Cyber Security Blog

August 2024: Biggest Cyber Attacks, Data Breaches, Ransomware Attacks

Written by Aditi Uberoi | 2 September 2024

France's Grane palais, Arcadian Ambulance service, Security Service of Ukraine, AutoCanada, Halliburton, Pharma giant- Cencora, ADT Alarm, US National Public Data, POLADA, Kootenai Health.

What do these organisations have in common? Nothing much except that they were all victims of cyber crime in August 2024.

  1. Ransomware Attacks in August 2024
  2. Data Breaches in August 2024
  3. Cyber Attacks in August 2024
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in August 2024

We're back with another exhaustive list of cyber attacks, ransomware attacks and data breaches for the month of August 2024. The diverse list of organisations that were compromised this month point to one resounding truth all over again - nobody is immune to the wrath of malicious threat actors on the internet. 

Is there a solution to this massive global plague? While nobody can offer complete protection to you against cyber attacks, there's a lot you can do to prevent an attack from ravaging your business. Cyber Incident Planning and Response is the first and most important step you can take today to mitigate the damage from any cybersecurity incident. Additionally, utilizing Software Testing Services can help identify vulnerabilities in your systems, further strengthening your defenses against potential threats.   

Get your Incident Response in order, training your staff with our NCSC Assured Cybersecurity Training programmes, understand the importance of Crisis Communications and establish robust protocols.

Finally, ensure that you give your team adequate practice in responding to cyber attacks and cybersecurity decision-making with Cyber Attack Tabletop Exercises. The numerous attacks listed below serve effectively for creating your own Cyber Tabletop Exercise Scenarios. And if all or any of the above sound too intimidating, don't hesitate to reach out to our Virtual Cybersecurity Assistants to help you get your cybersecurity posture and resilience in order in the most cost-effective way possible today. 

Ransomware Attacks in August 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

August 01, 2024

Acadian Ambulance Services

Acadian Ambulance Services leaks protected health information after cyber attack

Daixin Ransomware

The disclosure followed the listing of Acadian on a dark web data leak site controlled by the Daixin Team ransomware group. The ransomware group claimed responsibility for the Acadian ransomware attack and demanded $7 million in ransom or threatened to publish the stolen health information if the ambulance services company refused to pay. Acadian has apparently offered to pay $173,000, a proposal that the ransomware group has rejected so far. The group claims it stole 11 million customer and employee data records.

Acadian Ambulance Services ransomware attack

August 02, 2024

Sable International

Hackers directly email customers of immigration firm after damaging cyber attack

BianLian Ransomware

Sable International, offering immigration services and legal resources for those with international businesses, warned officials in multiple countries that a recent cyber attack may have exposed sensitive customer information. The hackers behind the attack have been emailing customers about the incident, likely to put pressure on the firm to pay a ransom, and they forced the company to shut down its servers, website and transactional portals. 

Sable International ransomware attack

August 04, 2024

Keytronic

Keytronic reports losses of over $17 million after ransomware attack

Black Basta Ransomware

Electronic manufacturing services provider Keytronic revealed that it suffered losses of over $17 million due to a May ransomware attack. In a filing with the U.S. Securities and Exchange Commission (SEC), Keytronic said it detected the incident on May 6 after disruptions at its Mexico and U.S. sites impacted business applications supporting both operations and corporate functions.

Keytronic ransomware attack

August 04, 2024

OneBlood

Southern blood center recovering from ransomware attack

Russian cybercrime ransomware

A blood centre that serves hundreds of hospitals in the southeastern U.S. began to recover from a ransomware attack as critical software systems used to manage daily operations at OneBlood were coming back online about a week after the attack.

Source:Healthcaredive.com

August 05, 2024

France's Grand Palais

France's Grand Palais discloses cyber attack during Olympic games

Unknown

A French media outlet, Sud Ouest, reported that the attack caused the Grand Palais Rmn to shut down systems to prevent the spread of the attack, disrupting book stores and boutiques at numerous museums in France, and the threat actors allegedly left a ransom note demanding a payment in cryptocurrency or they would leak data stolen in the attack.

France's Grand Palais ransomware attack

August 06, 2024

Sumter County Sheriff's Office

Sumter County Sheriff's Office: Hacking group demands 7 BTC

Rhysida Ransomware

Rhysida ransomware group claims to have breached Sumter County Sheriff's Office. The hackers allegedly exfiltrated data, with the sample provided showing passports, SSNs, and other miscellaneous documents and demanded 7 BTC (approx. $425,000).

Sumter County Sheriff's Office ransomware attack

August 07, 2024

McLaren Health Care

Michigan hospital system struggles with cyber attack as healthcare industry decries ‘Russian’ ransomware

INC ransomware

McLaren Health Care in Michigan confirmed that outages affecting phone systems and computers were the result of a cyber attack that began earlier in the week.

McLaren Health Care ransomware attack

August 08, 2024

The city of Killeen

Killeen hit by ransomware attack from ‘cybercriminal’

BlackSuit Ransomware

The city of Killeen confirmed Thursday it suffered a ransomware attack on Wednesday morning igniting problems with city-government emails, the municipal court system and causing city officials to urge local residents to “monitor their financial accounts.”

Source: kdhnews.com

August 08, 2024

City of Columbus

‘Devastating:’ Stolen Columbus data leaked by ransomware group after auction gets no bids

Rhysida Ransomware

Over three terabytes of stolen data, including Columbus employees’ personal files, were dumped on the dark web, after two auctions by the hackers that attacked the city failed to attract bids. The Rhysida ransomware group began leaking the data after an extended auction ended, according to Ohio State assistant professor Carter Yagemann, CMIT Solutions’ Daniel Maldet and other cybersecurity experts.

Source: nbc4i.com

August 12, 2024

Australian gold mining company Evolution

Australian gold mining company Evolution Mining announces ransomware attack

Unknown

Evolution told investors that it became aware of a ransomware attack impacting its IT systems.

Evolution ransomware attack

August 12, 2024

Schlatter Group

Swiss manufacturer investigating ransomware attack that shut down IT network

Unknown

Hackers attempted to blackmail a Swiss manufacturing giant after a cyberattack as it said in a press release that it was dealing with a criminal cyber attack using malware. Schlatter Group currently does not have access to its email system and urged customers to call them if there are any issues. As part of the investigation, the company is assessing whether data was stolen.

Schlatter Group ransomware attack

August 12, 2024

Kootenai Health

3AM ransomware stole data of 464,000 Kootenai Health patients

3AM Ransomware 

Kootenai Health disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. The stolen data consists of a 22GB archive, available for free, allowing any other cybercriminal to download the data and utilise it in further attacks.

Ransomware attack on Kootenai Health

August 19, 2024

CannonDesign

AvosLocker ransomware attack against CannonDesign confirmed

AvosLocker ransomware

U.S-based global architectural, engineering, and consulting practice CannonDesign confirmed the compromise of data belonging to its 13,000 clients following an AvosLocker ransomware attack in January 2023.

Source: SCMagazine

August 23, 2024

American Radio Relay League

American Radio Relay League confirms $1 million ransom payment

Embargo Ransomware

The American Radio Relay League (ARRL) confirmed it paid a $1 million ransom to obtain a decryptor to restore systems encrypted in a May ransomware attack. After discovering the incident, the National Association for Amateur Radio took impacted systems offline to contain the breach. 

American Radio Relay League ransomware attack update

August 26, 2024

Patelco

Patelco notifies 726,000 customers of ransomware data breach

RansomHub Gang

Patelco Credit Union warned customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year.

Patelco ransomware attack update

August 28, 2024

Microchip Technology

'Play' Ransomware Group claims it breached Microchip, Stole secret data

Play Ransomware

A screenshot shared online suggested the group stole confidential data and personal information in connection with Microchip, as well as budget, payroll, and accounting data. A ransomware group known as "Play" or "Playcrypt" claimed responsibility for a cyber attack on Microchip Technology earlier this month.

Source: pcmag.com


 
Back to Top 



Data Breaches in August 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

August 01, 2024

Cencora

Cencora confirms patient health information stolen in February attack

Unknown

Pharmaceutical giant Cencora confirmed that patients' protected health information and personally identifiable information (PII) was exposed in a February cyber attack. Some of the pharmaceutical companies impacted by this breach included Novartis, Bayer, AbbVie,  Pharma America, Acadia Pharmaceuticals and GlaxoSmithKline Group.

Source: BleepingComputer

August 01, 2024

An unnamed Taiwanese research organisation

Taiwan government-backed research organisation targeted by APT41 hackers

Chinese APT41 hackers

A Taiwanese government-affiliated research institute working on sensitive technologies was breached by one of China’s most infamous hacking operations, researchers. The hackers deployed the ShadowPad malware - a hallmark of China-based hackers - and several additional tools were written in Simplified Chinese. The hackers used backdoors and compression tools to exfiltrate a large number of files.

Data breach attack on Taiwanese research organisation

August 05, 2024

Mobile Guardian

Hacker wipes 13,000 devices after breaching classroom management platform

Unknown

A hacker has breached Mobile Guardian and remotely wiped data from at least 13,000 student's iPads and Chromebooks. The platform announced it suffered a security breach on August 4, 2024, where a hacker gained unauthorised access to its platform, impacting its North American, European, and Singaporean instances.

Source: BleepingComputer

August 08, 2024

ADT Alarm

Home alarm company ADT says hackers obtained ‘limited’ customer data

Unknown

The home security systems company ADT Inc. announced that unauthorised hackers unlawfully broke into some databases storing customer order information as attackers made off with “limited” customer information, including email addresses, phone numbers and home addresses.

Source: The Record

August 08, 2024

CSC ServiceWorks

CSC ServiceWorks discloses data breach after 2023 cyber attack

Unknown

A laundry services provider, ​CSC ServiceWorks disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. CSC ServiceWorks believed the threat actors had access to compromised systems on its network from September 23, 2023, to February 4, 2024.

CSC ServiceWorks data breach

August 08 and 15, 2024

National Public Data

Hackers leak 2.7 billion data records with Social Security numbers

Hackers known as “Fenice” and “SXUL” on BreachForum

Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases as a threat actor known as "Fenice" leaked the most complete version of the stolen National Public Data data for free on the Breached hacking forum. Fenice also said the data breach was conducted by another threat actor named "SXUL," rather than USDoD.

Source: BleepingComputer

August 12, 2024

Poland’s anti-doping agency POLADA

Suspected 'hostile state' behind hack of Poland’s anti-doping agency and leak of athletes' data

“Beregini” described itself on Telegram as a “Ukrainian hacker group” and claimed the attack was in response to the Olympic Games having “been turned into a political oppression instrument.”

POLADA’s website went down and remained offline as tens of thousands of confidential files were compromised in the attack including the medical records and testing histories of Polish athletes.

Hackers “supported by the services of [a] hostile state” were believed to be behind the leak of over 50,000 confidential files from POLADA.

Source: The Record

August 12, 2024

South Korea's ruling party, People Power Party (PPP)

South Korea says DPRK hackers stole spy plane technical data

DPRK hackers

South Korea's ruling party, People Power Party (PPP), claimed that North Korean hackers stole crucial information about K2 tanks, the country's main battle tank, as well as its "Baekdu" and "Geumgang" spy planes.

Data breach attack on South Korea's ruling party, People Power Party (PPP)

August 13, 2024

Orion, a Luxembourg-based company

Carbon black supplier Orion loses $60 million in business email compromise scam

Unknown

About $60 million was stolen from one of the leading suppliers of carbon products after an employee was tricked into making several wire transfers to cybercriminals. The funds were stolen from Orion, a Luxembourg-based company that produces carbon black, a material used to make tires, ink, batteries, plastics and more.

Source: The Record

August 18, 2024

FlightAware

FlightAware configuration error leaked user data for years

Unknown

Flight tracking platform FlightAware asked some users to reset their account login passwords due to a data security incident that may have exposed personal information. The company said: "On July 25, 2024, we discovered a configuration error that may have inadvertently exposed your personal information in your FlightAware account, including user ID, password, and email address".

FlightAware data breach

August 18, 2024

Oregon Zoo

Cybercriminals syphon credit card numbers from Oregon Zoo website

Unknown

Cybercriminals were able to steal the credit card information of more than 100,000 people this year after taking over parts of a website run by the Oregon Zoo. The Portland-based zoo filed documents with regulators that outlined a months-long campaign against the payment platform the organisation uses on its website.

Data breach attack on a Poland-based Oregon Zoo

August 18, 2024

Toyota North America

Toyota confirms third-party data breach impacting customers

ZeroSevenGroup

Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. ZeroSevenGroup said they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information.

Toyota data breach

August 26, 2024

Park’N Fly

Park’N Fly notifies 1 million customers of data breach

Unknown

Park'N Fly warned that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network.

Park’N Fly data breach

August 26, 2024

Customer-engagement firm Exotel

Customer-engagement platform Exotel confirms data breach

Unknown

Bengaluru-(India)-based customer-engagement firm Exotel suffered a data breach within one of its cloud infrastructure platforms in Singapore, affecting some of its customers.

Exotel data breach

August 27, 2024

Young Consulting (now Connexure)

BlackSuit ransomware steals data of 950,000 from software vendor

BlackSuit Ransomware

Young Consulting sent data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024.

Data breach attack on Young Consulting (now Connexure)

August 28, 2024

Banham Poultry

Staff details stolen in poultry factory cyber attack

Unknown

Banham Poultry, based in Attleborough, said criminals had remotely accessed its system in the early hours of 18 August as staff at a poultry factory in Norfolk have had their personal details stolen in a cyber attack.

Banham Poultry data breach

August 28, 2024

Azov Battalion (the 3rd Separate Assault Brigade)

Russian hacker group RaHDit leaks data on 7,700 Azov soldiers

RaHDit Hackers

A pro-Russia hacker group RaHDit published data of almost 7,700 members of the revamped Azov Battalion (the 3rd Separate Assault Brigade) including over 4,000 images.

Data breach attack on Ukraine's Azov Battalion

August 28, 2024

Durex India

Durex India spilled customers’ private order data

Unknown

Durex India, the Indian subsidiary of the British condom and personal lubricants brand, has exposed its customers’ personal information, including their full names and order details. The brand’s website spilled customer names, phone numbers, email addresses, shipping addresses, the products ordered and the amount paid.

Source: TechCrunch

August 29, 2024

Fota Wildlife Park

Warning to customers as Fota Wildlife Park hit by cyber attack

Unknown

Fota Wildlife Park in Cork has been hit by a cyber attack and customers have been warned that their financial information may have been compromised. In an email to customers, the park said that for anyone who carried out a transaction on its website between the dates of 12 May 2024 and 27 August 2024, there is a risk that their financial information may be compromised.

Fota Wildlife Park data breach


Back to Top 

Cyber Attacks in August 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

August 07, 2024

A financial institution in Israel

Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack

Unknown

For the entire attack duration of almost 24 hours, Akamai Prolexic blocked approximately 419 terabytes of traffic. Akamai prevented one of the largest distributed denial-of-service (DDoS) cyber attacks it has ever observed against a major financial services company in Israel.

Cyber attack on a  financial institution in Israel

August 07, 2024

Ronin Network

Ronin Network hacked, $12 million returned by "white hat" hackers

Unknown

Gambling blockchain Ronin Network suffered a security incident when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. But, the white-hats have fully returned the stolen funds and will receive a generous $500,000 bounty for their "forced audit."

Ronin Network cyber attack

August 12, 2024

Ukraine’s Security Service

Hackers posing as Ukraine’s Security Service infect 100 govt PCs

A threat group tracked as UAC-0198

Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies. The Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that the attackers successfully infected over 100 computers with AnonVNC malware.

Source: BleepingComputer

August 12, 2024

AutoCanada

AutoCanada discloses cyber attack impacting internal IT systems

BlackSuit Ransomware

Hackers targeted AutoCanada in a cyber attack that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. The source said that it's worth noting that AutoCanada has also been impacted by CDK Global's massive IT outage caused by the BlackSuit Ransomware attack.

Source: BleepingComputer

August 23 and 29, 2024

Halliburton

Halliburton forced to take systems offline to contain cyber attack

RansomHub Gang

Oil field giant Halliburton provided details to regulators about the recent cyber attack that necessitated the shut-down of certain systems. The company said that it was hit by a cyber attack that affected operations at its headquarters in Houston. In an 8-K report submitted to the Securities and Exchange Commission (SEC), the company said hackers “gained access to certain of its systems.”

Cyber attack on an oil field company Halliburton


RansomHub Gang is behind Halliburton cyber attack

August 26, 2024

Seattle-Tacoma International Airport

Seattle's airport, seaport isolate systems after cyber attack

Unknown

Travellers in Seattle were asked to complete as much of the preflight process as possible at home after a cyber attack left the Seattle-Tacoma International Airport without internet and web systems. The Port of Seattle, which includes the airport, published a statement that hours earlier it “experienced certain system outages indicating a possible cyber attack.”

Seattle-Tacoma International Airport cyber attack

August 28, 2024

Dick's Sporting Goods

Dick's Sporting Goods discloses cyber attack

Unknown

Dick's Sporting Goods has admitted that it suffered a cyberattack as in an SEC 8-K filing, the retailer told the regulator that on August 21, it found an unnamed third party was snooping around its servers, including portions of its systems containing certain confidential information. The company has no knowledge that this incident has disrupted business operations.

Source: The Register

August 28, 2024

Salford City Council

Housing register still down weeks after cyber attack

Unknown

A council housing register remained suspended weeks after it fell victim to a cyber attack, leaving thousands of residents vulnerable to a phishing scam. Salford City Council’s housing register remained down after a "cyber breach" on 2 August which left 5,200 people without access.

 


Source: The BBC


Back to Top 

Back to Top 

New Ransomware/Malware Discovered in August 2024

New Ransomware

Summary

Sitting Ducks DNS

Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar.

New SharpRhino malware

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks.

New LianSpy malware

A previously undocumented Android malware named 'LianSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection.

New CMoon USB worm

A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website.

Named EDRKillShifte

RansomHub ransomware operators are now deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks.

Banshee Stealer

Researchers have discovered new information-stealing malware labelled Banshee Stealer that is designed to breach Apple computers. It was reportedly developed by a threat actor who uses the Russian language on their Telegram channel and avoids targeting systems based in Russia.

‘Styx Stealer’ malware

A suspected developer of a new malware strain called Styx Stealer made a “significant operational security error” and leaked data from his computer, including details about clients and earnings, researchers have found.

New NGate Android malware

A strain of malware built for Android devices was used by cybercriminals to rob three Czech banks in a campaign uncovered over the last nine months.

New Tickler malware

New Tickler malware used to backdoor US govt, defence orgs

Source: BleepingComputer & The Record

 Back to Top 

Vulnerabilities/Patches Discovered in August 2024

Date

New Malware/Flaws/Fixes

Summary

August 05, 2024

CVE-2024-36971

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.

August 07, 2024

CVE-2024-4885

Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks.

August 08, 2024

CVE-2024-20450, CVE-2024-20451, CVE-2024-20452, CVE-2024-20453, and CVE-2024-20454

Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones.

August 08, 2024

CVE-2024-32113, CVE-2024-36971

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. 

August 09, 2024

CVE-2023-31315

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. 

August 09, 2024

CVE-2024-38200

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch.

August 12, 2024

CVE-2024-38063

Microsoft warned customers to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. 

August 13, 2024

CVE-2024-41730

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. 

August 14, 2024

CVE-2024-28986

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory.

August 16, 2024

CVE-2024-23897

Researchers have discovered that a damaging ransomware attack on a digital payment system used by many of India’s banks began with a vulnerability in Jenkins - a widely used open-source automation system for software developers. 

August 19, 2024

CVE-2024-23897

​CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalogue of security bugs, warning that it's actively exploited in attacks. 

August 19, 2024

CVE-2024-38193

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. 

August 21, 2024

CVE-2024-28000

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.

August 21 and 31, 2024

CVE-2024-7971

Google has released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks.


Suspected North Korean hackers targeted crypto industry with Chromium zero-day

August 27, 2024

CVE-2024-39717

The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. 

August 28, 2024

CVE-2024-7262

South Korean hackers exploited WPS Office zero-day to deploy malware

August 29, 2024

CVE-2024-7029

Malware exploits 5-year-old zero-day to infect end-of-life IP cameras

Source: BleepingComputer & The Record

 Back to Top

Warnings/Advisories/Reports/Analysis

News Type

Summary

Report

The two individuals suspected of developing and being the administrators of the “Russian Coms” caller ID spoofing service were arrested in London, the National Crime Agency (NCA) announced.

Report

Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%.

Report

Chinese officials responded to accusations from Germany that it was behind an attack on the country’s state cartography agency, calling them “unfounded.”

Warning

The Federal Bureau of Investigation (FBI) warned of scammers posing as employees of cryptocurrency exchanges to steal funds from unsuspecting victims.

Report

The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. According to the U.S. Department of Justice, the fraudulent operation targeted elderly victims in the United States and Canada.

Warning

Two federal agencies urged voters to be prepared for distributed denial-of-service (DDoS) attacks on infrastructure used to support the 2024 election in November.

Report

The U.S. Senate confirmed Michael Sulmeyer as the Defense Department’s first cyber police chief.

Report

A China-based cyber-espionage group compromised an internet service provider (ISP) to spread malware in 2023, researchers said, confirming a hunch expressed in an earlier report about the same operation.

Report

The Justice Department indicted Russian national Roman Pikulev for his role in founding and operating Cryptonator - an unlicensed cryptocurrency exchange that the U.S. said processed more than $235 million in illicit funds.

Report

The Department of Justice and Federal Trade Commission filed a civil suit against TikTok and its parent company ByteDance, asserting that the Chinese-owned social media giant flagrantly violated children’s privacy laws.

Report

A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor.

Report

​Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America.

Report

The launch date for the repeatedly delayed replacement service for Action Fraud, the much-criticised reporting centre for fraud and financially motivated cybercrime in Britain, has again been pushed back, a senior police officer said.

Report

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta’s extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices.

Warning

South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks.

Report

Researchers have uncovered a campaign targeting hospitality workers in Canada and Europe in July with banking malware known as Chameleon. Among the hackers' targets was an unnamed Canadian restaurant chain operating internationally.

Report

A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore as INTERPOL said this was the largest recovery of funds stolen through a business email compromise (BEC) scam.

Report

The SEC has concluded its investigation into Progress Software’s handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people.

Report

Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools.

Report

The United Nations passed its first cybercrime treaty in a unanimous vote supporting an agreement first put forward by Russia. The passage of the treaty is significant and establishes for the first time a global-level cybercrime and data access-enabling legal framework.

Report

Russia's telecommunications watchdog Roskomnadzor has restricted access to the Signal encrypted messaging service for what it describes as violations of Russian anti-terrorism and anti-extremism legislation.

Report

At the Black Hat cybersecurity conference, National Cyber Director Harry Coker, Jr. said his office is working with the Department of Treasury’s federal insurance office as well as officials at the Cybersecurity and Infrastructure Security Agency (CISA) on the effort.

Report

X has always had a bot problem, but now scammers are utilising the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites.

Report

European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train "Grok," the social media company's large language model.

Report

Hackers have targeted dozens of computers belonging to Russian state agencies and tech companies with malicious tools linked to Chinese threat actors, according to a new report.

Report

Three state governments have announced a $4.5 million payment from Enzo Biochem - a biotech company that suffered a ransomware attack in April 2023 - for failing to protect the diagnostic test information and personal data of nearly 2.5 million people.

Report

The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology.

Report

A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device.

Report

Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.

Report

Researchers said they discovered eight vulnerabilities in a range of Microsoft applications for macOS, including Teams, Outlook, Word, PowerPoint, OneNote and Excel, that could allow an attacker to gain access to a user’s “microphone, camera, folders, screen recording, user input and more.”

Report

Iran is behind a series of cyberattacks targeting U.S. presidential campaigns that aim to “stoke discord and undermine confidence in our democratic institutions,” according to several leading cybersecurity agencies.

Report

Hackers with suspected ties to Iran’s military allegedly targeted a prominent Jewish religious figure in a phishing campaign. The hackers reportedly used multiple email addresses pretending to belong to the research director for the Institute for the Study of War (ISW), an American-based think tank.

Report

Hackers set up malicious banking applications that were nearly identical to legitimate European ones in an effort to steal user data in an elaborate phishing scheme, according to new research.

Report

A Kentucky man who hacked into a state registry and faked his own death to avoid paying child support was sentenced on Monday to 81 months in prison.

Report

The social media platform X banned an account used by a self-described pro-Palestinian hacking group, shortly after the United States issued a warning about Iranian cyber actors targeting the country’s presidential election.

Report

The Qilin ransomware group has been using a new tactic which deploys a custom stealer to steal account credentials stored in Google Chrome browser.

Report

Chinese authorities said that they have extradited from Thailand a suspected leader of a crypto pyramid scheme that generated nearly $14 billion in illegal profits.

Warning

Cybercriminals have expanded the scope of so-called highway toll text scams in recent months, targeting people across multiple states with malicious SMS messages demanding payment for fictitious charges.

Report

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of  €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations.

Report

The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday.

Report

‘Store now, decrypt later’: US leaders prep for quantum cryptography concerns

Report

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

Report

Intel officials say they anticipate more hacking attempts as US election nears

Report

Alarming Rise In Cyber Threats Targeting Indian Websites, APIs: Indusface Report

Report

US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks

Report

Japan's police agency requests ¥6 billion to tackle cyberattacks

Report

India's Critical Infrastructure Suffers Spike in Cyberattacks

Report

Chinese cyberattacks hit nearly half of German firms, study

Analysis

Watchdog reprimands Labour following data breach

Source: BleepingComputer & The Record

Back to Top