Recent Cyber Attacks, Data Breaches & Ransomware Attacks December 2022
Date: 2 January 2023
Ending the year with a bang has a very different connotation in the world of cybersecurity. Here is a roundup of all the cyber-attacks, data breaches, ransomware attacks in December 2022, along with the new malware & vulnerabilities that made the news in the last month of the year.
2022 has been nothing short of a watershed year for the world of IT & cyber security. Uber made the news repeatedly for two data breaches and the conviction of its former CISO - a never-seen-before moment in world cyber history. The attacks on Australian organisations in the year could fill up pages and we'd still not be done. Add the many crypto attacks, healthcare attacks, high-profile victims like Nvidia and Toyota, the rampage of Conti and Lapsus$ ransomware and you truly have a cybersecurity potboiler.
The idea of the above statement and the data below is not to create panic or chaos. We do a monthly roundup of the biggest cyber attacks, data breaches and ransomware simply to turn the spotlight back on the conversation about organisational preparedness and cyber resilience.
If 2022 has taught us anything it is that you can NEVER be prepared enough - regardless of your size, your industry or your location. It's therefore in the best interest of every organisation to put cybersecurity as their #1 priority in 2023.
If you need help getting started or having your cyber incident plans and procedures reviewed and refreshed, consider hiring an expert conveniently and cost-effectively through services such as the Virtual Cyber Consultant and Virtual Cyber Assistant. These cybersecurity experts can also help you achieve compliance and become certification-ready.
Some of the areas in which our Virtual Cyber Experts can help include:
- Creating new or refreshing existing Business Continuity and Disaster Recovery Plans
- Testing the effectiveness of your Incident Management Policies and Procedures
- Becoming Cyber Essentials ready or ISO 27001 certified
Below are the other biggest cyber-attacks, ransomware attacks and data breaches in December 2022 that made headlines in the month gone by.
- Cyber-Attacks in December 2022
- Data Breaches in December 2022
- Ransomware Attacks in December 2022
- New Ransomware/Malware Detected in December 2022
- Vulnerabilities/Patches
- Advisories issued, reports, analysis etc. in December 2022
Cyber Attacks in December 2022
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
Dec 1, 2022 |
After AIIMS, another Indian health sector asset, COWIN platform, suffers an attack |
Nazil Blackhat |
The Iranian hacker who targeted COWIN portal had shared his Telegram username on Darkweb and wrote that the person who wants to buy COWIN's ACCESS from him should contact him on Telegram. |
||
Dec 1, 2022 |
Russian court, Russian mayor's offices |
Data-wiping malware hits Russian courts, city halls |
CryWiper |
A data erasing malware that masquerades as ransomware but wipes data from infected devices instead of holding it for ransom has been found targeting Russian organisations. |
Russian courts and mayor offices hit by data wiping malware attack |
Dec 2, 2022 |
Voyager Worldwide hit by a cyber attack |
Unknown |
Hackers took all systems of Voyager Worldwide (that boasts of more than 1,000 shipping companies as customers around the world) offline. |
||
Dec 3, 2022 |
BTC.com loses $3 million worth of cryptocurrency in cyberattack |
Unknown |
In the cyberattack, certain digital assets were stolen, including approximately US$700,000 in asset value owned by BTC.com's clients, and approximately US$2.3 million in asset value owned by the Company. |
||
Dec 5, 2022 |
Massive DDoS attack takes Russia’s second-largest bank VTB offline |
The pro-Ukraine hacktivist group, 'IT Army of Ukraine’ |
VTB Bank has called the attack the 'worst cyber attack' in its history after its website and mobile apps were taken offline. |
Russia’s second-largest bank VTB goes offline due to a DDoS attack |
|
Dec 7, 2022 |
Metropolitan Opera dealing with "crippling" cyber attack that shut down website, box office |
Unknown |
The attack impacted the network systems, including their website, box office, and call center. |
||
Dec 14, 2022 |
TPG Telecom enters the list of hacked Australian companies; shares slide |
Unknown |
Australian Internet services provider TPG Telecom became the latest victim of a cyber attack as the hacker accessed up to 15,000 emails of of its corporate customers. |
||
Dec 14, 2022 |
FuboTV faces outage due to cyber attack during World Cup semifinal |
Unknown |
Football fans were left seething as they were unable to watch the World Cup semifinal on FuboTV due to a cyber attack that knocked out the platform. |
||
Dec 14, 2022 |
Hackers target Japanese politicians with new MirrorStealer malware |
MirrorFace |
A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer’. |
||
Dec 15, 2022 |
Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government |
Allegedly Russian hackers |
Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers. |
||
Dec 16, 2022 |
Fire Rescue Victoria confirms cyber attack from 'external third party' |
Unknown |
The attack affected most of the systems, including FRV network, emails and dispatch. |
||
Dec 16, 2022 |
Ukraine's DELTA military system users targeted by info-stealing malware |
Unknown |
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware. |
||
Dec 20, 2022 |
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks |
Unknown |
Customer accounts allegedly hacked in widespread attacks that bypassed two-factor authentication. Compromised accounts were then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges. |
||
Dec 26, 2022 |
Hackers steal $8 million from users running trojanized BitKeep apps |
Unknown |
BitKeep has not determined how much money was lost due to these hacks, but transaction tracking service PeckShield reported that approximately $8 million worth of assets have been stolen so far. |
Cyber-attacks are coming one way or the other. The only solution? Get ready.
Being prepared with a robust, effective and fit-for-purpose cyber incident response plan is critical for 2023. Don't have a plan yet? No problem. Download our FREE cyber incident response plan template and start building yours today. Make sure it's simple, fuss-free and focussed on what really matters.
Data Breaches in December 2022
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
Dec 5, 2022 |
Amnesty International Canada breached by suspected Chinese hackers in early October, 2022. |
Chinese hackers suspected |
It’s not clear whether the attackers exfiltrated donor or membership data |
||
Dec 10, 2022 |
Uber suffers new data breach after attack on vendor, info leaked online |
A breach forum, UberLeaks, that tries to link itself to Autistic Fisherman |
The newly leaked data consisted of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses for over 77,000 Uber employees, and other corporate information. |
||
Dec 11, 2022 |
SentinelOne SDK python client |
Malicious ‘SentinelOne’ PyPI package steals data from developers. |
Unknown |
Threat actors published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals data from developers. |
|
Dec 12, 2022 |
The city of Diest |
The city of Diest becomes the victim of a cyber attack: city services and schools, amongst others, affected. |
Unknown |
All of the city services were taken down. Local residents could not be helped at the counters of the town hall as the library, schools and cultural centre Den Amer were also affected by the cyber attack. |
|
Dec 12, 2022 |
Twitter confirms recent user data leak is from 2021 breach |
Unknown |
Twitter confirmed that the November 2022 leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022 and it further linked this to the incident in which a threat actor released a JSON file containing the complete set of 5.4 million records scraped in 2021. |
||
Dec 13, 2022 |
California hospital breach that occurred in October 2022 exposed patients’ Social Security numbers, medical info |
Unknown |
The hospital said: “At this time, we have identified documents containing patient names, addresses, dates of birth, medical record numbers, visit ID numbers, and/or clinical information, such as dates of service, provider names, and/or department names as in some instances, patients’ Social Security numbers, drivers’ licence numbers, financial account information, and/or health insurance information may have also been reflected in the documents involved.” |
||
Dec 13, 2022 |
Hackers leak personal info allegedly stolen from 5.7M Gemini users. |
M.V.P. User on BreachForums |
Gemini crypto exchange announced that its customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. The hacker offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users. |
||
Dec 14, 2022 |
Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company was offered for sale. |
Unknown |
The exposed data includes email addresses, password hashes, client IDs, IP addresses, and tokens for business API users, authentication tokens for connected accounts, and non-personal and internal data. |
||
Dec 15, 2022 |
Restaurant CRM platform ‘SevenRooms’ |
Restaurant CRM platform ‘SevenRooms’ confirms breach after data put up for sale. |
Threat actor named ‘GOD’ |
The threat actor began selling stolen data on a hacking forum by posting data samples and claimed to have stolen a 427 GB backup database with thousands of files containing information about SevenRooms’ customers. The samples provided by the seller included folders named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more. |
|
Dec 16, 2022 |
Cyber attack on a third-party services provider of NZ’s insurance company MAS exposes personal data of members. |
Unknown |
A cyber attack on the after-hours call service of New Zealand’s largest insurer of medical professionals potentially exposed the personal data of its members. |
||
Dec 20, 2022 |
Okta discloses a data breach incident with an impact on its source code repositories. |
Unknown |
Hackers accessed Okta's code repositories. |
||
Dec 21, 2022 |
Sports betting firm BetMGM |
Leading sports betting firm BetMGM discloses data breach that occurred in November 2022. |
Unknown |
Hackers obtained a wide range of data, including names, contact info (like postal addresses, email addresses, and phone numbers), dates of birth, hashed Social Security numbers, account identifiers (like player IDs and screen names) and info related to transactions with BetMGM. |
|
Dec 21, 2022 |
Hackers stole customer vault data in a cloud storage breach that hit Lastpass in August 2022. |
Unknown |
The cyber criminals stole information from vault data that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. |
||
Dec 26, 2022 |
Indian railway ministry denies reports about a potential data breach of IRCTC and says that the data breach was not from the IRCTC servers |
ShadowHacker (a BreachForum name) |
It was reported that hackers have stolen the data of 30 million people who have booked railway tickets. This includes personal information such as email id, mobile number, address, age and gender. |
||
Dec 28, 2022 |
Crypto platform 3Commas admits hackers stole API keys |
Unknown |
An anonymous Twitter user published a set of 10,000 API keys allegedly obtained from the 3Commas cryptocurrency trading platform. |
Ransomware Attacks in December 2022
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
Dec 2, 2022 |
Rackspace confirms that its recent Hosted Exchange outage was caused by a ransomware attack |
Unknown |
American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident. List of impacted services includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface used to access the Hosted Exchange instance to manage email online. |
||
Dec 3, 2022 |
Ransomware attack forces French hospital to transfer patients. |
Unknown |
The ransomware attack forced the André-Mignot teaching hospital in the suburbs of Paris to shut down its phone and computer systems. It was also forced to shift 6 patients from its neonatal & ICU units to other healthcare facilities. |
||
Dec 5, 2022 |
City of Antwerp |
Cybercriminals target the computer system of the city of Antwerp with Play ransomware. |
Play ransomware |
The attack impacted the city's computer systems. Some employees were not able to read their emails, and apart from this, urban education and the local police also experienced problems. |
|
Dec 6, 2022 |
Mercury IT New Zealand, ministry of justice |
Privacy Commissioner considers action on ransomware attack which hit New Zealand based company Mercury IT in November 2022. |
LockBit 3.0 |
The attack disrupted dozens of organisations in the country, including several government departments and public authorities like health insurer Accuro, architectural firm Catalyst Group, business mentoring programme Business Central, commercial flooring business Polyflor as the stolen data is listed for sale for prices between $99,000 and $999,000 and the attack also impacted business advocacy group BusinessNZ and the New Zealand National Nurses Association. Mercury IT has also worked with the New Zealand Ministry of Justice and healthcare company Te Whatu Ora, reportedly losing 14,500 coroners’ files and 4000 post-mortem reports, although none of this is for sale on the dark web as of yet. |
|
Dec 11, 2022 |
Play ransomware claims attack on German hotel chain H-Hotels. |
Play Ransomware |
The Play Ransomware gang’s attack on H-Hotels (h-hotels.com) has resulted in communication outages for the company. |
||
Dec 12, 2022 |
California Department of Finance Hit By Cyber-Attack, LockBit Claims Responsibility |
LockBit |
LockBit said they stole 76 GB of data, including IT and financial documents, confidential data and sexual proceedings in court as they warned that the Department of Finance has until Dec 24 to pay up or else the group will publish a cache of stolen files. |
||
Dec 13, 2022 |
Colombian energy supplier EPM hit by BlackCat ransomware attack |
BlackCat |
EPM instructed its approximately 4,000 employees to work from home, with IT infrastructure down as the company’s websites were no longer available and it provided alternative methods for customers to pay for services and the attack caused devices to be encrypted and data to be stolen. |
||
Dec 20, 2022 |
Guardian newspaper hit by suspected ransomware attack, staff told not to come to office |
Unknown |
The attack has impacted a number of business services at the 200-year-old news organisation, but not its online site and apps which will continue to publish stories |
||
Dec 21, 2022 |
Ransomware attack at Louisiana hospital impacts 270,000 patients |
Unknown |
Hackers gained unauthorised access to LCMHS' network and stole sensitive files contained 270,000 patients’ personal and medical information |
||
Dec 27, 2022 |
Royal ransomware claims responsibility for attack on telecommunications provider Intrado |
Royal ransomware |
Hackers impacted all of Intrado's services, including Unified Communication Services, Healthcare, and Unified Communications as a Service (UCaaS). The hackers also allegedly shared a 52.8 MB archive containing scans of passports, business documents, and driver's licence as proof of the breach. The initial ransom demand was $60 million. |
Ransomware attacks have probably made more news in 2022 than they've ever done before. The rise in cryptocurrency and the anonymity of payments it offers is further fueling the confidence of ransomware attackers.
Our cybersecurity experts have created several FREE resources that you can put to use immediately to boost your ransomware readiness. They'll also help you mitigate the damage if you do become the victim of a ransomware attack.
New Ransomware/Malware Discovered in December 2022
New Ransomware |
Summary |
Source Link |
DuckLogs |
‘DuckLogs’ gives low-skilled attackers easy access to multiple modules to steal information, log keystrokes, access clipboard data, and remote access to the compromised host. |
New DuckLogs malware service claims having thousands of ‘customers’ |
NTRUEncrypt and ChaCha20-Poly1305 |
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305 |
Vice Society ransomware gang switches to new custom encryptor |
Puspa2 Ransomware |
Ransom note: XXX_HELLO'S_READ_ME._txt; Changes the desktop wallpaper |
|
Stop/Djvu Ransomware (v0612) |
Ransom note: _readme.txt |
|
OBZ Ransomware |
OBZ Ransomware; Ransom note: ReadMe.txt |
|
Allock Ransomware |
MedusaLocker ransomware family Extension: .allock8 (the number may differ depending on the sample); Ransom note: how_to_back_files.html |
|
Juli Ransomware |
VoidCrypt ransomware family; Extension: .Juli (filenames are also appended with victim's ID and developers' email address); Ransom note: unlock-info.txt |
Vulnerabilities/Patches Discovered in December 2022
Date |
Flaws/Fixes |
Summary |
Source Link |
Dec 2, 2022 |
CVE-2022-4262 |
Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw (CVE-2022-4262), the ninth Chrome zero-day exploited in the wild since the start of the year. |
Google Chrome emergency update fixes 9th zero-day of the year |
Dec 6, 2022 |
CVE-2022-20472, CVE-2022-20473, CVE-2022-20411, CVE-2022-20498 |
Google has released the Dec 2022 security update for Android, fixing four critical-severity vulnerabilities CVE-2022-20472, CVE-2022-20473, CVE-2022-20411, CVE-2022-20498, including a remote code execution flaw exploitable via Bluetooth. as this update addressed 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities impacting third-party components addressed in patch level 2022-12-05 |
|
Dec 8, 2022 |
CVE-2022-20968 |
Cisco has disclosed a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks |
Cisco discloses high-severity IP phone zero-day with exploit code |
Dec 13, 2022 |
Image repository vulnerability |
Amazon Web Services (AWS) has fixed a new vulnerability affecting a website for finding and sharing public container images – foundational files containing code that runs on IT infrastructure |
AWS fixes vulnerability affecting container image repository |
Dec 13, 2022 |
The tenth zero-day vulnerability (CVE-2022-42856) |
Apple has fixed zero-day vulnerability, actively used in attacks against iPhones like iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation |
Apple security update fixes new iOS zero-day used to hack iPhones |
Dec 13, 2022 |
(CVE-2022-27518) |
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks |
|
Dec 13, 2022 |
CVE-2022-44698 - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2022-44710 - DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Microsoft's Dec 2022 Patch: fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws |
Microsoft Dec 2022 Patch Tuesday fixes 2 zero-days, 49 flaws |
Dec 13, 2022 |
CVE-2022-27518 |
Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks |
Hackers exploit critical Citrix ADC and Gateway zero day, patched now |
Dec 13, 2022 |
CVE-2022-31703, CVE-2022-31703, CVE-2022-31705 |
VMware released security updates to address a critical-severity vulnerability impacting ESXi, Workstation, Fusion, and Cloud Foundation, and a critical-severity command injection flaw affecting vRealize Network Insight |
|
Dec 14, 2022 |
Security vulnerability CVE-2022-44698 |
Microsoft has fixed a security vulnerability CVE-2022-44698 used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads |
|
Dec 16, 2022 |
The security flaw (dubbed Achilles) tracked as CVE-2022-42821 |
Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions |
Microsoft finds macOS bug that allows malware to bypass security checks |
Dec 16, 2022 |
Windows taskbar flicker issues and app instability |
Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability |
Microsoft fixes Windows taskbar bug causing Explorer, Office freezes |
Dec 20, 2022 |
OWASSRF consists of CVE-2022-41080 and CVE-2022-41082 |
CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA) |
CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations |
Dec 21, 2022 |
Intune enrollment issue in Android and Apple devices |
Microsoft has confirmed today that Samsung and Google have fixed an Intune enrollment issue affecting Galaxy S22 smartphones running Android 13 |
Samsung and Google fix Microsoft Intune Android 13 enrollment issue |
Warnings/Advisories/Reports/Analysis
News |
Summary |
Source Link |
Report |
Vulnerabilities in Hyundai and Genesis mobile apps allow unauthorised users to unlock and start cars. |
|
Report |
The Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to extortion gang Lapsus$ which breached multiple high-profile companies in recent incidents. |
|
Report |
A Florida man was sentenced to 18 months in prison for his involvement in a fraud scheme that used SIM Swapping to steal millions from cryptocurrency investor Michael Terpin. |
SIM swapper gets 18-months jail for involvement in $22 million crypto heist |
Warning |
Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter. |
Microsoft warns of Russian cyberattacks throughout the winter |
Advisory |
Flaw (tracked as CVE-2022-4262) was patched as an actively exploited zero-day bug in the Google Chrome web browser for Windows, Mac, and Linux users. |
CISA orders agencies to patch exploited Google Chrome bug by Dec 26th |
Report |
Apple introduces Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more. |
|
Report |
'CryptosLabs' has stolen up to €480 million ($505 million) from victims in France, Belgium, and Luxembourg, since the launch of its operation in 2018. |
CryptosLabs ‘pig butchering’ ring has stolen up to $505 million since 2018 |
News |
CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during the October ransomware attack. |
CommonSpirit Health ransomware attack exposed data of 623,000 patients |
Analysis |
Indian cybersecurity firm CloudSEK says the threat actor who gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts belonged to a notorious Cyber Security company that is into Dark web monitoring. |
|
Report |
MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets. |
Hacked corporate email accounts used to send MSP remote access tool |
Report |
Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies. |
Threat actor DEV-0139 launches targeted attacks against the cryptocurrency industry over Telegram |
Warning |
The Department of Health and Human Services (HHS) issued a new warning for the country's healthcare organisations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. |
US Health Dept warns of Royal Ransomware targeting healthcare organisations |
Report |
The networks of several local governments in the U.S. have been targeted with the Drokbk malware, allegedly wielded by Iranian government-backed groups exploiting the Log4j vulnerability |
Local governments allegedly targeted with Iranian ‘Drokbk’ malware through Log4j vulnerability |
Warning |
A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems, which are isolated from the internet, over a distance of at least two meters (6.5 ft), where it's captured by a receiver |
Air-gapped PCs vulnerable to data theft via power supply radiation |
Report |
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII). |
|
Report |
After a loss of $420 in a cyber attack, the Port of South Louisiana has hired a cybersecurity firm and plans to create an in-house team to guard against digital breaches at one of the nation's largest ports by volume. |
Port of South Louisiana hires firm, plans own cyber security department after costly hack |
Report |
A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site. |
New GoTrim botnet brute forces WordPress site admin accounts |
Report |
The United States seized dozens of Internet domains and charged six people in a sting intended to bring down a network of cyber-attack-for-hire services. |
US seizes 48 websites in sting against cyber-attack-for-hire services |
Report |
The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m). |
|
Analysis |
A survey has found that nearly half of the UK’s manufacturers (42 per cent) have been victims of cyber crime over the last year. |
42% British manufacturers hit by cyber-attack in the last year |
Report |
A group of cybercriminals allegedly managed to dupe the director of a security services firm of Rs 50 lakh via a fraudulent transfer from his bank account as they made the transaction without asking for a one-time password (OTP). |
|
Report |
A cyberespionage group (tracked as TA453 but also commonly referred to as Phosphorus, Charming Kitten and APT42) aligned with Iran, has been observed to be attacking targets, including medical researchers, an aerospace engineer and even a Florida-based realtor. |
|
Report |
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Window |
Attackers use SVG files to smuggle QBot malware onto Windows systems |
Report |
Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group’s official second-hand and vintage marketplace for LEGO bricks. |
LEGO BrickLink bugs let hackers hijack accounts, breach servers |
Warning |
Microsoft said that Australia’s critical infrastructure such as the energy grid and essential services like sewage treatment plants could be hit by cyber attacks, shutting down operations and threatening lives. |
|
Warning |
Organizations in the food sector are now also targeted in business email compromise (BEC) attacks that aim to steal entire shipments of food, according to a joint advisory issued by several U.S. federal agencies. |
|
Report |
Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems. |
T-Mobile hacker gets 10 years for $25 million phone unlock scheme |
Warning |
A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. |
Microsoft warns of new Minecraft DDoS malware infecting Windows, Linux |
Report |
A California man has been sentenced to 42 months in federal prison for his role in accessing, monitoring and conveying confidential and sensitive information that could be used to identify and locate Twitter users of interest to the Saudi Royal Family. |
Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia |
Report |
The Federal Trade Commission (FTC) says Epic Games, the maker of Fortnite, will pay $520 million to settle allegations of violating children's privacy laws and using dark patterns to trick millions of gamers into making unintentional in-game purchases. |
Epic Games to pay $520 million for privacy violations, dark patterns |
Report |
A hacking group associated with Russia’s Federal Security Service (FSB) unsuccessfully attempted to compromise a large petroleum refining company within a NATO member state in end August. |
|
Report |
According to the unsealed indictment published by the U.S. Department of Justice, two men, Daniel Abayev and Peter Leyman, with the assistance of Russian hackers, breached the JFK taxi dispatch system between September 2019 and September 2021. |
|
Report |
The U.S. Federal Communications Commission proposed today a record-breaking $300 million fine against an auto warranty robocall operation that made billions of calls to more than 550 million phones across the United States. |
FCC proposes record-breaking $300 million fine against robocaller |
Warning |
The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges. |
|
Report |
The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size. |
FIN7 hackers create auto-attack platform to breach Exchange servers |
Report |
The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak. |
Massive Twitter data leak investigated by EU privacy watchdog |
Report |
A threat actor named 'Ryushi' on the breached hacking forum claimed to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability and put data on sale for $200,000. |
Hacker claims to be selling Twitter data of 400 million users |
Report |
Wladimir Palant, a security researcher calls LastPass' recent statement “full of omissions, half-truths and outright lies” |
The LastPass disclosure of leaked password vaults is being torn apart by security experts |