Biggest Cyber Attacks, Data Breaches Ransomware Attacks: March 2024

Date: 1 April 2024

What do Pokémon, the Belgian Grand Prix, American Express, the French Unemployment Agency, Duvel Brewery, and the Boat maker MarineMax have in common? They were all compromised by cyber crime in March, 2024.  We've compiled a list of the biggest known cyber attacks, data breaches and ransomware attacks in the month gone by. 

  1. Ransomware Attacks in March 2024
  2. Cyber Attacks in March 2024
  3. Data Breaches in March 2024
  4. New Malware and Ransomware Discovered
  5. Vulnerabilities Discovered and Patches Released 
  6. Advisories issued, reports, analysis etc. in March 2024

Cyber Crime is at an all-time high. The third month of 2024 was no different. A cyber attack or ransomware attack has made news almost every day. Victims have included organisations from every industry type including gaming, healthcare, water utility services, breweries and more. 

The idea behind compiling the below lists is not just to highlight the rampant rise in cyber crime but also empower organisations globally with knowledge to equip themselves against cybersecurity incidents. A historical perspective on recent attacks, attack methodologies and how organisations responded can empower you with key insights on improving your own organisational cyber resilience.  

This knowledge can help you take a critical look at your own Cybersecurity Incident Response Plan and review and refresh it as per your organisational threat context. Also take the alarming prevalence of cyber crime as a clarion call to test the effectiveness of your cybersecurity plans and processes with regular scenario-based Cyber Crisis Tabletop Exercises

These exercises help you rehearse your organisational response to cyber attacks and data breaches in a simulated attack environment. They help your staff become more conversant with your incident response plans and playbooks. In addition, they build muscle-memory and aid in decision-making practice for actual cyber events. 

Enhancing cyber resilience is an ongoing process that requires constant attention and collective effort to stay ahead of cybersecurity threats. It's important to remember, however, that achieving true cybersecurity resilience is indeed possible with the correct strategy and resources. The ultimate goal is not to prevent cyber crime altogether as that simply isn't possible. But to create enough resources that help you bounce back and resume operations after a cybersecurity incident with minimal impact. 

 

Ransomware Attacks in March 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 02, 2024

Iowa electric, water utility Muscatine Power and Water

Iowa electric, water utility says information of nearly 37,000 leaked in January ransomware attack

Unknown

A utility company controlling the water, electricity and internet for a town in eastern Iowa confirmed that a January ransomware attack led to the exposure of sensitive information of nearly all local residents. The company said 36,955 people had their Social Security numbers accessed by the hackers alongside telecommunications subscriber data called customer proprietary network information (CPNI).

Muscatine Power and Water ransomware attack update

March 04, 2024

Fulton County

Fulton County services coming back on ‘rolling basis’ after LockBit attack

LockBit Ransomware

Georgia’s Fulton County says it is on its way to restoring many of the systems brought down by a January ransomware attack by the LockBit gang as the attack has caused weeks of disruptions, hampering everything from marriage licences to police reports. While all offices have reopened, many are still operating with paper forms and manual processes as a result of the attack.

Fulton County ransomware attack update

March 05, 2024

Duvel Moortgat Brewery

Duvel says it has "more than enough" beer after ransomware attack

Stormous Ransomware group

Duvel Moortgat Brewery was hit by a ransomware attack, bringing to a halt the beer production in the company's bottling facilities. The company said the production was immediately stopped as some Beer enthusiasts on Reddit responded to the incident with humour, calling the situation a "national emergency" and asking for the actual number of "strategic reserves." The threat actors who claimed the attack said they hold 88 GB data stolen from the brewery's systems, threatening to leak it if a ransom isn't paid until March 25, 2024.

Duvel Moortgat Brewery ransomware attack

March 12, and 22, 2024

Boat Dealer MarineMax

Boat Dealer MarineMax hit by cyberattack

Rhysida Ransomware

The ransomware group posted numerous samples of the alleged stolen data including MarineMax earnings reports, balance sheets, bank account wire transfers, customer databases etc. The gang has priced the luxury yacht dealer’s “exclusive, unique, and impressive data” at a “bargain” price of 15 BTC equivalent to $774,415.65. 



Boat Dealer MarineMax ransomware attack 

March 15, 2024

Scranton School District

Pennsylvania’s Scranton School District dealing with ransomware attack

Unknown

Scranton School District faced a ransomware attack as the school warned that it is dealing with widespread technology outages as a result of the attack.

Scranton School District ransomware attack

March 17, 2024

MediaWorks, a company based in New Zealand

New Zealand media company: Hackers directly targeting individuals after alleged data breach

Unknown

MediaWorks said it investigated an alleged security incident after a hacker claimed to have stolen the data of just over 2.4 million people and began targeting individuals for extortion payments. Hackers demanded $500 in bitcoin to delete the individual’s data before it was sold.

Ransomware attack on MediaWorks

March 18, 2024

Henry County, Illinois

Illinois county government, local college affected by ransomware attacks

Medusa ransomware

An Illinois county on the border with Iowa is the latest local government in the U.S. to become a victim of a ransomware attack. The Medusa ransomware gang took credit for the attack, giving the county eight days to pay a $500,000 ransom.

Henry County, Illinois ransomware attack

March 19, 2024

Crinetics Pharmaceuticals

Pharmaceutical development company investigating cyber attack after LockBit posting

LockBit Ransomware

Crinetics Pharmaceuticals said it investigated a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen. The company said that it recently discovered suspicious activity in an employee’s account and disabled it on the same day. The gang allegedly demanded a $4 million ransom and set a deadline for March 23 for the payment.

Crinetics Pharmaceuticals ransomware attack

March 25, 2024

The city of St. Cloud

St. Cloud most recent in string of Florida cities hit with ransomware

Unknown

The city of St. Cloud said it discovered a ransomware attack affecting city services and warned that while “many” city departments are affected they are “operating as best as possible until the issue is resolved.”

Ransomware attack on the St. Cloud city

March 27, 2024

Big Issue newspaper

Ransomware gang attacks the Big Issue, a street newspaper supporting the homeless

Qilin ransomware

The Big Issue, a street newspaper in the United Kingdom, confirmed being impacted by a cyber incident. The confirmation followed the company being listed on the Qilin ransomware gang’s darknet extortion site on March 24, alongside the claim that the gang stole 550 gigabytes of confidential data including files related to commercial and personnel operations.

Big Issue Newspaper ransomware attack

March 28, 2024

Municipalities in Texas, Georgia-Gilmer County

Municipalities in Texas, Georgia see services disrupted following ransomware attacks

Unknown

The government of Gilmer County in Georgia posted a notice on its website warning that a ransomware attack was affecting its ability to provide services to its more than 30,000 residents.

Gilmer County, Georgia ransomware attack


 
Back to Top 

New call-to-action

Cyber Attacks in March 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 04, 2024

NT LAN Manager (NTLM) authentication hashes

Hackers steal Windows NTLM authentication hashes in phishing attacks

TA577 is considered an initial access broker (IAB), previously associated with Qbot and linked to Black Basta ransomware infections.

Distinct TA577 campaigns launched on February 26 and 27, 2024, disseminated thousands of messages to hundreds of organisations worldwide, targeting employees' NTLM hashes as they can be used in "pass-the-hash" attacks that don't involve cracking at all. In such attacks, the criminals use the hash as it is to authenticate to a remote server or service.

TA577 group’s cyber attack on NT LAN Manager (NTLM) hashes

March 05, 2024

PetSmart

PetSmart warns of credential stuffing attacks trying to hack user accounts

Unknown

Pet retail giant PetSmart warned some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. In a new email notification sent to PetSmart customers apparently seen by DarkWebInformer, the company warned that customers were being targeted by credential stuffing attacks used to gain access to their accounts.

PetSmart cyber attack

March 07, 2024

Leicester City Council

Child protection among critical services affected by cyber attack on English Council

Unknown



The attack forced the Leicester City Council’s critical services to go offline as the attack also affected some services, including child protection, adult social care safeguarding, and homelessness.

Leicester City Council cyber attack

March 11, 2024

Duvel Coffee roasters Koffie Beyers

Belgian village whose brewery was hit by a cyber attack, now faces another hit on its coffee roastery

Unknown

A Duvel spokesperson confirmed “production is at a standstill at all our Belgian sites and at our site in the United States,” as a result of the attack.

Cyber attack on Duvel’s Coffee roasters Koffie Beyers

March 13, 2024

Alabama Government and City of Birmingham

Alabama state and city governments grapple with pair of cyber incidents

Anonymous Sudan

A cyber attack caused intermittent “disruptions” for websites of multiple Alabama government agencies. The incident came as one of Alabama’s largest cities, Birmingham, dealt with an apparently separate computer network issue that has caused service issues for days.

Cyber attack on Alabama Government and City of Birmingham

March 15, 2024

NHS Dumfries and Galloway

Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services. Ransomware group allegedly leaks stolen data

INC Ransom

NHS Dumfries and Galloway, part of the Scottish healthcare system, announced that it was the target of a focused and ongoing cyber attack. The health board announced there “may be some disruption to services as a result of this situation”. Subsequently, cyber extortionists published sensitive patient data stolen allegedly from NHS Dumfries and Galloway to their darkweb blog, in a bid to demand money from the local health board.

NHS Dumfries and Galloway cyber attack

March 18, 2024

The city government of Pensacola

Cyber attack knocks out Pensacola city government phone lines

Unknown

The city government of Pensacola, Florida faced widespread phone outages due to a cyber attack.

Cyber attack on the city government of Pensacola

March 19, 2024

Pokémon

Pokémon resets some users’ passwords after hacking attempts

Unknown

The Pokémon Company said it detected hacking attempts against some of its users and reset those user account passwords as it said: “Following an attempt to compromise our account system, Pokémon proactively locked the accounts of fans who might have been affected”.

Pokémon cyber attack

March 19, 2024

Shimon Peres Negev Nuclear Research Center

Hackers claim to have breached Israeli nuclear facility’s computer network

‘Anonymous’ hackers in protest against the war in Gaza 

Hackers claimed to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza. The hackers claimed to have stolen and published thousands of documents — including PDFs, emails, and PowerPoint slides — from the Shimon Peres Negev Nuclear Research Center.

Cyber attack on Israel's Shimon Peres Negev Nuclear Research Center

March 20, 2024

SPA Grand Prix

Spa Grand Prix email account hacked to phish banking information from fans

Unknown

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. The race organiser explained that the email account was hijacked and was followed by the threat actor sending fraudulent emails to an undisclosed number of people.

SPA Grand Prix cyber attack

March 20, 2024

International freight tech company Radiant Logistics

International freight tech firm isolates Canada operations after cyber attack

Unknown

Radiant Logistics said it cut off a portion of its business in Canada after a cyber attack.

Radiant Logistics cyber attack

March 25, 2024

Panera Bread

Panera Bread experiencing nationwide IT outage since Saturday

Unknown

U.S. food chain giant Panera Bread has been experiencing a nationwide outage that has impacted its IT systems, including online ordering, POS systems, phones, and various internal systems. According to employee reports, while all stores are open, they only accept cash payments, and reward programme members can't redeem their points because the system is still down.

Panera Bread cyber attack (Suspected)

March 27, 2024

Securities broker, VNDirect

Cyber attack on Vietnamese securities broker disrupts stock markets

Unknown

Vietnam's third-largest securities broker, VNDirect, has been struggling to fully restore its operations after suffering a cyber attack. The Hanoi Stock Exchange (HNX) announced it temporarily disconnected remote trading and online trading of derivative securities transactions, debt instrument transactions and individual corporate bond transactions by VNDirect “until the problem is resolved.”

VNDirect cyber attack

 


Back to Top 

cyber tabletop scenarios

Data Breaches in March 2024

Date

Victim

Summary

Threat Actor

Business Impact

Source Link

March 02, 2024

Iowa electric, water utility

Iowa electric, water utility says information of nearly 37,000 leaked in January ransomware attack

Unknown

In breach notification letters, the company said 36,955 people had their Social Security numbers accessed by the hackers alongside telecommunications subscriber data called customer proprietary network information (CPNI).

Data breach attack on Iowa electric, water utility

March 03, 2024

American Express

American Express credit cards exposed in third-party data breach

Unknown

American Express warned its customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed.

American Express data breach

March 03, 2024

Undisclosed names and numbers of South Korean chip manufacturers

North Korea hacks two South Korean chip firms to steal engineering data

Unknown

The National Intelligence Service (NIS) in South Korea warned that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks as it said once the network was breached, the threat actors stole data from servers holding sensitive documents and data, and the two victims weren't named in the report, but it is worth noting that South Korea is home to two leading chipmakers, Samsung Electronics and SK Hynix, who develop and produce a wide range of processor, system-on-chips, and DRAM, and NAND flash products.

Data breach attack by the North Korean hackers on domestic semiconductor manufacturers

March 04, 2024

Russian Ministry of Defense (Minoborony)

Ukraine claims it hacked Russian Ministry of Defense servers

The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense

The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. A press release published on an official Ukrainian government domain described the attack as a "special operation" carried out by GUR's cyber-specialists, and as a result of the breach, the GUR claimed to have obtained sensitive documents that contain secret service information.

Ukrainian data breach attack on the Russian Ministry of Defense 

March 07, 2024

Swiss government, and Xplain

Play ransomware leaked 65,000 Swiss government documents, investigation finds

Play Ransomware

Swiss authorities have found that 65,000 government documents holding classified information and sensitive personal data were leaked following a ransomware attack last year on one of its IT vendors Xplain. The data published on the dark web involved 1.3 million files, and about 5% of that data was connected to the country’s federal government, and the majority of those files belonged to Xplain, and are related to the company’s work with the government, but around 14% were directly from the country’s federal administration.

Data breach attack on the Swiss government due to a previous attack on Xplain

March 08, 2024

Acer

Acer confirms Philippines employee data leaked on hacking forum

A threat actor known as 'ph1ns'

Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum.

Acer data breach attack in March 2024

March 08, 2024

Financial services firm Paysign

Paysign investigating reports of consumer information data breach

A cybercriminal forum user with the name "emo"

Paysign said it is investigating reports of a data breach involving consumer information after hackers tried to sell a database allegedly belonging to the company containing millions of records as on March 06, 2024. A cybercriminal forum user with the name "emo," claimed to have stolen 1,242,575 records containing the full names of customers, addresses, dates of birth, phone numbers and account balances.

Data breach attack on a financial services firm Paysign

March 13, 2024

French unemployment agency-(France Travail, formerly known as Pôle Emploi)

French unemployment agency data breach impacts 43 million people

Unknown

France Travail warned that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. The agency disclosed that hackers stole details belonging to job seekers registered with the agency in the last 20 years in a cyber attack between February 6 and March 5, and the data from individuals with a job candidate profile was also exposed.

French unemployment agency data breach

March 13, 2024

Nissan

Nissan confirms ransomware attack exposed data of 100,000 people

Akira Ransomware

Nissan Oceania warned of a data breach impacting 100,000 people after suffering a cyber attack in December 2023 that was claimed by the Akira ransomware operation. Akira ransomware claimed it had stolen 100 GB of data, including documents containing personal employee information, NDAs, project data, and information on partners and clients. Now, Nissan's latest update confirmed some of Akira's claims.

Nissan December 2023 ransomware attack update

March 14, 2024

The streaming TV giant, Roku

Roku cancels unauthorised subscriptions and provides refunds for 15k breached accounts

Unknown

Roku said it cancelled unauthorised subscriptions and refunded more than 15,000 accounts after discovering what they called suspicious activity. 

Roku Data Breach Update 

March 15, 2024

International Monetary Fund

International Monetary Fund email accounts hacked in cyber attack

Unknown

The International Monetary Fund (IMF) disclosed a cyber incident after unknown attackers breached 11 IMF email accounts earlier this year. The investigation determined that eleven (11) IMF email accounts were compromised, but the IMF didn't provide other details regarding the breach. The organisation confirmed that it uses the Microsoft 365 cloud-based email platform.

International Monetary Fund data breach

March 15, 2024

Fujitsu

Fujitsu found malware on IT systems, confirms data breach

Unknown

An announcement published on Fujitsu's news portal disclosed a major cybersecurity incident that has compromised systems and data, including sensitive information of customers.

Fujitsu data breach

March 18, 2024

Nations Direct Mortgage

Nations Direct Mortgage alerts 83,000 to personal data leaks from December cyber attack

Unknown

Nations Direct Mortgage said more than 83,000 customers were affected by a late 2023 data breach that leaked Social Security numbers and other sensitive information.

Nations Direct Mortgage data breach

March 19, 2024

Vulnerable Firebase instances

Misconfigured Firebase instances leaked 19 million plaintext passwords

Unknown

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development as  the trio scanned more than five million domains and found 916 websites from organisations that either had no security rules enabled or had set them up incorrectly.

Data breach attack on misconfigured Firebase instances

March 20, 2024

City of Jacksonville Beach

Jacksonville Beach and other US municipalities report data breaches following cyber attacks

LockBit Ransomware

The city government of Jacksonville Beach is the latest to report such an incident, disclosing  that 48,949 people had personal information accessed during a January cyber attack. In letters to victims, the city said names and Social Security numbers were obtained by the hackers.

City of Jacksonville Beach data breach

March 20, 2024

Apparel giant VF

Apparel giant VF sends out breach letters to millions following 2023 cyber attack

AlphV Ransomware

VF began sending out breach notification letters on Wednesday to inform millions of customers that hackers stole personal information during an attack last year. In SEC filings the company said an investigation revealed that the personal data of about 35.5 million individual consumers was taken.

Apparel company VF data breach update

March 28, 2024

Harvard Pilgrim Healthcare

Harvard Pilgrim health network updates data breach total to nearly 2.9 million

Unknown

Harvard Pilgrim Health Care said the number of people affected by a ransomware attack last spring is larger than originally stated. The New England health insurance firm was attacked by a still-unidentified ransomware gang on April 17, 2023, limiting service for days, and the company has submitted multiple different breach notification letters to regulators in Maine since the incident, with the latest upping the figure to 2,860,795, an increase of about 12 percent over the original total.

Harvard Pilgrim health network data breach update

March 28, 2024

American Retail chain Hot Topic

Retail chain Hot Topic hit by new credential stuffing attacks 

Unknown

American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. The breach notification letters by Hot Topic said: "We determined that unauthorised parties launched automated attacks against our website and mobile application on November 18-19 and November 25, 2023, using valid account credentials (e.g., email addresses and passwords) obtained from an unknown third-party source".

Retail chain Hot Topic data breach

March 30, 2024

AT & T

AT&T confirms data for 73 million customers leaked on hacker forum

ShinyHunters

AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. as AT&T said in a statement: "Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders".

AT&T data breach update 2024


Back to Top 

New call-to-action

Back to Top 

New Ransomware/Malware Discovered in March 2024

New Ransomware

Summary

Source Link

CryptoChameleon

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals.

Hackers target FCC, crypto firms in advanced Okta phishing attacks

CHAVECLOAK trojan

Security researchers have identified new malware aimed at stealing banking credentials from Brazilians, as cybercriminals continue to target the country’s financial sector. 

New banking trojan spotted circulating among Brazilian targets 

GTPDOOR Linux malware

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks.

Stealthy GTPDOOR Linux malware targets mobile operator networks

WineLoader malware

Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions.

Russian hackers target German political parties with WineLoader malware

StrelaStealer malware 

A new large-scale StrelaStealer malware campaign has impacted over a hundred organisations across the United States and Europe, attempting to steal email account credentials.

Over 100 US and EU orgs targeted in StrelaStealer malware attacks

AceCryptor malware

Thousands of new infections involving the AceCryptor tool — which allows hackers to obfuscate malware and slip it into systems without being detected by anti-virus software — have been discovered as part of a campaign targeting organizations across Europe.

AceCryptor malware has surged in Europe, researchers say

 Back to Top 

New call-to-action

Vulnerabilities/Patches Discovered in March 2024

Date

New Malware/Flaws/Fixes

Summary

Source Link

March 01, 2024

CVE-2023-29360

CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks.

CISA warns of Microsoft Streaming bug exploited in malware attacks

March 02, 2024

CVE-2024-21338

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.

Windows Kernel bug fixed last month exploited as zero-day since August

March 04, 2024

CVE-2024-1708 and CVE-2024-1709

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark.

ScreenConnect flaws exploited to drop new ToddlerShark malware

March 06, 2024

CVE-2024-27198

Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update. The exploitation appeared to be massive, with hundreds of new users created on unpatched instances of TeamCity exposed on the public web.

Critical TeamCity flaw now widely exploited to create admin accounts

March 08, 2024

CVE-2024-21762

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.

Critical Fortinet flaw may impact 150,000 exposed devices

March 08, 2024

CVE-2024-21899

CVE-2024-21900

CVE-2024-21901

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices as the Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection.

QNAP warns of critical auth bypass flaw in its NAS devices

March 09, 2024

CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893

Threat actors hacked the systems of the Cybersecurity and Infrastructure Security Agency (CISA) by exploiting Ivanti flaws.

Threat actors breached two crucial systems of the US CISA

March 10, 2024

CVE-2023-6000

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. 

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

March 13, 2024

CVE-2023-48788

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.

Fortinet warns of critical RCE bug in endpoint management software

March 13, 2024

CVE-2024-21412

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware

March 16, 2024

CVE-2024-23334

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library.

Hackers exploit Aiohttp bug to find vulnerable networks

March 20, 2024

CVE-2024-2169

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.

New ‘Loop DoS’ attack may impact up to 300,000 online systems

March 27, 2024

CVE-2023-48022

Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray.

Thousands of companies using Ray framework exposed to cyberattacks, researchers say

 Back to Top

Ransomware Incident Response Playbook

 

Warnings/Advisories/Reports/Analysis

News Type

Summary

Source Link

Report

The ALPHV/BlackCat ransomware gang shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million.

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

Report

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. The campaign was first spotted by website cybersecurity firm Sucuri, which has been tracking a threat actor known for breaching sites to inject crypto wallet drainer scripts.

Hacked WordPress sites use visitors' browsers to hack other sites

Analysis

Tibetans are being targeted with corrupted language translation software in a cyber espionage campaign that began last September.

Tibetans targeted by China-linked supply chain attacks using malicious language translators

Report

A gang of hackers specialised in business email compromise (BEC) attacks, tracked as TA4903, has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes.

Hackers impersonate U.S. government agencies in BEC attacks

Report

FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion.

FBI: U.S. lost record $12.5 billion to online crime in 2023

Report

Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system.

UnitedHealth brings some Change Healthcare pharmacy services back online

Report

Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. Vasiliev was arrested in November 2022 and pleaded guilty to eight charges in February 2024, including cyber extortion, mischief, and weapons offences.

LockBit ransomware affiliate gets four years in jail, to pay $860k

Report

The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February.

US govt probes if ransomware gang stole Change Healthcare data

Report

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company.

AT&T says leaked data of 70 million people is not from its systems

Report

The interim head of Britain’s National Cyber Security Centre (NCSC) said the British Library “should be applauded” for refusing to pay an extortion fee to the criminals behind a ransomware attack last year.

British Library hailed by UK cyber agency for its response to ransomware attack

Analysis

Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.

New acoustic attack determines keystrokes from typing patterns

Report

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organisations and targeted at least 116 across 45 countries.

Chinese Earth Krahang hackers breach 70 orgs in 23 countries

Report

The Ukrainian cyber police, in collaboration with investigators from the national police (ГУНП), have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide.

Ukraine arrests hackers trying to sell 100 million stolen accounts

Warning

The U.S. Federal Trade Commission (FTC) warned that scammers are impersonating its employees to steal thousands of dollars from Americans.

FTC warns scammers are impersonating its employees to steal money

Report

A U.S. senator raised questions about a report that $7.5 million was stolen by cyber thieves from the the Department of Health and Human Services (HHS) last year.

Senator demands answers from HHS about $7.5 million cyber theft in 2023

Warning

Germany’s top cybersecurity agency called on thousands of vulnerable organisations in the country to patch out-of-date Microsoft Exchange software.

German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs

Warning

Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company says that the attacks have also been targeting other remote access VPN services and appear to be part of reconnaissance activity.

Cisco warns of password-spraying attacks targeting VPN services

Back to Top 

New call-to-action

New call-to-action

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422
yt-1