Threat Actor: Unknown Ransomware Group | Unknown Ransomware Group Victim: Fuji Electric Indonesia | Fuji Electric Indonesia Price: Not disclosed Exfiltrated Data Type: Business partner and employee information
Key Points :
The ransomware attack occurred in late November 2024, specifically detected on November 27, 2024. Several PCs and servers in Fuji Electric Indonesia’s local network became inoperable due to the attack.…Threat Actor: RansomHub | RansomHub Victim: Bologna FC 1909 S.p.a. | Bologna FC 1909 S.p.a. Price: Not disclosed Exfiltrated Data Type: Sensitive player, financial, and operational data
Key Points :
RansomHub conducted a targeted ransomware attack on Bologna FC’s internal security systems. The attack resulted in the exfiltration of approximately 200 GB of confidential data.…Threat Actor: Andrey Konovalov | Andrey Konovalov Victim: ThinkPad X230 | ThinkPad X230 Price: Not applicable Exfiltrated Data Type: Unauthorized camera access
Key Points :
Konovalov demonstrated vulnerabilities in LED indicators that signal camera activity. He used firmware re-flashing to disable the LED indicator on the ThinkPad X230.…Threat Actor: Cybercriminals | cybercriminals Victim: Users of SpyLoan Apps | users of SpyLoan apps Price: Potentially high financial costs due to exploitation Exfiltrated Data Type: Personal information, SMS content, call logs, contact lists
Key Points :
SpyLoan apps have surged by over 75% from mid-2024 to Q3, with over 8 million downloads globally.…Threat Actor: Attackers exploiting API vulnerabilities | attackers exploiting API vulnerabilities Victim: Fortune 1000 Companies | Fortune 1000 Companies Price: Potentially millions in damages Exfiltrated Data Type: Sensitive secrets (API keys, authentication tokens, database credentials)
Key Points :
30,784 exposed APIs identified across Fortune 1000 and CAC 40 companies.…Threat Actor: Cybercriminals | cybercriminals Victim: Online Users | online users Price: Potential loss of personal security and trust Exfiltrated Data Type: Government IDs and Biometric Data
Key Points :
The phishing scheme uses urgent identity verification emails to lure victims. Victims are directed to a deceptive CAPTCHA page to lower suspicion.…Threat Actor: Unknown | unknown Victim: U.S. Soccer Federation | U.S. Soccer Federation Price: N/A Exfiltrated Data Type: Personal information (names and Social Security numbers)
Key Points :
The breach occurred on May 23, 2024, with unauthorized access to an employee’s email account. Potential exposure of sensitive data spanned from May 17 to May 23, 2024.…Threat Actor: Unknown | unknown Victim: Change Healthcare | Change Healthcare Price: $2.87 billion Exfiltrated Data Type: Protected Health Information (PHI)
Key Points :
The cyberattack occurred on February 21, 2024, compromising the medical records of over 100 million individuals. This incident is the largest breach of protected health information among HIPAA-regulated entities, exceeding the Anthem Inc.…Threat Actor: External Criminal Group | External Criminal Group Victim: Nidec Precision Vietnam Corporation | Nidec Precision Vietnam Corporation Price: Ransom demanded (not disclosed) Exfiltrated Data Type: Internal documents, business transaction-related documents, contracts, etc.
Key Points :
Incident occurred on August 5, 2024, involving unauthorized access to NPCV’s network.…Threat Actor: Unknown | unknown Victim: Pic Stitch: Collage Maker | Pic Stitch: Collage Maker Price: Potential data theft or manipulation Exfiltrated Data Type: AWS credentials, user data
Key Points :
Hardcoded and unencrypted AWS credentials found in multiple popular mobile apps. Pic Stitch app has over 5 million downloads and contains hardcoded AWS credentials for accessing an Amazon S3 bucket.…Threat Actor: Unknown | unknown Victim: Cisco Systems | Cisco Systems Price: Not applicable Exfiltrated Data Type: Limited files (no sensitive PII or financial data)
Key Points :
Cisco is investigating unauthorized access to data on a public-facing DevHub environment. Initial reports suggested a breach of internal systems, but Cisco confirmed this is not the case.…Threat Actor: Centro Leaks | Centro Leaks Victim: Game Freak | Game Freak Price: Not disclosed Exfiltrated Data Type: Employee information, game source codes, design documents
Key Points :
Game Freak confirmed a data breach affecting over 2,600 employees’ confidential information. The breach occurred in August, but was publicly acknowledged in October.…Threat Actor: Ransomware Group | Ransomware Group Victim: Casio | Casio Price: Not disclosed Exfiltrated Data Type: Personal and confidential information
Key Points :
Casio experienced a ransomware attack starting on October 5th, leading to system failures and data leakage. The breach affected personal information of employees, business partners, job applicants, and customers.…Threat Actor: SN_BLACKMETA | SN_BLACKMETA Victim: Internet Archive | Internet Archive Price: Not disclosed Exfiltrated Data Type: Email addresses, screen names, encrypted passwords
Key Points :
The Internet Archive has been experiencing DDoS attacks since May 2024, attributed to the Russian-based hacking group SN_BLACKMETA. A significant data breach occurred on September 28th, affecting 31 million users, with data dumped online and shared with Have I Been Pwned (HIBP).…Threat Actor: Unauthorized Third Party | Unauthorized Third Party Victim: MoneyGram Payment Systems, Inc. | MoneyGram Payment Systems, Inc. Price: Not disclosed Exfiltrated Data Type: Personal Information
Key Points :
Data breach occurred between September 20 and 22, 2024. Unauthorized access identified on September 27, 2024.…Threat Actor: Smart TV Manufacturers | smart TV manufacturers Victim: Users of Smart TVs | users of smart TVs Price: N/A Exfiltrated Data Type: Viewing habits and content data
Key Points :
The study reveals extensive use of Automatic Content Recognition (ACR) technology in smart TVs for tracking user viewing habits.…Threat Actor: Unknown | Unknown Victim: Red Barrels | Red Barrels Price: Not disclosed Exfiltrated Data Type: Game source code, internal builds, employee records, company credit card details
Key Points :
Red Barrels experienced a significant cyberattack that compromised sensitive data. The breach disrupted development timelines for their upcoming projects.…Threat Actor: LinkedIn | LinkedIn Victim: Users | LinkedIn users Price: N/A Exfiltrated Data Type: User-generated content
Key Points :
LinkedIn updated its privacy policy to include user data collection for AI training, leading to user backlash. Users in the EU and certain countries are exempt from having their data used for AI training.…Threat Actor: Unknown | unknown Victim: Transport for London (TfL) | Transport for London Price: Not disclosed Exfiltrated Data Type: Sensitive customer information, including names, contact details, email addresses, home addresses, Oyster card refund data, and bank account details
Key Points :
A 17-year-old male was arrested in Walsall under the Computer Misuse Act.…Threat Actor: H4ckManac | H4ckManac Victim: Fortinet | Fortinet Price: Not disclosed Exfiltrated Data Type: Customer information (limited data)
Key Points :
Unauthorized access to a limited number of files on a third-party cloud-based shared file drive. Incident reportedly affected customers within the Asia-Pacific region. Fortinet has communicated directly with affected customers regarding the breach.…