Recent Cyber Attacks, Data Breaches & Ransomware Attacks December 2022

Date: 2 January 2023

Featured Image

Ending the year with a bang has a very different connotation in the world of cybersecurity. Here is a roundup of all the cyber-attacks, data breaches, ransomware attacks in December 2022, along with the new malware & vulnerabilities that made the news in the last month of the year.

2022 has been nothing short of a watershed year for the world of IT & cyber security. Uber made the news repeatedly for two data breaches and the conviction of its former CISO - a never-seen-before moment in world cyber history.  The attacks on Australian organisations in the year could fill up pages and we'd still not be done. Add the many crypto attacks, healthcare attacks, high-profile victims like Nvidia and Toyota, the rampage of Conti and Lapsus$ ransomware and you truly have a cybersecurity potboiler.   

The idea of the above statement and the data below is not to create panic or chaos. We do a monthly roundup of the biggest cyber attacks, data breaches and ransomware simply to turn the spotlight back on the conversation about organisational preparedness and cyber resilience. 

If 2022 has taught us anything it is that you can NEVER be prepared enough - regardless of your size, your industry or your location. It's therefore in the best interest of every organisation to put cybersecurity as their #1 priority in 2023.

If you need help getting started or having your cyber incident plans and procedures reviewed and refreshed, consider hiring an expert conveniently and cost-effectively through services such as the Virtual Cyber Consultant and Virtual Cyber Assistant. These cybersecurity experts can also help you achieve compliance and become certification-ready.  

Some of the areas in which our Virtual Cyber Experts can help include: 

- Creating new or refreshing existing Business Continuity and Disaster Recovery Plans
- Testing the effectiveness of your Incident Management Policies and Procedures
- Becoming Cyber Essentials ready or ISO 27001 certified  

Below are the other biggest cyber-attacks, ransomware attacks and data breaches in December 2022 that made headlines in the month gone by. 

  1. Cyber-Attacks in December 2022
  2. Data Breaches in December 2022
  3. Ransomware Attacks in December 2022
  4. New Ransomware/Malware Detected in December 2022
  5. Vulnerabilities/Patches 
  6. Advisories issued, reports, analysis etc. in December 2022 

Cyber Attacks in December 2022




Threat Actor

Business Impact

Source Link

Dec 1, 2022


After AIIMS, another Indian health sector asset, COWIN platform, suffers an attack

Nazil Blackhat

The Iranian hacker who targeted COWIN portal had shared his Telegram username on Darkweb and wrote that the person who wants to buy COWIN's ACCESS from him should contact him on Telegram.

Indian Corona Vaccine platform CoWin cyber attack

Dec 1, 2022

Russian court, Russian mayor's offices

Data-wiping malware hits Russian courts, city halls


A data erasing malware that masquerades as ransomware but wipes data from infected devices instead of holding it for ransom has been found targeting Russian organisations.

Russian courts and mayor offices hit by data wiping malware attack

Dec 2, 2022

Voyager Worldwide

Voyager Worldwide hit by a cyber attack


Hackers took all systems of Voyager Worldwide (that boasts of more than 1,000 shipping companies as customers around the world) offline. 

Voyager Worldwide cyber attack

Dec 3, 2022 loses $3 million worth of cryptocurrency in cyberattack


In the cyberattack, certain digital assets were stolen, including approximately US$700,000 in asset value owned by's clients, and approximately US$2.3 million in asset value owned by the Company. cyberattack

Dec 5, 2022

VTB bank

Massive DDoS attack takes Russia’s second-largest bank VTB offline

The pro-Ukraine hacktivist group, 'IT Army of Ukraine’

VTB Bank has called the attack the 'worst cyber attack' in its history after its website and mobile apps were taken offline.

Russia’s second-largest bank VTB goes offline due to a DDoS attack

Dec 7, 2022

Metropolitan Opera

Metropolitan Opera dealing with "crippling" cyber attack that shut down website, box office


The attack impacted the network systems, including their website, box office, and call center. 

Metropolitan Opera cyber-attack

Dec 14, 2022

TPG Telecom

TPG Telecom enters the list of hacked Australian companies; shares slide


Australian Internet services provider TPG Telecom became the latest victim of a cyber attack as the hacker accessed up to 15,000 emails of of its corporate customers.

TPG Telecom Ltd cyber attack

Dec 14, 2022


FuboTV faces outage due to cyber attack during World Cup semifinal


Football fans were left seething as they were unable to watch the World Cup semifinal on FuboTV due to a cyber attack that knocked out the platform.

FuboTV cyber attack hurts sentiments of FIFA World Cup fans 

Dec 14, 2022

Japanese Ministry

Hackers target Japanese politicians with new MirrorStealer malware


A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named ‘MirrorStealer’.

Japanese ministry attack

Dec 15, 2022

Ukrainian Government

Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government

Allegedly Russian hackers 

Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Ukrainian government attack

Dec 16, 2022

Fire Rescue Victoria

Fire Rescue Victoria confirms cyber attack from 'external third party' 


The attack affected most of the systems, including FRV network, emails and dispatch.

Fire Rescue Victoria Cyber-Attack

Dec 16, 2022

DELTA Military Systems

Ukraine's DELTA military system users targeted by info-stealing malware


A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware.

DELTA military system users under attack

Dec 20, 2022

Comcast, Xfinity

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks


Customer accounts allegedly hacked in widespread attacks that bypassed two-factor authentication. Compromised accounts were then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.

Comcast Xfinity  cyber-attack

Dec 26, 2022


Hackers steal $8 million from users running trojanized BitKeep apps


BitKeep has not determined how much money was lost due to these hacks, but transaction tracking service PeckShield reported that approximately $8 million worth of assets have been stolen so far.

BitKeep apps cyber attack incident


Cyber-attacks are coming one way or the other. The only solution? Get ready. 

Being prepared with a robust, effective and fit-for-purpose cyber incident response plan is critical for 2023. Don't have a plan yet? No problem. Download our FREE cyber incident response plan template and start building yours today. Make sure it's simple, fuss-free and focussed on what really matters. 

Back to Top 

New call-to-action

Data Breaches in December 2022




Threat Actor

Business Impact

Source Link

Dec 5, 2022

Amnesty International Canada

Amnesty International Canada breached by suspected Chinese hackers in early October, 2022.

Chinese hackers suspected

It’s not clear whether the attackers exfiltrated donor or membership data

Amnesty International Canada data breach

Dec 10, 2022


Uber suffers new data breach after attack on vendor, info leaked online

A breach forum, UberLeaks, that tries to link itself to Autistic Fisherman 

The newly leaked data consisted of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses for over 77,000 Uber employees, and other corporate information.

Uber’s new data breach

Dec 11, 2022

SentinelOne SDK python client

Malicious ‘SentinelOne’ PyPI package steals data from developers.


Threat actors published a malicious Python package on PyPI, named 'SentinelOne,' that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals data from developers.

Malicious ‘SentinelOne’ package 

Dec 12, 2022

The city of Diest

The city of Diest becomes the victim of a cyber attack: city services and schools, amongst others, affected.


All of the city services were taken down. Local residents could not be helped at the counters of the town hall as the library, schools and cultural centre Den Amer were also affected by the cyber attack. 

City of Diest cyber-attack

Dec 12, 2022


Twitter confirms recent user data leak is from 2021 breach


Twitter confirmed that the November 2022 leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022 and it further linked this to the incident in which a threat actor released a JSON file containing the complete set of 5.4 million records scraped in 2021.

Twitter data breach incident relates with 2021 breach

Dec 13, 2022

San Gorgonio Memorial Hospital

California hospital breach that occurred in October 2022 exposed patients’ Social Security numbers, medical info


The hospital said: “At this time, we have identified documents containing patient names, addresses, dates of birth, medical record numbers, visit ID numbers, and/or clinical information, such as dates of service, provider names, and/or department names as in some instances, patients’ Social Security numbers, drivers’ licence numbers, financial account information, and/or health insurance information may have also been reflected in the documents involved.”

San Gorgonio Memorial Hospital data breach

Dec 13, 2022

Gemini crypto exchange

Hackers leak personal info allegedly stolen from 5.7M Gemini users.

M.V.P. User on BreachForums

Gemini crypto exchange announced that its customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. The hacker offered to sell a database allegedly from Gemini containing phone numbers and email addresses of 5.7 million users.

Gemini crypto exchange data breach 

Dec 14, 2022

Social Blade

Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company was offered for sale.


The exposed data includes email addresses, password hashes, client IDs, IP addresses, and tokens for business API users, authentication tokens for connected accounts, and non-personal and internal data. 

Social Blade data breach

Dec 15, 2022

Restaurant CRM platform ‘SevenRooms

Restaurant CRM platform ‘SevenRooms’ confirms breach after data put up for sale.

Threat actor named ‘GOD’

The threat actor began selling stolen data on a hacking forum by posting data samples and claimed to have stolen a 427 GB backup database with thousands of files containing information about SevenRooms’ customers. The samples provided by the seller included folders named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more.

‘SevenRooms’ data breach

Dec 16, 2022

MAS New Zealand

Cyber attack on a third-party services provider of NZ’s insurance company MAS exposes personal data of members. 


A cyber attack on the after-hours call service of New Zealand’s largest insurer of medical professionals potentially exposed the personal data of its members.

New Zealand’s insurance services provider MAS data breach 

Dec 20, 2022


Okta discloses a data breach incident with an impact on its source code repositories.


Hackers accessed Okta's code repositories.

Hackers steal Okta source code 

Dec 21, 2022

Sports betting firm BetMGM

Leading sports betting firm BetMGM discloses data breach that occurred in November 2022.


Hackers obtained a wide range of data, including names, contact info (like postal addresses, email addresses, and phone numbers), dates of birth, hashed Social Security numbers, account identifiers (like player IDs and screen names) and info related to transactions with BetMGM.

BetMGM November data breach 

Dec 21, 2022


Hackers stole customer vault data in a cloud storage breach that hit Lastpass in August 2022.


The cyber criminals stole information from vault data that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.

Lastpass cloud storage breach 

Dec 26, 2022


Indian railway ministry denies reports about a potential data breach of IRCTC and says that the data breach was not from the IRCTC servers

ShadowHacker (a BreachForum name)

It was reported that hackers have stolen the data of 30 million people who have booked railway tickets. This includes personal information such as email id, mobile number, address, age and gender.

Indian railway ministry denies IRCTC data breach

Dec 28, 2022

Crypto company 3Commas

Crypto platform 3Commas admits hackers stole API keys


An anonymous Twitter user published a set of 10,000 API keys allegedly obtained from the 3Commas cryptocurrency trading platform.

Crypto platform 3Commas data breach


Back to Top 

New call-to-action

Ransomware Attacks in December 2022




Threat Actor

Business Impact

Source Link

Dec 2, 2022


Rackspace confirms that its recent Hosted Exchange outage was caused by a ransomware attack


American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident. List of impacted services includes MAPI/RPC, POP, IMAP, SMTP, ActiveSync, and the Outlook Web Access (OWA) interface used to access the Hosted Exchange instance to manage email online.

Rackspace ransomware attack 

Dec 3, 2022

André-Mignot hospital

Ransomware attack forces French hospital to transfer patients.


The ransomware attack forced the André-Mignot teaching hospital in the suburbs of Paris to shut down its phone and computer systems. It was also forced to shift 6 patients from its neonatal & ICU units to other healthcare facilities.  

André-Mignot hospital ransomware attack

Dec 5, 2022

City of Antwerp

Cybercriminals target the computer system of the city of Antwerp with Play ransomware.

Play ransomware

The attack impacted the city's computer  systems. Some employees were not able to read their emails, and apart from this, urban education and the local police also experienced problems.

Ransomware attack on the city of Antwerp

Dec 6, 2022

Mercury IT 

Te Whatu Ora

New Zealand, ministry of justice

Privacy Commissioner considers action on ransomware attack which hit New Zealand based company Mercury IT in November 2022. 

LockBit 3.0

The attack disrupted dozens of organisations in the country, including several government departments and public authorities like health insurer Accuro, architectural firm Catalyst Group, business mentoring programme Business Central, commercial flooring business Polyflor as the stolen data is listed for sale for prices between $99,000 and $999,000 and the attack also impacted business advocacy group BusinessNZ and the New Zealand National Nurses Association. 

Mercury IT has also worked with the New Zealand Ministry of Justice and healthcare company Te Whatu Ora, reportedly losing 14,500 coroners’ files and 4000 post-mortem reports, although none of this is for sale on the dark web as of yet. 

LockBit 3.0 ransomware attack on Mercury IT, New Zealand Ministry of Justice & healthcare company Te Whatu Ora

Dec 11, 2022


Play ransomware claims attack on German hotel chain H-Hotels.

Play Ransomware 

The Play Ransomware gang’s attack on H-Hotels ( has resulted in communication outages for the company.

Ransomware attack on German hotel chain H-Hotels

Dec 12, 2022

California Department of Finance

California Department of Finance Hit By Cyber-Attack, LockBit Claims Responsibility


LockBit said they stole 76 GB of data, including IT and financial documents, confidential data and sexual proceedings in court as they warned that the Department of Finance has until Dec 24 to pay up or else the group will publish a cache of stolen files.

California Department of Finance ransomware attack

Dec 13, 2022

Colombian energy supplier EPM

Colombian energy supplier EPM hit by BlackCat ransomware attack


EPM instructed its approximately 4,000 employees to work from home, with IT infrastructure down as the company’s websites were no longer available and it provided alternative methods for customers to pay for services and the attack caused devices to be encrypted and data to be stolen.

Colombian energy supplier EPM ransomware attack

Dec 20, 2022

Guardian newspaper

Guardian newspaper hit by suspected ransomware attack, staff told not to come to office


The attack has impacted a number of business services at the 200-year-old news organisation, but not its online site and apps which will continue to publish stories

Guardian newspaper ransomware attack

Dec 21, 2022

The Lake Charles Memorial Health System (LCMHS)

Ransomware attack at Louisiana hospital impacts 270,000 patients


Hackers gained unauthorised access to LCMHS' network and stole sensitive files contained 270,000 patients’ personal and medical information

Louisiana hospital ransomware attack 

Dec 27, 2022

Intrado telecom

Royal ransomware claims responsibility for attack on telecommunications provider Intrado 

Royal ransomware

Hackers impacted all of Intrado's services, including Unified Communication Services, Healthcare, and Unified Communications as a Service (UCaaS). The hackers also allegedly shared a 52.8 MB archive containing scans of passports, business documents, and driver's licence as proof of the breach. The initial ransom demand was $60 million.

Intrado telecom ransomware attack


Ransomware attacks have probably made more news in 2022 than they've ever done before. The rise in cryptocurrency and the anonymity of payments it offers is further fueling the confidence of ransomware attackers. 

Our cybersecurity experts have created several FREE resources that you can put to use immediately to boost your ransomware readiness. They'll also help you mitigate the damage if you do become the victim of a ransomware attack.  

  1. Ransomware Mitigation Checklist
  2. Ransomware Response Checklist
  3. Ransomware Response Workflow Guide  

Back to Top 

New call-to-action

New Ransomware/Malware Discovered in December 2022

New Ransomware


Source Link


‘DuckLogs’ gives low-skilled attackers easy access to multiple modules to steal information, log keystrokes, access clipboard data, and remote access to the compromised host.

New DuckLogs malware service claims having thousands of ‘customers’

NTRUEncrypt and ChaCha20-Poly1305

The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305

Vice Society ransomware gang switches to new custom encryptor

Puspa2 Ransomware

Ransom note: XXX_HELLO'S_READ_ME._txt; Changes the desktop wallpaper

Extension: .puspa2#mejukeni7sala029; Puspa2 Ransomware

Stop/Djvu Ransomware (v0612)

Ransom note: _readme.txt

Extension: .mppn; Stop/Djvu Ransomware (v0612)

OBZ Ransomware

OBZ Ransomware; Ransom note: ReadMe.txt

OBZ Ransomware; Extension: .OBZ

Allock Ransomware

MedusaLocker ransomware family Extension: .allock8 (the number may differ depending on the sample); Ransom note: how_to_back_files.html

Allock Ransomware, Extension: .allock8 (the number may differ depending on the sample); Ransom note: how_to_back_files.html

Juli Ransomware

VoidCrypt ransomware family; Extension: .Juli (filenames are also appended with victim's ID and developers' email address); Ransom note: unlock-info.txt

Juli Ransomware; Extension: .Juli (filenames are also appended with victim's ID and developers' email address); Ransom note: unlock-info.txt



Vulnerabilities/Patches Discovered in December 2022




Source Link

Dec 2, 2022


Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw (CVE-2022-4262), the ninth Chrome zero-day exploited in the wild since the start of the year.

Google Chrome emergency update fixes 9th zero-day of the year

Dec 6, 2022

CVE-2022-20472, CVE-2022-20473, CVE-2022-20411, CVE-2022-20498

Google has released the Dec 2022 security update for Android, fixing four critical-severity vulnerabilities CVE-2022-20472, CVE-2022-20473, CVE-2022-20411, CVE-2022-20498, including a remote code execution flaw exploitable via Bluetooth. as this update addressed 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities impacting third-party components addressed in patch level 2022-12-05

Android Dec 2022 security updates fix 81 vulnerabilities

Dec 8, 2022


Cisco has disclosed a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks

Cisco discloses high-severity IP phone zero-day with exploit code

Dec 13, 2022

Image repository vulnerability

Amazon Web Services (AWS) has fixed a new vulnerability affecting a website for finding and sharing public container images – foundational files containing code that runs on IT infrastructure

AWS fixes vulnerability affecting container image repository

Dec 13, 2022

The tenth zero-day vulnerability (CVE-2022-42856)

Apple has fixed zero-day vulnerability, actively used in attacks against iPhones like iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation 

Apple security update fixes new iOS zero-day used to hack iPhones

Dec 13, 2022


Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability (CVE-2022-27518) in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks

CCritical Citrix ADC and Gateway zero day patched 

Dec 13, 2022

CVE-2022-44698 - Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2022-44710 - DirectX Graphics Kernel Elevation of Privilege Vulnerability

Microsoft's Dec 2022 Patch: fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws

Microsoft Dec 2022 Patch Tuesday fixes 2 zero-days, 49 flaws

Dec 13, 2022


Citrix strongly urges admins to apply security updates for an 'Critical' zero-day vulnerability in Citrix ADC and Gateway that is actively exploited by state-sponsored hackers to gain access to corporate networks

Hackers exploit critical Citrix ADC and Gateway zero day, patched now

Dec 13, 2022

CVE-2022-31703, CVE-2022-31703, CVE-2022-31705

VMware released security updates to address a critical-severity vulnerability impacting ESXi, Workstation, Fusion, and Cloud Foundation, and a critical-severity command injection flaw affecting vRealize Network Insight

VMware fixes critical ESXi and vRealize security flaws

Dec 14, 2022

Security vulnerability CVE-2022-44698

Microsoft has fixed a security vulnerability CVE-2022-44698 used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads

Microsoft patches Windows zero-day used to drop ransomware

Dec 16, 2022

The security flaw (dubbed Achilles) tracked as CVE-2022-42821

Apple has fixed a vulnerability attackers could leverage to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions

Microsoft finds macOS bug that allows malware to bypass security checks

Dec 16, 2022

Windows taskbar flicker issues and app instability

Microsoft says that Windows 10 updates released in late September are causing Windows taskbar flicker issues and app instability

Microsoft fixes Windows taskbar bug causing Explorer, Office freezes

Dec 20, 2022

OWASSRF consists of CVE-2022-41080 and CVE-2022-41082

CrowdStrike recently discovered a new exploit method (called OWASSRF) consisting of CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access (OWA)

CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations

Dec 21, 2022

Intune enrollment issue in Android and Apple devices

Microsoft has confirmed today that Samsung and Google have fixed an Intune enrollment issue affecting Galaxy S22 smartphones running Android 13

Samsung and Google fix Microsoft Intune Android 13 enrollment issue

 Back to Top 

New call-to-action




Source Link


Vulnerabilities in Hyundai and Genesis mobile apps allow unauthorised users to unlock and start cars.

Hyundai/Genesis app bugs 


The Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to extortion gang Lapsus$ which breached multiple high-profile companies in recent incidents.

DHS Cyber Safety Board to review Lapsus$ hacking tactics


A Florida man was sentenced to 18 months in prison for his involvement in a fraud scheme that used SIM Swapping to steal millions from cryptocurrency investor Michael Terpin.

SIM swapper gets 18-months jail for involvement in $22 million crypto heist


Microsoft has warned of Russian-sponsored cyberattacks continuing to target Ukrainian infrastructure and NATO allies in Europe throughout the winter.

Microsoft warns of Russian cyberattacks throughout the winter


Flaw (tracked as CVE-2022-4262) was patched as an actively exploited zero-day bug in the Google Chrome web browser for Windows, Mac, and Linux users.

CISA orders agencies to patch exploited Google Chrome bug by Dec 26th


Apple introduces Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more.

Apple rolls out end-to-end encryption for iCloud backups


'CryptosLabs' has stolen up to €480 million ($505 million) from victims in France, Belgium, and Luxembourg, since the launch of its operation in 2018.

CryptosLabs ‘pig butchering’ ring has stolen up to $505 million since 2018


CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during the October ransomware attack.

CommonSpirit Health ransomware attack exposed data of 623,000 patients


Indian cybersecurity firm CloudSEK says the threat actor who gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts belonged to a notorious Cyber Security company that is into Dark web monitoring.

CloudSEK claims it was hacked by another cybersecurity firm


MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.

Hacked corporate email accounts used to send MSP remote access tool


Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies.

Threat actor DEV-0139 launches targeted attacks against the cryptocurrency industry over Telegram


The Department of Health and Human Services (HHS) issued a new warning for the country's healthcare organisations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang.

US Health Dept warns of Royal Ransomware targeting healthcare organisations


The networks of several local governments in the U.S. have been targeted with the Drokbk malware, allegedly wielded by Iranian government-backed groups exploiting the Log4j vulnerability

Local governments allegedly targeted with Iranian ‘Drokbk’ malware through Log4j vulnerability


A new attack method named COVID-bit uses electromagnetic waves to transmit data from air-gapped systems, which are isolated from the internet, over a distance of at least two meters (6.5 ft), where it's captured by a receiver

Air-gapped PCs vulnerable to data theft via power supply radiation


A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII).

Phishing attack uses Facebook posts to evade email security


After a loss of $420 in a cyber attack, the Port of South Louisiana has hired a cybersecurity firm and plans to create an in-house team to guard against digital breaches at one of the nation's largest ports by volume.

Port of South Louisiana hires firm, plans own cyber security department after costly hack


A new Go-based botnet malware named 'GoTrim' is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator's password and take control of the site.

New GoTrim botnet brute forces WordPress site admin accounts


The United States seized dozens of Internet domains and charged six people in a sting intended to bring down a network of cyber-attack-for-hire services.

US seizes 48 websites in sting against cyber-attack-for-hire services


The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).

HSE cyber-attack costs Ireland $83m so far


A survey has found that nearly half of the UK’s manufacturers (42 per cent) have been victims of cyber crime over the last year.

42% British manufacturers hit by cyber-attack in the last year


A group of cybercriminals allegedly managed to dupe the director of a security services firm of Rs 50 lakh via a fraudulent transfer from his bank account as they made the transaction without asking for a one-time password (OTP).

Delhi Cyber Attack: Man Loses ₹50 Lakh


A cyberespionage group (tracked as TA453 but also commonly referred to as Phosphorus, Charming Kitten and APT42) aligned with Iran, has been observed to be attacking targets, including medical researchers, an aerospace engineer and even a Florida-based realtor.

Iran-linked cyber spies expand target base 


QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Window

Attackers use SVG files to smuggle QBot malware onto Windows systems


Security analysts have discovered two API security vulnerabilities in, LEGO Group’s official second-hand and vintage marketplace for LEGO bricks.

LEGO BrickLink bugs let hackers hijack accounts, breach servers


Microsoft said that Australia’s critical infrastructure such as the energy grid and essential services like sewage treatment plants could be hit by cyber attacks, shutting down operations and threatening lives.

Microsoft says Australia at increased risk of cyber attacks


Organizations in the food sector are now also targeted in business email compromise (BEC) attacks that aim to steal entire shipments of food, according to a joint advisory issued by several U.S. federal agencies.

FBI warns that BEC attacks now also target food shipments


Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems.

T-Mobile hacker gets 10 years for $25 million phone unlock scheme


A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers.

Microsoft warns of new Minecraft DDoS malware infecting Windows, Linux


A California man has been sentenced to 42 months in federal prison for his role in accessing, monitoring and conveying confidential and sensitive information that could be used to identify and locate Twitter users of interest to the Saudi Royal Family.

Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia


The Federal Trade Commission (FTC) says Epic Games, the maker of Fortnite, will pay $520 million to settle allegations of violating children's privacy laws and using dark patterns to trick millions of gamers into making unintentional in-game purchases.

Epic Games to pay $520 million for privacy violations, dark patterns


A hacking group associated with Russia’s Federal Security Service (FSB) unsuccessfully attempted to compromise a large petroleum refining company within a NATO member state in end August.

Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine


According to the unsealed indictment published by the U.S. Department of Justice, two men, Daniel Abayev and Peter Leyman, with the assistance of Russian hackers, breached the JFK taxi dispatch system between September 2019 and September 2021.

Two Russian men arrested for conspiring with russian nationals to hack the taxi dispatch system at JFK airport


The U.S. Federal Communications Commission proposed today a record-breaking $300 million fine against an auto warranty robocall operation that made billions of calls to more than 550 million phones across the United States.

FCC proposes record-breaking $300 million fine against robocaller


The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.

FBI warns of search engine ads pushing malware, phishing


The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.

FIN7 hackers create auto-attack platform to breach Exchange servers


The Irish Data Protection Commission (DPC) has launched an inquiry following last month's news reports of a massive Twitter data leak.

Massive Twitter data leak investigated by EU privacy watchdog


A threat actor named 'Ryushi' on the breached hacking forum claimed to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability and put data on sale for $200,000.

Hacker claims to be selling Twitter data of 400 million users


Wladimir Palant, a security researcher calls LastPass' recent statement “full of omissions, half-truths and outright lies”

The LastPass disclosure of leaked password vaults is being torn apart by security experts


Back to Top 


Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422