July 2024: Biggest Cyber Attacks, Data Breaches and Ransomware Attacks

Date: 1 August 2024

Featured Image

Disney, Virgin Media, Prudential Finance, Evolve Bank, Formula1, Health Equity, Rite Aid, BMW Hong Kong - what could these disparate businesses possibly have in common? Not a lot except that they've all been victims of cyber crime in July 2024.   

This month's compilation of the biggest cyber attacks, ransomware attacks and data breaches once again reminds us that no matter who you are, how big you are or what your line of business is - you're not immune to cyber crime.

  1. Ransomware Attacks in July 2024
  2. Data Breaches in July 2024
  3. Cyber Attacks in July 2024
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in July 2024

Our exhaustive lists of the biggest attacks around the globe each month are meant to empower and educate you. They give a clear picture of how far-reaching and omnipresent cyber attacks are. They are meant to serve as a reminder to get your cyber resilience in order today. 

Understand the importance of Cyber Incident Response Planning and educate your staff about how this can go a long way in mitigating damage from an attack. Get your Incident Response plan in order. If you don't have one, create it immediately. If you do, make sure it's regularly refreshed and updated to stay in sync with the evolving threat landscape.  

Remember that plans, policies and procedures on paper are great. But they have to be tested to ensure they actually work in an attack situation. They should also be part of the muscle memory of key incident responders so that during a cybersecurity event they respond instinctually and take better decisions.

The only way to achieve this is through cyber attack scenario-based Cyber Tabletop Exercises.  A cybersecurity incident simulation tabletop is a cyber drill that puts your team in a simulated attack environment with all the pressure but none of the operational disruptions. They are forced to think and act like they would in the event of a real attack, preparing them to be calmer, respond effectively and make smart decisions when the worst actually hits. The below lists can offer you a host of cyber attack tabletop scenarios to work with. 

Read them in detail, understand the impact these attacks have had, the tactics of the threat actors and how the organisations responded. Empower yourself with knowledge and learn from the experiences of others. Because today, the only real protection is preparation. 

New call-to-action

Ransomware Attacks in July 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

July 01, 2024

Patelco Credit Union

Patelco shuts down banking systems following ransomware attack

Unknown

Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. Patelco said: "On June 29, 2024, Patelco Credit Union experienced a ransomware attack impacting its banking systems”.

Patelco ransomware attack

July 01, 2024

Kadokawa

Japanese anime and gaming giant admits data leak following ransomware attack

BlackSuit Ransomware

Kadokawa said that the leaked data included business partner information, including contracts and other documents, as well as internal company data such as personal information on all employees of its subsidiary Dwango, which runs the popular Japanese video-sharing site Niconico. The BlackSuit ransomware gang published a small sample of the stolen data and threatened to publish the rest if the company didn’t pay a ransom. It allegedly has access to 1.5 TB of the company’s data.

Kadokawa ransomware attack

July 05, 2024

Ticketmaster

Ticketmaster discredits dark web claims of stolen barcodes for Taylor Swift concerts

ShinyHunters, Sp1d3r group

Ticketmaster shot down claims made on the dark web that hackers have access to working ticket barcodes for several upcoming Taylor Swift concerts and other events. A hacker allegedly offered for sale event barcodes for Taylor Swift’s Eras Tour concert dates in New Orleans, Miami and Indianapolis. The hacker also threatened Ticketmaster with more leaks if they are not paid $2 million — claiming to have 30 million more barcodes for NFL games, Sting concerts and more. Threat actors leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters.

Ticketmaster ransomware attack

July 12, 2024

AT&T

Hackers stole ‘nearly all’ call logs over six months from AT&T

ShinyHunters

Metadata from “nearly all” call logs and texts made by AT&T customers over a six-month period in 2022 was stolen by hackers who breached the telecom’s data storage platform in April.

AT&T ransomware attack

July 15, 2024

Rite Aid Pharmacy

Rite Aid says June data breach impacted 2.2 million people

RansomHub

Rite Aid said that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." "While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people's personal information. This information includes name, address, dl_id number, dob, riteaid rewards number," RansomHub said on their dark web leak site.

Rite Aid Ransomware attack

July 15, 2024

Disney

Hacking group Nullbulge claims to have carried out major cyber attack on Disney

Nullbulge Group

About one terabyte of data from Disney's internal Slack workplace appeared to have been leaked online by a hacking group claiming to protect artists' rights. The data contained "unreleased projects, raw images and  code, some logins", according to a blog post from the group.

Disney ransomware attack

July 26, 2024

Australian IT services company, Insula Group

Victorian IT services company Insula confirms BianLian ransomware attack

BianLian ransomware

The gang posted details of its latest victim in an overnight post on its darknet leak site, claiming to have stolen 400 gigabytes of data from the Victoria-based company. “Data of this company will be uploaded soon. Contact us if you want to get it, or if you want to protect it,” the gang said, after listing the potentially compromised data: project data, construction data, clients data, user folders, file server data, and “company source codes”.

Insula Group ransomware attack


 
Back to Top 

New call-to-action

Data Breaches in July 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

July 01, 2024

Prudential Financial

Prudential Financial now says 2.5 million impacted by data breach

Alphv Ransomware

Prudential Financial revealed that over 2.5 million people had their personal information compromised in a February data breach. The company updated the information shared with the Maine Attorney General's Office regarding the February data breach and now says that the incident impacted 2,556,210 people.

Prudential Financial data breach

July 01 and 08, 2024

Affirm/ Evolve Bank

Affirm says cardholders impacted by Evolve Bank data breach/ Evolve Bank says data breach impacted 7.6 million Americans

LockBit Ransomware gang

Buy now, pay later loan company Affirm warned that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during the recent LockBit ransomware attack.

Affirm & Evolve Bank data breach

July 01, 2024

TeamViewer

TeamViewer: Hackers copied employee directory and encrypted passwords

APT29, also known as Cozy Bear, BlueBravo and Midnight Blizzard

TeamViewer said a Kremlin-backed group tracked as APT29 was able to copy employee directory data like names, corporate contact information and the encrypted passwords, which were for the company’s internal IT environment.

TeamViewer data breach

July 02, 2024

Formula 1

Formula 1 governing body discloses data breach after email hacks

Unknown

FIA (Fédération Internationale de l'Automobile) said attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. "Recent incidents pursuant to phishing attacks led to the unauthorised access to personal data contained in two email accounts belonging to the FIA," the organisation said. "The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents."

Formula-1 data breach

July 02, 2024

Twilio

Hackers abused API to verify millions of Authy MFA phone numbers

ShinyHunters

Twilio confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service. The CSV file contains 33,420,546 rows, each containing an account ID, phone number, an "over_the_top" column, account status, and device count.

Twilio data breach

July 03, 2024

HealthEquity

HealthEquity data breach exposes protected health information of 4.3 million

Unknown

HealthEquity warned that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. The Company said it detected the compromise after detecting 'anomalous behaviour' from a partner's personal device and launched an investigation into the incident. The investigation revealed that the partner had been compromised by hackers who leveraged the hijacked account to gain unauthorised access to HealthEquity's systems and, later, exfiltrate sensitive health data.

HealthEquity data breach

July 07, 2024

Roblox

Roblox vendor data breach exposes dev conference attendee info

Unknown

The gaming platform Roblox learned that FNTech, the vendor handling the registration process for those conference events, had been breached, with someone gaining unauthorised access to its systems. The data stolen from FNTech's systems includes conference attendee's full names, email addresses, and IP addresses.

Roblox data breach

July 07, 2024

Russian government organisations

CloudSorcerer hackers abuse cloud services to steal Russian govt data

APT group CloudSorcerer

A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organisations in cyberespionage attacks. Kaspersky security researchers discovered the cyberespionage group in May 2024. They report that CloudSorcerer uses custom malware that uses legitimate cloud services for command and control (C2) operations and data storage.

Data breach attack on Russian government organisations

July 08, 2024

Neiman Marcus

Neiman Marcus data breach: 31 million email addresses found exposed

Sp1d3r group

A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analysed the stolen data.

Neiman Marcus data breach

July 09, 2024

Microsoft ANZ

Microsoft ANZ confirms no sensitive data was compromised in alleged data breach

Hacker named 888

A threat actor named 888, who has claimed several high-profile victims in recent weeks, claimed to have stolen Microsoft employee data following an alleged “third-party data breach”, but Microsoft has raised doubts about the claim’s veracity. 888 made the claim in a 9 July post on a popular hacking forum, saying: “In July 2024, 2,073 Microsoft employees’ information were [sic] exposed after a third-party data breach.”

Microsoft ANZ data breach

July 10, 2024

Nokia

Nokia faces data breach allegations: 7,622 employee records reportedly compromised

Hacker named 888

Nokia Corporation reportedly fell victim to a data breach. According to reports on BreachForums, a threat actor identified as 888 disclosed that over 7,622 records containing personally identifiable information (PII) of Nokia employees were compromised. This breach, allegedly stemming from a third-party incident, exposed sensitive details such as employees’ first and last names, job titles, company names, email addresses, phone numbers, and other pertinent information.

Nokia data breach

July 16, 2024

Yacht giant MarineMax

Yacht giant MarineMax data breach impacts over 123,000 people

Rhysida Ransomware gang

MarineMax notified over 123,000 individuals whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang.

MarineMax data breach

July 16, 2024

Trello, Atlassian

Email addresses of 15 million Trello users leaked on hacking forum

Emo (BreachForums name)

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January.

Trello email data breach

July 23, 2024

Piramal Group

Hacker claims theft of Piramal Group’s employee data

Pseudonymous threat actor

A hacker claimed to be selling data relating to thousands of current and former employees of the Indian conglomerate Piramal Group. Piramal rebuffed claims that its systems were breached and said the information came from a third party. In a listing on a known cybercrime forum seen by TechCrunch, the pseudonymous threat actor published a small portion of the allegedly stolen Piramal data for an undisclosed amount. The data sample included full names and email addresses.

Piramal Group data breach

July 25, 2024

BMW Hong Kong

Personal data of 14,000 BMW customers in Hong Kong leaked

Unknown

The sole importer of BMW vehicles in Hong Kong said on Thursday the personal data of 14,000 customers had been leaked, seven days after it informed the city’s privacy watchdog of the breach, leading some car owners to express anger over being kept in the dark. 

BMW Hong Kong data breach

July 26, 2024

Financial Business and Consumer Solutions (FBCS)

FBCS data breach impact now reaches 4.2 million people

Unknown

Debt collection agency Financial Business and Consumer Solutions (FBCS) has  increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. "The compromised data included names, dates of birth, Social Security numbers and driver’s licence numbers, as well as “medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information,” FBCS said.

Financial Business and Consumer Solutions (FBCS) data breach


Back to Top 

New call-to-action

Cyber Attacks in July 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

July 01, 2024

The Canadian router manufacturer, Mercku 

Router maker's support portal hacked, replies with MetaMask phishing

Unknown

Sources verified that the helpdesk portal of a router maker was sending MetaMask phishing emails in response to newly filed support tickets, in what appeared to be a compromise. Support requests submitted to router manufacturer, Mercku were being auto-responded to with phishing emails.

Mercku cyber attack

July 01, 2024

The University Hospital Centre in Zagreb, known as KBC Zagreb

LockBit claims cyber attack on Croatia’s largest hospital

LockBit Ransomware

The LockBit ransomware gang has claimed responsibility for a cyber attack on Croatia’s largest hospital, which forced it to shut down IT systems for a day. The group claims to have gained access to patient and employee information, medical records, organ and donor data and contracts signed with external companies. 

Cyber attack on the University Hospital Centre in Zagreb

July 04, 2024

Ethereum

Ethereum mailing list breach exposes 35,000 to crypto draining attack

Unknown

A threat actor compromised Ethereum's mailing list provider and sent a phishing email to over 35,000 addresses with a link to a malicious site running a crypto drainer.

Ethereum cyber attack

July 07, 2024

The Frankfurt University of Applied Sciences

‘Serious hacker attack’ forces Frankfurt university to shut down IT systems

Unknown

The Frankfurt University of Applied Sciences announced it was targeted by “a serious hacker attack” that has led to a total shutdown of its IT systems. “Despite very high security precautions, the criminals managed to gain access to parts of the university's IT infrastructure,” the university said, adding it had reported the incident to “the police and the relevant authorities.”

Frankfurt university cyber attack

July 10, 2024

The websites of Macau’s security service, police force, fire and rescue services, and the academy for public security forces

Macau government websites hit with cyber attack by suspected foreign hackers

Unknown

At least five Macau government websites were knocked offline by suspected foreign hackers, for almost an hour, several Chinese media outlets reported, citing local security officials. A distributed denial-of-service attack (DDoS) affected, among others, the websites of Macau’s security service, police force, fire and rescue services, and the academy for public security forces.

Cyber attack on  five Macau government websites

July 12, 2024

Squarespace

DNS hijacks target crypto platforms registered with Squarespace

Unknown

A wave of coordinated DNS hijacking attacks targetted decentralised finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers.

Cyber attack on Squarespace

July 18, 2024

Indian crypto platform WazirX

Indian crypto platform WazirX confirms $230 million stolen during cyber attack

Suspected North Korean Hackers (Lazarus) 

At least $230 million worth of cryptocurrency was stolen from an India-based cryptocurrency platform named WazirX. Blockchain security companies including Elliptic, Arkham and BlockSec said there was clear evidence of millions worth of cryptocurrency being syphoned out of WazirX. Elliptic pegged the losses at $235 million and broke down the currencies stolen, which include ETH, some U.S. dollar-pegged stablecoins and more.

Cyber attack on WazirX

July 23, 2024

VTB, The Russian Agricultural Bank, Russia’s privately-owned Gazprombank, Alfa Bank, Rosbank and Post Bank

Major Russian banks hit with DDoS attacks as Ukraine claims responsibility

Ukraine’s military intelligence (HUR) 

Several large Russian banks confirmed that they suffered distributed denial-of-service (DDoS) attacks that temporarily disrupted their mobile apps and websites, according to local media reports. Ukraine’s military intelligence (HUR) claimed responsibility for the DDoS campaign against the Russian banking sector. Speaking to Ukrainian media, an anonymous source at HUR said that the attacks also disrupted the operation of several Russian payment systems and large telecom operators, including Beeline, Megafon, Tele2 and Rostelecom.

Cyber attack on Russian banks

July 23, 2024

Hamster Kombat, a clicker mobile game for Android where players earn fictional currency by completing simple tasks, primarily by tapping the screen.

Hamster Kombat’s 250 million players targeted in malware attacks

Unknown

Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware.

Hamster Kombat cyber attack

July 24, 2024

Virgin Media

Hackers hit Virgin Media with phishing attacks

Unknown

Hackers compromised data of 2014 employees and 19843 users.

Virgin Media cyber attack

July 24, 2024

Unnamed financial institution in Middle East

Middle East financial institution hit with six-day DDoS attack

Pro-Palestinian hacktivists group called SN_BLACKMETA

An unnamed financial institution in the Middle East was hit with a distributed denial-of-service (DDoS) attack earlier this year that featured multiple waves adding up to about  100 hours over six days.

Cyber attack on an Unnamed financial institution in Middle East

July 29, 2024

Cyber security firm Avanpost

Pro-Ukrainian hackers claim attack on Russian cyber company

A pro-Ukrainian hacker group, known as Cyber Anarchy Squad

Hackers claimed they hacked the Russian information security firm Avanpost and leaked a trove of its data. The hackers said over the weekend that they encrypted over 400 virtual machines running Linux or Windows and most of the physical workstations of the company’s employees. The group also reportedly destroyed more than 60 terabytes of data and leaked 390 gigabytes of “valuable information.”

Ukrainian cyber attack on Russian Avanpost


Back to Top 

New call-to-action

Back to Top 

New Ransomware/Malware Discovered in July 2024

New Ransomware

Summary

Source Link

New ransomware group named Volcano Demon

Researchers say they have discovered a new ransomware group named Volcano Demon that has carried out at least two successful attacks in the past two weeks.

New ransomware group uses phone calls to pressure victims, researchers say

New Eldorado ransomware

A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. The gang has already claimed 16 victims, most of them in the U.S., in real estate, educational, healthcare, and manufacturing sectors.

New Eldorado ransomware targets Windows, VMware ESXi VMs

ViperSoftX malware

The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection.

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

A new threat actor known as CRYSTALRAY

A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed.

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool

The SEXi ransomware to APT INC

The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organisations in recent attacks.

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks

New BugSleep malware

The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems.

New BugSleep malware implant deployed in MuddyWater attacks

New Play ransomware Linux version

Play ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines. Cybersecurity company Trend Micro said: "This is the first time that we've observed Play ransomware targeting ESXi environments".

New Play ransomware Linux version targets VMware ESXi VMs

New versions of Macma backdoor and the Nightdoor Windows malware.

The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware.

Chinese hackers deploy new Macma macOS backdoor version

 Back to Top 

New call-to-action

Vulnerabilities/Patches Discovered in July 2024

Date

New Malware/Flaws/Fixes

Summary

Source Link

July 01, 2024

CVE-2024-20399

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. 

Cisco warns of NX-OS zero-day exploited to deploy custom malware

July 01, 2024

CVE-2024-6387

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. 

New regreSSHion OpenSSH RCE bug gives root on Linux servers

July 09, 2024

CVE-2024-5441

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. 

Hackers target WordPress calendar plugin used by 150,000 sites

July 10, 2024

CVE-2024-6385

GitLab warned that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.

GitLab: Critical bug lets attackers run pipelines as other users

July 12, 2024

CVE-2024-39929

Censys warned that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.

Critical Exim bug bypasses security filters on 1.5 million mail servers

July 18, 2024

CVE-2024-23469, CVE-2024-23466, CVE-2024-23467, CVE-2024-28074, CVE-2024-23471, and CVE-2024-23470

SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. 

SolarWinds fixes 8 critical bugs in access rights audit software

July 18, 2024

CVE-2024-20401

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.

Critical Cisco bug lets hackers add root users on SEG devices

July 22, 2024

Telegram zero-day vulnerability, EvilVideo

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files. A threat actor named 'Ancryno' first began selling the Telegram zero-day exploit on June 6, 2024, stating the flaw existed in Telegram v10.14.4 and older.

Telegram zero-day allowed sending malicious Android APKs as videos

July 24, 2024

CVE-2024-41110

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. 

Docker fixes critical 5-year old authentication bypass flaw

July 25, 2024

CVE-2024-4879, CVE-2024-5178 and CVE-2024-5217

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. 

Critical ServiceNow RCE flaws actively exploited to steal credentials

July 25, 2024

CVE-2024-6327

Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. 

Progress warns of critical RCE bug in Telerik Report Server

July 30, 2024

CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207

The United Kingdom's Information Commissioner's Office (ICO) revealed that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. 

UK govt links 2021 Electoral Commission breach to Exchange server

 Back to Top

New call-to-action

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

An international coalition of law enforcement agencies have taken action against hundreds of installations of the Cobalt Strike software, a penetration testing tool notoriously abused by both state-sponsored and criminal hackers involved in the ransomware ecosystem.

Cobalt Strike: International law enforcement operation tackles illegal uses of ‘Swiss army knife’ pentesting tool

Report

Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. The incident affected 300 networks in 70 countries.

Cloudflare blames recent outage on BGP hijacking incident

Report

A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris. The operation offers fake tickets to the Olympic Games and appears to take advantage of other major sports and music events.

Ticket Heist fraud gang uses 700 domains to sell fake Olympics tickets

Report

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.

Revolver Rabbit gang registers 500,000 domains for malware campaigns

Report

Police in the United Kingdom have arrested a 17-year-old for his alleged role in the criminal activity that brought MGM Resorts casinos to a standstill last year in a ransomware attack.

Teenage suspect in MGM Resorts hack arrested in Britain

Report

The Federal Communications Commission (FCC) announced that Verizon-owned TracFone Wireless will pay a $16 million civil penalty to end an investigation into how its alleged failure to safeguard consumer data led to three data breaches across two years.

TracFone to pay $16 million to settle FCC cyber and privacy investigation

Warning

CrowdStrike warned that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. A new campaign conducted through phishing emails pretends to be instructions on using a new Recovery Tool that fixes Windows devices impacted by the recent CrowdStrike Falcon crashes. 

Fake CrowdStrike repair manual pushes new infostealer malware

Report

The social media giant Meta announced, removing 63,000 accounts connected to the Nigerian cybercrime scene that were attempting to target users in the United States in financial sextortion scams.

Meta bans 63,000 accounts belonging to Nigeria’s sextortionist Yahoo Boys

Report

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices.

KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack

Report

French authorities launched a major operation to clean the country’s computer systems of malware believed to have affected several thousand users, “particularly for espionage purposes,” Paris’s top prosecutor announced shortly before the start of the Olympics.

France launches large-scale operation to fight cyber spying ahead of Olympics

Back to Top 

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422