Date: 1 August 2024
Disney, Virgin Media, Prudential Finance, Evolve Bank, Formula1, Health Equity, Rite Aid, BMW Hong Kong - what could these disparate businesses possibly have in common? Not a lot except that they've all been victims of cyber crime in July 2024.
This month's compilation of the biggest cyber attacks, ransomware attacks and data breaches once again reminds us that no matter who you are, how big you are or what your line of business is - you're not immune to cyber crime.
- Ransomware Attacks in July 2024
- Data Breaches in July 2024
- Cyber Attacks in July 2024
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis etc. in July 2024
Our exhaustive lists of the biggest attacks around the globe each month are meant to empower and educate you. They give a clear picture of how far-reaching and omnipresent cyber attacks are. They are meant to serve as a reminder to get your cyber resilience in order today.
Understand the importance of Cyber Incident Response Planning and educate your staff about how this can go a long way in mitigating damage from an attack. Get your Incident Response plan in order. If you don't have one, create it immediately. If you do, make sure it's regularly refreshed and updated to stay in sync with the evolving threat landscape.
Remember that plans, policies and procedures on paper are great. But they have to be tested to ensure they actually work in an attack situation. They should also be part of the muscle memory of key incident responders so that during a cybersecurity event they respond instinctually and take better decisions.
The only way to achieve this is through cyber attack scenario-based Cyber Tabletop Exercises. A cybersecurity incident simulation tabletop is a cyber drill that puts your team in a simulated attack environment with all the pressure but none of the operational disruptions. They are forced to think and act like they would in the event of a real attack, preparing them to be calmer, respond effectively and make smart decisions when the worst actually hits. The below lists can offer you a host of cyber attack tabletop scenarios to work with.
Read them in detail, understand the impact these attacks have had, the tactics of the threat actors and how the organisations responded. Empower yourself with knowledge and learn from the experiences of others. Because today, the only real protection is preparation.
Ransomware Attacks in July 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
July 01, 2024 |
Patelco Credit Union |
Patelco shuts down banking systems following ransomware attack |
Unknown |
Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. Patelco said: "On June 29, 2024, Patelco Credit Union experienced a ransomware attack impacting its banking systems”. |
|
|
July 01, 2024 |
Kadokawa |
Japanese anime and gaming giant admits data leak following ransomware attack |
BlackSuit Ransomware |
Kadokawa said that the leaked data included business partner information, including contracts and other documents, as well as internal company data such as personal information on all employees of its subsidiary Dwango, which runs the popular Japanese video-sharing site Niconico. The BlackSuit ransomware gang published a small sample of the stolen data and threatened to publish the rest if the company didn’t pay a ransom. It allegedly has access to 1.5 TB of the company’s data. |
|
|
July 05, 2024 |
Ticketmaster |
Ticketmaster discredits dark web claims of stolen barcodes for Taylor Swift concerts |
ShinyHunters, Sp1d3r group |
Ticketmaster shot down claims made on the dark web that hackers have access to working ticket barcodes for several upcoming Taylor Swift concerts and other events. A hacker allegedly offered for sale event barcodes for Taylor Swift’s Eras Tour concert dates in New Orleans, Miami and Indianapolis. The hacker also threatened Ticketmaster with more leaks if they are not paid $2 million — claiming to have 30 million more barcodes for NFL games, Sting concerts and more. Threat actors leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. |
|
|
July 12, 2024 |
AT&T |
Hackers stole ‘nearly all’ call logs over six months from AT&T |
ShinyHunters |
Metadata from “nearly all” call logs and texts made by AT&T customers over a six-month period in 2022 was stolen by hackers who breached the telecom’s data storage platform in April. |
|
|
July 15, 2024 |
Rite Aid Pharmacy |
Rite Aid says June data breach impacted 2.2 million people |
RansomHub |
Rite Aid said that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." "While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people's personal information. This information includes name, address, dl_id number, dob, riteaid rewards number," RansomHub said on their dark web leak site. |
|
|
July 15, 2024 |
Disney |
Hacking group Nullbulge claims to have carried out major cyber attack on Disney |
Nullbulge Group |
About one terabyte of data from Disney's internal Slack workplace appeared to have been leaked online by a hacking group claiming to protect artists' rights. The data contained "unreleased projects, raw images and code, some logins", according to a blog post from the group. |
|
|
July 26, 2024 |
Australian IT services company, Insula Group |
Victorian IT services company Insula confirms BianLian ransomware attack |
BianLian ransomware |
The gang posted details of its latest victim in an overnight post on its darknet leak site, claiming to have stolen 400 gigabytes of data from the Victoria-based company. “Data of this company will be uploaded soon. Contact us if you want to get it, or if you want to protect it,” the gang said, after listing the potentially compromised data: project data, construction data, clients data, user folders, file server data, and “company source codes”. |
Data Breaches in July 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
July 01, 2024 |
Prudential Financial |
Prudential Financial now says 2.5 million impacted by data breach |
Alphv Ransomware |
Prudential Financial revealed that over 2.5 million people had their personal information compromised in a February data breach. The company updated the information shared with the Maine Attorney General's Office regarding the February data breach and now says that the incident impacted 2,556,210 people. |
|
|
July 01 and 08, 2024 |
Affirm/ Evolve Bank |
Affirm says cardholders impacted by Evolve Bank data breach/ Evolve Bank says data breach impacted 7.6 million Americans |
LockBit Ransomware gang |
Buy now, pay later loan company Affirm warned that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during the recent LockBit ransomware attack. |
|
|
July 01, 2024 |
TeamViewer |
TeamViewer: Hackers copied employee directory and encrypted passwords |
APT29, also known as Cozy Bear, BlueBravo and Midnight Blizzard |
TeamViewer said a Kremlin-backed group tracked as APT29 was able to copy employee directory data like names, corporate contact information and the encrypted passwords, which were for the company’s internal IT environment. |
|
|
July 02, 2024 |
Formula 1 |
Formula 1 governing body discloses data breach after email hacks |
Unknown |
FIA (Fédération Internationale de l'Automobile) said attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. "Recent incidents pursuant to phishing attacks led to the unauthorised access to personal data contained in two email accounts belonging to the FIA," the organisation said. "The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents." |
|
|
July 02, 2024 |
Twilio |
Hackers abused API to verify millions of Authy MFA phone numbers |
ShinyHunters |
Twilio confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service. The CSV file contains 33,420,546 rows, each containing an account ID, phone number, an "over_the_top" column, account status, and device count. |
|
|
July 03, 2024 |
HealthEquity |
HealthEquity data breach exposes protected health information of 4.3 million |
Unknown |
HealthEquity warned that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. The Company said it detected the compromise after detecting 'anomalous behaviour' from a partner's personal device and launched an investigation into the incident. The investigation revealed that the partner had been compromised by hackers who leveraged the hijacked account to gain unauthorised access to HealthEquity's systems and, later, exfiltrate sensitive health data. |
|
|
July 07, 2024 |
Roblox |
Roblox vendor data breach exposes dev conference attendee info |
Unknown |
The gaming platform Roblox learned that FNTech, the vendor handling the registration process for those conference events, had been breached, with someone gaining unauthorised access to its systems. The data stolen from FNTech's systems includes conference attendee's full names, email addresses, and IP addresses. |
|
|
July 07, 2024 |
Russian government organisations |
CloudSorcerer hackers abuse cloud services to steal Russian govt data |
APT group CloudSorcerer |
A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organisations in cyberespionage attacks. Kaspersky security researchers discovered the cyberespionage group in May 2024. They report that CloudSorcerer uses custom malware that uses legitimate cloud services for command and control (C2) operations and data storage. |
|
|
July 08, 2024 |
Neiman Marcus |
Neiman Marcus data breach: 31 million email addresses found exposed |
Sp1d3r group |
A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analysed the stolen data. |
|
|
July 09, 2024 |
Microsoft ANZ |
Microsoft ANZ confirms no sensitive data was compromised in alleged data breach |
Hacker named 888 |
A threat actor named 888, who has claimed several high-profile victims in recent weeks, claimed to have stolen Microsoft employee data following an alleged “third-party data breach”, but Microsoft has raised doubts about the claim’s veracity. 888 made the claim in a 9 July post on a popular hacking forum, saying: “In July 2024, 2,073 Microsoft employees’ information were [sic] exposed after a third-party data breach.” |
|
|
July 10, 2024 |
Nokia |
Nokia faces data breach allegations: 7,622 employee records reportedly compromised |
Hacker named 888 |
Nokia Corporation reportedly fell victim to a data breach. According to reports on BreachForums, a threat actor identified as 888 disclosed that over 7,622 records containing personally identifiable information (PII) of Nokia employees were compromised. This breach, allegedly stemming from a third-party incident, exposed sensitive details such as employees’ first and last names, job titles, company names, email addresses, phone numbers, and other pertinent information. |
|
|
July 16, 2024 |
Yacht giant MarineMax |
Yacht giant MarineMax data breach impacts over 123,000 people |
Rhysida Ransomware gang |
MarineMax notified over 123,000 individuals whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. |
|
|
July 16, 2024 |
Trello, Atlassian |
Email addresses of 15 million Trello users leaked on hacking forum |
Emo (BreachForums name) |
A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. |
|
|
July 23, 2024 |
Piramal Group |
Hacker claims theft of Piramal Group’s employee data |
Pseudonymous threat actor |
A hacker claimed to be selling data relating to thousands of current and former employees of the Indian conglomerate Piramal Group. Piramal rebuffed claims that its systems were breached and said the information came from a third party. In a listing on a known cybercrime forum seen by TechCrunch, the pseudonymous threat actor published a small portion of the allegedly stolen Piramal data for an undisclosed amount. The data sample included full names and email addresses. |
|
|
July 25, 2024 |
BMW Hong Kong |
Personal data of 14,000 BMW customers in Hong Kong leaked |
Unknown |
The sole importer of BMW vehicles in Hong Kong said on Thursday the personal data of 14,000 customers had been leaked, seven days after it informed the city’s privacy watchdog of the breach, leading some car owners to express anger over being kept in the dark. |
|
|
July 26, 2024 |
Financial Business and Consumer Solutions (FBCS) |
FBCS data breach impact now reaches 4.2 million people |
Unknown |
Debt collection agency Financial Business and Consumer Solutions (FBCS) has increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. "The compromised data included names, dates of birth, Social Security numbers and driver’s licence numbers, as well as “medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information,” FBCS said. |
Financial Business and Consumer Solutions (FBCS) data breach |
Cyber Attacks in July 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
July 01, 2024 |
The Canadian router manufacturer, Mercku |
Router maker's support portal hacked, replies with MetaMask phishing |
Unknown |
Sources verified that the helpdesk portal of a router maker was sending MetaMask phishing emails in response to newly filed support tickets, in what appeared to be a compromise. Support requests submitted to router manufacturer, Mercku were being auto-responded to with phishing emails. |
|
|
July 01, 2024 |
The University Hospital Centre in Zagreb, known as KBC Zagreb |
LockBit claims cyber attack on Croatia’s largest hospital |
LockBit Ransomware |
The LockBit ransomware gang has claimed responsibility for a cyber attack on Croatia’s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies. |
|
|
July 04, 2024 |
Ethereum |
Ethereum mailing list breach exposes 35,000 to crypto draining attack |
Unknown |
A threat actor compromised Ethereum's mailing list provider and sent a phishing email to over 35,000 addresses with a link to a malicious site running a crypto drainer. |
|
|
July 07, 2024 |
The Frankfurt University of Applied Sciences |
‘Serious hacker attack’ forces Frankfurt university to shut down IT systems |
Unknown |
The Frankfurt University of Applied Sciences announced it was targeted by “a serious hacker attack” that has led to a total shutdown of its IT systems. “Despite very high security precautions, the criminals managed to gain access to parts of the university's IT infrastructure,” the university said, adding it had reported the incident to “the police and the relevant authorities.” |
|
|
July 10, 2024 |
The websites of Macau’s security service, police force, fire and rescue services, and the academy for public security forces |
Macau government websites hit with cyber attack by suspected foreign hackers |
Unknown |
At least five Macau government websites were knocked offline by suspected foreign hackers, for almost an hour, several Chinese media outlets reported, citing local security officials. A distributed denial-of-service attack (DDoS) affected, among others, the websites of Macau’s security service, police force, fire and rescue services, and the academy for public security forces. |
|
|
July 12, 2024 |
Squarespace |
DNS hijacks target crypto platforms registered with Squarespace |
Unknown |
A wave of coordinated DNS hijacking attacks targetted decentralised finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. |
|
|
July 18, 2024 |
Indian crypto platform WazirX |
Indian crypto platform WazirX confirms $230 million stolen during cyber attack |
Suspected North Korean Hackers (Lazarus) |
At least $230 million worth of cryptocurrency was stolen from an India-based cryptocurrency platform named WazirX. Blockchain security companies including Elliptic, Arkham and BlockSec said there was clear evidence of millions worth of cryptocurrency being syphoned out of WazirX. Elliptic pegged the losses at $235 million and broke down the currencies stolen, which include ETH, some U.S. dollar-pegged stablecoins and more. |
|
|
July 23, 2024 |
VTB, The Russian Agricultural Bank, Russia’s privately-owned Gazprombank, Alfa Bank, Rosbank and Post Bank |
Major Russian banks hit with DDoS attacks as Ukraine claims responsibility |
Ukraine’s military intelligence (HUR) |
Several large Russian banks confirmed that they suffered distributed denial-of-service (DDoS) attacks that temporarily disrupted their mobile apps and websites, according to local media reports. Ukraine’s military intelligence (HUR) claimed responsibility for the DDoS campaign against the Russian banking sector. Speaking to Ukrainian media, an anonymous source at HUR said that the attacks also disrupted the operation of several Russian payment systems and large telecom operators, including Beeline, Megafon, Tele2 and Rostelecom. |
|
|
July 23, 2024 |
Hamster Kombat, a clicker mobile game for Android where players earn fictional currency by completing simple tasks, primarily by tapping the screen. |
Hamster Kombat’s 250 million players targeted in malware attacks |
Unknown |
Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. |
|
|
July 24, 2024 |
Virgin Media |
Hackers hit Virgin Media with phishing attacks |
Unknown |
Hackers compromised data of 2014 employees and 19843 users. |
|
|
July 24, 2024 |
Unnamed financial institution in Middle East |
Middle East financial institution hit with six-day DDoS attack |
Pro-Palestinian hacktivists group called SN_BLACKMETA |
An unnamed financial institution in the Middle East was hit with a distributed denial-of-service (DDoS) attack earlier this year that featured multiple waves adding up to about 100 hours over six days. |
Cyber attack on an Unnamed financial institution in Middle East |
|
July 29, 2024 |
Cyber security firm Avanpost |
Pro-Ukrainian hackers claim attack on Russian cyber company |
A pro-Ukrainian hacker group, known as Cyber Anarchy Squad |
Hackers claimed they hacked the Russian information security firm Avanpost and leaked a trove of its data. The hackers said over the weekend that they encrypted over 400 virtual machines running Linux or Windows and most of the physical workstations of the company’s employees. The group also reportedly destroyed more than 60 terabytes of data and leaked 390 gigabytes of “valuable information.” |
New Ransomware/Malware Discovered in July 2024
|
New Ransomware |
Summary |
Source Link |
|
New ransomware group named Volcano Demon |
Researchers say they have discovered a new ransomware group named Volcano Demon that has carried out at least two successful attacks in the past two weeks. |
New ransomware group uses phone calls to pressure victims, researchers say |
|
New Eldorado ransomware |
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. The gang has already claimed 16 victims, most of them in the U.S., in real estate, educational, healthcare, and manufacturing sectors. |
|
|
ViperSoftX malware |
The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. |
ViperSoftX malware covertly runs PowerShell using AutoIT scripting |
|
A new threat actor known as CRYSTALRAY |
A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. |
CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool |
|
The SEXi ransomware to APT INC |
The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organisations in recent attacks. |
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks |
|
New BugSleep malware |
The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. |
|
|
New Play ransomware Linux version |
Play ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines. Cybersecurity company Trend Micro said: "This is the first time that we've observed Play ransomware targeting ESXi environments". |
|
|
New versions of Macma backdoor and the Nightdoor Windows malware. |
The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. |
Vulnerabilities/Patches Discovered in July 2024
|
Date |
New Malware/Flaws/Fixes |
Summary |
Source Link |
|
July 01, 2024 |
CVE-2024-20399 |
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. |
Cisco warns of NX-OS zero-day exploited to deploy custom malware |
|
July 01, 2024 |
CVE-2024-6387 |
A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. |
|
|
July 09, 2024 |
CVE-2024-5441 |
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. |
Hackers target WordPress calendar plugin used by 150,000 sites |
|
July 10, 2024 |
CVE-2024-6385 |
GitLab warned that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. |
GitLab: Critical bug lets attackers run pipelines as other users |
|
July 12, 2024 |
CVE-2024-39929 |
Censys warned that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. |
Critical Exim bug bypasses security filters on 1.5 million mail servers |
|
July 18, 2024 |
CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470 |
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. |
SolarWinds fixes 8 critical bugs in access rights audit software |
|
July 18, 2024 |
CVE-2024-20401 |
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. |
Critical Cisco bug lets hackers add root users on SEG devices |
|
July 22, 2024 |
Telegram zero-day vulnerability, EvilVideo |
A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files. A threat actor named 'Ancryno' first began selling the Telegram zero-day exploit on June 6, 2024, stating the flaw existed in Telegram v10.14.4 and older. |
Telegram zero-day allowed sending malicious Android APKs as videos |
|
July 24, 2024 |
CVE-2024-41110 |
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. |
|
|
July 25, 2024 |
CVE-2024-4879, CVE-2024-5178 and CVE-2024-5217 |
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. |
Critical ServiceNow RCE flaws actively exploited to steal credentials |
|
July 25, 2024 |
CVE-2024-6327 |
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. |
|
|
July 30, 2024 |
CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 |
The United Kingdom's Information Commissioner's Office (ICO) revealed that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. |
UK govt links 2021 Electoral Commission breach to Exchange server |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Report |
An international coalition of law enforcement agencies have taken action against hundreds of installations of the Cobalt Strike software, a penetration testing tool notoriously abused by both state-sponsored and criminal hackers involved in the ransomware ecosystem. |
|
|
Report |
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. The incident affected 300 networks in 70 countries. |
|
|
Report |
A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris. The operation offers fake tickets to the Olympic Games and appears to take advantage of other major sports and music events. |
Ticket Heist fraud gang uses 700 domains to sell fake Olympics tickets |
|
Report |
A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. |
Revolver Rabbit gang registers 500,000 domains for malware campaigns |
|
Report |
Police in the United Kingdom have arrested a 17-year-old for his alleged role in the criminal activity that brought MGM Resorts casinos to a standstill last year in a ransomware attack. |
|
|
Report |
The Federal Communications Commission (FCC) announced that Verizon-owned TracFone Wireless will pay a $16 million civil penalty to end an investigation into how its alleged failure to safeguard consumer data led to three data breaches across two years. |
TracFone to pay $16 million to settle FCC cyber and privacy investigation |
|
Warning |
CrowdStrike warned that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. A new campaign conducted through phishing emails pretends to be instructions on using a new Recovery Tool that fixes Windows devices impacted by the recent CrowdStrike Falcon crashes. |
Fake CrowdStrike repair manual pushes new infostealer malware |
|
Report |
The social media giant Meta announced, removing 63,000 accounts connected to the Nigerian cybercrime scene that were attempting to target users in the United States in financial sextortion scams. |
Meta bans 63,000 accounts belonging to Nigeria’s sextortionist Yahoo Boys |
|
Report |
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. |
KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack |
|
Report |
French authorities launched a major operation to clean the country’s computer systems of malware believed to have affected several thousand users, “particularly for espionage purposes,” Paris’s top prosecutor announced shortly before the start of the Olympics. |
France launches large-scale operation to fight cyber spying ahead of Olympics |
