December 2024: Major Cyber Attacks, Data Breaches, Ransomware Attacks

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

December 01, 2024

Refinadora Costarricense de Petróleo, known by most as RECOPE

Costa Rica state energy company calls in US experts to help with ransomware attack

Unknown

The state-owned energy provider for Costa Rica, RECOPE, was hit with a ransomware attack requiring the company to shift to manual operations. It called in help from abroad as Karla Montero, president of RECOPE, said cybersecurity experts from the U.S. arrived on Thanksgiving and were able to help “gradually restore some systems” but said the organisation “will continue to operate systems manually until it is fully guaranteed that processes are safe.”

Ransomware attack on Costa Rica energy provider RECOPE

December 02, 2024

A U.S. energy contractor ENGlobal

Major energy contractor reports 'limited' access to IT after ransomware locks files

Unknown

American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November. It said in its filing with the US Securities and Exchange Commission (SEC) that it became aware of a cybersecurity incident on November 25 after criminals broke into its networks and locked up some of its files.

Ransomware attack on a U.S. energy contractor ENGlobal

December 03, 2024

BT

BT unit took servers offline after Black Basta ransomware breach

Black Basta

UK's telecommunications giant BT Group confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. A company spokesperson said that the security incident didn't impact BT Group's operations or BT Conferencing services. It was unclear if any systems were encrypted or only data stolen. Black Basta ransomware gang claimed they breached the company's servers and allegedly stole 500 GB of data, including financial and organisational data, "users data and personal docs," NDA documents, confidential information, and more.

BT ransomware attack

December 04, 2024

Hoboken government

Hoboken government recovering from ransomware attack as Conti-linked gang takes credit

The ThreeAM Ransomware Gang (Conti family)

The city of Hoboken is still recovering from a recent ransomware attack that required it to bring in several federal law enforcement agencies for assistance. 

Source: The Record

December 05, 2024

Blue Yonder

Blue Yonder SaaS giant breached by Termite ransomware gang

Termite Ransomware

​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. The threat actors claimed on their leak site: ​"Our team got 680gb of data such as DB dumps Email lists for future attacks (over 16000) Documents (over 200000) Reports Insurance documents". This incident has led to a wave of outages affecting customers using the company's software, including the U.S. coffeehouse chain Starbucks and the Morrisons and Sainsbury's supermarket chains in the United Kingdom, due to disruptions affecting Blue Yonder's managed services hosted environment.

Source: Bleeping Computer

December 06, 2024

Anna Jaques Hospital

Anna Jaques Hospital ransomware breach exposed data of 300K patients

Money Message Ransomware

Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 310,000 patients.

Source: Bleeping Computer

December 09, 10, 2024

​Electrica Group

Romanian energy supplier Electrica hit by ransomware attack

Lynx Ransomware

​Electrica Group, a key player in the Romanian electricity distribution and supply market, started investigating a ransomware attack that was still "in progress".

Source: Bleeping Computer

December 09, 2024

Atlanta-based Artivion

Medical device company says shipping processes disrupted by ransomware attack

Pre-Thanksgiving Ransomware 

A company that makes products used in heart surgeries said its delivery systems have been disrupted by a pre-Thanksgiving ransomware attack. The company identified the cyber attack on November 21 and was forced to take some systems offline in response.

Source: The Record

December 12, 2024

Japanese media company, Kadokawa

Japanese game and anime publisher reportedly paid $3 million ransom to Russia-linked hackers

BlackSuit Ransomware

A major Japanese media company appeared to have paid nearly $3 million to Russia-linked hackers following a data breach earlier this year. News agency Kyodo News cited two pieces of evidence that the company, Kadokawa, potentially made an extortion payment to BlackSuit, the ransomware group that claimed the attack. Apparently, emails sent from BlackSuit to multiple executives at the company said it had received the ransom in cryptocurrency. The news agency received them from an anonymous source at Kadokawa. An investigation by security firm Unknown Technologies, commissioned by Kyodo News, uncovered online records of a $2.98 million cryptocurrency transaction made in June, the same month the attack allegedly occurred.

Source: The Record

December 17, 2024

Telecom Namibia

Sensitive data leaked after Namibia ransomware hack

Hunters International

Namibia's state-owned telecoms company has fallen victim to a ransomware attack resulting in the leak of sensitive customer data, including reportedly information about top government officials. Telecom Namibia said the data had been released after it refused to engage with a group of hackers known as Hunters International, and a local media reported that the hackers stole nearly 500,000 pieces of information including personal and financial data belonging to ministries, senior government officials and other company clients.

Telecom Namibia ransomware attack

December 17, 2024

American Addiction Centers

Nearly half a million people had data stolen after cyber attack on American Addiction Centers

Unknown

A September ransomware attack on American Addiction Centers exposed the sensitive healthcare information of more than 400,000 people. The company began mailing out breach notification letters ahead of the Christmas holiday, warning 422,424 people that Social Security numbers and health insurance information were among the data leaked during the attack. 

Source: The Record

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

December 10, 2024

SAG-AFTRA Health Plan

Screen Actors Guild Health Plan sued after September data breach exposes healthcare info

Unknown

A class action lawsuit has been filed against the health plan for the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA) over a data breach announced last week that exposed union members’ sensitive healthcare information.

Source: The Record

December 10, 2024

SRP Federal Credit Union

South Carolina credit union says 240,000 impacted by recent cyber attack

Nitrogen Ransomware

More than 240,000 people had information stolen during a cyber attack on SRP Federal Credit Union. The credit union filed breach notification documents with regulators in Maine and Texas acknowledging that it recently detected suspicious activity on its network, and a ransomware gang named Nitrogen took credit for the attack, claiming to have stolen 650 GB of customer data.

Source: The Record

December 10, 19,  2024

US doughnut chain Krispy Kreme

Krispy Kreme cyber attack impacts online orders and operations

Play Ransomware

US doughnut chain Krispy Kreme suffered a cyber attack in November that impacted portions of its business operations, including placing online orders. The cyber attack has had a material impact on Krispy Kreme's business and will continue until recovery is completed. No specific dates or estimates about that were provided though. The company also expects a "reasonable" financial impact from the loss of revenues from digital sales during the recovery period, fees for cybersecurity experts and advisors, and costs associated with system restoring efforts.

Source: Bleeping Computer

December 12, 2024

Byte Federal

Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal

Unknown

Bitcoin ATM operator Byte Federal is notifying 58,000 people that their personal information might have been compromised in a data breach. Discovered on November 18, the hack occurred after threat actors exploited a vulnerability in the GitLab collaboration platform to access one of its servers.

Byte Federal data breach

December 13, 2024

Auto parts giant LKQ

Auto parts giant LKQ says cyber attack disrupted Canadian business unit

Unknown

Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. In Form 8-K filing, the LKQ said: "On November 13, 2024, LKQ Corporation detected unauthorized access to information technology (IT) systems of a single business unit in Canada ("Business Unit"). The attack disrupted the Business Unit's operations".

Source: Bleeping Computer

December 16, 2024

ConnectOnCall

ConnectOnCall breach exposes health data of over 910,000 patients

Unknown

Healthcare software as a service (SaaS) company Phreesia notified over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, acquired in October 2023.

Source: Bleeping Computer

December 16, 2024

Texas Tech University

Texas Tech University System data breach impacts 1.4 million patients

Interlock Ransomware

The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyber attack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. The threat actors have leaked 2.1 million files totaling 2.6 TB of data allegedly stolen from HSCs, and the entire package is available for download from their extortion portal on the dark web.

Source: Bleeping Computer

December 27, 2024

Volkswagen’s automotive software company, Cariad

Customer data from 800,000 electric cars and owners exposed online

Chaos Computer Club (CCC)

Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations. The exposed databases include details for VW, Seat, Audi, and Skoda vehicles, with geo-location data for some of them being as precise as a few centimeters.

Source: Bleeping Computer

December 27, 2024

US Treasury Department

US Treasury Department breached through remote support platform

Chinese state-sponsored threat actors

Threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. "Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor," reads the letter seen by the New York Times. After investigating the attack, BeyondTrust discovered two zero-day vulnerabilities,  CVE-2024-12356 and CVE-2024-12686, that allowed threat actors to breach and take over Remote Support SaaS instances. As the Treasury Department was a customer of one of these compromised instances, the threat actors were able to use the platform to access agency computers and steal documents remotely.

Source: Bleeping Computer

December 27, 2024

ZAGG

Hackers steal ZAGG customers' credit cards in third-party breach

Unknown

ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company's e-commerce provider, BigCommerce. As a result of this data breach, the attacker stole names, addresses, and payment card data belonging to shoppers at zagg.com between October 26 and November 7, 2024.

Source: Bleeping Computer

December 30, 2024

Atos

Atos database reportedly breached by hackers

Space Bears ransomware

French tech giant Atos has confirmed it has been hit by a cyberattack, but has noted the threat might just be a false alarm.

Source: Tech Radar

December 30, 2024

Cisco

Cisco Confirms Authenticity of Data After Second Leak

IntelBroker

A hacker has leaked more data stolen from a Cisco DevHub instance and the tech giant has confirmed its authenticity and that it originated from a recently disclosed security incident. The hacker known as IntelBroker announced on October 14 that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, encryption keys and other types of information. The hacker initially claimed to have obtained 800 Gb of files, but later said 4.5 Tb of data was taken from the DevHub environment. In mid-December he made available roughly 3 Gb of the data and on Christmas Day he leaked another batch of files, totaling more than 4 Gb.

Source: Security Week

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

December 03, 2024

Solana JavaScript SDK

Solana Web3.js library backdoored to steal secret, private keys

Unknown

The legitimate Solana JavaScript SDK was temporarily compromised in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets.

Source: Bleeping Computer

December 18, 2024

Google Calendar

Ongoing phishing attack abuses Google Calendar to bypass spam filters

Unknown

An ongoing phishing scam abused Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. Check Point told BleepingComputer that the attacks targeted a broad range of companies, including educational institutions, healthcare services, building companies, and banks.

Source: Bleeping Computer

December 18, 2024

BeyondTrust

BeyondTrust says hackers breached Remote Support SaaS instances

Unknown

Privileged access management company BeyondTrust suffered a cyber attack in early December after threat actors breached some of its Remote Support SaaS instances. As part of the company's investigation into the attack, it discovered two vulnerabilities, CVE-2024-12356, CVE-2024-12686.

Source: Bleeping Computer

December 19, 2024

Ukraine's Ministry of Justice

Largest cyber attack on Ukraine's state registers: Ministry of Justice systems shut down

Russian hackers

Ukraine has experienced the largest cyber attack on government registries in recent times. The operation of key Ministry of Justice systems has been temporarily suspended as a result of the attack conducted by Russian hackers. The hackers claimed to have destroyed all data they gained access to, including backup copies stored on servers in Poland.

Cyber attack on the systems of Ukraine’s Ministry of Justice

December 23, 2024

European Space Agency

European Space Agency's official store hacked to steal payment cards

Unknown

The European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

Source: Bleeping Computer

December 26, 2024

Ukraine’s Ministry of Justice

Cyberattack on Ukraine’s state registers disrupts marriage registration, real estate deals

Pro-Russian hacker group XakNet

A large-scale cyberattack believed to have been carried out by Russian hackers knocked most of Ukraine’s state registers offline, leaving citizens unable to access essential services linked to their digital records. According to Ukraine’s Ministry of Justice, which manages around 60 state databases, the cyberattack has disrupted the electronic registration of births, marriages and deaths as these records are now being processed on paper, and once access to the state registers is restored, the data will be transferred into the electronic database. 

Source: The Record

December 26, 2024

Japan Airlines

Japan Airlines resumes operations after cyber attack delays flights

Unknown

Japan’s flag carrier announced that it has restored its systems following a cyber incident that delayed some domestic and international flights. Upon identifying the issue, the carrier said it temporarily shut down the affected system and suspended ticket sales for same-day departures, along with some online services for passengers. According to local media reports, the attack also impacted the system for managing passenger baggage, as well as the company’s mobile app.

Source: The Record

December 27, 2024

Cyberhaven

Cybersecurity firm's Chrome extension hijacked to steal users' data

Unknown

At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store. Among Cyberhaven's customers are Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart, and Kirkland & Ellis. The hacker hijacked the employee’s account and published a malicious version (24.10.4) of the Cyberhaven extension, which included code that could exfiltrate authenticated sessions and cookies to the attacker's domain (cyberhavenext[.]pro).

Source; Bleeping Computer

December 27, 2024

Thomas Cook

Thomas Cook hit by cyberattack, temporarily shuts down affected IT systems

Unknown

Thomas Cook said its operations in India were disrupted by a cyberattack that impacted its IT systems, prompting the company to shut down the affected infrastructure.

Thomas Cook cyber attack

December 30, 2024

Sri Lankan Police

Sri Lankan Police Social Media, Govt Printer Dept Website Targeted by Cyberattacks

Unknown

The social media accounts of the Sri Lankan police and the official website of the government’s Printer Department were targeted by cyberattacks, according to officials. “Our YouTube, Facebook, Instagram, Tiktok and X were hit by cyber-attacks. By now, we have restored all of them other than YouTube," said Police Spokesman and Superintendent K B Manathunga.

Sri Lankan Police cyber attack

New Ransomware

Summary

Android banking malware named 'DroidBot'

A new Android banking malware named 'DroidBot' attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal.

Latrodectus malware

Latrodectus is a versatile malware family that employs advanced tactics to infiltrate systems, steal sensitive data, and evade detection. Named after the black widow spider genus “Latrodectus”, this malware behaves with similar stealth and aggression.

EagleMsgSpy malware

A previously undocumented Android spyware called 'EagleMsgSpy' has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices.

IOCONTROL malware

Iranian threat actors are utilising a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States.

Pumakit malware

A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems.

BoneSpy and PlainGnome malware

Russian cyberspies Gamaredon has been discovered using two Android spyware families named 'BoneSpy' and 'PlainGnome' to spy on and steal data from mobile devices.

Glutton malware

​The Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organisations in China and the U.S., and also in attacks on other cybercriminals.

NoviSpy malware

The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors.

MiyaRAT malware

A cyberespionage threat group known as 'Bitter' was observed targeting defense organisations in Turkey using a novel malware family named MiyaRAT.

OtterCookie malware

North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers.

Date

New Flaws/Fixes

Summary

December 03, 2024

CVE-2024-42448, CVE-2024-42449

Veeam released security updates to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.

December 03, 2024

CVE-2024-8785

A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. 

December 04, 2024

CVE-2024-45841, CVE-2024-47133, CVE-2024-52564

Japan's CERT warned that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. 

December 09, 2024

CVE-2024-54143

A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages.

December 10, 2024

CVE-2024-11639

Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. 

December 11, 12,  2024

CVE-2024-50623

Cybersecurity researchers warned that vulnerabilities in several file transfer products are being exploited by hackers, even after a patch was released by the developer as researchers at cybersecurity firm Huntress said the patch “does not mitigate the software flaw,” and that they’ve seen threat actors exploiting the bug “en masse” over the last week. ​CISA confirmed that a critical security vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks.

December 11, 2024

CVE-2024-11972

Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. 

December 16, 2024

CVE-2024-50623 and CVE-2024-55956

The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits tracked as CVE-2024-50623 and CVE-2024-55956 to breach corporate networks and steal data.

December 16, 2024

CVE-2024-35250

CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. 

December 17, 2024

CVE-2024-53677

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices.

December 19, 2024

CVE-2023-34990

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. 

December 20, 2024

CVE-2024-12727, CVE-2024-12728, CVE-2024-12729

Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. 

December 27, 2024

CVE-2024-3393

Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot.

News Type

Summary

Report

Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.

Report

Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.

Report

In a campaign that began two years ago, the Moscow-backed hacker group Secret Blizzard, also known as Turla, infiltrated infrastructure used by the Pakistan-based cyber-espionage group Storm-0156 to spy on victims of political interest to the Kremlin as the targeted organisations included government and intelligence agencies in Afghanistan, as well as military and defense-related institutions in India, researchers from Microsoft and Lumen Technologies' threat intelligence arm, Black Lotus Labs, revealed in a report.

Warning

The FBI warned that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes.

Report

​Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said. During a press briefing, the White House official told reporters that these breaches include a total of eight telecom firms in the United States, with only four previously known.

Report

A Russian state-sponsored hacker group, Gamaredon, has been targeting Ukrainian-speaking victims in an ongoing cyber-espionage campaign. In its latest campaign, the group has been observed using Cloudflare Tunnels - a tool that helps hide the real location of servers or infrastructure - to infect their targets with custom GammaDrop malware and stay undetected.

Report

Russian telecommunications watchdog Roskomnadzor has blocked the Viber encrypted messaging app, used by hundreds of millions worldwide, for violating the country's legislation.

Warning

CISA and the Environmental Protection Agency (EPA) warned water facilities to secure Internet-exposed Human Machine Interfaces (HMIs) from cyber attacks.

Warning

The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as "task scams," that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money.

Report

Facebook, Instagram, Threads, and WhatsApp suffered massively worldwide, with services impacted in varying degrees based on the user's region.

Report

A large U.S. organisation with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024 as Symantec’s threat researchers said the operation appeared to focus on intelligence gathering, involving multiple compromised machines and targeting Exchange Servers, likely for email and data exfiltration.

Report

A declassified report from Romania’s Intelligence Service says that the country’s election infrastructure was targeted by more than 85,000 cyber attacks as threat actors also obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round.

Report

Radiant Capital said that North Korean threat actors were behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyber attack.

Report

Sen. Ron Wyden unveiled legislation that would require the Federal Communications Commission to set cybersecurity standards for telecom companies, as the policymakers grapple with the ongoing breach of U.S. phone networks by Chinese hackers.

Report

Fourteen North Korean nationals have been indicted for their role in a long-running scam where they stole the identities of U.S. citizens and illegally obtained employment at U.S. companies, earning tens of millions of dollars that they allegedly funneled back to Pyongyang.

Report

Germany's cybersecurity agency reported that at least 30,000 internet-connected devices sold across the country were infected with pre-installed malware known as BadBox.

Report

Hundreds of thousands of Rhode Island residents may have been impacted by a cyber attack on a crucial benefits system, the governor said. In a press conference, Governor Dan McKee urged residents to take actions to protect their financial accounts and said the state had shut down RIBridges, a system that manages social services programs.

Report

Nebraska’s Attorney General has filed a lawsuit against Change Healthcare accusing the company of exposing the sensitive healthcare information of state residents and leaving healthcare providers unable to provide care following a ransomware attack in February.

Report

Federal civilian agencies were ordered to secure their Microsoft cloud systems after several recent cyber incidents. The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive, giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by the agency’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.

Report

An app supposedly built for calculating a person’s body mass index (BMI) is actually information-stealing malware. “BMI CalculationVsn” is the latest example of malicious software sneaked into an app store under the guise of being a simple tool for consumers.

Report

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot.

Warning

The FBI warned that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online.

Warning

Senior government officials and politicians need to use end-to-end encrypted apps and should assume all of their messages are at risk of being stolen or manipulated, federal cybersecurity experts said.

Report

The Irish Data Protection Commission (DPC) fined Meta €251 million ($263.6M) over General Data Protection Regulation (GDPR) violations arising from a 2018 personal data breach impacting 29 million Facebook accounts.

Report

A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency.

Warning

A specific line of Juniper Networks devices can easily become infected with Mirai malware if users don’t scrap their default passwords, the company says in an advisory.

Warning

Catholic healthcare giant Ascension Health has warned almost 6 million people that their information was accessed by hackers in a ransomware attack against the organisation earlier this year. The revelation comes after the organisation said in June that the hackers accessed just seven of its 25,000 servers during the ransomware attack and likely only stole some health information and personal data belonging to “certain individuals.”

Report

​Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by the Russian government as an "undesirable" organisation.

Report

More than $2 billion worth of cryptocurrency has been stolen from crypto platforms in 2024 according to blockchain research firm Chainalysis.

Warning

Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials.

Report

The developer of the powerful Pegasus spyware was found liable for its role in the infection of devices belonging to 1,400 WhatsApp users. The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used, and often abused, by a roster of anonymous government clients worldwide. No court has ever before held the company liable for abuses despite its spyware being found on hundreds of phones belonging to activists, journalists and other members of civil society. The company has long stated that its tools can only be used by national security officials and law enforcement officers investigating intelligence matters and crimes.

Report

The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches.

Report

Italy’s data protection agency fined OpenAI 15 million euros ($15.7 million) and ordered the ChatGPT maker to launch a six-month public awareness campaign after a data collection probe of the firm’s flagship artificial intelligence model.

Report

The biggest crypto heist of 2024 was conducted by seasoned cybercriminals working on behalf of North Korea’s government, according to the FBI as an agency partnered with the Defense Department and the National Police Agency of Japan to explain that $308 million in cryptocurrency stolen from Japanese platform DMM in May had been traced back to North Korean hackers known by many researchers as Lazarus or TraderTraitor.

Report

A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. The White House's deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters that this new victim was discovered after the Biden administration released guidance to help defenders spot Chinese hackers' activity in their networks.

Report

AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks.