August 2024: Biggest Cyber Attacks, Data Breaches, Ransomware Attacks
Date: 2 September 2024
France's Grane palais, Arcadian Ambulance service, Security Service of Ukraine, AutoCanada, Halliburton, Pharma giant- Cencora, ADT Alarm, US National Public Data, POLADA, Kootenai Health.
What do these organisations have in common? Nothing much except that they were all victims of cyber crime in August 2024.
- Ransomware Attacks in August 2024
- Data Breaches in August 2024
- Cyber Attacks in August 2024
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis etc. in August 2024
We're back with another exhaustive list of cyber attacks, ransomware attacks and data breaches for the month of August 2024. The diverse list of organisations that were compromised this month point to one resounding truth all over again - nobody is immune to the wrath of malicious threat actors on the internet.
Is there a solution to this massive global plague? While nobody can offer complete protection to you against cyber attacks, there's a lot you can do to prevent an attack from ravaging your business. Cyber Incident Planning and Response is the first and most important step you can take today to mitigate the damage from any cybersecurity incident. Additionally, utilizing Software Testing Services can help identify vulnerabilities in your systems, further strengthening your defenses against potential threats.
Get your Incident Response in order, training your staff with our NCSC Assured Cybersecurity Training programmes, understand the importance of Crisis Communications and establish robust protocols.
Finally, ensure that you give your team adequate practice in responding to cyber attacks and cybersecurity decision-making with Cyber Attack Tabletop Exercises. The numerous attacks listed below serve effectively for creating your own Cyber Tabletop Exercise Scenarios. And if all or any of the above sound too intimidating, don't hesitate to reach out to our Virtual Cybersecurity Assistants to help you get your cybersecurity posture and resilience in order in the most cost-effective way possible today.
Ransomware Attacks in August 2024
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
August 01, 2024 |
Acadian Ambulance Services |
Acadian Ambulance Services leaks protected health information after cyber attack |
Daixin Ransomware |
The disclosure followed the listing of Acadian on a dark web data leak site controlled by the Daixin Team ransomware group. The ransomware group claimed responsibility for the Acadian ransomware attack and demanded $7 million in ransom or threatened to publish the stolen health information if the ambulance services company refused to pay. Acadian has apparently offered to pay $173,000, a proposal that the ransomware group has rejected so far. The group claims it stole 11 million customer and employee data records. |
|
August 02, 2024 |
Sable International |
Hackers directly email customers of immigration firm after damaging cyber attack |
BianLian Ransomware |
Sable International, offering immigration services and legal resources for those with international businesses, warned officials in multiple countries that a recent cyber attack may have exposed sensitive customer information. The hackers behind the attack have been emailing customers about the incident, likely to put pressure on the firm to pay a ransom, and they forced the company to shut down its servers, website and transactional portals. |
|
August 04, 2024 |
Keytronic |
Keytronic reports losses of over $17 million after ransomware attack |
Black Basta Ransomware |
Electronic manufacturing services provider Keytronic revealed that it suffered losses of over $17 million due to a May ransomware attack. In a filing with the U.S. Securities and Exchange Commission (SEC), Keytronic said it detected the incident on May 6 after disruptions at its Mexico and U.S. sites impacted business applications supporting both operations and corporate functions. |
|
August 04, 2024 |
OneBlood |
Southern blood center recovering from ransomware attack |
Russian cybercrime ransomware |
A blood centre that serves hundreds of hospitals in the southeastern U.S. began to recover from a ransomware attack as critical software systems used to manage daily operations at OneBlood were coming back online about a week after the attack. |
Source:Healthcaredive.com |
August 05, 2024 |
France's Grand Palais |
France's Grand Palais discloses cyber attack during Olympic games |
Unknown |
A French media outlet, Sud Ouest, reported that the attack caused the Grand Palais Rmn to shut down systems to prevent the spread of the attack, disrupting book stores and boutiques at numerous museums in France, and the threat actors allegedly left a ransom note demanding a payment in cryptocurrency or they would leak data stolen in the attack. |
|
August 06, 2024 |
Sumter County Sheriff's Office |
Sumter County Sheriff's Office: Hacking group demands 7 BTC |
Rhysida Ransomware |
Rhysida ransomware group claims to have breached Sumter County Sheriff's Office. The hackers allegedly exfiltrated data, with the sample provided showing passports, SSNs, and other miscellaneous documents and demanded 7 BTC (approx. $425,000). |
|
August 07, 2024 |
McLaren Health Care |
Michigan hospital system struggles with cyber attack as healthcare industry decries ‘Russian’ ransomware |
INC ransomware |
McLaren Health Care in Michigan confirmed that outages affecting phone systems and computers were the result of a cyber attack that began earlier in the week. |
|
August 08, 2024 |
The city of Killeen |
Killeen hit by ransomware attack from ‘cybercriminal’ |
BlackSuit Ransomware |
The city of Killeen confirmed Thursday it suffered a ransomware attack on Wednesday morning igniting problems with city-government emails, the municipal court system and causing city officials to urge local residents to “monitor their financial accounts.” |
Source: kdhnews.com |
August 08, 2024 |
City of Columbus |
‘Devastating:’ Stolen Columbus data leaked by ransomware group after auction gets no bids |
Rhysida Ransomware |
Over three terabytes of stolen data, including Columbus employees’ personal files, were dumped on the dark web, after two auctions by the hackers that attacked the city failed to attract bids. The Rhysida ransomware group began leaking the data after an extended auction ended, according to Ohio State assistant professor Carter Yagemann, CMIT Solutions’ Daniel Maldet and other cybersecurity experts. |
Source: nbc4i.com |
August 12, 2024 |
Australian gold mining company Evolution |
Australian gold mining company Evolution Mining announces ransomware attack |
Unknown |
Evolution told investors that it became aware of a ransomware attack impacting its IT systems. |
|
August 12, 2024 |
Schlatter Group |
Swiss manufacturer investigating ransomware attack that shut down IT network |
Unknown |
Hackers attempted to blackmail a Swiss manufacturing giant after a cyberattack as it said in a press release that it was dealing with a criminal cyber attack using malware. Schlatter Group currently does not have access to its email system and urged customers to call them if there are any issues. As part of the investigation, the company is assessing whether data was stolen. |
|
August 12, 2024 |
Kootenai Health |
3AM ransomware stole data of 464,000 Kootenai Health patients |
3AM Ransomware |
Kootenai Health disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. The stolen data consists of a 22GB archive, available for free, allowing any other cybercriminal to download the data and utilise it in further attacks. |
|
August 19, 2024 |
CannonDesign |
AvosLocker ransomware attack against CannonDesign confirmed |
AvosLocker ransomware |
U.S-based global architectural, engineering, and consulting practice CannonDesign confirmed the compromise of data belonging to its 13,000 clients following an AvosLocker ransomware attack in January 2023. |
Source: SCMagazine |
August 23, 2024 |
American Radio Relay League |
American Radio Relay League confirms $1 million ransom payment |
Embargo Ransomware |
The American Radio Relay League (ARRL) confirmed it paid a $1 million ransom to obtain a decryptor to restore systems encrypted in a May ransomware attack. After discovering the incident, the National Association for Amateur Radio took impacted systems offline to contain the breach. |
|
August 26, 2024 |
Patelco |
Patelco notifies 726,000 customers of ransomware data breach |
RansomHub Gang |
Patelco Credit Union warned customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year. |
|
August 28, 2024 |
Microchip Technology |
'Play' Ransomware Group claims it breached Microchip, Stole secret data |
Play Ransomware |
A screenshot shared online suggested the group stole confidential data and personal information in connection with Microchip, as well as budget, payroll, and accounting data. A ransomware group known as "Play" or "Playcrypt" claimed responsibility for a cyber attack on Microchip Technology earlier this month. |
Source: pcmag.com |
Data Breaches in August 2024
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
August 01, 2024 |
Cencora |
Cencora confirms patient health information stolen in February attack |
Unknown |
Pharmaceutical giant Cencora confirmed that patients' protected health information and personally identifiable information (PII) was exposed in a February cyber attack. Some of the pharmaceutical companies impacted by this breach included Novartis, Bayer, AbbVie, Pharma America, Acadia Pharmaceuticals and GlaxoSmithKline Group. |
Source: BleepingComputer |
August 01, 2024 |
An unnamed Taiwanese research organisation |
Taiwan government-backed research organisation targeted by APT41 hackers |
Chinese APT41 hackers |
A Taiwanese government-affiliated research institute working on sensitive technologies was breached by one of China’s most infamous hacking operations, researchers. The hackers deployed the ShadowPad malware - a hallmark of China-based hackers - and several additional tools were written in Simplified Chinese. The hackers used backdoors and compression tools to exfiltrate a large number of files. |
|
August 05, 2024 |
Mobile Guardian |
Hacker wipes 13,000 devices after breaching classroom management platform |
Unknown |
A hacker has breached Mobile Guardian and remotely wiped data from at least 13,000 student's iPads and Chromebooks. The platform announced it suffered a security breach on August 4, 2024, where a hacker gained unauthorised access to its platform, impacting its North American, European, and Singaporean instances. |
Source: BleepingComputer |
August 08, 2024 |
ADT Alarm |
Home alarm company ADT says hackers obtained ‘limited’ customer data |
Unknown |
The home security systems company ADT Inc. announced that unauthorised hackers unlawfully broke into some databases storing customer order information as attackers made off with “limited” customer information, including email addresses, phone numbers and home addresses. |
Source: The Record |
August 08, 2024 |
CSC ServiceWorks |
CSC ServiceWorks discloses data breach after 2023 cyber attack |
Unknown |
A laundry services provider, CSC ServiceWorks disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. CSC ServiceWorks believed the threat actors had access to compromised systems on its network from September 23, 2023, to February 4, 2024. |
|
August 08 and 15, 2024 |
National Public Data |
Hackers leak 2.7 billion data records with Social Security numbers |
Hackers known as “Fenice” and “SXUL” on BreachForum |
Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases as a threat actor known as "Fenice" leaked the most complete version of the stolen National Public Data data for free on the Breached hacking forum. Fenice also said the data breach was conducted by another threat actor named "SXUL," rather than USDoD. |
Source: BleepingComputer |
August 12, 2024 |
Poland’s anti-doping agency POLADA |
Suspected 'hostile state' behind hack of Poland’s anti-doping agency and leak of athletes' data |
“Beregini” described itself on Telegram as a “Ukrainian hacker group” and claimed the attack was in response to the Olympic Games having “been turned into a political oppression instrument.” |
POLADA’s website went down and remained offline as tens of thousands of confidential files were compromised in the attack including the medical records and testing histories of Polish athletes. Hackers “supported by the services of [a] hostile state” were believed to be behind the leak of over 50,000 confidential files from POLADA. |
Source: The Record |
August 12, 2024 |
South Korea's ruling party, People Power Party (PPP) |
South Korea says DPRK hackers stole spy plane technical data |
DPRK hackers |
South Korea's ruling party, People Power Party (PPP), claimed that North Korean hackers stole crucial information about K2 tanks, the country's main battle tank, as well as its "Baekdu" and "Geumgang" spy planes. |
Data breach attack on South Korea's ruling party, People Power Party (PPP) |
August 13, 2024 |
Orion, a Luxembourg-based company |
Carbon black supplier Orion loses $60 million in business email compromise scam |
Unknown |
About $60 million was stolen from one of the leading suppliers of carbon products after an employee was tricked into making several wire transfers to cybercriminals. The funds were stolen from Orion, a Luxembourg-based company that produces carbon black, a material used to make tires, ink, batteries, plastics and more. |
Source: The Record |
August 18, 2024 |
FlightAware |
FlightAware configuration error leaked user data for years |
Unknown |
Flight tracking platform FlightAware asked some users to reset their account login passwords due to a data security incident that may have exposed personal information. The company said: "On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address". |
|
August 18, 2024 |
Oregon Zoo |
Cybercriminals syphon credit card numbers from Oregon Zoo website |
Unknown |
Cybercriminals were able to steal the credit card information of more than 100,000 people this year after taking over parts of a website run by the Oregon Zoo. The Portland-based zoo filed documents with regulators that outlined a months-long campaign against the payment platform the organisation uses on its website. |
|
August 18, 2024 |
Toyota North America |
Toyota confirms third-party data breach impacting customers |
ZeroSevenGroup |
Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. ZeroSevenGroup said they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information. |
|
August 26, 2024 |
Park’N Fly |
Park’N Fly notifies 1 million customers of data breach |
Unknown |
Park'N Fly warned that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network. |
|
August 26, 2024 |
Customer-engagement firm Exotel |
Customer-engagement platform Exotel confirms data breach |
Unknown |
Bengaluru-(India)-based customer-engagement firm Exotel suffered a data breach within one of its cloud infrastructure platforms in Singapore, affecting some of its customers. |
|
August 27, 2024 |
Young Consulting (now Connexure) |
BlackSuit ransomware steals data of 950,000 from software vendor |
BlackSuit Ransomware |
Young Consulting sent data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. |
|
August 28, 2024 |
Banham Poultry |
Staff details stolen in poultry factory cyber attack |
Unknown |
Banham Poultry, based in Attleborough, said criminals had remotely accessed its system in the early hours of 18 August as staff at a poultry factory in Norfolk have had their personal details stolen in a cyber attack. |
|
August 28, 2024 |
Azov Battalion (the 3rd Separate Assault Brigade) |
Russian hacker group RaHDit leaks data on 7,700 Azov soldiers |
RaHDit Hackers |
A pro-Russia hacker group RaHDit published data of almost 7,700 members of the revamped Azov Battalion (the 3rd Separate Assault Brigade) including over 4,000 images. |
|
August 28, 2024 |
Durex India |
Durex India spilled customers’ private order data |
Unknown |
Durex India, the Indian subsidiary of the British condom and personal lubricants brand, has exposed its customers’ personal information, including their full names and order details. The brand’s website spilled customer names, phone numbers, email addresses, shipping addresses, the products ordered and the amount paid. |
Source: TechCrunch |
August 29, 2024 |
Fota Wildlife Park |
Warning to customers as Fota Wildlife Park hit by cyber attack |
Unknown |
Fota Wildlife Park in Cork has been hit by a cyber attack and customers have been warned that their financial information may have been compromised. In an email to customers, the park said that for anyone who carried out a transaction on its website between the dates of 12 May 2024 and 27 August 2024, there is a risk that their financial information may be compromised. |
Cyber Attacks in August 2024
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
August 07, 2024 |
A financial institution in Israel |
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack |
Unknown |
For the entire attack duration of almost 24 hours, Akamai Prolexic blocked approximately 419 terabytes of traffic. Akamai prevented one of the largest distributed denial-of-service (DDoS) cyber attacks it has ever observed against a major financial services company in Israel. |
|
August 07, 2024 |
Ronin Network |
Ronin Network hacked, $12 million returned by "white hat" hackers |
Unknown |
Gambling blockchain Ronin Network suffered a security incident when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. But, the white-hats have fully returned the stolen funds and will receive a generous $500,000 bounty for their "forced audit." |
|
August 12, 2024 |
Ukraine’s Security Service |
Hackers posing as Ukraine’s Security Service infect 100 govt PCs |
A threat group tracked as UAC-0198 |
Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies. The Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that the attackers successfully infected over 100 computers with AnonVNC malware. |
Source: BleepingComputer |
August 12, 2024 |
AutoCanada |
AutoCanada discloses cyber attack impacting internal IT systems |
BlackSuit Ransomware |
Hackers targeted AutoCanada in a cyber attack that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. The source said that it's worth noting that AutoCanada has also been impacted by CDK Global's massive IT outage caused by the BlackSuit Ransomware attack. |
Source: BleepingComputer |
August 23 and 29, 2024 |
Halliburton |
Halliburton forced to take systems offline to contain cyber attack |
RansomHub Gang |
Oil field giant Halliburton provided details to regulators about the recent cyber attack that necessitated the shut-down of certain systems. The company said that it was hit by a cyber attack that affected operations at its headquarters in Houston. In an 8-K report submitted to the Securities and Exchange Commission (SEC), the company said hackers “gained access to certain of its systems.” |
Cyber attack on an oil field company Halliburton |
August 26, 2024 |
Seattle-Tacoma International Airport |
Seattle's airport, seaport isolate systems after cyber attack |
Unknown |
Travellers in Seattle were asked to complete as much of the preflight process as possible at home after a cyber attack left the Seattle-Tacoma International Airport without internet and web systems. The Port of Seattle, which includes the airport, published a statement that hours earlier it “experienced certain system outages indicating a possible cyber attack.” |
|
August 28, 2024 |
Dick's Sporting Goods |
Dick's Sporting Goods discloses cyber attack |
Unknown |
Dick's Sporting Goods has admitted that it suffered a cyberattack as in an SEC 8-K filing, the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, including portions of its systems containing certain confidential information. The company has no knowledge that this incident has disrupted business operations. |
Source: The Register |
August 28, 2024 |
Salford City Council |
Housing register still down weeks after cyber attack |
Unknown |
A council housing register remained suspended weeks after it fell victim to a cyber attack, leaving thousands of residents vulnerable to a phishing scam. Salford City Council’s housing register remained down after a "cyber breach" on 2 August which left 5,200 people without access. |
Source: The BBC |
New Ransomware/Malware Discovered in August 2024
New Ransomware |
Summary |
Sitting Ducks DNS |
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. |
New SharpRhino malware |
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. |
New LianSpy malware |
A previously undocumented Android malware named 'LianSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. |
New CMoon USB worm |
A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. |
Named EDRKillShifte |
RansomHub ransomware operators are now deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks. |
Banshee Stealer |
Researchers have discovered new information-stealing malware labelled Banshee Stealer that is designed to breach Apple computers. It was reportedly developed by a threat actor who uses the Russian language on their Telegram channel and avoids targeting systems based in Russia. |
‘Styx Stealer’ malware |
A suspected developer of a new malware strain called Styx Stealer made a “significant operational security error” and leaked data from his computer, including details about clients and earnings, researchers have found. |
New NGate Android malware |
A strain of malware built for Android devices was used by cybercriminals to rob three Czech banks in a campaign uncovered over the last nine months. |
New Tickler malware |
New Tickler malware used to backdoor US govt, defence orgs |
Source: BleepingComputer & The Record
Vulnerabilities/Patches Discovered in August 2024
Date |
New Malware/Flaws/Fixes |
Summary |
August 05, 2024 |
CVE-2024-36971 |
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. |
August 07, 2024 |
CVE-2024-4885 |
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. |
August 08, 2024 |
CVE-2024-20450, CVE-2024-20451, CVE-2024-20452, CVE-2024-20453, and CVE-2024-20454 |
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. |
August 08, 2024 |
CVE-2024-32113, CVE-2024-36971 |
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. |
August 09, 2024 |
CVE-2023-31315 |
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. |
August 09, 2024 |
CVE-2024-38200 |
Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. |
August 12, 2024 |
CVE-2024-38063 |
Microsoft warned customers to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. |
August 13, 2024 |
CVE-2024-41730 |
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. |
August 14, 2024 |
CVE-2024-28986 |
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory. |
August 16, 2024 |
CVE-2024-23897 |
Researchers have discovered that a damaging ransomware attack on a digital payment system used by many of India’s banks began with a vulnerability in Jenkins - a widely used open-source automation system for software developers. |
August 19, 2024 |
CVE-2024-23897 |
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalogue of security bugs, warning that it's actively exploited in attacks. |
August 19, 2024 |
CVE-2024-38193 |
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. |
August 21, 2024 |
CVE-2024-28000 |
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. |
August 21 and 31, 2024 |
CVE-2024-7971 |
Google has released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks. Suspected North Korean hackers targeted crypto industry with Chromium zero-day |
August 27, 2024 |
CVE-2024-39717 |
The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. |
August 28, 2024 |
CVE-2024-7262 |
South Korean hackers exploited WPS Office zero-day to deploy malware |
August 29, 2024 |
CVE-2024-7029 |
Malware exploits 5-year-old zero-day to infect end-of-life IP cameras |
Source: BleepingComputer & The Record
Warnings/Advisories/Reports/Analysis
News Type |
Summary |
Report |
The two individuals suspected of developing and being the administrators of the “Russian Coms” caller ID spoofing service were arrested in London, the National Crime Agency (NCA) announced. |
Report |
Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%. |
Report |
Chinese officials responded to accusations from Germany that it was behind an attack on the country’s state cartography agency, calling them “unfounded.” |
Warning |
The Federal Bureau of Investigation (FBI) warned of scammers posing as employees of cryptocurrency exchanges to steal funds from unsuspecting victims. |
Report |
The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. According to the U.S. Department of Justice, the fraudulent operation targeted elderly victims in the United States and Canada. |
Warning |
Two federal agencies urged voters to be prepared for distributed denial-of-service (DDoS) attacks on infrastructure used to support the 2024 election in November. |
Report |
The U.S. Senate confirmed Michael Sulmeyer as the Defense Department’s first cyber police chief. |
Report |
A China-based cyber-espionage group compromised an internet service provider (ISP) to spread malware in 2023, researchers said, confirming a hunch expressed in an earlier report about the same operation. |
Report |
The Justice Department indicted Russian national Roman Pikulev for his role in founding and operating Cryptonator - an unlicensed cryptocurrency exchange that the U.S. said processed more than $235 million in illicit funds. |
Report |
The Department of Justice and Federal Trade Commission filed a civil suit against TikTok and its parent company ByteDance, asserting that the Chinese-owned social media giant flagrantly violated children’s privacy laws. |
Report |
A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. |
Report |
Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. |
Report |
The launch date for the repeatedly delayed replacement service for Action Fraud, the much-criticised reporting centre for fraud and financially motivated cybercrime in Britain, has again been pushed back, a senior police officer said. |
Report |
The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta’s extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. |
Warning |
South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. |
Report |
Researchers have uncovered a campaign targeting hospitality workers in Canada and Europe in July with banking malware known as Chameleon. Among the hackers' targets was an unnamed Canadian restaurant chain operating internationally. |
Report |
A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore as INTERPOL said this was the largest recovery of funds stolen through a business email compromise (BEC) scam. |
Report |
The SEC has concluded its investigation into Progress Software’s handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. |
Report |
Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools. |
Report |
The United Nations passed its first cybercrime treaty in a unanimous vote supporting an agreement first put forward by Russia. The passage of the treaty is significant and establishes for the first time a global-level cybercrime and data access-enabling legal framework. |
Report |
Russia's telecommunications watchdog Roskomnadzor has restricted access to the Signal encrypted messaging service for what it describes as violations of Russian anti-terrorism and anti-extremism legislation. |
Report |
At the Black Hat cybersecurity conference, National Cyber Director Harry Coker, Jr. said his office is working with the Department of Treasury’s federal insurance office as well as officials at the Cybersecurity and Infrastructure Security Agency (CISA) on the effort. |
Report |
X has always had a bot problem, but now scammers are utilising the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. |
Report |
European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train "Grok," the social media company's large language model. |
Report |
Hackers have targeted dozens of computers belonging to Russian state agencies and tech companies with malicious tools linked to Chinese threat actors, according to a new report. |
Report |
Three state governments have announced a $4.5 million payment from Enzo Biochem - a biotech company that suffered a ransomware attack in April 2023 - for failing to protect the diagnostic test information and personal data of nearly 2.5 million people. |
Report |
The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. |
Report |
A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device. |
Report |
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. |
Report |
Researchers said they discovered eight vulnerabilities in a range of Microsoft applications for macOS, including Teams, Outlook, Word, PowerPoint, OneNote and Excel, that could allow an attacker to gain access to a user’s “microphone, camera, folders, screen recording, user input and more.” |
Report |
Iran is behind a series of cyberattacks targeting U.S. presidential campaigns that aim to “stoke discord and undermine confidence in our democratic institutions,” according to several leading cybersecurity agencies. |
Report |
Hackers with suspected ties to Iran’s military allegedly targeted a prominent Jewish religious figure in a phishing campaign. The hackers reportedly used multiple email addresses pretending to belong to the research director for the Institute for the Study of War (ISW), an American-based think tank. |
Report |
Hackers set up malicious banking applications that were nearly identical to legitimate European ones in an effort to steal user data in an elaborate phishing scheme, according to new research. |
Report |
A Kentucky man who hacked into a state registry and faked his own death to avoid paying child support was sentenced on Monday to 81 months in prison. |
Report |
The social media platform X banned an account used by a self-described pro-Palestinian hacking group, shortly after the United States issued a warning about Iranian cyber actors targeting the country’s presidential election. |
Report |
The Qilin ransomware group has been using a new tactic which deploys a custom stealer to steal account credentials stored in Google Chrome browser. |
Report |
Chinese authorities said that they have extradited from Thailand a suspected leader of a crypto pyramid scheme that generated nearly $14 billion in illegal profits. |
Warning |
Cybercriminals have expanded the scope of so-called highway toll text scams in recent months, targeting people across multiple states with malicious SMS messages demanding payment for fictitious charges. |
Report |
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. |
Report |
The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday. |
Report |
‘Store now, decrypt later’: US leaders prep for quantum cryptography concerns |
Report |
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations |
Report |
Intel officials say they anticipate more hacking attempts as US election nears |
Report |
Alarming Rise In Cyber Threats Targeting Indian Websites, APIs: Indusface Report |
Report |
US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks |
Report |
Japan's police agency requests ¥6 billion to tackle cyberattacks |
Report |
India's Critical Infrastructure Suffers Spike in Cyberattacks |
Report |
Chinese cyberattacks hit nearly half of German firms, study |
Analysis |
Watchdog reprimands Labour following data breach |
Source: BleepingComputer & The Record