10 January 2023
2022
The global average cost of a data breach reaches an all-time high of $4.35 million
https://www.helpnetsecurity.com/2022/07/27/2022-cost-of-a-data-breach-report/
Excerpt:
“IBM Security released the 2022 Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations.”
T-Mobile to pay $500M for one of the largest data breaches in US history [Updated]
Ashley Belanger
https://arstechnica.com/tech-policy/2022/07/t-mobile-to-pay-500m-for-one-of-the-largest-data-breaches-in-us-history/
Excerpt:
“When T-Mobile compromised the sensitive personal information of more than 76 million current, former, and prospective customers in 2021, plaintiffs involved in a class action lawsuit complained that the company continued profiting off their data while attempting to cover up “one of the largest and most consequential data breaches in US history.”
Ransomware group targets Italian tax agency
AJ Vicens
https://www.cyberscoop.com/lockbit-italy-tax-agency-ransomware/
Excerpt:
“Italian authorities are investigating the theft of roughly 78 gigabytes of data stolen from Italy’s tax agency, l’Agenzia delle Entrate, the Italian news agency ANSA reported Monday.”
The Unsolved Mystery Attack on Internet Cables in Paris
Matt Burgess
https://www.wired.com/story/france-paris-internet-cable-cuts-attack/
Excerpt:
“On April 27, an unknown individual or group deliberately cut crucial long-distance internet cables across multiple sites near Paris, plunging thousands of people into a connectivity blackout. The vandalism was one of the most significant internet infrastructure attacks in France’s history and highlights the vulnerability of key communications technologies.”
An Entire Canadian Town Is Being Extorted By Ransomware Cyber Criminals
Lane Babuder
https://amp.hothardware.com/news/entire-canadian-town-extorted-ransomware-cyber-criminals
Excerpt:
“Ransomware attacks have been on the rise. This time around, the small Ontario, Canada town of St. Marys has been targeted. The ransomware organization behind the attack seems to be LockBit. So far though, no ransom has been paid. The town itself claims that most city functions are still operational and staff are still working and getting paid.”
A database containing data of 5.4 million Twitter accounts available for sale
Pierluigi Paganini
https://securityaffairs.co/wordpress/133593/data-breach/twitter-leaked-data.html
Excerpt:
“A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.”
Google pulls malware-infected apps in its Store, over 3 million users at risk
Jessica Lyons Hardcastle
https://www.theregister.com/2022/07/19/google_malware_apps/
Excerpt:
“Google pulled 60 malware-infected apps from its Play Store, installed by more than 3.3 million punters, that can be used for all kinds of criminal activities including credential theft, spying and even stealing money from victims.”
US government agencies spent taxpayer money to buy your location data — what you need to know
Anthony Spadafora
https://www.tomsguide.com/news/us-government-agencies-spent-taxpayer-money-to-buy-your-cell-phone-data-what-you-need-to-know
Excerpt:
“A shocking new report(opens in new tab) from the ACLU has revealed how several government agencies purchased smartphone location data in effort to bypass the Fourth Amendment rights of US citizens.”
10,000 organisations targeted by phishing attack that bypasses multi-factor authentication
Graham Cluley
https://www.tripwire.com/state-of-security/featured/10000-organisations-targeted-by-phishing-attack-that-bypasses-multi-factor-authentication/
Excerpt:
“Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences.”
PayPal-themed phishing kit allows complete identity theft
Zeljka Zorz
https://www.helpnetsecurity.com/2022/07/14/paypal-themed-phishing-kit/
Excerpt:
“Sometimes phishers are just after your username and password, but other times they are after every scrap of sensitive information they can extract from you. To do that, they use tools like the phishing kit recently analyzed by Akamai researchers.”
Hackers Say They Can Unlock and Start Honda Cars Remotely
Lorenzo Franceschi-Bicchierai
https://www.vice.com/en/article/z34xnw/hackers-say-they-can-unlock-and-start-honda-cars-remotely
Excerpt:
“Hackers could unlock and remotely start virtually all models of Honda cars, according to security researchers.”
Healthcare organizations targeted with Maui ransomware
Zeljka Zorz
https://www.helpnetsecurity.com/2022/07/07/healthcare-maui-ransomware/
Excerpt:
“A less known ransomware threat dubbed Maui has been and is likely to continue hitting healthcare organizations, a new CISA alert warns.”
Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH
Ravie Lakshmanan
https://thehackernews.com/2022/07/ukrainian-authorities-arrested-phishing.html
Excerpt:
“The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a campaign aimed at capitalizing on the ongoing conflict.”
AstraLocker ransomware shuts down and releases decryptors
Sergiu Gatlan
https://www.bleepingcomputer.com/news/security/astralocker-ransomware-shuts-down-and-releases-decryptors/
Excerpt:
“The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they're shutting down the operation and plan to switch to cryptojacking.”
Official British Army Twitter and YouTube accounts hijacked by NFT scammers
Graham Cluley
https://www.bitdefender.com/blog/hotforsecurity/official-british-army-twitter-and-youtube-accounts-hijacked-by-nft-scammers/
Excerpt:
” Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers yesterday.”
Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web
Danny Palmer
https://www.zdnet.com/article/giant-data-breach-leaked-personal-data-of-one-billion-people-has-been-spotted-for-sale-on-the-dark-web/
Excerpt:
“Sensitive personal information about over a billion people has apparently been leaked from a government agency and put up for sale on the dark web, in what would be one of the biggest data breaches in history.”