Cyber Security Blog

Major Cyber Attacks, Data Breaches & Ransomware Attacks in April 2024

Written by Aditi Uberoi | 1 May 2024

A Yatch retailer, a hospital, the beloved football club Paris Saint-Germain were amongst those who became targets of cyber attacks in April 2024. These attacks bust the myth that it's only organisations operating in critical infrastructure, banking & finance or government bodies that are prime targets of cyber criminals. 

  1. Ransomware Attacks in April 2024
  2. Cyber Attacks in April 2024
  3. Data Breaches in April 2024
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in April 2024

We're back with our monthly compilation of the biggest Cyber Attacks, Ransomware Attacks and Data Breaches for April 2024. The diverse set of organisations that get targetted each month are reminders that nobody is safe from the scourge of cyber crime. What's the best you can do? Stay as secure as you probably can and prepare for the worst. 

Embracing the fact that you will probably get attacked sooner or later is smart. Have a plan for bouncing back from the damage when you do. Invest in effective Cyber Incident Planning & Response.  Rehearse your plans and your team's capability to respond with agility and focus through simulated scenario-based Cyber Attack Tabletop Exercises.  Build a team culture that is cybersecurity focussed and understands good cyber hygiene practices. And don't forget to empower yourself with knowledge on current and new threats and emerging tactics of threat actors. Stay abreast with the recent cyber attacks, ransomware attacks and data breaches compiled for your easy reference below! 

Ransomware Attacks in April 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

April 01,  2024

Omni Hotels

Omni Hotels experiencing nationwide IT outage; Daixin ransomware gang claims attack

Daixin Ransomware

Omni Hotels & Resorts experienced a chain-wide outage that brought down its IT systems, impacting reservation, hotel room door lock, and point-of-sale (POS) systems. Daixin shared screenshots of the stolen data with DataBreaches.net showing a database dump containing 3,539,089 records of Omni Hotels visitors' sensitive information.


Daixin ransomware attack on Omni Hotels

April 03, 2024

IxMetro Powerhost

Hosting firm's VMware ESXi servers hit by new SEXi ransomware

SEXi Ransomware

PowerHost's Chile division, IxMetro, warned customers that it suffered a ransomware attack that encrypted some of the company's VMware ESXi servers that are used to host virtual private servers for customers.

Ransomware attack on Chile’s hosting provider, IxMetro

April 04, 2024

Panera Bread

Panera Bread week-long IT outage caused by ransomware attack

Unknown

The ransomware attack encrypted many of Panera Bread's virtual machines, preventing access to data and applications.

Panera Bread ransomware attack

April 04 and 11, 2024

Hoya Corporation

Hoya’s optics production and orders disrupted by cyber attack/ransomware attack with a demand of $10 million

Hunters International ransomware

Hoya said in a statement: “We learned that the Group's headquarters and several of its business divisions have experienced an IT system incident" as hackers demanded a $10 million ransom for a file decryptor and to not release files stolen during the attack.


Hoya Corporation ransomware attack 

April 08, 2024

The government of Palau

'They’re lying': Palau denies claims by ransomware gang over recent cyber attack

DragonForce Ransomware

The government of Palau denied several new claims by a ransomware gang that the two sides were in contact following an attack last month. DragonForce ransomware gang officially posted Palau to its leak site on Sunday, threatening to publish data stolen from the island-nation’s government in three days.

Ransomware attack on the government of Palau 

April 08, 2024

The Tarrant County Appraisal District

Medusa cybercrime gang takes credit for another attack on US municipality

Medusa Ransomware

The Medusa ransomware group said it is responsible for an attack on a government agency in Texas. The Medusa cybercrime gang took credit for the incident, threatening to leak nearly 218 gigabytes of data in six days if a $100,000 ransom is not paid.

Ransomware attack on the Tarrant County Appraisal District

April 08, 2024

German database company Genios

German database company Genios confirms ransomware attack

Unknown

GBI Genios announced that its servers were unavailable due to a massive hacker attack. It said the incident was a ransomware attack and cautioned, “unfortunately we have to assume an outage for several days.”

Ransomware attack on GBI Genios

April 09, 2024

Non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin (GHC-SCW)

GHC-SCW: Ransomware gang stole health data of 533,000 people

BlackSuit Ransomware

Group Health Cooperative of South Central Wisconsin (GHC-SCW) disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals.

Group Health Cooperative of South Central Wisconsin (GHC-SCW) ransomware attack

April 09, 2024

New Mexico Highlands University (NMHU) and East Central University in Ada, Oklahoma

Universities in New Mexico, Oklahoma respond to ransomware attacks

BlackSuit Ransomware

Cybercriminals forced class cancellations, limited access to critical staff systems and exposed the sensitive information of thousands of students at a university in New Mexico, and a school in Oklahoma continued to assess damage caused by a ransomware gang. On the other hand, East Central University in Ada, Oklahoma, announced that it was investigating a ransomware attack as hackers were still able to access significant amounts of student information including Social Security numbers.  

Ransomware attack on the universities in New Mexico

April 15, 2024

Chipmaker Nexperia

Chipmaker Nexperia confirms breach after ransomware gang leaks data

Dunghill Leak

The extortion site 'Dunghill Leak' announced it had breached Nexperia, claiming to have stolen 1 TB of confidential data and leaked a sample of the allegedly stolen files. Threat actors published images of microscope scans of electronic components, employee passports, non-disclosure agreements, and various other samples whose authenticity hasn't been confirmed by the chipmaker yet.

Nexperia ransomware attack

April 15, 2024

Change Healthcare

Ransomware gang starts leaking alleged stolen Change Healthcare data

RansomHub Extortion Gang

The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company.

Change ransomware attack update

April 17, 2024

Cherry Street Services

Michigan healthcare organisation says ransomware breached data of 185,000

Unknown



A ransomware attack in late 2023 exposed the personal data of nearly 185,000 people, a nonprofit Michigan healthcare organisation; Cherry Street Services said in a regulatory filing that the breach occurred on December 21 and was discovered on Christmas Eve as the attackers had accessed financial information such as credit card numbers and related security codes or passwords.

Ransomware attack on Cherry Street Services

April 18, 2024

D.C. Department of Insurance, Securities and Banking (DISB)

DC city agency says LockBit claims tied to third-party attack

LockBit  Ransomware

The LockBit ransomware gang claimed it attacked the D.C. Department of Insurance, Securities and Banking (DISB) and stole 800 GB of data. DISB is a regulatory agency designed to protect consumers from abuse by financial institutions like insurance companies, investment firms, banks and mortgage lenders. LockBit said that negotiations had broken down and it planned to leak 1GB of data in order to further push the organisation into paying a ransom.

D.C. Department of Insurance, Securities and Banking (DISB) ransomware attack

April 19, 2024

​The United Nations Development Programme (UNDP)

United Nations agency investigates ransomware attack, data theft

8Base ransomware

​The United Nations Development Programme (UNDP) is investigating a cyber attack after threat actors breached its IT systems to steal human resources data. The attackers said that the documents their operators managed to exfiltrate during the breach contain large amounts of sensitive information including "a huge amount of confidential information," personal data, accounting data, certificates, employment contracts, confidentiality agreements, invoices, receipts, and more.

​The United Nations Development Programme (UNDP) ransomware attack

April 21, 2024

Synlab Italia

Synlab Italia suspends operations following ransomware attack

Unknown

Synlab Italia suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. The company announced that it had suffered a security breach in the early hours of April 18, which forced it to shut down all computers to limit the damaging activity.

Synlab Italia ransomware attack

April 22, 2024

UnitedHealth

UnitedHealth confirms it paid ransomware gang to stop data leak

BlackCat/ALPHV ransomware

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. The organisation reported that the cyber attack had caused $872 million in financial damages, and the ransomware gang claimed the attack, alleging to have stolen 6 TB of sensitive patient data; performed an exit scam after allegedly getting $22 million in ransom from UnitedHealth.

UnitedHealth ransomware attack update

April 23, 2024

Plasma donation company Octapharma

Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack

BlackSuit Ransomware

The plasma donation company Octapharma has begun to reopen some of its 180 centres around the world following a ransomware attack that forced it to shut down operations for nearly a week.

Ransomware attack on a plasma donation company Octapharma

April 23, 2024

Skanlog, a critical distributor for Systembolaget 

Sweden's liquor shelves run empty due to ransomware attack

Unknown

The cyber attack on a Swedish logistics company has prompted warnings from the country’s sole liquor retailer that its top shelves in stores around the country may be empty. Skanlog’s chief executive, Mona Zuko, told newspaper Dagens Industri that the incident was a ransomware attack from a group based in North Korea. The basis on which that attribution was made is not clear.

Ransomware attack on Swedish logistics company


 
Back to Top 



Cyber Attacks in April 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

April 05, 2024

NYCAPS

Attempted hack on NYC continues wave of cyber attacks against municipal governments

Unknown

The attack on the New York City forced to take a city payroll website offline and remove it from public view. City workers  complained of the New York City Automated Personnel System, Employee Self Service (NYCAPS/ESS) being offline as many tried to file their taxes.

Cyber attack on the NYC municipal governments

April 08, 2024

French football club PSG

French football club PSG says ticketing system targeted by cyber attack

Unknown

Paris Saint-Germain (PSG), the Qatari-owned titan of French football, has informed its supporters that a cyber attack targeted the club’s online ticketing service.

Cyber attack on a French football club PSG

April 08, 2024

Computer accessory giant Targus

Computer accessory giant Targus says cyber attack interrupted business operations

Unknown

One of the biggest manufacturers of technology accessories said business operations have been “temporarily disrupted” following a cyber attack. Targus International said it discovered that a hacker had gained access to file systems, prompting the company to hire outside cybersecurity consultants.

Targus cyber attack

April 17, 2024

Whales Market-OTC

Google ad impersonates Whales Market to push wallet drainer malware

Unknown

A legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all assets. This phishing site replicates the legitimate website, including its trading platform. 

Whales Market cyber attack

April 18, 2024

The Hospital Simone Veil in Cannes (CHC-SV)

840-bed hospital in France postpones procedures after cyber attack

Unknown

Hospital Simone Veil in Cannes (CHC-SV) announced that it was targeted by a cyber attack, severely impacting its operations and forcing staff to go back to pen and paper as the Hospital announced that it was forced to take all computers offline earlier in the week due to a cyber attack, leaving only telephone systems available for communication.

Cyber attack on a The Hospital Simone Veil in Cannes (CHC-SV)

April 24, 2024

Czech News Agency (CTK)

Hackers publish fake story about Ukrainians attempting to assassinate Slovak president

Unknown

An unidentified attacker hacked a Czech news service's website and published a fake story claiming that an assassination attempt had been made against the newly elected Slovak president, Peter Pellegrini. The Czech News Agency (CTK) said the attacker posted the false article directly to its website, meaning the story was not distributed to the service’s clients.

Czech News Agency cyber attack

 


Back to Top 

Data Breaches in April 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

April 01, 2024

PandaBuy

Shopping platform PandaBuy data leak impacts 1.3 million users

A threat actor named 'Sanggiero' and another threat actor called 'IntelBoker.'

Two threat actors allegedly exploited multiple vulnerabilities to breach systems. The threat actor said: "The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website.”

PandaBuy data breach

April 01, 2024

MarineMax

Yacht retailer MarineMax discloses data breach after cyber attack

Rhysida ransomware

MarineMax, one of the world's largest recreational boat and yacht retailers, said attackers stole employee and customer data after breaching its systems in a March cyber attack. The Rhysida ransomware gang claimed the attack and started selling data allegedly stolen from MarineMax's network for 15 BTC (just over $1 million).

MarineMax data breach

April 01, 2024

OWASP

OWASP discloses data breach caused by wiki misconfiguration

Human error

The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server.

OWASP data breach

April 02, 2024

Cancer treatment and research centre City of Hope

US cancer centre data breach exposes information of 827,000 patients

Unknown

The data breach exposed the sensitive information of over 820,000 patients as per a notice that the healthcare organisation published on its site.

City of Hope data breach

April 03, 2024

Russia’s prosecutor general

Hackers claim to breach database containing thousands of Russian criminal records

RGB-TEAM

A group of hacktivists going by the name RGB-TEAM claimed responsibility for hacking into the website of Russia’s prosecutor general, exposing data on criminal offences committed in Russia over the past 30 years.

Data breach attack on the website of  Russia’s prosecutor general

April 03 and 05, 2024

The U.S. Govt. Contractor, Acuity

US State Department investigates alleged theft of government data

The threat actor (known as IntelBroker)

The threat actor described the files as containing classified information belonging to the Five Eyes intelligence alliance. According to their claims, the leaked data included the full names, emails, office numbers, and personal cell numbers of government, military, and Pentagon employees, as well as their email addresses. The threat actors said: "This data was obtained by breaching into Acuity Inc, a company that works directly with the US Government and its allies."

Acuity data breach

April 03, 2024

SurveyLama

SurveyLama data breach exposes information of 4.4 million users

Unknown

Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users.

SurveyLama data breach

April 04, 2024

University of Winnipeg

Thousands of staff, students have sensitive data stolen in University of Winnipeg hack

Unknown

The University of Winnipeg in Canada has confirmed that hackers stole sensitive information from the institution in an incident that took place late last month, affecting former and current students and staff.

University of Winnipeg data breach

April 07, 2024

Department of Justice and Greylock McKinnon Associates

DOJ data on 341,000 people leaked in cyber attack on consulting firm

Unknown

Medicare and other information belonging to 341,000 people was leaked after a consulting firm working with the Department of Justice was hacked. Greylock McKinnon Associates reported a data breach to regulators in Maine saying victims’ personal information like Social Security numbers and more were accessed during an incident last May.

Data breach attack on Greylock McKinnon Associates that works with DoJ

April 10, 2024

AT&T

AT&T now says data breach impacted 51 million customers

ShinyHunters and MajorNelson

AT&T notified 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum.

AT&T data breach

April 11, 2024

Giant Tiger

Hacker claims Giant Tiger data breach, leaks 2.8M records online

Unknown

A threat actor publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers.

Giant Tiger data breach

April 14, 2024

Cisco Duo

Cisco Duo warns third-party data breach exposed SMS MFA logs

Unknown

Cisco Duo said an unnamed provider who handles the company's SMS and VOIP multi-factor authentication (MFA) messages was compromised on April 1, 2024. Cisco said that the incident affected approximately 1% of Duo's customers. As the company claims to have 100,000 users, this incident impacted approximately 1,000 people.

Cisco Duo data breach

April 18, 2024

Telecom giant Frontier

Telecom giant Frontier shuts down some systems after cyber attack

Unknown

Texas-based telecommunications company Frontier Communications reported a cyber attack to the Securities and Exchange Commission. It said it detected unauthorised access to its IT systems on April 14 and began instituting “containment measures” that included shutting down certain of the Company’s systems as the shutdowns caused operational disruption that the company said “could be considered material.”

Data breach attack on Telecom giant Frontier

April 19, 2024

MITRE

MITRE says state hackers breached its network via Ivanti zero-days

Unknown

The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. Evidence collected during the investigation so far shows that this breach did not affect the organisation's core enterprise network or its partners' systems.

MITRE data breach


Back to Top 

Back to Top 

New Ransomware/Malware Discovered in April 2024

New Ransomware

Summary

Source Link

Latrodectus malware

A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023.

New Latrodectus malware replaces IcedID in network breaches

JSOutProx malware 

Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers as this campaign targeted financial institutions in South and Southeast Asia, the Middle East, and Africa.

Visa warns of new JSOutProx malware variant targeting financial orgs

Keyzetsu malware

Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments.

Malicious Visual Studio projects on GitHub push Keyzetsu malware

SoumniBot malware

A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure.

SoumniBot malware exploits Android bugs to evade detection

A game cheat called Cheat Lab

A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too.

Fake cheat lures gamers into spreading infostealer malware

An operator of the HelloKitty ransomware changed the name to 'HelloGookie,'

An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks.

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

New Brokewell malware

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches.

New Brokewell malware takes over Android devices, steals data

A new Python backdoor tracked as “Dev Popper”

A new campaign tracked as “Dev Popper” is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).

Fake job interviews target developers with new Python backdoor

 Back to Top 

Vulnerabilities/Patches Discovered in April 2024

Date

New Malware/Flaws/Fixes

Summary

Source Link

April 03, 2024

CVE-2024-29745 and CVE-2024-29748

Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.

Google fixes two Pixel zero-day flaws exploited by forensics firms

April 03, 2024

CVE-2024-21894, CVE-2024-22052, CVE-2024-22053, and CVE-2024-22023

IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

April 03, 2024

CVE-2024-2879

A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritise applying security updates for the plugin.

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

April 06, 2024

CVE-2024-3273

A threat researcher has disclosed a new arbitrary command injection and hard coded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.

Over 92,000 exposed D-Link NAS devices have a backdoor account

April 09, 2024

CVE-2023-6317 and CVE-2023-6318, CVE-2023-6319 and CVE-2023-6320

Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions.

LG releases updates for vulnerabilities that could allow hackers to gain access to TVs

April 09, 2024

CVE-2021-3129

Sysdig reports that it has been detecting RUBYCARP's probes to its honeypots for several months, targeting Laravel applications via CVE-2021-3129, a remote code execution vulnerability.

RUBYCARP hackers linked to 10-year-old crypto mining botnet

April 09, 2024

Tracked as CVE-2024-24576, 

Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks.

Critical Rust flaw enables Windows command injection attacks

April 09, 2024

CVE-2024-26234 and CVE-2024-29988

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. 

Microsoft fixes two Windows zero-days exploited in malware attacks

April 11, 2024

BRLY-2024-002, BRLY-2024-003, BRLY-2024-004

An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo. The threat analysts assigned three internal identifiers to the Lighttpd vulnerability based on its impact on different vendors and devices.

Intel and Lenovo servers impacted by 6-year-old BMC flaw

April 12, 2024

CVE-2024-3400

Palo Alto Networks warned that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. 

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks

April 16, 2024

CVE-2024-31497

A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.

PuTTY SSH client flaw allows recovery of cryptographic private keys

April 17, 2024

CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254

In an ongoing Kubernetes crypto mining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities.

Hackers hijack OpenMetadata apps in Kubernetes crypto mining attacks

April 19, 2024

CVE-2024-4040

CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately.

CrushFTP warns users to patch exploited zero-day “immediately”

April 20, 2024

CVE-2024-28890

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.

Critical Forminator plugin flaw impacts over 300k WordPress sites

April 24, 2024

CVE-2024-20353, CVE-2024-20359

​Cisco warned that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide.

Maximum severity Flowmon bug has a public exploit, patch now

April 25, 2024

CVE-2024-27956

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.

WP Automatic WordPress plugin hit by millions of SQL injection attacks

 Back to Top

 

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

The Indian government said it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived.

India rescues 250 citizens enslaved by Cambodian cybercrime gang

Report

Google agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode.

Google agrees to delete Chrome browsing data of 136 million users

Analysis

Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.

Fake Facebook MidJourney AI page promoted malware to 1.2 million people

Report

LastPass has warned of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft as according to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted cryptocurrency platforms Binance, Coinbase, Kraken, and Gemini, using pages that impersonated Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL.

Cybercriminals pose as LastPass staff to hack password vaults

Report

According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organisations and raked in roughly $42 million in ransom payments.

FBI: Akira ransomware raked in $42 million from 250+ victims

Report

The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections.

Ring customers get $5.6 million in privacy breach settlement

Report

The anti-Donald Trump super PAC Lincoln Project lost $35,000 to a business email compromise (BEC) scam in February as a vendor’s email was hacked, with the hackers producing authentic-looking invoices that were sent from the vendor’s legitimate email account. The hack affected multiple clients of the vendor, including Lincoln Project.

Anti-Trump PAC Lincoln Project scammed for $35,000 after vendor email hack

Warning

Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. 

Okta warns of "unprecedented" credential stuffing attacks on customers

Back to Top