Biggest Cyber Attacks, Data Breaches & Ransomware Attacks in June 2024

Date: 1 July 2024

Featured Image

Ticketmaster, Synnovis and the NHS UK, Advance Auto Parts, Los Angeles Unified School District, Cylance, Neiman Marcus, AMD and Ascension Healthcare. These are the names of organisations that have been severely impacted by cybercrime in June 2024. The month has seen some of the cruelest ransomware attacks, to say the least. And these attacks are, sadly, just the tip of the cyber crime iceberg. 

We've covered all the data breaches, cyber attacks and ransomware attacks that made it to the headlines in June 2024. The idea as always is merely to educate readers about the consistent and perpetual spike in cyber crime every day. If there was a warning bell for focussing on cyber resilience with a vengeance, consider this month's list of attacks as one.  

  1. Ransomware Attacks in June 2024
  2. Data Breaches in June 2024
  3. Cyber Attacks in June 2024
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in June 2024

The wave of sophisticated cyber attacks in June 2024 has underscored a stark reality: every organisation, regardless of size or sector, faces a massive threat from cyber crime. In the past month, cyber criminals have targeted critical infrastructure, healthcare systems and financial systems, literally sparing nobody.

It's more than apparent now, that all it takes is a single vulnerability, in your network or your third-party vendors', to create crippling consequences within moments. Another lesson to be learnt this month? The cost of inadequate preparation extends way beyond financial loss.

Now more than ever, robust cyber security measures are imperative to safeguarding your business, your reputation, sensitive customer data and even human lives in some cases. Having a solid Cyber Incident Response Plan is an absolute essential today. It will help you ensure swift containment and mitigation of cybersecurity incidents, minimising potential damage and downtime.

Rehearsing these plans regularly via scenario-based cyber crisis tabletop exercises is equally critical. These cyber attack simulation exercises will give your key stakeholders the vital practice required for executing response strategies that work and are also in compliance with regulatory requirements. This proactive approach will not just strengthen your cyber resilience but greatly improve your readiness to navigate the complex landscape of current cyber threats.

Ransomware Attacks in June 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

June 02, 2024

Telecom giant Frontier Communication

Cyber attack on telecom giant Frontier claimed by RansomHub

RansomHub

The RansomHub operation posted Frontier Communications to its leak site claiming to have the sensitive information of more than 2 million people as the group claimed it spent more than two months attempting to extort the company but never got a response. The ransomware gang claimed it had access to names, addresses, Social Security numbers, credit scores and more.

Frontier Communications ransomware attack

June 05, 2024

PandaBuy

PandaBuy pays ransom to hacker only to get extorted again

Sanggiero (BreachForum name)

Chinese shopping platform PandaBuy said it previously paid a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again. On March 31, 2024, a threat actor using the alias 'Sanggiero' published 3 million rows of data stolen from PandaBuy on BreachForums, exposing customer names, phone numbers, email addresses, login IP addresses, home addresses, and order details.

PandaBuy ransomware attack update

June 06, 2024

Christie's

Christie's starts notifying clients of RansomHub data breach

RansomHub

While analysing the breach, Christie's found that the threat actor who breached its systems accessed and extracted customer files between May 8 and May 9.

Christie's ransomware attack

June 11, 2024

Cleveland City

Cleveland City Hall shuts down after cybersecurity incident

Unknown

Cleveland City Hall was forced to close its doors due to a ransomware attack that disrupted the city's computer systems.

Cleveland City ransomware attack update

June 13, 17, 2024

Panera Bread

Panera warns of employee data breach after March ransomware attack

Unknown

U.S. food chain giant Panera Bread notified employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. In breach notification letters filed with the Office of California's Attorney General, Panera said it detected what it describes as a "security incident," took measures to contain the breach, hired external cybersecurity experts to investigate the incident, and notified law enforcement. 

Panera Bread ransomware attack update

June 13, 2024

Ascension Healthcare

Ascension hacked after employee downloaded malicious file

BlackBasta Ransomware

Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. Ascension said this was likely an "honest mistake" as the employee thought they were downloading a legitimate file.

Ascension Healthcare ransomware attack

June 19, 2024

CDK Global

CDK Global cyber attack impacts thousands of US car dealerships

BlackSuit Ransomware

The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter.

CDK ransomware attack update

June 20, 2024

Change Healthcare

Change Healthcare lists the medical data stolen in ransomware attack

BlackCat (aka ALPHV) Ransomware

UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. 

Change Healthcare ransomware attack update

June 26, 2024

South Africa’s National Health Laboratory Service (NHLS)

South Africa’s national health lab hit with ransomware attack amid mpox outbreak

Unknown

South Africa’s National Health Laboratory Service (NHLS) confirmed that it dealt with a ransomware attack significantly affecting the dissemination of lab results as the country responds to an outbreak of mpox. A spokesperson for the organisation said that hackers deleted sections of their system, including backup servers, meaning they will have to rebuild many of the affected parts.

South Africa’s National Health Laboratory Service (NHLS) ransomware attack

June 28, 2024

Infosys McCamish

Infosys McCamish says LockBit stole data of 6 million people

LockBit Ransomware 

Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. 

Infosys McCamish Ransomware Attack Impact


 
Back to Top 

New call-to-action

Data Breaches in June 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

June 02, 2024

Ticketmaster

Live Nation confirms Ticketmaster breach after hackers hawk stolen information of 560 million

ShinyHunters

Live Nation confirmed ShinyHunters’ claim of having a 1.3 terabyte database of information on about 560 million Ticketmaster users that included names, addresses, emails and phone numbers as well as event details and information on specific orders. The database allegedly included credit card details - names, expiration dates and the last four digits of card numbers; ShinyHunters offered the database for $500,000.

Ticketmaster data breach

June 02, 2024

AI platform Hugging Face

AI platform Hugging Face says hackers stole auth tokens from Spaces

Unknown

Hugging Face said that its Spaces platform was breached, allowing hackers to access authentication secrets for its members.

Hugging Face data breach

June 03, 2024

Unknown victim

361 million stolen accounts leaked on Telegram added to HIBP

Unknown

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the ‘Have I Been Pwned’ data breach notification service, allowing anyone to check if their accounts have been compromised.

361 million stolen email addresses are added to Have I Been Pwned

June 03, 2024

Collection agency FBCS

Collection agency FBCS ups data breach tally to 3.2 million people

Unknown

In late April, the firm reported that roughly 1.9 million people in the U.S. had sensitive personal information compromised in a data breach incident on February 14, 2024. The firm has now submitted a supplemental notice to the Office of the Maine AG, stating that the total number of persons affected is now 3.2 million people, which adds over a million to the original figure.

Collection agency FBCS data breach update

June 03, 2024

Pathology services provider Synnovis, and King's College Hospital, Guy's Hospital, St Thomas' Hospital, Royal Brompton Hospital, and Evelina London Children's Hospital

Major London hospitals disrupted by Synnovis ransomware attack

The Quilin gang

The ransomware attack on pathology and diagnostic services provider Synnovis, severely impacted healthcare services at multiple major NHS hospitals in London. Hospitals weren't able to match patients' blood types with as much frequency. Planned operations had to be cancelled including cancer treatments and organ transplants. 

Data breach attack on Synnovis and other 6 hospitals of NHS England


 

June 04, 2024

Northern Minerals Limited

Australian mining company discloses breach after BianLian leaks data

Unknown

Northern Minerals issued an announcement warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. The firm disclosed, without naming the perpetrators, that data had been stolen from its systems in late March 2024 and subsequently published on the dark web. "The exfiltrated data included corporate, operational and financial information and some details relating to current and former personnel and some shareholder information," the announcement said.

Northern Minerals Limited data breach

June 04, 2024

Disney Confluence

Club Penguin fans breached Disney Confluence server, stole 2.5 GB of data

Club Penguin fans

Club Penguin fans hacked a Disney Confluence server to steal information about their favourite game but wound up walking away with 2.5 GB of internal corporate data. The data included information about Disney's corporate strategies, advertising plans, Disney+, internal developer tools, business projects, and internal infrastructure.

Disney Confluence data breach

June 05, 2024

Advance Auto Parts

Advance Auto Parts stolen data for sale after Snowflake attack

Sp1d3r (BreachForum name)

Threat actors claim to be selling 3 TB of data from Advance Auto Parts, stolen after breaching the company's Snowflake account.



Advance Auto Parts data breach

June 06, 21, 2024

Los Angeles Unified School District

Los Angeles Unified School District investigates data theft claims

Sp1d3r (BreachForum name)

Los Angeles Unified School District (LAUSD) officials investigated a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. The threat actor selling the allegedly stolen data for $1,000 said the CSV files put up for sale on a hacking forum contain over 11GB of data, as first spotted by Dark Web Informer.


LAUSD school district data breach 

June 07, 2024

New York Times

New York Times source code stolen using exposed GitHub token

Unknown

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024. As first seen by VX-Underground, the internal data was leaked by an anonymous user who posted a torrent to a 273 GB archive containing the stolen data.

NY Times data breach 

June 09, 2024

23andMe

23andMe data breach under investigation in UK and Canada

A hacker, who called himself “Golem” on BreachForums

Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach. The Privacy Commissioner of Canada and The Information Commissioner's Office (ICO) will also look into whether the company had adequate safeguards to secure customer data stored on its systems.

23andMe data breach

June 10, 2024

Cylance

Cylance confirms data breach linked to 'third-party' platform

Sp1d3r

Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a "third-party platform." A threat actor known as Sp1d3r was detected selling this stolen data for $750,000, as first spotted by Dark Web Informer. The data allegedly included a substantial amount of information, such as 34,000,000 customer and employee emails and personally identifiable information belonging to Cylance customers, partners, and employees.

Cylance data breach

June 11, 2024

Pure Storage

Pure Storage confirm it's a victim of mounting Snowflake-related data breaches

Sp1d3r

The breached workspace belonging to Pure Storage contained "telemetry information" used to provide customer support services, the vendor said. "That information includes company names, LDAP usernames, email addresses, and the Purity software release version number," it added.

Pure Storage data breach

June 13, 2024

Truist Bank

Data breach confirmed by Truist Bank following Sp1d3r claims

Sp1d3r ransomware

Sources reported that major U.S. commercial bank Truist Bank disclosed having its systems compromised in October following data theft claims by the threat actor "Sp1d3r" purporting data theft from 65,000 employees. In a statement provided to SC Media, Truist Bank admitted to losing some customer data but declined to link the incident to the recent drama surrounding cloud IT provider Snowflake. The bank said the fraud dates back to a 2023 intrusion.

Truist Bank data breach 

June 14, 2024

Insurance giant Globe Life

Attackers accessed consumer information, says Globe Life in SEC filing

Unknown

Globe Life reported to the Securities and Exchange Commission (SEC) that a breach of a company web portal resulted in the unauthorised access to consumer and policyholder information. In a filing to the SEC, the company said it made the determination following an inquiry from a state insurance regulator around potential vulnerabilities related to access permissions and user identity management for the web portal.

Data breach attack on an insurance giant Globe Life

June 19, 2024

AMD

AMD investigates breach claims after hacker offers to sell data

Unknown

The hackers announced earlier on the BreachForums cybercrime forum that he was “selling the AMD.com data breach”. The data offered for sale allegedly included information on future AMD products, customer and employee databases, datasheets, source code, property files, firmware, and financial documents. The employee database allegedly includes information such as name, job role, phone number, and email addresses.

AMD data breach

June 19, 2024

T-Mobile

T-Mobile denies it was hacked, links leaked data to vendor breach

IntelBroker

T-Mobile denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. This statement came after IntelBroker, a well-known threat actor linked to numerous breaches, claimed to have breached T-Mobile in June 2024 and stolen source code.

T-Mobile data breach 2024

June 19, 2024

The Association of Texas Professional Educators 

More than 400,000 have data leaked in cyber attack on Texas education organisation

Unknown

The Association of Texas Professional Educators sent out breach notifications over the last week warning of a cyber attack that exposed sensitive information. The Association of Texas Professional Educators (ATPE) submitted filings with regulators on June 14 that said the incident affected 426,280 people - including members of the organisation, employees and their dependents.

The Association of Texas Professional Educators data breach

June 24, 2024

Neiman Marcus

Neiman Marcus confirms data breach after Snowflake account hack

Sp1d3r

Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company's database stolen in recent Snowflake data theft attacks.

Neiman Marcus data breach

June 24, 2024

Los Angeles County

Los Angeles County says 25 departments affected by February phishing incident

Unknown

Multiple departments of Los Angeles County’s government were breached as part of a wide-ranging phishing campaign conducted in February. Overall, 25 of the county’s 38 departments were affected, but only two health-related agencies have released public notices. The personal or health information of more than 500 people was compromised in each incident.

Los Angeles County data breach

June 26, 2024

Evolve Bank

Evolve Bank confirms data breach after brazen LockBit claims

LockBit ransomware

Arkansas-based Evolve Bank & Trust confirmed that hackers stole customer information and posted it on the dark web. The bank said the hackers “released illegally obtained data, including Personal Identification Information (PII), on the dark web.” “The data varies by individual but may include your name, Social Security Number, date of birth, account information and/or other personal information,” the bank explained.

Evolve Bank data breach

June 27, 2024

Geisinger, healthcare system

Former IT employee accessed data of over 1 million US patients

Former IT employee

Geisinger, a prominent healthcare system in Pennsylvania, announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organisation. An announcement explained that in November 2023, Geisinger detected unauthorised access to its patients’ database by a former Nuance employee.

Geisinger, healthcare system data breach

June 28, 2024

Software company TeamViewer

TeamViewer says Russia’s ‘Cozy Bear’ hackers attacked corporate IT system

APT29, also known as Cozy Bear, BlueBravo and Midnight Blizzard

Software company TeamViewer confirmed that a prolific Russian hacking group breached its corporate IT environment earlier in the week. TeamViewer explained that the hack was traced back to the “credentials of a standard employee account” within the company’s corporate IT environment.



Software company TeamViewer data breach


Back to Top 

New call-to-action

Cyber Attacks in June 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link 

June 03, 2024

Microsoft India

Microsoft India’s X account hijacked in Roaring Kitty crypto scam

Unknown

The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill.

Cyber attack on Microsoft India’s X account

June 03, 2024

American Radio Relay League (ARRL)

ARRL says it was hacked by an "international cyber group"

An unnamed malicious international cyber group.

The cyber attack on the American Radio Relay League (ARRL) took its Logbook of the World offline and caused some members to become frustrated over the lack of information.

American Radio Relay League (ARRL) cyber attack

June 03, 2024

Verny store in Russia

Cyber attack disrupts operations of supermarkets across Russia

Unknown

A popular Russian discount retail chain with over 1,000 stores nationwide was hit by a cyber attack that disrupted its services for several days. The supermarket chain Verny (“loyal” in Russian) confirmed the hack to several local news websites. The unknown attackers took down the company's website and mobile app. Due to the attack, Verny’s supermarkets couldn’t process bank cards or receive and deliver online orders, according to the reports.

Data breach attack on a Russian retail store Verny

June 19, 2024

Forklift manufacturer Crown

Forklift manufacturer shuts down systems to investigate cyber attack

Unknown

One of the largest manufacturers of forklifts has been forced to shut down its operating systems following a cyber attack.

Crown Forklift cyber attack


Back to Top 

New call-to-action

Back to Top 

New Ransomware/Malware Discovered in June 2024

New Ransomware

Summary

Source Link

New Fog ransomware

A new ransomware operation named 'Fog' launched in early May 2024, is using compromised VPN credentials to breach the networks of educational organisations in the U.S. Fog was discovered by Artic Wolf Labs, which reported that the ransomware operation has not set up an extortion portal yet and was not observed stealing data.

New Fog ransomware targets US education sector via breached VPNs

RansomHub's ESXi encryptor

The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks.

Linux version of RansomHub ransomware targets VMware ESXi VMs

New Medusa malware

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.

New Medusa malware variants target Android users in seven countries

 Back to Top 

New call-to-action

Vulnerabilities/Patches Discovered in June 2024

Date

New Malware/Flaws/Fixes

Summary

Source Link

June 03, 2024

CVE-2024-4358

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.

Exploit for critical Progress Telerik auth bypass released, patch now

June 04, 2024

CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974

Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. 

Zyxel issues emergency RCE patch for end-of-life NAS devices

June 07, 2024

CVE-2024-4577

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.

PHP fixes critical RCE flaw impacting all versions for Windows

June 10, 2024

CVE-2024-29849

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.

Exploit for critical Veeam auth bypass available, patch now

June 10, 2024

CVE-2024-4610

Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild.

Arm warns of actively exploited flaw in Mali GPU kernel drivers

June 11, 2024

CVE-2024-37051

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens

June 12, 2024

CVE-2024-4577

The TellYouThePass ransomware gang has been exploiting the recently patched remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems.

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

June 12, 2024

CVE-2024-26169 

The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability as a zero-day before a fix was made available.

Black Basta ransomware gang linked to Windows zero-day attacks

June 13, 2024

CVE-2024-29855

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

June 13, 2024

CVE-2024-26169

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalogue of actively exploited security bugs. 

CISA warns of Windows bug exploited in ransomware attacks

June 18, 2024

CVE-2024-37079, CVE-2024-37080, CVE-2024-37081

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. 

VMware fixes critical vCenter RCE vulnerability, patch now

June 20, 2024

CVE-2024-28995

Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits.

SolarWinds Serv-U path traversal flaw actively exploited in attacks

June 20, 2024

CVE-2024-34102

A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. 

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

June 26, 2024

CVE-2024-5806

The new security flaw in Progress MOVEit Transfer received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol (SFTP) module, which is responsible for file transfer operations over SSH.

Hackers target new MOVEit Transfer critical auth bypass bug

 Back to Top

New call-to-action

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy.

New V3B phishing kit targets customers of 54 European banks

Report

Attackers have been hijacking high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature.

TikTok fixes zero-day bug used to hijack high-profile accounts

Report

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms.

Check-in terminals used by thousands of hotels leak guest info

Warning

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free.

FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

Report

The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defence forces.

Ukraine says hackers abuse SyncThing tool to steal data

Report

Hacktivists are conducting DDoS attacks on European political parties. Cloudflare reports that it has mitigated at least three distributed denial of service (DDoS) attack waves on various election-related sites in the Netherlands, as well as several political parties.

DDoS attacks target EU political parties as elections begin

Report

A Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. 

Warmcookie Windows backdoor pushed via fake job offers

Warning

The Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money.

CISA warns of criminals impersonating its employees in phone calls

Report

The Biden administration has announced an upcoming ban of Kaspersky antivirus software and the pushing of software updates to US companies and consumers, giving customers until September 29, 2024, to find alternative security software.

Biden bans Kaspersky antivirus software in US over security concerns

Warning

The FBI is warning of cybercriminals posing as law firms and lawyers that offer cryptocurrency recovery services to victims of investment scams and steal funds and personal information.

FBI warns of fake law firms targeting crypto scam victims

Back to Top 

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422
yt-1