Category: Cyber Attack

UK’s porn age checks to arrive in July, raising fears over security and privacy
Summary: The UK’s communications regulator Ofcom has mandated that online pornography sites must verify users’ ages by July to prevent minors from accessing adult content. Concerns have been raised by civil liberties groups about the potential cybersecurity risks associated with age verification methods. Non-compliance could lead to severe penalties, including fines and website blocking by internet service providers.…
Read More
380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy
Summary: California-based cannabis brand Stiiizy is alerting 380,000 individuals about a data breach that compromised their personal information through a vendor. The breach, which occurred between October 10 and November 10, involved unauthorized access to sensitive data, including government-issued identification details. Stiiizy is offering affected individuals 12 months of free credit monitoring and fraud assistance following the incident.…
Read More
The Cyber Threat Responsible for the Biggest Breaches of 2024
Summary: Stolen credential-based attacks have surged, becoming the leading cyber threat in 2023/24, with a staggering 80% of web app attacks originating from this breach vector. Despite increased cybersecurity budgets, vulnerabilities remain due to inadequate MFA adoption and the rise of infostealer malware. This article explores the factors contributing to the rise in account compromises and offers recommendations for security teams to combat these threats.…
Read More
2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records
Summary: In 2024, over 580 healthcare data breaches were reported, affecting nearly 180 million user records, as analyzed by SecurityWeek from the HHS OCR database. The breaches primarily involved hacking incidents, with significant overlaps in impacted individuals. Major organizations like Change Healthcare and Kaiser Permanente were among those severely affected, highlighting the ongoing cybersecurity challenges in the healthcare sector.…
Read More
FTC Warns GoDaddy for Inadequate Security Practices in Website Hosting Services
Victim: GoDaddy | GoDaddyPrice: Potential fines of up to $51,744 per violationData: Customer information, including email addresses, private encryption keys, and database credentials

Keypoints :

FTC took action against GoDaddy for inadequate security practices. Multiple breaches occurred between 2019 and 2022, exposing sensitive customer data. GoDaddy failed to implement basic cybersecurity measures, such as MFA and regular software updates.…
Read More
Victim: FortiGate Users | FortiGate Price: N/A Data: VPN Credentials, Firewall Configurations

Keypoints :

Threat Actor: Belsen Group Number of Exposed Configurations: Over 15,000 Data Types Leaked: Usernames, passwords (some in plain text), device management certificates, complete firewall rule sets Vulnerability Exploited: CVE-2022-40684 Data Organization: Categorized by country with individual IP addresses Potential Risks: Unauthorized network access and exploitation of sensitive information Expert Confirmation: Kevin Beaumont verified the authenticity of the leaked data

Cybersecurity expert Kevin Beaumont has reported that over 15,000 FortiGate firewall configurations, including VPN credentials, have been publicly leaked by a group calling itself “Belsen Group.”…

Read More
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
Summary: A new hacking group known as the Belsen Group has leaked sensitive configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices on the dark web. This data dump, which includes critical technical information, was released to promote the group and is believed to be linked to a previously exploited zero-day vulnerability.…
Read More
OneBlood reports data breach to state regulators after ransomware attack
Summary: OneBlood, a nonprofit blood donation organization, suffered a ransomware attack that resulted in the theft of names and Social Security numbers. The incident, which was reported to regulators, forced the organization to operate at reduced capacity, impacting blood supply to hospitals across several states. OneBlood is offering victims credit monitoring services but has not disclosed the total number of individuals affected.…
Read More
Purina Dog Food Data Breach Raises Privacy Issues in Colombia
Victim: Purina Dog Food | Purina Dog Food Price: Not disclosed Data: Phone numbers, Email addresses

Keypoints :

Incident involves a data breach in Colombia. Exposed sensitive user information including phone numbers and email addresses. Raises significant privacy concerns regarding consumer data security. Highlights the need for robust cybersecurity measures in the pet food and retail sectors.…
Read More
Gravy Analytics Data Breach Raises Privacy Issues in the U.S.
Victim: Gravy Analytics | Gravy Analytics Price: Not disclosed Data: User information

Keypoints :

Potential data breach involving Gravy Analytics reported. Sample dataset allegedly reuploaded online. Exposed data raises concerns about security measures at analytics platforms. Highlights vulnerabilities within analytics platforms and need for enhanced cybersecurity.…
Read More
Florida State Database Breach Raises Data Security Concerns
Victim: Florida State Database | Florida State Database Price: Not disclosed Data: Sensitive records

Keypoints :

Incident involves a breach of the Florida State Database, raising concerns about government-managed public data security. Reported leak includes sensitive records tied to Florida’s state systems. Highlights vulnerabilities in governmental cybersecurity frameworks.…
Read More
Massive Data Breach Exposes Over 1 Million Personal Records in the U.S.
Victim: United States | United States Price: N/A Data: Sensitive personal records

Keypoints :

Over 1.03 million sensitive personal records exposed. Leaked information includes Social Security Numbers (SSNs), full personal details, and driver’s license information. Heightened concerns about identity theft and data misuse. Potential for unauthorized access to financial accounts and fraudulent activities.…
Read More
Eyewear Wholesaler Data Breach Raises Privacy Issues
Victim: Frame and Optic | Frame and Optic Price: Not disclosed Data: Customer and business data

Keypoints :

Data breach involving a U.S.-based eyewear wholesaler. Exposed sensitive customer details, purchase records, and potentially confidential business insights. Highlights the growing cybersecurity challenges in the eyewear industry. Emphasizes the need for robust cybersecurity measures to protect sensitive information.…
Read More
Label giant Avery says website hacked to steal credit cards
Summary: Avery Products Corporation has reported a data breach resulting from a hack on their website, which compromised customers’ credit card and personal information. The breach occurred between July 18, 2024, and December 9, 2024, affecting over 61,000 customers. Avery is offering free credit monitoring services to those impacted and has set up a dedicated assistance line for inquiries related to the incident.…
Read More
University of Oklahoma isolates systems after ‘unusual activity’ on IT network
Summary: The University of Oklahoma is investigating unusual cyber activity on its network after being targeted by a ransomware gang known as Fog, which claims to have stolen 91 GB of sensitive data. The institution has taken measures to isolate affected systems and enhance security. This incident highlights the ongoing threat of ransomware attacks in the education sector, particularly during periods of reduced IT staffing.…
Read More
North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks
Summary: North Korea’s Lazarus group has initiated a new campaign, dubbed Operation 99, targeting software developers through deceptive job postings on LinkedIn. The attackers lure victims into downloading malicious Git repositories that steal sensitive data, including source code and cryptocurrency. This sophisticated operation showcases the group’s evolving tactics, including the use of AI-generated profiles to enhance credibility and deception.…
Read More
CISA: Second BeyondTrust Vulnerability Added to KEV Catalog
Summary: The Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to address a command injection vulnerability, CVE-2024-12686, linked to BeyondTrust’s Remote Support services. This medium-severity flaw was identified following a significant data breach at the US Treasury Department, attributed to the Chinese hacking group Silk Typhoon.…
Read More
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Summary: A new malvertising campaign is targeting Google Ads users by phishing for their credentials through fraudulent ads. The attackers aim to steal advertiser accounts and use the stolen credentials to perpetuate further scams. The campaign has been active since at least mid-November 2024 and employs sophisticated techniques to evade detection.…
Read More