personal and political emails had been stolen by the same suspected Chinese hackers that breached the inboxes of the U.S. State and Commerce departments.

China email hacks included accounts of House member

Report

Cybersecurity researchers at the DEF CON security conference disclosed details this weekend on three vulnerabilities in popular transportation software Mooveit that could allow people to obtain free public transit rides.

Researchers discover vulnerabilities in Moovit software allowing free subway rides

Report

Popular online file hosting platform AnonFiles has shut down, with administrators saying they were fed up with “the extreme volumes” of abuse of its services.

‘Extreme’ user abuse leads AnonFiles operators to shut down hosting service

Warning

U.S. intelligence agencies are warning of increasing cyberattacks targeting U.S.-based space companies by unnamed foreign intelligence services.

FBI, Air Force warn of cyberattacks on space industry by ‘foreign intelligence operations’

Report

On average, every 72 hours for the past three months, cyber experts inside one of the United Kingdom’s security and intelligence services have detected the beginnings of a new ransomware attack against a British organisation and then tipped off the target in a bid to prevent the attack from being executed.

British intelligence is tipping off ransomware targets to disrupt attacks

Report

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

Scraped data of 2.6 million Duolingo users released on hacking forum

Report

Discord has been reaching out to users affected by a data breach disclosed earlier this year to let them know what Personal Identifying Information (PII) was exposed in the incident.

Discord starts notifying users affected by March data breach

Warning

The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway (ESG) remote command injection flaw are "ineffective," and patched appliances are still being compromised in ongoing attacks.

FBI warns of patched Barracuda ESG appliances still being hacked

Warning

The National Police of Spain warned of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails.

Spain warns of LockBit Locker ransomware phishing attacks

Report

Internet shutdowns in the central African country of Gabon have continued into their third day after officials cut off networks in an effort to limit the spread of information during the election season.

Internet shutdown in Gabon continues into third day following national elections

Report

Suspected Chinese hackers disproportionately targeted and breached government and government-linked organisations worldwide in recent attacks targeting a Barracuda Email Security Gateway (ESG) zero-day, with a focus on entities across the Americas.

US govt email servers hacked in Barracuda zero-day attacks

Report

The gang, which operates through a blog called Ransomed, tells victims that if they don’t pay to protect stolen files, they will face fines under data protection laws like the EU’s GDPR.

Pay the ransom instead of a GDPR fine, cybercrime gang tells its targets

Back to Top