Date: 1 May 2024
A Yatch retailer, a hospital, the beloved football club Paris Saint-Germain were amongst those who became targets of cyber attacks in April 2024. These attacks bust the myth that it's only organisations operating in critical infrastructure, banking & finance or government bodies that are prime targets of cyber criminals.
- Ransomware Attacks in April 2024
- Cyber Attacks in April 2024
- Data Breaches in April 2024
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis etc. in April 2024
We're back with our monthly compilation of the biggest Cyber Attacks, Ransomware Attacks and Data Breaches for April 2024. The diverse set of organisations that get targetted each month are reminders that nobody is safe from the scourge of cyber crime. What's the best you can do? Stay as secure as you probably can and prepare for the worst.
Embracing the fact that you will probably get attacked sooner or later is smart. Have a plan for bouncing back from the damage when you do. Invest in effective Cyber Incident Planning & Response. Rehearse your plans and your team's capability to respond with agility and focus through simulated scenario-based Cyber Attack Tabletop Exercises. Build a team culture that is cybersecurity focussed and understands good cyber hygiene practices. And don't forget to empower yourself with knowledge on current and new threats and emerging tactics of threat actors. Stay abreast with the recent cyber attacks, ransomware attacks and data breaches compiled for your easy reference below!
Ransomware Attacks in April 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 01, 2024 |
Omni Hotels |
Omni Hotels experiencing nationwide IT outage; Daixin ransomware gang claims attack |
Daixin Ransomware |
Omni Hotels & Resorts experienced a chain-wide outage that brought down its IT systems, impacting reservation, hotel room door lock, and point-of-sale (POS) systems. Daixin shared screenshots of the stolen data with DataBreaches.net showing a database dump containing 3,539,089 records of Omni Hotels visitors' sensitive information. |
|
|
April 03, 2024 |
IxMetro Powerhost |
Hosting firm's VMware ESXi servers hit by new SEXi ransomware |
SEXi Ransomware |
PowerHost's Chile division, IxMetro, warned customers that it suffered a ransomware attack that encrypted some of the company's VMware ESXi servers that are used to host virtual private servers for customers. |
|
|
April 04, 2024 |
Panera Bread |
Panera Bread week-long IT outage caused by ransomware attack |
Unknown |
The ransomware attack encrypted many of Panera Bread's virtual machines, preventing access to data and applications. |
|
|
April 04 and 11, 2024 |
Hoya Corporation |
Hoya’s optics production and orders disrupted by cyber attack/ransomware attack with a demand of $10 million |
Hunters International ransomware |
Hoya said in a statement: “We learned that the Group's headquarters and several of its business divisions have experienced an IT system incident" as hackers demanded a $10 million ransom for a file decryptor and to not release files stolen during the attack. |
|
|
April 08, 2024 |
The government of Palau |
'They’re lying': Palau denies claims by ransomware gang over recent cyber attack |
DragonForce Ransomware |
The government of Palau denied several new claims by a ransomware gang that the two sides were in contact following an attack last month. DragonForce ransomware gang officially posted Palau to its leak site on Sunday, threatening to publish data stolen from the island-nation’s government in three days. |
|
|
April 08, 2024 |
The Tarrant County Appraisal District |
Medusa cybercrime gang takes credit for another attack on US municipality |
Medusa Ransomware |
The Medusa ransomware group said it is responsible for an attack on a government agency in Texas. The Medusa cybercrime gang took credit for the incident, threatening to leak nearly 218 gigabytes of data in six days if a $100,000 ransom is not paid. |
|
|
April 08, 2024 |
German database company Genios |
German database company Genios confirms ransomware attack |
Unknown |
GBI Genios announced that its servers were unavailable due to a massive hacker attack. It said the incident was a ransomware attack and cautioned, “unfortunately we have to assume an outage for several days.” |
|
|
April 09, 2024 |
Non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin (GHC-SCW) |
GHC-SCW: Ransomware gang stole health data of 533,000 people |
BlackSuit Ransomware |
Group Health Cooperative of South Central Wisconsin (GHC-SCW) disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals. |
Group Health Cooperative of South Central Wisconsin (GHC-SCW) ransomware attack |
|
April 09, 2024 |
New Mexico Highlands University (NMHU) and East Central University in Ada, Oklahoma |
Universities in New Mexico, Oklahoma respond to ransomware attacks |
BlackSuit Ransomware |
Cybercriminals forced class cancellations, limited access to critical staff systems and exposed the sensitive information of thousands of students at a university in New Mexico, and a school in Oklahoma continued to assess damage caused by a ransomware gang. On the other hand, East Central University in Ada, Oklahoma, announced that it was investigating a ransomware attack as hackers were still able to access significant amounts of student information including Social Security numbers. |
|
|
April 15, 2024 |
Chipmaker Nexperia |
Chipmaker Nexperia confirms breach after ransomware gang leaks data |
Dunghill Leak |
The extortion site 'Dunghill Leak' announced it had breached Nexperia, claiming to have stolen 1 TB of confidential data and leaked a sample of the allegedly stolen files. Threat actors published images of microscope scans of electronic components, employee passports, non-disclosure agreements, and various other samples whose authenticity hasn't been confirmed by the chipmaker yet. |
|
|
April 15, 2024 |
Change Healthcare |
Ransomware gang starts leaking alleged stolen Change Healthcare data |
RansomHub Extortion Gang |
The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. |
|
|
April 17, 2024 |
Cherry Street Services |
Michigan healthcare organisation says ransomware breached data of 185,000 |
Unknown |
A ransomware attack in late 2023 exposed the personal data of nearly 185,000 people, a nonprofit Michigan healthcare organisation; Cherry Street Services said in a regulatory filing that the breach occurred on December 21 and was discovered on Christmas Eve as the attackers had accessed financial information such as credit card numbers and related security codes or passwords. |
|
|
April 18, 2024 |
D.C. Department of Insurance, Securities and Banking (DISB) |
DC city agency says LockBit claims tied to third-party attack |
LockBit Ransomware |
The LockBit ransomware gang claimed it attacked the D.C. Department of Insurance, Securities and Banking (DISB) and stole 800 GB of data. DISB is a regulatory agency designed to protect consumers from abuse by financial institutions like insurance companies, investment firms, banks and mortgage lenders. LockBit said that negotiations had broken down and it planned to leak 1GB of data in order to further push the organisation into paying a ransom. |
D.C. Department of Insurance, Securities and Banking (DISB) ransomware attack |
|
April 19, 2024 |
The United Nations Development Programme (UNDP) |
United Nations agency investigates ransomware attack, data theft |
8Base ransomware |
The United Nations Development Programme (UNDP) is investigating a cyber attack after threat actors breached its IT systems to steal human resources data. The attackers said that the documents their operators managed to exfiltrate during the breach contain large amounts of sensitive information including "a huge amount of confidential information," personal data, accounting data, certificates, employment contracts, confidentiality agreements, invoices, receipts, and more. |
The United Nations Development Programme (UNDP) ransomware attack |
|
April 21, 2024 |
Synlab Italia |
Synlab Italia suspends operations following ransomware attack |
Unknown |
Synlab Italia suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. The company announced that it had suffered a security breach in the early hours of April 18, which forced it to shut down all computers to limit the damaging activity. |
|
|
April 22, 2024 |
UnitedHealth |
UnitedHealth confirms it paid ransomware gang to stop data leak |
BlackCat/ALPHV ransomware |
The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. The organisation reported that the cyber attack had caused $872 million in financial damages, and the ransomware gang claimed the attack, alleging to have stolen 6 TB of sensitive patient data; performed an exit scam after allegedly getting $22 million in ransom from UnitedHealth. |
|
|
April 23, 2024 |
Plasma donation company Octapharma |
Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack |
BlackSuit Ransomware |
The plasma donation company Octapharma has begun to reopen some of its 180 centres around the world following a ransomware attack that forced it to shut down operations for nearly a week. |
|
|
April 23, 2024 |
Skanlog, a critical distributor for Systembolaget |
Sweden's liquor shelves run empty due to ransomware attack |
Unknown |
The cyber attack on a Swedish logistics company has prompted warnings from the country’s sole liquor retailer that its top shelves in stores around the country may be empty. Skanlog’s chief executive, Mona Zuko, told newspaper Dagens Industri that the incident was a ransomware attack from a group based in North Korea. The basis on which that attribution was made is not clear. |
Cyber Attacks in April 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 05, 2024 |
NYCAPS |
Attempted hack on NYC continues wave of cyber attacks against municipal governments |
Unknown |
The attack on the New York City forced to take a city payroll website offline and remove it from public view. City workers complained of the New York City Automated Personnel System, Employee Self Service (NYCAPS/ESS) being offline as many tried to file their taxes. |
|
|
April 08, 2024 |
French football club PSG |
French football club PSG says ticketing system targeted by cyber attack |
Unknown |
Paris Saint-Germain (PSG), the Qatari-owned titan of French football, has informed its supporters that a cyber attack targeted the club’s online ticketing service. |
|
|
April 08, 2024 |
Computer accessory giant Targus |
Computer accessory giant Targus says cyber attack interrupted business operations |
Unknown |
One of the biggest manufacturers of technology accessories said business operations have been “temporarily disrupted” following a cyber attack. Targus International said it discovered that a hacker had gained access to file systems, prompting the company to hire outside cybersecurity consultants. |
|
|
April 17, 2024 |
Whales Market-OTC |
Google ad impersonates Whales Market to push wallet drainer malware |
Unknown |
A legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all assets. This phishing site replicates the legitimate website, including its trading platform. |
|
|
April 18, 2024 |
The Hospital Simone Veil in Cannes (CHC-SV) |
840-bed hospital in France postpones procedures after cyber attack |
Unknown |
Hospital Simone Veil in Cannes (CHC-SV) announced that it was targeted by a cyber attack, severely impacting its operations and forcing staff to go back to pen and paper as the Hospital announced that it was forced to take all computers offline earlier in the week due to a cyber attack, leaving only telephone systems available for communication. |
Cyber attack on a The Hospital Simone Veil in Cannes (CHC-SV) |
|
April 24, 2024 |
Czech News Agency (CTK) |
Hackers publish fake story about Ukrainians attempting to assassinate Slovak president |
Unknown |
An unidentified attacker hacked a Czech news service's website and published a fake story claiming that an assassination attempt had been made against the newly elected Slovak president, Peter Pellegrini. The Czech News Agency (CTK) said the attacker posted the false article directly to its website, meaning the story was not distributed to the service’s clients. |
Data Breaches in April 2024
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
April 01, 2024 |
PandaBuy |
Shopping platform PandaBuy data leak impacts 1.3 million users |
A threat actor named 'Sanggiero' and another threat actor called 'IntelBoker.' |
Two threat actors allegedly exploited multiple vulnerabilities to breach systems. The threat actor said: "The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website.” |
|
|
April 01, 2024 |
MarineMax |
Yacht retailer MarineMax discloses data breach after cyber attack |
Rhysida ransomware |
MarineMax, one of the world's largest recreational boat and yacht retailers, said attackers stole employee and customer data after breaching its systems in a March cyber attack. The Rhysida ransomware gang claimed the attack and started selling data allegedly stolen from MarineMax's network for 15 BTC (just over $1 million). |
|
|
April 01, 2024 |
OWASP |
OWASP discloses data breach caused by wiki misconfiguration |
Human error |
The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. |
|
|
April 02, 2024 |
Cancer treatment and research centre City of Hope |
US cancer centre data breach exposes information of 827,000 patients |
Unknown |
The data breach exposed the sensitive information of over 820,000 patients as per a notice that the healthcare organisation published on its site. |
|
|
April 03, 2024 |
Russia’s prosecutor general |
Hackers claim to breach database containing thousands of Russian criminal records |
RGB-TEAM |
A group of hacktivists going by the name RGB-TEAM claimed responsibility for hacking into the website of Russia’s prosecutor general, exposing data on criminal offences committed in Russia over the past 30 years. |
Data breach attack on the website of Russia’s prosecutor general |
|
April 03 and 05, 2024 |
The U.S. Govt. Contractor, Acuity |
US State Department investigates alleged theft of government data |
The threat actor (known as IntelBroker) |
The threat actor described the files as containing classified information belonging to the Five Eyes intelligence alliance. According to their claims, the leaked data included the full names, emails, office numbers, and personal cell numbers of government, military, and Pentagon employees, as well as their email addresses. The threat actors said: "This data was obtained by breaching into Acuity Inc, a company that works directly with the US Government and its allies." |
|
|
April 03, 2024 |
SurveyLama |
SurveyLama data breach exposes information of 4.4 million users |
Unknown |
Data breach alerting service Have I Been Pwned (HIBP) warns that SurveyLama suffered a data breach in February 2024, which exposed the sensitive data of 4.4 million users. |
|
|
April 04, 2024 |
University of Winnipeg |
Thousands of staff, students have sensitive data stolen in University of Winnipeg hack |
Unknown |
The University of Winnipeg in Canada has confirmed that hackers stole sensitive information from the institution in an incident that took place late last month, affecting former and current students and staff. |
|
|
April 07, 2024 |
Department of Justice and Greylock McKinnon Associates |
DOJ data on 341,000 people leaked in cyber attack on consulting firm |
Unknown |
Medicare and other information belonging to 341,000 people was leaked after a consulting firm working with the Department of Justice was hacked. Greylock McKinnon Associates reported a data breach to regulators in Maine saying victims’ personal information like Social Security numbers and more were accessed during an incident last May. |
Data breach attack on Greylock McKinnon Associates that works with DoJ |
|
April 10, 2024 |
AT&T |
AT&T now says data breach impacted 51 million customers |
ShinyHunters and MajorNelson |
AT&T notified 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. |
|
|
April 11, 2024 |
Giant Tiger |
Hacker claims Giant Tiger data breach, leaks 2.8M records online |
Unknown |
A threat actor publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers. |
|
|
April 14, 2024 |
Cisco Duo |
Cisco Duo warns third-party data breach exposed SMS MFA logs |
Unknown |
Cisco Duo said an unnamed provider who handles the company's SMS and VOIP multi-factor authentication (MFA) messages was compromised on April 1, 2024. Cisco said that the incident affected approximately 1% of Duo's customers. As the company claims to have 100,000 users, this incident impacted approximately 1,000 people. |
|
|
April 18, 2024 |
Telecom giant Frontier |
Telecom giant Frontier shuts down some systems after cyber attack |
Unknown |
Texas-based telecommunications company Frontier Communications reported a cyber attack to the Securities and Exchange Commission. It said it detected unauthorised access to its IT systems on April 14 and began instituting “containment measures” that included shutting down certain of the Company’s systems as the shutdowns caused operational disruption that the company said “could be considered material.” |
|
|
April 19, 2024 |
MITRE |
MITRE says state hackers breached its network via Ivanti zero-days |
Unknown |
The MITRE Corporation says that a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. Evidence collected during the investigation so far shows that this breach did not affect the organisation's core enterprise network or its partners' systems. |
New Ransomware/Malware Discovered in April 2024
|
New Ransomware |
Summary |
Source Link |
|
Latrodectus malware |
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. |
|
|
JSOutProx malware |
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers as this campaign targeted financial institutions in South and Southeast Asia, the Middle East, and Africa. |
Visa warns of new JSOutProx malware variant targeting financial orgs |
|
Keyzetsu malware |
Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments. |
Malicious Visual Studio projects on GitHub push Keyzetsu malware |
|
SoumniBot malware |
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. |
|
|
A game cheat called Cheat Lab |
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. |
|
|
An operator of the HelloKitty ransomware changed the name to 'HelloGookie,' |
An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks. |
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data |
|
New Brokewell malware |
Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. |
New Brokewell malware takes over Android devices, steals data |
|
A new Python backdoor tracked as “Dev Popper” |
A new campaign tracked as “Dev Popper” is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). |
Fake job interviews target developers with new Python backdoor |
Vulnerabilities/Patches Discovered in April 2024
|
Date |
New Malware/Flaws/Fixes |
Summary |
Source Link |
|
April 03, 2024 |
CVE-2024-29745 and CVE-2024-29748 |
Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them. |
Google fixes two Pixel zero-day flaws exploited by forensics firms |
|
April 03, 2024 |
CVE-2024-21894, CVE-2024-22052, CVE-2024-22053, and CVE-2024-22023 |
IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. |
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks |
|
April 03, 2024 |
CVE-2024-2879 |
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritise applying security updates for the plugin. |
Critical flaw in LayerSlider WordPress plugin impacts 1 million sites |
|
April 06, 2024 |
CVE-2024-3273 |
A threat researcher has disclosed a new arbitrary command injection and hard coded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. |
Over 92,000 exposed D-Link NAS devices have a backdoor account |
|
April 09, 2024 |
CVE-2023-6317 and CVE-2023-6318, CVE-2023-6319 and CVE-2023-6320 |
Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions. |
LG releases updates for vulnerabilities that could allow hackers to gain access to TVs |
|
April 09, 2024 |
CVE-2021-3129 |
Sysdig reports that it has been detecting RUBYCARP's probes to its honeypots for several months, targeting Laravel applications via CVE-2021-3129, a remote code execution vulnerability. |
|
|
April 09, 2024 |
Tracked as CVE-2024-24576, |
Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. |
Critical Rust flaw enables Windows command injection attacks |
|
April 09, 2024 |
CVE-2024-26234 and CVE-2024-29988 |
Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. |
Microsoft fixes two Windows zero-days exploited in malware attacks |
|
April 11, 2024 |
BRLY-2024-002, BRLY-2024-003, BRLY-2024-004 |
An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo. The threat analysts assigned three internal identifiers to the Lighttpd vulnerability based on its impact on different vendors and devices. |
|
|
April 12, 2024 |
CVE-2024-3400 |
Palo Alto Networks warned that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. |
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks |
|
April 16, 2024 |
CVE-2024-31497 |
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. |
PuTTY SSH client flaw allows recovery of cryptographic private keys |
|
April 17, 2024 |
CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254 |
In an ongoing Kubernetes crypto mining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities. |
Hackers hijack OpenMetadata apps in Kubernetes crypto mining attacks |
|
April 19, 2024 |
CVE-2024-4040 |
CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately. |
CrushFTP warns users to patch exploited zero-day “immediately” |
|
April 20, 2024 |
CVE-2024-28890 |
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. |
Critical Forminator plugin flaw impacts over 300k WordPress sites |
|
April 24, 2024 |
CVE-2024-20353, CVE-2024-20359 |
Cisco warned that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. |
Maximum severity Flowmon bug has a public exploit, patch now |
|
April 25, 2024 |
CVE-2024-27956 |
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. |
WP Automatic WordPress plugin hit by millions of SQL injection attacks |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
Source Link |
|
Report |
The Indian government said it rescued and repatriated 250 citizens who sought jobs in Cambodia, only to be forced into conducting cybercrime once they arrived. |
India rescues 250 citizens enslaved by Cambodian cybercrime gang |
|
Report |
Google agreed to delete billions of data records collected from 136 million Chrome users in the United States, as part of a lawsuit settlement regarding alleged undisclosed browser data collection while in Incognito mode. |
Google agrees to delete Chrome browsing data of 136 million users |
|
Analysis |
Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware. |
Fake Facebook MidJourney AI page promoted malware to 1.2 million people |
|
Report |
LastPass has warned of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft as according to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted cryptocurrency platforms Binance, Coinbase, Kraken, and Gemini, using pages that impersonated Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. |
Cybercriminals pose as LastPass staff to hack password vaults |
|
Report |
According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organisations and raked in roughly $42 million in ransom payments. |
FBI: Akira ransomware raked in $42 million from 250+ victims |
|
Report |
The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. |
Ring customers get $5.6 million in privacy breach settlement |
|
Report |
The anti-Donald Trump super PAC Lincoln Project lost $35,000 to a business email compromise (BEC) scam in February as a vendor’s email was hacked, with the hackers producing authentic-looking invoices that were sent from the vendor’s legitimate email account. The hack affected multiple clients of the vendor, including Lincoln Project. |
Anti-Trump PAC Lincoln Project scammed for $35,000 after vendor email hack |
|
Warning |
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. |
Okta warns of "unprecedented" credential stuffing attacks on customers |
