Date: 1 April 2024
What do Pokémon, the Belgian Grand Prix, American Express, the French Unemployment Agency, Duvel Brewery, and the Boat maker MarineMax have in common? They were all compromised by cyber crime in March, 2024. We've compiled a list of the biggest known cyber attacks, data breaches and ransomware attacks in the month gone by.
- Ransomware Attacks in March 2024
- Cyber Attacks in March 2024
- Data Breaches in March 2024
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis etc. in March 2024
Cyber Crime is at an all-time high. The third month of 2024 was no different. A cyber attack or ransomware attack has made news almost every day. Victims have included organisations from every industry type including gaming, healthcare, water utility services, breweries and more.
The idea behind compiling the below lists is not just to highlight the rampant rise in cyber crime but also empower organisations globally with knowledge to equip themselves against cybersecurity incidents. A historical perspective on recent attacks, attack methodologies and how organisations responded can empower you with key insights on improving your own organisational cyber resilience.
This knowledge can help you take a critical look at your own Cybersecurity Incident Response Plan and review and refresh it as per your organisational threat context. Also take the alarming prevalence of cyber crime as a clarion call to test the effectiveness of your cybersecurity plans and processes with regular scenario-based Cyber Crisis Tabletop Exercises.
These exercises help you rehearse your organisational response to cyber attacks and data breaches in a simulated attack environment. They help your staff become more conversant with your incident response plans and playbooks. In addition, they build muscle-memory and aid in decision-making practice for actual cyber events.
Enhancing cyber resilience is an ongoing process that requires constant attention and collective effort to stay ahead of cybersecurity threats. It's important to remember, however, that achieving true cybersecurity resilience is indeed possible with the correct strategy and resources. The ultimate goal is not to prevent cyber crime altogether as that simply isn't possible. But to create enough resources that help you bounce back and resume operations after a cybersecurity incident with minimal impact.
Ransomware Attacks in March 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
March 02, 2024 |
Iowa electric, water utility Muscatine Power and Water |
Iowa electric, water utility says information of nearly 37,000 leaked in January ransomware attack |
Unknown |
A utility company controlling the water, electricity and internet for a town in eastern Iowa confirmed that a January ransomware attack led to the exposure of sensitive information of nearly all local residents. The company said 36,955 people had their Social Security numbers accessed by the hackers alongside telecommunications subscriber data called customer proprietary network information (CPNI). |
|
|
March 04, 2024 |
Fulton County |
Fulton County services coming back on ‘rolling basis’ after LockBit attack |
LockBit Ransomware |
Georgia’s Fulton County says it is on its way to restoring many of the systems brought down by a January ransomware attack by the LockBit gang as the attack has caused weeks of disruptions, hampering everything from marriage licences to police reports. While all offices have reopened, many are still operating with paper forms and manual processes as a result of the attack. |
|
|
March 05, 2024 |
Duvel Moortgat Brewery |
Duvel says it has "more than enough" beer after ransomware attack |
Stormous Ransomware group |
Duvel Moortgat Brewery was hit by a ransomware attack, bringing to a halt the beer production in the company's bottling facilities. The company said the production was immediately stopped as some Beer enthusiasts on Reddit responded to the incident with humour, calling the situation a "national emergency" and asking for the actual number of "strategic reserves." The threat actors who claimed the attack said they hold 88 GB data stolen from the brewery's systems, threatening to leak it if a ransom isn't paid until March 25, 2024. |
|
|
March 12, and 22, 2024 |
Boat Dealer MarineMax |
Boat Dealer MarineMax hit by cyberattack |
Rhysida Ransomware |
The ransomware group posted numerous samples of the alleged stolen data including MarineMax earnings reports, balance sheets, bank account wire transfers, customer databases etc. The gang has priced the luxury yacht dealer’s “exclusive, unique, and impressive data” at a “bargain” price of 15 BTC equivalent to $774,415.65. |
|
|
March 15, 2024 |
Scranton School District |
Pennsylvania’s Scranton School District dealing with ransomware attack |
Unknown |
Scranton School District faced a ransomware attack as the school warned that it is dealing with widespread technology outages as a result of the attack. |
|
|
March 17, 2024 |
MediaWorks, a company based in New Zealand |
New Zealand media company: Hackers directly targeting individuals after alleged data breach |
Unknown |
MediaWorks said it investigated an alleged security incident after a hacker claimed to have stolen the data of just over 2.4 million people and began targeting individuals for extortion payments. Hackers demanded $500 in bitcoin to delete the individual’s data before it was sold. |
|
|
March 18, 2024 |
Henry County, Illinois |
Illinois county government, local college affected by ransomware attacks |
Medusa ransomware |
An Illinois county on the border with Iowa is the latest local government in the U.S. to become a victim of a ransomware attack. The Medusa ransomware gang took credit for the attack, giving the county eight days to pay a $500,000 ransom. |
|
|
March 19, 2024 |
Crinetics Pharmaceuticals |
Pharmaceutical development company investigating cyber attack after LockBit posting |
LockBit Ransomware |
Crinetics Pharmaceuticals said it investigated a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen. The company said that it recently discovered suspicious activity in an employee’s account and disabled it on the same day. The gang allegedly demanded a $4 million ransom and set a deadline for March 23 for the payment. |
|
|
March 25, 2024 |
The city of St. Cloud |
St. Cloud most recent in string of Florida cities hit with ransomware |
Unknown |
The city of St. Cloud said it discovered a ransomware attack affecting city services and warned that while “many” city departments are affected they are “operating as best as possible until the issue is resolved.” |
|
|
March 27, 2024 |
Big Issue newspaper |
Ransomware gang attacks the Big Issue, a street newspaper supporting the homeless |
Qilin ransomware |
The Big Issue, a street newspaper in the United Kingdom, confirmed being impacted by a cyber incident. The confirmation followed the company being listed on the Qilin ransomware gang’s darknet extortion site on March 24, alongside the claim that the gang stole 550 gigabytes of confidential data including files related to commercial and personnel operations. |
|
|
March 28, 2024 |
Municipalities in Texas, Georgia-Gilmer County |
Municipalities in Texas, Georgia see services disrupted following ransomware attacks |
Unknown |
The government of Gilmer County in Georgia posted a notice on its website warning that a ransomware attack was affecting its ability to provide services to its more than 30,000 residents. |
Cyber Attacks in March 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
March 04, 2024 |
NT LAN Manager (NTLM) authentication hashes |
Hackers steal Windows NTLM authentication hashes in phishing attacks |
TA577 is considered an initial access broker (IAB), previously associated with Qbot and linked to Black Basta ransomware infections. |
Distinct TA577 campaigns launched on February 26 and 27, 2024, disseminated thousands of messages to hundreds of organisations worldwide, targeting employees' NTLM hashes as they can be used in "pass-the-hash" attacks that don't involve cracking at all. In such attacks, the criminals use the hash as it is to authenticate to a remote server or service. |
|
|
March 05, 2024 |
PetSmart |
PetSmart warns of credential stuffing attacks trying to hack user accounts |
Unknown |
Pet retail giant PetSmart warned some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. In a new email notification sent to PetSmart customers apparently seen by DarkWebInformer, the company warned that customers were being targeted by credential stuffing attacks used to gain access to their accounts. |
|
|
March 07, 2024 |
Leicester City Council |
Child protection among critical services affected by cyber attack on English Council |
Unknown |
The attack forced the Leicester City Council’s critical services to go offline as the attack also affected some services, including child protection, adult social care safeguarding, and homelessness. |
|
|
March 11, 2024 |
Duvel Coffee roasters Koffie Beyers |
Belgian village whose brewery was hit by a cyber attack, now faces another hit on its coffee roastery |
Unknown |
A Duvel spokesperson confirmed “production is at a standstill at all our Belgian sites and at our site in the United States,” as a result of the attack. |
|
|
March 13, 2024 |
Alabama Government and City of Birmingham |
Alabama state and city governments grapple with pair of cyber incidents |
Anonymous Sudan |
A cyber attack caused intermittent “disruptions” for websites of multiple Alabama government agencies. The incident came as one of Alabama’s largest cities, Birmingham, dealt with an apparently separate computer network issue that has caused service issues for days. |
|
|
March 15, 2024 |
NHS Dumfries and Galloway |
Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services. Ransomware group allegedly leaks stolen data |
INC Ransom |
NHS Dumfries and Galloway, part of the Scottish healthcare system, announced that it was the target of a focused and ongoing cyber attack. The health board announced there “may be some disruption to services as a result of this situation”. Subsequently, cyber extortionists published sensitive patient data stolen allegedly from NHS Dumfries and Galloway to their darkweb blog, in a bid to demand money from the local health board. |
|
|
March 18, 2024 |
The city government of Pensacola |
Cyber attack knocks out Pensacola city government phone lines |
Unknown |
The city government of Pensacola, Florida faced widespread phone outages due to a cyber attack. |
|
|
March 19, 2024 |
Pokémon |
Pokémon resets some users’ passwords after hacking attempts |
Unknown |
The Pokémon Company said it detected hacking attempts against some of its users and reset those user account passwords as it said: “Following an attempt to compromise our account system, Pokémon proactively locked the accounts of fans who might have been affected”. |
|
|
March 19, 2024 |
Shimon Peres Negev Nuclear Research Center |
Hackers claim to have breached Israeli nuclear facility’s computer network |
‘Anonymous’ hackers in protest against the war in Gaza |
Hackers claimed to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza. The hackers claimed to have stolen and published thousands of documents — including PDFs, emails, and PowerPoint slides — from the Shimon Peres Negev Nuclear Research Center. |
Cyber attack on Israel's Shimon Peres Negev Nuclear Research Center |
|
March 20, 2024 |
SPA Grand Prix |
Spa Grand Prix email account hacked to phish banking information from fans |
Unknown |
Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. The race organiser explained that the email account was hijacked and was followed by the threat actor sending fraudulent emails to an undisclosed number of people. |
|
|
March 20, 2024 |
International freight tech company Radiant Logistics |
International freight tech firm isolates Canada operations after cyber attack |
Unknown |
Radiant Logistics said it cut off a portion of its business in Canada after a cyber attack. |
|
|
March 25, 2024 |
Panera Bread |
Panera Bread experiencing nationwide IT outage since Saturday |
Unknown |
U.S. food chain giant Panera Bread has been experiencing a nationwide outage that has impacted its IT systems, including online ordering, POS systems, phones, and various internal systems. According to employee reports, while all stores are open, they only accept cash payments, and reward programme members can't redeem their points because the system is still down. |
|
|
March 27, 2024 |
Securities broker, VNDirect |
Cyber attack on Vietnamese securities broker disrupts stock markets |
Unknown |
Vietnam's third-largest securities broker, VNDirect, has been struggling to fully restore its operations after suffering a cyber attack. The Hanoi Stock Exchange (HNX) announced it temporarily disconnected remote trading and online trading of derivative securities transactions, debt instrument transactions and individual corporate bond transactions by VNDirect “until the problem is resolved.” |
Data Breaches in March 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
March 02, 2024 |
Iowa electric, water utility |
Iowa electric, water utility says information of nearly 37,000 leaked in January ransomware attack |
Unknown |
In breach notification letters, the company said 36,955 people had their Social Security numbers accessed by the hackers alongside telecommunications subscriber data called customer proprietary network information (CPNI). |
|
|
March 03, 2024 |
American Express |
American Express credit cards exposed in third-party data breach |
Unknown |
American Express warned its customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed. |
|
|
March 03, 2024 |
Undisclosed names and numbers of South Korean chip manufacturers |
North Korea hacks two South Korean chip firms to steal engineering data |
Unknown |
The National Intelligence Service (NIS) in South Korea warned that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks as it said once the network was breached, the threat actors stole data from servers holding sensitive documents and data, and the two victims weren't named in the report, but it is worth noting that South Korea is home to two leading chipmakers, Samsung Electronics and SK Hynix, who develop and produce a wide range of processor, system-on-chips, and DRAM, and NAND flash products. |
Data breach attack by the North Korean hackers on domestic semiconductor manufacturers |
|
March 04, 2024 |
Russian Ministry of Defense (Minoborony) |
Ukraine claims it hacked Russian Ministry of Defense servers |
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense |
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. A press release published on an official Ukrainian government domain described the attack as a "special operation" carried out by GUR's cyber-specialists, and as a result of the breach, the GUR claimed to have obtained sensitive documents that contain secret service information. |
Ukrainian data breach attack on the Russian Ministry of Defense |
|
March 07, 2024 |
Swiss government, and Xplain |
Play ransomware leaked 65,000 Swiss government documents, investigation finds |
Play Ransomware |
Swiss authorities have found that 65,000 government documents holding classified information and sensitive personal data were leaked following a ransomware attack last year on one of its IT vendors Xplain. The data published on the dark web involved 1.3 million files, and about 5% of that data was connected to the country’s federal government, and the majority of those files belonged to Xplain, and are related to the company’s work with the government, but around 14% were directly from the country’s federal administration. |
Data breach attack on the Swiss government due to a previous attack on Xplain |
|
March 08, 2024 |
Acer |
Acer confirms Philippines employee data leaked on hacking forum |
A threat actor known as 'ph1ns' |
Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. |
|
|
March 08, 2024 |
Financial services firm Paysign |
Paysign investigating reports of consumer information data breach |
A cybercriminal forum user with the name "emo" |
Paysign said it is investigating reports of a data breach involving consumer information after hackers tried to sell a database allegedly belonging to the company containing millions of records as on March 06, 2024. A cybercriminal forum user with the name "emo," claimed to have stolen 1,242,575 records containing the full names of customers, addresses, dates of birth, phone numbers and account balances. |
|
|
March 13, 2024 |
French unemployment agency-(France Travail, formerly known as Pôle Emploi) |
French unemployment agency data breach impacts 43 million people |
Unknown |
France Travail warned that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. The agency disclosed that hackers stole details belonging to job seekers registered with the agency in the last 20 years in a cyber attack between February 6 and March 5, and the data from individuals with a job candidate profile was also exposed. |
|
|
March 13, 2024 |
Nissan |
Nissan confirms ransomware attack exposed data of 100,000 people |
Akira Ransomware |
Nissan Oceania warned of a data breach impacting 100,000 people after suffering a cyber attack in December 2023 that was claimed by the Akira ransomware operation. Akira ransomware claimed it had stolen 100 GB of data, including documents containing personal employee information, NDAs, project data, and information on partners and clients. Now, Nissan's latest update confirmed some of Akira's claims. |
|
|
March 14, 2024 |
The streaming TV giant, Roku |
Roku cancels unauthorised subscriptions and provides refunds for 15k breached accounts |
Unknown |
Roku said it cancelled unauthorised subscriptions and refunded more than 15,000 accounts after discovering what they called suspicious activity. |
|
|
March 15, 2024 |
International Monetary Fund |
International Monetary Fund email accounts hacked in cyber attack |
Unknown |
The International Monetary Fund (IMF) disclosed a cyber incident after unknown attackers breached 11 IMF email accounts earlier this year. The investigation determined that eleven (11) IMF email accounts were compromised, but the IMF didn't provide other details regarding the breach. The organisation confirmed that it uses the Microsoft 365 cloud-based email platform. |
International Monetary Fund data breach |
|
March 15, 2024 |
Fujitsu |
Fujitsu found malware on IT systems, confirms data breach |
Unknown |
An announcement published on Fujitsu's news portal disclosed a major cybersecurity incident that has compromised systems and data, including sensitive information of customers. |
|
|
March 18, 2024 |
Nations Direct Mortgage |
Nations Direct Mortgage alerts 83,000 to personal data leaks from December cyber attack |
Unknown |
Nations Direct Mortgage said more than 83,000 customers were affected by a late 2023 data breach that leaked Social Security numbers and other sensitive information. |
Nations Direct Mortgage data breach |
|
March 19, 2024 |
Vulnerable Firebase instances |
Misconfigured Firebase instances leaked 19 million plaintext passwords |
Unknown |
Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development as the trio scanned more than five million domains and found 916 websites from organisations that either had no security rules enabled or had set them up incorrectly. |
Data breach attack on misconfigured Firebase instances |
|
March 20, 2024 |
City of Jacksonville Beach |
Jacksonville Beach and other US municipalities report data breaches following cyber attacks |
LockBit Ransomware |
The city government of Jacksonville Beach is the latest to report such an incident, disclosing that 48,949 people had personal information accessed during a January cyber attack. In letters to victims, the city said names and Social Security numbers were obtained by the hackers. |
|
|
March 20, 2024 |
Apparel giant VF |
Apparel giant VF sends out breach letters to millions following 2023 cyber attack |
AlphV Ransomware |
VF began sending out breach notification letters on Wednesday to inform millions of customers that hackers stole personal information during an attack last year. In SEC filings the company said an investigation revealed that the personal data of about 35.5 million individual consumers was taken. |
Apparel company VF data breach update |
|
March 28, 2024 |
Harvard Pilgrim Healthcare |
Harvard Pilgrim health network updates data breach total to nearly 2.9 million |
Unknown |
Harvard Pilgrim Health Care said the number of people affected by a ransomware attack last spring is larger than originally stated. The New England health insurance firm was attacked by a still-unidentified ransomware gang on April 17, 2023, limiting service for days, and the company has submitted multiple different breach notification letters to regulators in Maine since the incident, with the latest upping the figure to 2,860,795, an increase of about 12 percent over the original total. |
|
|
March 28, 2024 |
American Retail chain Hot Topic |
Retail chain Hot Topic hit by new credential stuffing attacks |
Unknown |
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. The breach notification letters by Hot Topic said: "We determined that unauthorised parties launched automated attacks against our website and mobile application on November 18-19 and November 25, 2023, using valid account credentials (e.g., email addresses and passwords) obtained from an unknown third-party source". |
|
|
March 30, 2024 |
AT & T |
AT&T confirms data for 73 million customers leaked on hacker forum |
ShinyHunters |
AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. as AT&T said in a statement: "Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders". |
New Ransomware/Malware Discovered in March 2024
|
New Ransomware |
Summary |
Source Link |
|
CryptoChameleon |
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. |
Hackers target FCC, crypto firms in advanced Okta phishing attacks |
|
CHAVECLOAK trojan |
Security researchers have identified new malware aimed at stealing banking credentials from Brazilians, as cybercriminals continue to target the country’s financial sector. |
New banking trojan spotted circulating among Brazilian targets |
|
GTPDOOR Linux malware |
Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. |
Stealthy GTPDOOR Linux malware targets mobile operator networks |
|
WineLoader malware |
Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. |
Russian hackers target German political parties with WineLoader malware |
|
StrelaStealer malware |
A new large-scale StrelaStealer malware campaign has impacted over a hundred organisations across the United States and Europe, attempting to steal email account credentials. |
Over 100 US and EU orgs targeted in StrelaStealer malware attacks |
|
AceCryptor malware |
Thousands of new infections involving the AceCryptor tool — which allows hackers to obfuscate malware and slip it into systems without being detected by anti-virus software — have been discovered as part of a campaign targeting organizations across Europe. |
AceCryptor malware has surged in Europe, researchers say |
Vulnerabilities/Patches Discovered in March 2024
|
Date |
New Malware/Flaws/Fixes |
Summary |
Source Link |
|
March 01, 2024 |
CVE-2023-29360 |
CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. |
CISA warns of Microsoft Streaming bug exploited in malware attacks |
|
March 02, 2024 |
CVE-2024-21338 |
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. |
Windows Kernel bug fixed last month exploited as zero-day since August |
|
March 04, 2024 |
CVE-2024-1708 and CVE-2024-1709 |
The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. |
ScreenConnect flaws exploited to drop new ToddlerShark malware |
|
March 06, 2024 |
CVE-2024-27198 |
Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update. The exploitation appeared to be massive, with hundreds of new users created on unpatched instances of TeamCity exposed on the public web. |
Critical TeamCity flaw now widely exploited to create admin accounts |
|
March 08, 2024 |
CVE-2024-21762 |
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. |
|
|
March 08, 2024 |
CVE-2024-21899 CVE-2024-21900 CVE-2024-21901 |
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices as the Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. |
QNAP warns of critical auth bypass flaw in its NAS devices |
|
March 09, 2024 |
CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893 |
Threat actors hacked the systems of the Cybersecurity and Infrastructure Security Agency (CISA) by exploiting Ivanti flaws. |
|
|
March 10, 2024 |
CVE-2023-6000 |
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. |
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware |
|
March 13, 2024 |
CVE-2023-48788 |
Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. |
Fortinet warns of critical RCE bug in endpoint management software |
|
March 13, 2024 |
CVE-2024-21412 |
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. |
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware |
|
March 16, 2024 |
CVE-2024-23334 |
The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. |
|
|
March 20, 2024 |
CVE-2024-2169 |
A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. |
New ‘Loop DoS’ attack may impact up to 300,000 online systems |
|
March 27, 2024 |
CVE-2023-48022 |
Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray. |
Thousands of companies using Ray framework exposed to cyberattacks, researchers say |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Report |
The ALPHV/BlackCat ransomware gang shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. |
BlackCat ransomware turns off servers amid claim they stole $22 million ransom |
|
Report |
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. The campaign was first spotted by website cybersecurity firm Sucuri, which has been tracking a threat actor known for breaching sites to inject crypto wallet drainer scripts. |
Hacked WordPress sites use visitors' browsers to hack other sites |
|
Analysis |
Tibetans are being targeted with corrupted language translation software in a cyber espionage campaign that began last September. |
Tibetans targeted by China-linked supply chain attacks using malicious language translators |
|
Report |
A gang of hackers specialised in business email compromise (BEC) attacks, tracked as TA4903, has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. |
|
|
Report |
FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. |
FBI: U.S. lost record $12.5 billion to online crime in 2023 |
|
Report |
Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. |
UnitedHealth brings some Change Healthcare pharmacy services back online |
|
Report |
Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. Vasiliev was arrested in November 2022 and pleaded guilty to eight charges in February 2024, including cyber extortion, mischief, and weapons offences. |
LockBit ransomware affiliate gets four years in jail, to pay $860k |
|
Report |
The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February. |
US govt probes if ransomware gang stole Change Healthcare data |
|
Report |
AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. |
AT&T says leaked data of 70 million people is not from its systems |
|
Report |
The interim head of Britain’s National Cyber Security Centre (NCSC) said the British Library “should be applauded” for refusing to pay an extortion fee to the criminals behind a ransomware attack last year. |
British Library hailed by UK cyber agency for its response to ransomware attack |
|
Analysis |
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. |
New acoustic attack determines keystrokes from typing patterns |
|
Report |
A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organisations and targeted at least 116 across 45 countries. |
Chinese Earth Krahang hackers breach 70 orgs in 23 countries |
|
Report |
The Ukrainian cyber police, in collaboration with investigators from the national police (ГУНП), have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. |
Ukraine arrests hackers trying to sell 100 million stolen accounts |
|
Warning |
The U.S. Federal Trade Commission (FTC) warned that scammers are impersonating its employees to steal thousands of dollars from Americans. |
FTC warns scammers are impersonating its employees to steal money |
|
Report |
A U.S. senator raised questions about a report that $7.5 million was stolen by cyber thieves from the the Department of Health and Human Services (HHS) last year. |
Senator demands answers from HHS about $7.5 million cyber theft in 2023 |
|
Warning |
Germany’s top cybersecurity agency called on thousands of vulnerable organisations in the country to patch out-of-date Microsoft Exchange software. |
German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs |
|
Warning |
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company says that the attacks have also been targeting other remote access VPN services and appear to be part of reconnaissance activity. |
Cisco warns of password-spraying attacks targeting VPN services |
