Read the handpicked cybersecurity stories. Know more about the ransomware incidents, data theft, and other cyber attacks affecting organizations worldwide.
- Top 25 Cybersecurity Stories from the previous week
- All Cybersecurity stories reported in the previous week can be read here.
The current page lists all the cybersecurity incidents and happenings for the current week.
UK, US and Canada to collaborate on cybersecurity and AI research
The Ministry of Defence, the US Defense Advanced Research Projects Agency (DARPA) and the Canadian Department of National Defence will collaboratively pursue research, development, test and evaluation technologies for artificial intelligence (AI), cyber, resilient systems and information domain-related technologies.
The collaboration has been driven by the rapid pace of technology development and the future challenges in an ever-changing geopolitical environment. This effort will further leverage relevant research programmes among all nations and reduce duplication of efforts. Read the full story.
AT&T left your data in the cloud until it got hacked, instead of deleting it when it should have
AT&T isn’t having the best year. An SEC filing revealed in July 2024 that the carrier suffered a major data breach, exposing millions of its customers’ call and text records to hackers. In April, T&T also admitted that the data of its customers — specifically from 2019 or earlier — may have been compromised in a data breach.
AT&T allegedly failed to protect customers’ data when its cloud vendor was hacked in January 2023, per a statement from the FCC. Read the full story.
Johnson & Wales University Provides Notice of Data Breach to 22,170 People
On September 19, 2024, Johnson & Wales University (“JWU”) filed a notice of data breach with the Attorney General of Maine after discovering that an unauthorized party accessed its computer network.
In this notice, JWU explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, and financial account information. Upon completing its investigation, JWU began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident. Read the full story.
Vice Society hits healthcare with INC ransomware attacks
Microsoft observed a threat actor, Vice Society, using INC ransomware, a ransomware-as-a-service operation, to target U.S. healthcare organizations. Microsoft Threat Intelligence detailed its findings about Vice Society, which it tracks as Vanilla Tempest, in a series of posts on X, formerly Twitter, on Sept. 18, noting that this was the first time it had seen Vanilla Tempest use INC ransomware to target healthcare.
Microsoft said that Vanilla Tempest receives hand-offs from Gootloader infections by threat actor Storm-0494, and then deploys tools such as the Supper backdoor, the MEGA data synchronization tool and the legitimate AnyDesk remote monitoring tool. Read the full story.
Ivanti patches exploited admin command execution flaw
Ivanti has released the fix for path traversal vulnerability CVE-2024-8963. The fix is out now and should be applied at the earliest possible opportunity, will be the last patch to be backported to this version, Ivanti said. Version 5.0 is the earliest customers can use and still receive ongoing security updates.
Ivanti explained that attackers can abuse the vulnerability to access restricted functionality, and if it’s chained with a separate command injection flaw that was patched earlier this month (CVE-2024-8190, CVSS 7.2), then attackers could execute commands with admin privileges. Read the full story.
Ukraine Bans Telegram on State-Issued Devices
The National Cybersecurity Coordination Center (NCSCC) in Ukraine has issued a strict directive: ban Telegram in government, military, and critical infrastructure sectors. This decisive move follows growing concerns over its vulnerability to cyber espionage, particularly in the context of Russia’s ongoing full-scale war against Ukraine.
Oleksandr Lytvynenko, Secretary of Ukraine’s National Security and Defense Council, didn’t mince words. He stressed the urgency of unifying efforts to safeguard national security and neutralize threats in cyberspace. Read the full story.
CISA Releases Six New Advisories For Industrial Control Systems
The Cybersecurity and Infrastructure Security Agency (CISA) has issued six new advisories concerning industrial control systems (ICS) on September 19, 2024. These advisories highlight critical vulnerabilities in various ICS products, offering crucial information for users to safeguard their systems against potential threats. Read the full story.
Star Health Data Leak: 31 Million Customers’ Data Exposed via Telegram
India’s largest health insurance provider, Star Health, and Allied Insurance, recently experienced a significant data breach, resulting in the exposure of sensitive personal information belonging to more than 31 million customers.
This breach has been facilitated through chatbots on the popular messaging app Telegram. The breach was first discovered by UK-based cybersecurity researcher Jason Parker, who alerted Reuters to Telegram chatbots offering access to Star Health’s customer data. Read the full story.
New FTC report slams social media firms for harmful data use
YouTube, Amazon, Facebook, and other similar tech companies are failing to protect users from privacy intrusion and safeguard children and teens on their platforms, says the US Federal Trade Commission.
In a new staff report, the FTC accuses the companies of not “consistently prioritizing” users’ privacy. According to the agency, the firms also scoop up data en masse to power new AI tools and refuse to confront potential risks to kids. The sprawling 129-page report is based on responses to orders issued back in December 2020 to 9 companies. Read the full story.
“That’s not manly” Russian dictator outraged as Musk ‘remotely disables’ his Cybertruck
Ramzan Kadyrov, leader of Russia’s Chechen Republic, who was seen driving a Cybertruck with a machine gun, has blamed Elon Musk for ‘deactivating’ his vehicle. On Thursday, Kadyrov accused Elon Musk of disabling his Tesla Cybertruck.
“That’s not a nice thing for Elon Musk to do. He gives expensive gifts from the bottom of his heart and then remotely disconnects them,” wrote Kadyrov on his Telegram channel. “That’s not manly. I had to tow the iron horse. How could you do that, Elon? Is that how you do it?” Read the full story.
Cybercrooks strut away with haute couture Harvey Nichols data
High-end British department store Harvey Nichols is writing to customers to confirm some of their data was exposed in a recent cyberattack.
Customers have already received, or are set to receive, letters this week with details of the incident, which exposed their name, company (if provided), phone number, as well as email and home addresses. Highly sensitive information like passwords and financial information isn’t believed to be affected. Read the full story.
New MacOS Malware Let Attackers Control The Device Remotely
A remote access trojan (RAT), HZ RAT, that has been attacking Windows-based devices since at least 2020, was recently upgraded and changed to target Mac users as well.
HZ RAT, a recent addition to the Mac malware family, is a tool that grants an attacker complete remote administration access. This RAT first surfaced on Windows PCs in 2022, and it has now made its way to the Mac. Read the full story.
Data Breach Fallout: Disney Severs Ties after Slack Hack?
The Walt Disney Company is reportedly severing ties with workplace communications platform Slack. The global entertainment firm apparently took this decision after a significant Slack hack earlier this year.
According to Status News, which first reported the move, Disney’s Chief Financial Officer (CFO), Hugh Johnston, has confirmed that most of the entertainment giant’s divisions will stop using Slack later this year. The report states that Hugh Johnston had shared an email to staffers on Wednesday which read, “I would like to share that senior leadership has made the decision to transition away from Slack across the company.” Read the full story.
GitLab Urges Organizations To Patch For Authentication Bypass Vulnerability
GitLab, the popular DevOps platform, has issued a critical security advisory urging organizations to immediately patch their self-managed GitLab instances to address a severe authentication bypass vulnerability.
The flaw tracked as CVE-2024-45409, could allow attackers to gain unauthorized access to GitLab accounts without proper authentication. With a maximum CVSS score of 10.0, this critical flaw affects all GitLab versions from 16.1 through 17.3 prior to the patched releases. GitLab has released security updates addressing the vulnerability in versions 17.3.3, 17.2.7, 17.1.8, 17.0.8, and 16.11.10. Read the full story.
U.S. CISA adds new Ivanti Cloud Services Appliance Vulnerability to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Cloud Services Appliance a path traversal vulnerability CVE-2024-8190 (CVSS score of 9.4) to its Known Exploited Vulnerabilities (KEV) catalog.
Ivanti warned of a new Cloud Services Appliance (CSA) vulnerability, tracked as CVE-2024-8963 (CVSS score of 9.4), actively exploited in attacks in the wild against a limited number of customers. The vulnerability is a path traversal security issue.
A remote unauthenticated attacker could exploit the vulnerability to access restricted functionality. An attacker could chain the issue with the recently disclosed flaw CVE-2024-8190 to bypass admin authentication and execute arbitrary commands on the appliance. Read the full story.
Hacker Claims “Minor” Data Breach at DELL; Leaks Over 10,000 Employee Details
A hacker using the alias “grep” claims that the technology giant Dell has experienced a “minor” data breach, resulting in the theft of over ten thousand (10,863) employee records.
This information was revealed by the hacker on the notorious hacker and cybercrime platform Breach Forums, where the allegedly stolen data was leaked on September 19, 2024. The hacker also claims that the breach occurred earlier this month. Read the full story.
Ransomware Groups Abusing Azure Storage Explorer For Stealing Data
The BianLian and Rhysida ransomware groups have been using Azure Storage Explorer to extract data from compromised systems. This tool, available for various platforms, leverages AzCopy to transfer files from Azure storage, including blobs, shares, and disks.
AzCopy, a command-line utility for transferring data to and from Azure Storage, is commonly used by threat actors to exfiltrate data to Azure Blob Storage, a highly scalable and secure storage solution. Read the full story.
Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
A California city, a Spanish fashion giant, an Indian paper manufacturer, and two pharmaceutical companies are the alleged victims of what looks like a new ransomware gang that started leaking stolen info this week. Brand new cybercrime crew Valencia Ransomware emerged earlier this month.
The alleged victims are the city of Pleasanton, and the crims claim to have stolen 304GB of data from this California municipality; Bangladeshi drugs maker Globe Pharmaceuticals Limited (200MB data); Indian paper manufacturer Satia Industries (7.1GB); Malaysian pharma firm Duopharma Biotech Berhad (25.7GB); and Spanish fashion retailer Tendam, with an unspecified amount of data allegedly stolen. Read the full story.
Suspects behind $230 million cryptocurrency theft arrested in Miami
Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. During a successful attack on August 18, they stole more than 4,100 Bitcoin from a Washington, D.C., victim (worth more than $230 million at the time).
The two defendants, 20-year-old Malone Lam (aka “Greavys,” “Anne Hathaway,” and “$$$”) and 21-year-old Jeandiel Serrano (aka “Box,” “VersaceGod,” and “@SkidStar”) were arrested Wednesday night by FBI agents and appeared in court on Thursday. Read the full story.
Microsoft Edge will flag extensions causing performance issues
Microsoft is testing a new feature in the Edge browser called the “extension performance detector,” which warns you when browser extensions cause performance issues on web pages you visit. When browser extensions are installed, they commonly process pages visited to perform additional functionality.
“However, if you notice some delay in loading pages, this might be due to extensions which run extra lines of web code to personalize the page for you,” reads an announcement from Microsoft about the new feature. Read the full story.
New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails
A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor.
“Threat actors usually try to cast a wide net to maximize their profits, but these attackers are focused on just one country,” Kaspersky said in a new analysis. “It’s likely that the attackers are testing the waters with Italian users before expanding their operation to other countries.” Read the full story.
Iran’s Passive Backdoors Lurk in Middle Eastern Networks
UNC1860, an Iranian state-sponsored threat actor, has emerged as a formidable cyber force in the Middle East. Likely tied to Iran’s Ministry of Intelligence and Security (MOIS), UNC1860 group is known for its specialized tooling and passive backdoors, which enable long-term access to critical networks, including government and telecommunications sectors.
The group’s sophisticated malware controllers—TEMPLEPLAY and VIROGREEN—suggest its role as an initial access provider to target Middle Eastern telecommunications and government networks. Read the full story.
Ivanti Warns of CSA Vulnerability Actively Exploited in Attacks
Ivanti has warned about a critical vulnerability in its Cloud Services Appliance (CSA) 4.6, which has been actively exploited in attacks. The vulnerability, identified as CVE-2024-8963, is a path traversal flaw that allows remote unauthenticated attackers to access restricted functionality.
The affected versions of CSA 4.6 are all versions before Patch 519. Ivanti has released Patch to address the vulnerability, but since CSA 4.6 has reached its end-of-life status, the company strongly recommends upgrading to CSA 5.0 for continued support. Read the full story.
Germany seizes 47 crypto exchanges used by ransomware gangs
German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. The platforms allowed users to exchange cryptocurrencies without following applicable “Know Your Customer” regulations, meaning that users remained completely anonymous when making transactions.
“Among the users are ransomware groups, darknet dealers, and botnet operators who use such services to bring extorted ransom or other criminal proceeds into the regular currency cycle in order to utilize the money obtained through criminal means.” Read the full story.
US Sanctions Intellexa Spyware Network Over Threat to National Security
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on five individuals and one entity associated with the Intellexa Consortium. According to authorities, this group has been linked to developing and distributing spyware technology, posing substantial risks to U.S. national security.
The Intellexa Consortium, an international network of companies based in Europe, has emerged as a prominent organisation in the commercial spyware industry. Known primarily for its invasive “Predator” spyware, Intellexa Consortium has positioned itself as a rival to the NSO Group, the creators of the infamous Pegasus spyware. Read the full story.
17 arrested in takedown targeting phishing service with nearly 500,000 victims
Europol on Thursday said authorities disrupted an international phishing campaign that ensnared 483,000 victims, mainly from Spanish-speaking countries. Law enforcement in Spain, Argentina, Chile, Colombia, Ecuador and Peru last week conducted 17 arrests and seized more than 900 items, including phones, electronic devices, cars and weapons.
The administrator of the phishing platform, an Argentinian national who had operated it for the last five years, is in custody, Europol said. The phishing-as-a-service platform known as iServer had more than 2,000 users, who provided phone unlocking services to other criminals in possession of stolen phones. Read the full story.
Providence public schools still struggling with internet outages after ‘irregular activity’
The school district in Rhode Island’s biggest city is still facing internet outages after discovering “irregular activity” last week. Since September 11, the Providence Public School District (PPSD) has faced a range of issues caused by the shutdown of their network. The district serves more than 20,000 students across 37 schools.
On Tuesday, the Medusa ransomware gang claimed to have been behind an attack on PPSD, but the spokesperson did not address the dark web post. The group drew outrage last year after a ransomware attack on Minneapolis Public Schools caused days of outages and leaked troves of sensitive student information onto the dark web. Read the full story.
UK activists targeted with Pegasus spyware ask police to charge NSO Group
Four UK-based proponents of human rights and critics of Middle Eastern states today filed a report with London’s Metropolitan Police they hope will lead to charges against Pegasus peddler NSO Group.
The activists, who say their comms were snooped on by the autocratic states, assembled their complaint with the help of Global Legal Action Network (GLAN), a non-governmental organization bringing the case to the Met on their behalf. The complaint accuses Q Cyber Technologies, its subsidiary NSO Group and its board members, and private equity firm Novalpina Capital of violating the CMA and NSA. Read the full story.
Hackers deliver popular crypto-miner through malicious email auto replies, researchers say
Cybercriminals compromised email accounts and set up seemingly innocuous automatic replies that contained links to cryptocurrency mining malware, according to a new report.
Researchers from Russian cybersecurity firm F.A.C.C.T. said the novel tactic was used to deliver the Xmrig crypto-miner to workers at Russian tech companies, retail marketplaces, insurance firms and financial businesses. F.A.C.C.T. said it has identified about 150 emails containing Xmrig since the end of May. Read the full story.
FTC: Social media and video streaming companies violate user privacy on ‘vast’ scale
A Federal Trade Commission (FTC) report released Thursday asserts that large social media and video streaming companies are essentially maintaining an all-seeing surveillance apparatus that spies on consumers with few internal controls to regulate how users and non-users’ data is collected, stored and sold.
The report is based on FTC orders for information sent to nine platforms including Meta, Amazon, X, Snap, YouTube and ByteDance, the parent company of TikTok. The orders were sent in 2020 and reflect the companies’ practices between 2019 and 2020 — but the agency said many of the behaviors it covered remain in use today. Read the full story.
Iranian Hackers Sought to Pass Off Pilfered Information to Biden Team
Iranian hackers seeking to influence the 2024 election sent excerpts from pilfered Trump campaign documents to people associated with President Biden’s re-election campaign this summer, but the recipients did not respond, law enforcement officials said on Wednesday.
“Iranian malicious cyberactors” sent unsolicited emails that contained “an excerpt taken from stolen, nonpublic material from former President Trump’s campaign,” officials at the Office of the Director of National Intelligence, the F.B.I. and the Cybersecurity and Infrastructure Security Agency wrote in a joint statement. Read the full story.
Total Tools Australia Leak: 38,000 Customers May Be Affected
Reports today [19th September] indicate that the hardware chain Total Tools has been hit by a data leak that may have compromised data from a reported 38,000 customers. The information leaked is reported to include their credit card numbers, email addresses and log-in details.
Total Tools is owned by Metcash. It lists 122 stores on its website and describes itself as the largest trade tool supplier in Australia. The company became aware of “unusual and suspicious activity” within its IT systems and worked on the leak for a number of days. A third-party forensic cyber specialist has also investigated the breach. Read the full story.
8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach
Almost 8000 claimants are to make up a High Court case against outsourcing firm Capita following the 2023 cyber-attack at the company. Manchester-based Barings Law has slammed the outsourcing giant for its handling of the breach, which occurred in March 2023 and was claimed by the Black Basta ransomware group.
The initial unauthorized access occurred to Capita’s network on or around March 22 and was interrupted by the firm on March 31. Read the full story.
CISA adds 7 vulnerabilities to the KEV catalog
The CISA or the Cybersecurity and Infrastructure Security Agency added 7 new security vulnerabilities to the Known Exploited Vulnerabilities database in the last 2 days. These security threats impact product or service offerings of Microsoft, Adobe, Oracle and Apache.
The remediation date for these vulnerabilities has been set to 8 October and 9 October 2024. You can read about the vulnerabilities in detail on this page.
Chinese spies spent months inside aerospace engineering firm’s network via legacy IT
Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained initial entry using an admin portal’s default credentials on an IBM AIX server.
In an exclusive interview with The Register, Binary Defense’s Director of Security Research John Dwyer said the cyber snoops first compromised one of the victim’s three unmanaged AIX servers in March, and remained inside the US-headquartered manufacturer’s IT environment for four months. Read the full story.
New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide
Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).
The sophisticated botnet, dubbed Raptor Train by Lumen’s Black Lotus Labs, is believed to have been operational since at least May 2020, hitting a peak of 60,000 actively compromised devices in June 2023. Read the full story.
FBI boss says China ‘burned down’ 260,000-device botnet when confronted by Feds
China-backed spies are said to have tore down their own 260,000-device botnet after the FBI and its international pals went after them. A Beijing-run crew called Flax Typhoon had been building the Mirai-based botnet since 2021 and was accused of spying on Taiwanese networks by Microsoft in 2023, although that claim is disputed.
The botnet was controlled by the somewhat misnamed Integrity Technology Group, a Chinese business whose chairman has admitted that for years his company has “collected intelligence and performed reconnaissance for Chinese government security agencies,” FBI Director Christopher Wray said. “We think the bad guys finally realized it was the FBI and our partners that they were up against, and with that realization, they essentially burned down their new infrastructure and abandoned their botnet,” said Wray. Read the full story.
Company listed on Shanghai stock exchange accused of aiding Chinese cyberattacks
Integrity Technology Group (Integrity Tech), also known as Yongxin Zhicheng, is a cybersecurity business named on Wednesday morning by FBI Director Christopher Wray as responsible for running a botnet associated with the hacking group tracked as Flax Typhoon. The company is listed on the Shanghai stock exchange.
A joint cybersecurity advisory, published following Wray’s statements at the Aspen Cyber Summit, accused the company of compromising hundreds of thousands of internet of things (IoT) devices dating back to 2021 — with a MySQL database for controlling the botnet containing over 1.2 million records of compromised devices. Read the full story.
Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware
Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. INC Ransom is a ransomware-as-a-service (RaaS) operation whose affiliates have targeted public and private organizations since July 2023.
Microsoft revealed on Wednesday that its threat analysts have observed the financially motivated Vanilla Tempest threat actor using INC ransomware for the first time in an attack on the U.S. healthcare sector. During the attack, Vanilla Tempest gained network access through the Storm-0494 threat actor, who infected the victim’s systems with the Gootloader malware downloader. Read the full story.
Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group
Censys, a threat hunting and attack surface management platform has released new details regarding the infrastructure of the Iranian cyberespionage group called Fox Kitten using data from a joint Cybersecurity Advisory (CSA) by the FBI, CISA, and DC3. Censys identified a significant number of additional hosts that likely belong to the Fox Kitten infrastructure, expanding the scope of the threat.
In its report, shared with Hackread.com ahead of its publication on Wednesday, Censys illuminated the unique patterns and potentially new indicators of compromise used by Fox Kitten, which is known for targeting organizations worldwide. Read the full story.
Walkie-talkies explode in Lebanon day after deadly pager attack
At least nine people were killed and more than 300 were injured, according to health officials in Lebanon Wednesday after walkie-talkies detonated in a fresh wave of explosions, one day after pager blasts across the country killed at least 12 people.
According to the Lebanese Ministry of Health, more than 300 people were injured in the attack that happened a day after pager explosions were reported yesterday. Read the full story.
UK and allies issue cyber warning over China-backed malicious network
The UK’s cybersecurity agency has urged firms to protect their devices from a China-backed “botnet” of compromised devices which it warned could be used for malicious purposes.
The National Cyber Security Centre (NCSC) issued the warning alongside its Five Eyes counterparts in the US, Canada, Australia and New Zealand. It says a company based in China, with links to the Chinese government, has created and manages a botnet of more than 260,000 compromised devices around the world. Read the full story.
Cencora paid $75m in Bitcoin ransomware: Bloomberg
Cencora, a healthcare solutions provider, paid a total of $75 million to a ransomware group earlier this year, according to Bloomberg. The publicly traded drug distributor, formerly known as AmerisourceBergen, reportedly sent Bitcoin worth $75 million to cyberattackers following a data breach in February.
In the Sept. 18 report, which cited sources familiar with the matter, Bloomberg stated that Cencora sent the hackers BTC in three transactions. The attackers had initially demanded $150 million from the pharmaceutical solutions provider. Read the full story.
Hezbollah pager attack puts spotlight on Israel’s cyber warfare Unit 8200
The mass pager attack against Hezbollah in Lebanon has turned the spotlight on Israel’s secretive Unit 8200, the Israel Defense Forces’ intelligence unit, which a Western security source said was involved in planning the operation.
Israeli officials have remained silent on the audacious intelligence operation that killed 12 people on Tuesday and wounded thousands of Hezbollah operatives. At least one person was killed on Wednesday when hand-held radios used by Hezbollah detonated. Read the full story.
Mt. Carmel Behavioral Healthcare Announces Data Breach Resulting from Email Phishing Attack
On August 30, 2024, Mt. Carmel Behavioral Healthcare LLC (“MCBH”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party accessed an employee email account.
MCBH explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, addresses, medical record numbers, patient account numbers, health insurance information, and medical information. Read the full story.
FBI says it recently dismantled a second major China-linked botnet
The FBI led an operation last week to disrupt a global botnet with connections to the Chinese government, bureau Director Christopher Way said Tuesday. A group tracked as Flax Typhoon infected “hundreds of thousands” of devices worldwide as part of an operation to compromise organizations and exfiltrate data.
Flax Typhoon is associated with Integrity Technology Group, a Chinese company that has publicly acknowledged its connections to China’s government, Wray said. Flax Typhoon infected internet of things (IoT) hardware like “cameras, video recorders and storage devices”. Read the full story.
Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’
Popular Russian antivirus developer Dr.Web said it has resumed operations after suffering a security breach over the weekend. In a statement on Tuesday, the company said that the cyberattack was successfully “repelled” and “none of the Dr.Web users were affected.”
The company said earlier this week that it suffered “a targeted cyberattack” on its infrastructure, forcing Dr.Web to disconnect all resources from the network during the investigation. Because of the attack, the company couldn’t update its virus and malware database for several days. Read the full story.
Chrome extension hides malware to steal crypto: new operation uncovered
A crude malicious Chrome extension for stealing personal data and crypto can slip through malware detection systems, despite its simplicity. The threat actor developed a simple information stealer in the form of a browser extension on Chrome Web Store called SpiderX. Despite obvious malicious intent, it has not yet been detected by antivirus software.
SpiderX is capable of gathering plaintext login information, taking screenshots, and tracking browsing history. The threat actor created an infrastructure containing dozens of malicious internet addresses and WhatsApp accounts to lure victims into downloading the extension. Read the full story.
Hezbollah’s Pager Explosions Trigger Questions of Similar Threat to Smartphones
A chilling incident unfolded in Lebanon on September 17, 2024, when hundreds of pagers used by Hezbollah members exploded simultaneously, resulting in nine deaths and leaving nearly 3,000 injured (at the time of publishing this report).
Hezbollah’s pager explosions episode raises concerns about the potential risks posed to more modern devices like smartphones. While the attack on pagers shocked many, it raises the question of smartphones being vulnerable to similar attacks. Read the full story.
Australia Arrests Mastermind Behind Global Crime App, Ghost
The Australian Federal Police (AFP) have arrested and charged a 32-year-old man for creating and managing Ghost, an encrypted communication platform allegedly built to serve the criminal underworld. About 700 AFP officers executed search warrants across four states and territories, marking the ‘Operation Kraken’.
In Australia alone, Operation Kraken led to 38 arrests, the execution of 71 search warrants, and the seizure of over 200 kilograms of illicit drugs and 25 weapons. Read the full story.
DDoS attacks in the Gulf countries surge by 70% since the start of the year
Positive Technologies has unveiled comprehensive research on the shadow market of cybercriminal services targeting the Gulf countries. According to the research, cybercriminals remain focused on the two largest economies in the region – the UAE (40% of all posts) and Saudi Arabia (26%).
Amid geopolitical tensions, hacker groups have ramped up calls for DDoS attacks and breaches to disrupt government institutions in the region. In the first half of 2024, the number of reports on the results of DDoS attacks on the dark web surged by 70% compared to the same period in 2023. Read the full story.
Sydney-based Compass Group confirms Medusa ransomware attack
The McMahons Point-headquartered Compass Group has confirmed it has fallen victim to a significant ransomware attack after the Medusa ransomware gang listed it as a victim on its darknet leak site overnight.
Medusa claimed to have stolen 785.5 gigabytes of data and is threatening to publish it within eight days. Medusa is demanding US$2 million to delete the data, or the same amount for anyone to purchase it. The ransom deadline can also be extended by one day for US$100,000. Read the full story.
AT&T faces second class-action lawsuit over April data breach
Dallas-based AT&T continues to bear the consequences of its massive April 2024 data breach with a second-class action lawsuit that was filed against the company in the U.S. District Court for the Northern District of Texas Friday.
The plaintiff, Cindy Wallace of Illinois, has been an AT&T wireless customer for 20 years, according to the filing. The lawsuit says Wallace brought the suit against the telecommunications giant “for their failure to properly secure and safeguard” customers’ private information, including phone call and text message records. Read the full story.
Chrome build 129 released in the stable channel
Chrome build 129 was released for Windows, Mac and Linux computers on 17 September. The latest stable channel update addresses 9 security vulnerabilities.
Out of the 6 publicly disclosed vulnerabilities fixed in Chrome 129, there is one HIGH severity vulnerability, 3 MEDIUM severities and 2 LOW severity vulnerabilities. Read the full story.
CISA updates the KEV database with Microsoft vulnerability
The CISA had added 2 security vulnerabilities to the KEV database on 16 September 2024. CVE-2024-43461 is a CVSS 8.8 threat affecting Windows MSHTM. It could cause Platform Spoofing attacks.
CVE-2024-6670 is a CRITICAL (CVSS 8.8) vulnerability that affects Progress WhatsUp Gold. Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user’s encrypted password if the application is configured with only a single user. Read the full story.
T-Mobile’s VM logs allegedly leaked in 20 GB Capgemini data breach
A cyber criminal has claimed to have exfiltrated sensitive data, including T-Mobile’s virtual machine (VM) logs, from French IT services firm Capgemini.
The perpetrator – who goes by the name ‘greb’ – gained access to Capgemini’s network earlier this month. The attacker claims they were able to steal 20 GB of data, including a number of databases, source code, private keys, employee information, threat reports, API keys, and credentials. Read the full story.
Temu denies breach after hacker claims theft of 87 million data records
Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information.
Temu says it has examined and cross-checked the data samples with its database, but no matches were found. A threat actor using the moniker ‘smokinthashit’ claimed to have stolen a database with 87 million records from Temu and attempted to sell it to other cybercriminals. Read the full story.
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability.
Also addressed by VMware is a privilege escalation flaw in the vCenter Server (CVE-2024-38813, CVSS score: 7.5). Broadcom said it’s not aware of malicious exploitation of the two vulnerabilities, but has urged customers to update their installations to the latest versions to safeguard against potential threats. Read the full story.
AT&T to pay $13 million FCC settlement for 2023 data breach
AT&T has agreed to pay $13 million to resolve a Federal Communications Commission (FCC) investigation. The investigation centered on a January 2023 incident where hackers infiltrated the cloud environment of an AT&T vendor and stole troves of customer information.
The FCC was looking into whether AT&T did enough to stop the attack and more generally keep customer data safe. AT&T agreed to the $13 million settlement and entered into a consent decree that forces the company to “strengthen” its data governance practices, “increase its supply chain integrity” and ensure that there are procedures around the handling of sensitive data. Read the full story.
Access Sports Data Cyber Attack, 88,000+ Users Data Impacted
Access Sports Medicine & Orthopaedics, a leading sports medicine and orthopedics provider, has reported a significant data breach. The breach, which was detected on May 10, 2024, has resulted in the unauthorized access and acquisition of sensitive data belonging to over 88,000 users.
While there is currently no evidence that the stolen data has been misused, Access Sports is taking proactive steps to notify affected individuals and provide resources to help protect against potential misuse. Read the full story.
How did Israel’s Mossad plan the Hezbollah pager cyberattack? Here’s what we know so far
The Israeli Mossad is now said to be behind Tuesday’s wide-scale cyberattack against Hezbollah. Thousands of handheld pagers were simultaneously detonated in the highly coordinated attack killing more than a dozen members and injuring thousands more. Apparently, the encrypted pagers currently in use by Hezbollah members were brand new models and bought in bulk for hundreds of members just a few months ago.
Mossad agents were able to get a hold of the communication devices “before they were handed over” to Hezbollah. Once the devices were in the Mossad’s possession, the spy agency “rigged the pagers with PETN (Pentaerythritol tetranitrate) explosives before they were imported to Lebanon,” now confirmed by the New York Times. Read the full story.
Hacker targets NASA, faces 300+ years behind bars
Song Wu, 39, ran a spear phishing campaign for many years to obtain some of the US’s most coveted information through NASA. Given that Wu worked for a Chinese state-owned aerospace corporation, Wu may have orchestrated this spear phishing campaign to steal software and source code that could later be used to build sophisticated missiles and other weapons for the state.
Wu emailed people employed in the United States government, NASA, the US Air Force, the Navy, the Army, and the Federal Aviation Administration, as well as various research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio. If found guilty, this cybercriminal faces a heavy penalty. He could face almost 300 years on the 14 counts of wire fraud alone. Read the full story.
Aramark Provides Notice of myPay Data Breach Affecting an Unknown Number of Employees
On September 10, 2024, Aramark filed a notice of data breach with the Attorney General of Massachusetts after discovering that hackers were able to obtain confidential employee information in the company’s possession.
Aramark explains that the incident resulted in an unauthorized party being able to access employees’ sensitive information, which includes their names, addresses, direct deposit details, and Social Security numbers. Upon completing its investigation, Aramark began sending out data breach notification letters to all the impacted individuals. Read the full story.
CISA urges software devs to weed out XSS vulnerabilities
CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping.
The cybersecurity agency also urged executives of technology manufacturing companies to prompt formal reviews of their organizations’ software to implement mitigations and a secure-by-design approach that could eliminate XSS flaws entirely. Read the full story.
Meta blocks RT and other Russian state media; Kremlin says it’s ‘unacceptable’
Meta banned Russian state-owned media accounts — including RT — from its social media platforms late Monday, an action the Kremlin called “unacceptable.” The owner of Facebook, Instagram and WhatsApp said it made the move because Russian state media networks engage in deceptive influence operations, likely aimed at amplifying Moscow’s propaganda online.
Kremlin spokesman Dmitry Peskov said during a press conference on Tuesday that Russian authorities “have an extremely negative attitude” toward Meta’s decision. Read the full story.
Rhysida ransomware gang ships off Port of Seattle data for $6M
The trend of ransomware crews claiming to sell stolen data privately instead of leaking it online continues with Rhysida marketing the data allegedly belonging to Port of Seattle for 100 Bitcoin (around $5.9 million).
Seen amongst the data the crims say they stole from Port of Seattle were full names, social security numbers, dates of birth, home addresses, phone numbers, heights and weights, hair and eye colors, signatures, and passport scans. Read the full story.
Apple Urges Users to Install iOS 18 to Fix 33 iPhone Vulnerabilities
According to Apple, iOS 18 has fixed 33 significant vulnerabilities that could have otherwise exposed millions of iPhone users to security risks. These flaws, if left unpatched, could have allowed hackers to gain access to sensitive personal data, control device functions, or even exfiltrate critical information.
While Apple has patched these vulnerabilities, it’s critical for iPhone users to update their devices immediately to stay protected. Read the full story.
Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals
People with symptoms of sensitive medical conditions, including cancer and sexually transmitted infections, are among almost a million individuals who had their personal information published online following a ransomware attack that disrupted NHS hospitals in London earlier this year, according to an analysis shared with Recorded Future News.
The examination by CaseMatrix, a company that works with legal firms to support claimants in data breach lawsuits, is the first public assessment of how many individuals might be affected by the cyberattack. CaseMatrix says more than 900,000 individuals have been caught up in the extortion attempt.
Neither NHS England nor Synnovis — both of whom are legally responsible for protecting patients’ information — have provided their own counts of people impacted by the cyberattack. Read the full story.
RansomHub Ransomware Gang Leaks 487GB of Alleged Kawasaki Europe Data
The notorious RansomHub ransomware group has leaked 487 gigabytes of data it allegedly stole from Kawasaki Motors Europe (KME). This cyberattack was publicly disclosed by Kawasaki last week, though the company emphasized that the attack had not been successful in its aims.
As seen by the Hackread.com research team, among the exposed files are critical business documents, including financial information, banking records, dealership details, and internal communications. Read the full story.
Pro-Ukraine hackers claim attack on agency that certifies digital signatures in Russia
The Russian federal organization that certifies digital signatures used by local businesses and individuals is still recovering from a cyberattack that disrupted its services last week.
The hackers claimed to compromise the infrastructure of the agency, known as Osnovanie (“Foundation” in Russian), and defaced its websites. The attackers did not identify themselves, but Ukraine’s military intelligence agency, HUR, claimed responsibility at the end of the week. Read the full story.
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users
Cryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and steal sensitive data a user copies, including replacing cryptocurrency addresses with those under an attacker’s control. Read the full story.
U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation
The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator.
“The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith. Read the full story.
Chinese Hacker Targeted NASA, U.S. Military to Steal Critical Software
The U.S. Department of Justice announced the indictment of Song Wu, a Chinese national, on charges of wire fraud and aggravated identity theft. Wu is accused of carrying out an advanced phishing campaign to steal specialized software and source code created by the National Aeronautics and Space Administration (NASA) and other critical U.S. aviation agencies.
According to U.S. Attorney Ryan K. Buchanan, Song Wu engaged in a multi-year spear phishing campaign, targeting individuals in key positions across U.S. government agencies, including NASA, the Air Force, Navy, Army, and the Federal Aviation Administration. Read the full story.
CISA warns of Windows flaw used in infostealer malware attacks
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group.
The vulnerability (CVE-2024-43461) was disclosed during this month’s Patch Tuesday, and Microsoft initially classified it as not exploited in attacks. However, Microsoft updated the advisory on Friday to confirm that it had been exploited in attacks before being fixed. Read the full story.
Sibanye-Stillwater Mining Company Confirms Data Breach Exposing Information of 7,258 Employees
Sibanye-Stillwater, a mining company and the operator of the only platinum and palladium mines in the U.S., has confirmed a data breach of its systems which has impacted thousands of its employees. The firm suffered a cyberattack which was discovered in July, 2024, though the attack took place in June.
The StillWater data breach has compromised sensitive personal information belonging to 7,258 employees, the company stated. In its mandatory disclosure to the Maine Attorney General, StillWater Mining said that it launched a thorough investigation by external cybersecurity experts and confirmed the data breach on August 19. Read the full story.
Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers
Security researchers revealed this week that a critical remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) could have allowed attackers to run malicious code on millions of Google’s servers. The flaw, dubbed “CloudImposer” by Tenable Research, has since been patched by Google.
The vulnerability was discovered in GCP’s Cloud Composer service, a managed workflow orchestration tool based on Apache Airflow. It stemmed from a risky package installation process that left the service open to dependency confusion attacks. Read the full story.
Seattle-Tacoma Intl. Airport taunted by Rhysida ransomware gang over 100 bitcoin
It’s been over three weeks since the still struggling Seattle-Tacoma International Airport was hit by a massive cyberattack on August 24th. Now, the Rhysida ransomware gang has come forward demanding 100 bitcoin to release its encrypted files. Will they pay?
The gang has ceremoniously given the Port a seven-day countdown to pay a 100 bitcoin ransom demand, the equivalent of about $5.82 million before it offers up the stolen data to other criminals. SEA addressed the ransomware claim in an September 13th update posted on social media and on its interim Port of Seattle website.
“The Port has refused to pay the ransom demanded, and as a result, the actor may respond by posting data they claim to have stolen on their dark website,” SEA said about Rhysida’s post on Friday. Read the full story.
Work from home scrapped for Amazon employees
From January 2025, Amazon employees are expected to return to the office five days a week. The move from remote to in-office work has been slowly taking place over the past 15 months, as Amazon employees have been told to return to their desks for at least three days per week.
“Our expectation is that people will be in the office outside of extenuating circumstances or if you already have a remote work exception approved,” Jassy said. The move to almost exclusively work from the office environment has been initiated to improve collaboration and connection and “deliver the absolute best for customers and the business.” Read the full story.
German radio station forced to broadcast ’emergency tape’ following cyberattack
Radio Geretsried, a local station in Germany, has blamed “unknown attackers from Russia” after an apparent ransomware incident left it broadcasting music from emergency backups.
The attack is the latest incident to disrupt a German organization. According to a statement on Radio Geretsried’s website, the cyberattack took place on Sunday night with the hackers encrypting “all music files and are demanding a large ransom from the station.” Read the full story.
Critical Vulnerabilities Impact Millions Of D-Link Routers: Patch Now!
In a significant security alert, millions of D-Link routers are at risk due to critical vulnerabilities that have been discovered in several models, including the DIR-X5460 and DIR-X4860. These vulnerabilities could allow remote attackers to execute arbitrary code.
The vulnerabilities, identified by CVE IDs ranging from CVE-2024-45694 to CVE-2024-45698, have been classified as critical, with CVSS scores as high as 9.8. Read the full story.
Report: emissions from data centers 662% higher than officially claimed
According to the calculations of the British news organization, from 2020 to 2022 the real emissions from the company-owned data centers of Google, Microsoft, Meta, and Apple are likely about 662% (7.62 times) higher than officially reported.
Still, all five tech giants have been claiming carbon neutrality, even though Google admitted in its 2020 environmental report that the company’s emissions surged nearly 50% compared to 2019. The company’s total data center electricity consumption grew 17% in 2023 alone. Read the full story.
North Korea’s Lazarus Group has $5M frozen in stablecoins
North Korea’s Lazarus Group has had nearly $5 million frozen by stablecoin issuers following an independent investigation by a blockchain sleuth. ZachXBT, a prominent blockchain investigator, reported that all four stablecoin issuers – Tether, Circle, Paxos, and Techteryx – have frozen the funds after his investigation, which was published in April.
The frozen funds now total almost $7 million, including additional amounts frozen by various exchanges. In April, ZachXBT published research on more than 25 hacks targeting companies and individuals in the crypto industry between August 2020 and October 2023. He traced the stolen funds to accounts on peer-to-peer marketplaces where the Lazarus Group allegedly exchanged the crypto for fiat currency. Read the full story.
UK convenes global coalition to boost cyber skills and tackle threats
The UK will convene leading nations including the US and EU for talks on how to tackle the growing threat of cyber-attacks, as new figures show nearly half of British businesses do not have the skills needed to protect against cyber-crime.
Over the next three days countries including the EU member states, Canada, Japan and international organisations such as the World Economic Forum (WEF) and the Organisation for Economic Co-operation and Development (OECD), will discuss how global cyber security workforces can be strengthened, from agreeing ways to boost cyber skills to developing new professional standards. Read the full story.
Lehigh Valley Health Network Data Breach Lawsuit Settled for $65 Million
A $65 million settlement has been agreed to resolve a class action data breach lawsuit against Lehigh Valley Health Network (LVHN) that will see plaintiffs compensated for having nude photographs and other sensitive data stolen and published on the dark web.
In February 2023, LVHN in Pennsylvania confirmed it had fallen victim to a Blackcat ransomware attack. The attack was detected on February 6, 2023. If agreed, the plaintiffs’ attorneys will receive around one-third of the settlement – approximately $21.5 million – and after legal costs have been covered, the plaintiffs’ and class members’ compensation will be paid. Read the full story.
Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day
Microsoft has raised the alarm on a second Windows vulnerability, CVE-2024-43461. that was exploited as a zero-day to execute code through the disabled Internet Explorer browser.
On Friday, the tech giant updated its advisory for CVE-2024-43461 to warn that the vulnerability was exploited in attacks prior to July 2024 along with CVE-2024-38112, another MSHTML spoofing flaw. Customers should install both the July 2024 and September 2024 security updates to fully protect themselves,” Microsoft notes. Read the full story.
88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack
The New Hampshire-based orthopedics services provider, Access Sports Medicine & Orthopaedics, said it discovered suspicious activity on its network on May 10, 2024. An investigation showed that there had been unauthorized access to files storing personal and health information.
The organization told the Maine Attorney General’s Office last week that the data breach impacts just over 88,000 individuals. Access Sports said the exposed information includes names, Social Security numbers, dates of birth, financial information, medical information, and health insurance information. Read the full story.
Apple Suddenly Drops NSO Group Spyware Lawsuit
Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability data and difficulties in acquiring essential information from the spyware vendor.
The case, originally filed in 2021 in the U.S. District Court for the Northern District of California, sought to to hold NSO Group accountable for hacking into Apple’s iOS platforms with so-called zero-click exploits to spy on researchers, journalists, activists, dissidents, academics, and government officials. Read the full story.
FBI Issues Warning About BEC Attacks as Losses Increase to $55.5 Billion
The Federal Bureau of Investigation (FBI) has issued a warning to businesses about business email compromise (BEC) scams, which have resulted in losses of almost $55.5 billion over the past decade. These attacks commonly start with phishing attempts with social engineering techniques used to compromise email accounts. Accounts may also be accessed using stolen credentials or through computer intrusions.
According to the FBI’s Internet Crime Complaint Center (IC3), between October 2013 and December 2023, more than 305,000 domestic and international BEC incidents have been reported. Read the full story.
Hacker Claims Breach of UK’s Experience Engine, Data Sold Online
The notorious IntelBroker hacker has claimed responsibility for breaching Experience Engine, a UK-based company that provides experiential marketing and promotional staffing services. The hacker is now selling the allegedly stolen data on Breach Forums, demanding payment in Monero (XML) cryptocurrency to remain anonymous and untraceable.
According to IntelBroker, the breach occurred in September and involves a trove of sensitive data. The hacker is also offering to sell entire .bak database files. Read the full story.
Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks
The notorious Medusa ransomware group has been exploiting a critical vulnerability, tracked as CVE-2023-48788, in Fortinet’s FortiClient EMS software to launch sophisticated ransomware attacks. The SQL injection flaw allows attackers to execute malicious code on vulnerable systems.
CVE-2023-48788 impacts environments that have FortiClient EMS, versions 7.2 to 7.2.2 and 7.0.1 to 7.0.10, installed to manage endpoints,” Bitdefender said. Read the full story.
Kawasaki’s European arm restores operation after cyberattack claimed by Ransomhub
Japanese motor vehicle giant Kawasaki said its European offices are in the process of recovering from a cyberattack that has caused a range of issues over the last week. The company faced a ransomware attack by RansomHub.
“[Kawasaki Motors Europe] and its country Branches operate a large number of servers and, as a precaution, it was decided to isolate each one and put a cleansing process in place whereby all data was checked and any suspicious material identified and dealt with,” the company said. Read the full story.
Australia Faces Surge in Data Breaches to Highest Level in 3.5 Years
The Office of the Australian Information Commissioner (OAIC) has released new statistics revealing that the first half of 2024 saw the highest number of data breach notifications in three and a half years.
From January to June 2024, the OAIC report stated that it received 527 notifications of data breaches—a notable increase of 9% compared to the previous six months and the highest since the second half of 2020 in Australia. While 63% of breaches affected 100 or fewer individuals, there was one incident involving a staggering 12.9 million Australians. Read the full story.
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
The nation’s top cyber watchdogs urged federal agencies to either remove or upgrade an Ivanti appliance that is no longer being updated and has been exploited in attacks.
The technology company updated an advisory on Friday warning that a “limited number of customers” were breached through the exploitation of CVE-2024-8190. CISA ordered all federal civilian agencies to remove CSA 4.6. from service or upgrade to the 5.0. by October 4. Read the full story.
23andMe pledges $30 million to the 6.4 million people affected by data breach
Genetic testing giant 23andMe will pay $30 million to more than six million people affected by a data breach that occurred in October 2023. The company settled dozens of lawsuits that arose from an incident.
Dozens of lawsuits filed across the country were consolidated and a mediator’s proposal of $30 million was accepted in July. A company named Verita has been appointed the claims administrator and will manage the financial disbursements. Read the full story.
Australian Law Firms Failing to Protect Against Cyber Threats, Report Reveals
The 2024 report highlights a notable rise in cyberattacks on Australian law firms. Specifically, 21% of respondents reported being targeted by cybercriminals in the past year—a 7% increase from the previous year. The prevalence of phishing attacks is particularly alarming, impacting 81% of the firms surveyed, marking a 14% increase from the year before.
Despite these online threats, there remains a gap in cybersecurity readiness among legal firms. The report indicates that 18% of firms feel their current protective measures are inadequate, while 26% are unsure about their defense capabilities. Read the full story.
Beware of Fake AppleCare+ Service that Steals Money from Users
A malicious campaign targeting Mac users seeking support or extended warranty services through AppleCare+ has been uncovered.
This scam involves perpetrators purchasing Google ads to lure victims into visiting fraudulent websites hosted on GitHub, a platform owned by Microsoft. Users who click these deceptive ads are redirected to a fake AppleCare+ customer service page. This page invites users to call a toll-free number, purportedly belonging to Apple. Read the full story.
Threat Actor 888 Allegedly Claims Leak of SAP Employees Data
A Twitter account known as DarkWebInformer has claimed that a notorious hacker, identified only by the alias “888,” has allegedly leaked sensitive data belonging to SAP employees.
The leak reportedly includes sensitive information of approximately 2,600 employees, such as names, email addresses, and job titles. The authenticity of the claims remains unverified, and SAP has yet to release an official statement addressing the situation. Read the full story.
FBI tells public to ignore false claims of hacked voter data
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. The two agencies note that malicious actors are spreading disinformation to manipulate public “opinion and undermine confidence in U.S. democratic institutions.” “Malicious actors continue to spread false or misleading information in an attempt to manipulate public opinion and undermine confidence in U.S. democratic institutions,” the announcement reads. Read the full story.
Kawasaki Europe Confirms Cyber Attack, RansomHub Claims Responsibility
Kawasaki Motors Europe (KME) has officially confirmed it was the target of a cyberattack in early September, causing temporary disruptions to its operations. The company stated that while the attack was “not successful,” it resulted in the isolation of its servers as a precautionary measure. In a statement released on September 12, KME explained that its IT department, along with external cybersecurity experts, spent the following week meticulously checking and cleansing all servers before reconnecting them to the corporate network. By the start of this week, over 90% of KME’s server functionality had been restored. However, the RansomHub threat group added Kawasaki to its dark web extortion portal on September 5, alleging the theft of 487 GB of data from the company’s networks. Read the full story.
Port of Seattle Confirms August Cyberattack by Rhysida Ransomware
The Port of Seattle has confirmed that the Rhysida ransomware gang orchestrated the cyberattack that disrupted its systems and operations in late August. According to the Port’s statement, the Rhysida attackers gained unauthorized access to certain parts of their computer systems and encrypted some data. This led to disruptions in various airport services, including baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger display boards, and the Port’s website and mobile app. Despite the severity of the attack, the Port has refused to pay the ransom demanded by the Rhysida gang. Read the full story.
Brunswick psychiatric hospital in New York latest ransomware victim
The Brunswick Hospital Center, an inpatient treatment facility in Long Island, New York is claimed by the ThreeAM (3AM) ransomware group. The fairly new ransomware group posted the acute care psychiatric hospital on their dark leak blog on Thursday, stating that “files would be available soon.” No other information was listed about the alleged attack, such as how much or what type of sensitive data may have been exfiltrated from the hospital’s network systems. Read the full story.
Related Cybersecurity Stories
- Top 25 Cybersecurity Stories from the previous week
- All Cybersecurity stories reported in the previous week can be read here.
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.