This table collects all the attacks recorded in 2017 in a single searchable table. The most careful readers will notice that the Target Classes have been remapped to reflect the new classification adhering to the International Standard Industrial Classification, with a small modification to take into account the cases with multiple targets, or single individuals, and a new category, Fintech, which I had to add given the events of the latest months.

This will allow a more consistent comparison with the statistics collected in 2018.

The table is also available in Google Sheet format.

101/01/2017>1Several Institutions in the British GovernmentThe British National Cyber Security Centre reveals to have foiled 86 attacks in its first month of activity most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs. Top targets include the Bank of England , the Ministry of Defence , nuclear bases, security services and infrastructure such as transport, the NHS and power systems.>1O Public administration and defence, compulsory social securityCEGB
201/01/2017?Transmission and electricity producing linesSources from the Energy Ministry claim that a major cyber-attack is the source of the widespread electricity cuts across Istanbul. Turkey sources blame the US for the AttackUnknownD Electricity gas steam and air conditioning supplyCW?TR
301/01/2017CyberZeistfbi.govExploiting a vulnerability of Plone CMS, CyberZeist claim to have hacked and leaks the records of 155 FBI officials on pastebin. Plone denies that a 0-day vulnerability has been exploited to carry on the attack.Plone CMS vulnerabilityO Public administration and defence, compulsory social securityCCUS
401/01/2017?Susan M. Hughes Center ( Susan M. Hughes Center notifies a ransomware incident affecting 11,400 patients.MalwareQ Human health and social work activitiesCCUS
503/01/ group claiming to be part of the Anonymous collective defaces Victoria’s Human Rights Commission website ( with a nonsensical message about its social network AnonPlus.DefacementO Public administration and defence, compulsory social securityHGB
604/01/2017?India National Defence Academy (NDA) and National Investigation Agency (NIA)Indian security forces have been alerted by central intelligence agencies that a WhatsApp virus is threatening to hack into their personal information and banking data.MalwareO Public administration and defence, compulsory social securityCEIN
704/01/2017Kuroi’’SH hjacks the DNS record of and redirects the users to a defaced page. The hacks happens compromising the records held by HijackingJ Information and communicationCCBR
804/01/2017?Emory Brain Health CenterEmory Healthcare is one of the victims of the MongoDB ransomware attacks and has its database, managed by a third-party and containing 90,000 records encrypted.MalwareQ Human health and social work activitiesCCUS
904/01/2017?Northside Independent School DistrictThe Northside Independent School District sends letters to about 23,000 former and current students and employees regarding a security breach that might have put their personal information at risk after several employees' email accounts have been compromised.Account HijackingP EducationCCUS
1005/01/2017DragonOK APTSeveral Entities in JapanPalo Alto reveals the details of DragonOK APT, an operation carried on by a Chinese malicious actor targeting primarily Japan, and other regions such as Taiwan, Tibet, and RussiaTargeted AttackY Multiple targetsCE>1
1105/01/2017OilRig APTSeveral entities in IsraelClearSky Security discovers a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The campaign targets at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office.Targeted AttackY Multiple targetsCEIL
1205/01/2017?University of AlbertaThe Universtity of Alberta discloses the details of a malware attack, occurred late last year, involving 300 computers and putting over 3,000 students at risk.MalwareP EducationCCCA
1306/01/2017CyberwolfgangSquare Enix's European Twitter Account (@SQUARE_ENIX_EU)Video game giant Square Enix's European Twitter account is hacked by a group of hackers calling themselves the "cyberwolfgang" and posts multiple tweets mocking other companies including rival gaming company EA, media outlet TechCrunch .Account HijackingR Arts entertainment and recreationCCJP
1406/01/2017?Arizona Department of AdministrationArizona officials investigate how and when several computers used by state legislators and their staffs became infected with malware.MalwareO Public administration and defence, compulsory social securityCCUS
1506/01/2017?123-Reg123-Reg is the target of a DDoS attack which disrupted the company's services only days into 2017.DDoSJ Information and communicationCCGB
1606/01/ of the websites belonging to Venezuela’s ministry of defense ( is hacked by Kapustkiy in protest of what the attacker described as the dictatorship of President Nicolas Maduro in the country. The attacker leaks 2,100 records.SQLiO Public administration and defence, compulsory social securityHVE
1707/01/2017?MJ FreewayMJ Freeway, a Denver company whose tracking software is used by hundreds of marijuana companies to comply with state regulations, says its main servers and backup system are down after a "targeted cyber attack".Targeted AttackJ Information and communicationCCUS
1807/01/2017?Princeton UniversityPrinceton University is one of the 27,000 victims that have their data wiped by attackers leveraging a vulnerable MongoDB.MalwareP EducationCCUS
1908/01/2017?esea.netOver 1.5 million user profiles featuring names, email addresses and personal IDs from the eSports Entertainment Association (Esea), a leading competitive videogame community, are leaked online after being hijacked by hackers in late December last year.UnknownR Arts entertainment and recreationCCUS
2009/01/2017?Netflix Users in the USFireEye Labs discovers a sophisticated phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States.Account HijackingX IndividualCCUS
2109/01/2017?http://forumserver.twoplustwo.comThe operators of the world’s largest online poker discussion forum, TwoPlusTwo, confirm that the forum was hacked at some point late in 2016, with the personal data then being offered for sale.UnknownR Arts entertainment and recreationCCUS
2210/01/2017?The Los Angeles Valley College (LAVC)The Los Angeles Valley College (LAVC) is forced to pay $28,000 in bitcoin after cybercriminals successfully infected its computer networks, email systems and voicemail lines with ransomware.MalwareP EducationCCUS
2310/01/2017AnonymousMultipe Thai Governmantal job portalsThe Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers.UnknownO Public administration and defence, compulsory social securityHTH
2411/01/2017Giulio Occhionero and Francesca Maria Occhioneroleading Italian politicians, businessmen and MasonsItalian siblings Giulio and Francesca Maria Occhionero are arrested in Rome, charged with conducting a long-running cyber espionage campaign against leading Italian politicians, businessmen and Masons using a variant of the malware family EyePyramidTargeted AttackX IndividualCEIT
2511/01/2017?JabbimThe Jabbim Instant Messaging service is hacked and the database (8gb) is dumped in the dark web.UnknownJ Information and communicationCCCZ
2611/01/2017The Dark Ovelord?littlereddooreci.orgThe Dark Overlord hacks the computers of an Indiana-based cancer agency and asks for a large payment of 50 Bitcoin ($44,800) not to release the data. Intially the attack seemed to have been caused by ransomware.MalwareQ Human health and social work activitiesCCUS
2711/01/2017?Kanawha County SchoolsKanawha County Schools tells that their internal documents have been restored after a ransomware attack.MalwareP EducationCCUS
2812/01/2017?CellebriteMotherboard obtains 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products.UnknownJ Information and communicationCCIL
2912/01/2017?General MotorsReports emerge claiming that GM employees’ names and social security numbers might have been exposed during a breach.UnknownC ManufacturingCCUS
3013/01/2017AnonymousMultipe Thai Governmantal job portalsThe Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers.UnknownO Public administration and defence, compulsory social securityHTH
3113/01/2017?Barts health trust, which runs five hospitals in east London: the Royal London, St Bartholomew’s, Whipps Cross, Mile End and NewhamThe largest NHS trust in England is hit by rmalware. Unlike early reports suggest, ransomware is ruled out as the cause of the outage.MalwareQ Human health and social work activitiesCCGB
3213/01/2017AnonymousMultipe Thai Governmantal job portalsThe Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers.UnknownO Public administration and defence, compulsory social securityHTH
3313/01/2017?University of Maryland School of MedicineA doctor’s practice plan affiliated with the University of Maryland School of Medicine notifies patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. 1500 patients are affected.UnknownQ Human health and social work activitiesCCUS
3414/01/2017Kapustkiygdc.gob.veIn a form of protest against President Nicolas Maduro, Kapustkiy hacks a website of a local government and dumps around 900 records on pastebin.LFI/SQLiO Public administration and defence, compulsory social securityHVE
3514/01/2017? reveals that its forum has been compromised on the morning of December 6, 2016.vBulletin VulnerabilityJ Information and communicationCCUS
3614/01/2017?Dracut Public SchoolsCurrent and former employees’ personal information, including SSN, is acquired by a hacker after an employee falls for what the district describes as a “sophisticated phishing scheme.”Account HijackingP EducationCCUS
3715/01/2017?Several Indian BanksSeveral Indian Banks discover that their SWIFT systems have been compromised to create fake documents.UnknownK Financial and insurance activitiesCCIN
3813/01/2017Indonesian HackersLegitimate WebsitesResearchers from Sucuri discover two connected advertising fraud campaigns that compromise legitimate web sites and abuse Google AdSense.Clickjacking via Malicious JavascriptX IndividualCC>1
3915/01/2017?IHOP (International House of Pancakes)IHOPTwitter account (@IHOP) is hacked and posts a political tweet against Hillary Clinton.Account HjiackingI Accommodation and food service activitiesCCUS
4016/01/2017?Sentara HealthcareA cyber security breach at a third party vendor for Sentara Healthcare compromises the records of over 5,000 patients.UnknownQ Human health and social work activitiesCCUS
4116/01/2017?Channel OneRussian state television Channel One blames hackers for the leak online of the final episode of the BBC drama Sherlock a day before its actual planning.UnknownJ Information and communicationCCRU
4216/01/2017?Laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal.The Korea Times reveals the details of an attempt made by oversea attackers to hack into a laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal.Targeted AttackO Public administration and defence, compulsory social securityCEKR
4317/01/2017?SupercellSupercell Forum is hacked and 1.1 million accounts are leaked. The breach allegedly took place in September 2016.UnknownR Arts entertainment and recreationCCFI
4417/01/2017?20,000 individuals in the NetherlandsPolice in the Netherlands are set to email 20,000 possible fraud victims urging them to change their account details, after discovering their credentials had been stolen by a man arrested last year on suspicion of multiple cybercrime offences.Malware/Account HijackingX IndividualCCNL
4517/01/2017?Racingpulse.inA popular horse racing website ( is hacked with Ransomware.MalwareR Arts entertainment and recreationCCIN
4617/01/2017?Advanced Flexible Composites Inc.The computer system of Advanced Flexible Composites Inc. is hacked preventing the firm from processing quote requests or orders and from receiving emails.MalwareC ManufacturingCCUS
4718/01/2017?College students across the United StatesThe FBI’s Internet Crime Complaint Center publishes an alert against a scam tricking college students into depositing fraudulent checks into their bank accounts.Account HjiackingP EducationCCUS
4818/01/2017?Several biomedical research facilitiesMalwarebytes reveals the details of a newly discovered Mac malware, which has likely been targeting biomedical research facilities for at least two years without detection.MalwareM Professional scientific and technical activitiesCCUS
4918/01/2017?POPEYESCCC Restaurant Enterprises, LLC, doing business as POPEYES, announce that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at 10 Restaurant locations between May 5, 2016 and August 18, 2016.PoS MalwareI Accommodation and food service activitiesCCUS
5020/01/2017?WCHQ 100.9 FMCrescent Hill Radio WCHQ 100.9 FM, a popular, non-profit radio station in Louisville, Kentucky is hacked to play an anti-Trump song for almost 15 minutes by interrupting regular programming.UnknownJ Information and communicationCCUS
5120/01/2017?St Louis Public LibrarySt Louis Public Library is hit by a ransomware attack. Hattackers demand $35,000 worth in Bitcoin.MalwareQ Human health and social work activitiesCCUS
5220/01/2017?Bowlmor AMFBowlmor AMF, the world’s largest bowling center operator, says that it had a possible data breach at 21 of its more than 300 domestic locations in 12 states between Feb. 4 and March 19.PoS MalwareR Arts entertainment and recreationCCUS
5320/01/2017?Ohio State Veterinary Medical CenterA malware infection is to blame for a security breach that could put the personal information of up to 4,611 clients of the Ohio State Veterinary Medical Center.MalwareP EducationCCUS
5421/01/2017?BBC Northampton Twitter account (@BBCNorthampton)The BBC Northampton Twitter account (@BBCNorthampton) is hacked and reports the false news that Donald Trump had been shot.Account HjiackingJ Information and communicationCCGB
5521/01/2017Sc0rp10nGh0s7www.nari-icmr.res.inSc0rp10nGh0s7 from the Shad0w Security crew breaks into the servers of the National Aids Research Institute NARI (India) and claims to have accessed a more than 1 GB archive containing the results for dozens Hiv test.SQLi?Q Human health and social work activitiesCCIN
5621/01/2017?Sundance Film FestivalThe box office and other systems at the Sundance Film Festival are shut down by hackers.DDoSR Arts entertainment and recreationCCUS
5722/01/2017Chipher0007AlphaBayAbout 218,000 unencrypted private messages posted to the AlphaBay dark web marketplace are accessed and released to the public.Undisclosed VulnerabilitiesG Wholesale and retail tradeCCN/A
5822/01/2017OurMineNew York Times Video Twitter Account (@nytvideo)OurMine hacks the Twitter account of New York Time Video (@nytvideo) and posts fake news.Account HjiackingJ Information and communicationCCUS
5923/01/2017?Lloyds BankThe Financial Time reveals that Lloyds Bank has been targeted by a large scale DDoS attack over the past two weeks. Two crooks claims responsibility for the attack.DDoSK Financial and insurance activitiesCCGB
6023/01/2017?Several targets in Saudi ArabiaSaudi Arabia warns organizations in the Kingdom to be on the alert for cyber attacks carried on via a new variant of the Shamoon virus. Targets include a chemical firm (Sadara Chemical Co) and the Ministry of Labor and Social Development.MalwareY Multiple targetsCWSA
6123/01/2017?XP Investimentos SAHackers who stole data from 29,000 clients of XP Investimentos SA allegedly tried to get the Brazilian independent securities firm to pay 22.5 million reais ($7.1 million) to keep the security breach secret.Industry: SecuritiesZ UnknownCCBR
6224/01/2017?Grey Eagle Resort and CasinoGrey Eagle Resort and Casino and the attackers threatne to dump hundreds of gigabytes of data. The Casino confirms the breach.UnknownI Accommodation and food service activitiesCCUS
6324/01/2017? ewartumba@mail.ruWebsites of the Democratic Party in the Wisconsin area are hacked by alleged Russian Hackers.Undisclosed VulnerabilitiesN Administrative and support service activitiesCCUS
6425/01/2017APT28 AKA Fancy BearUnnamed TV Station in the UKSecureWorks reveals that APT28 was able to infiltrate an unnamed TV station in the UK and stay undetected for 12 months starting from July 2015.Targeted AttackJ Information and communicationCEGB
6525/01/2017?Cockrell Hill PolicePolice in Cockrell Hill, Texas admits in a press release to have lost years worth of evidence after the department's server was infected with ransomware.MalwareO Public administration and defence, compulsory social securityCCUS
6625/01/2017?Argyle school districtArgyle school district warns its workers that their W-2 tax forms were lost in a phishing attack.Account HjiackingP EducationCCUS
6725/01/2017?Several Chinese Internet GiantsA dark web vendor going by the handle “DoubleFlag” sells 1 billion accounts stolen from several Chinese Internet giants, including NetEase Inc and its subsidiaries, and Tencent Holdings Limited owned, TOM Group’s, Sina Corporation’s, Sohu, Inc.’s and Letter Network Information Technology Co., Ltd owned Information and communicationCCCN
6825/01/2017?U.S. CellularDoubleFlag now claims to sell a database containing 126 million customer records from U.S. Cellular. The company denies the hack.UnknownJ Information and communicationCCUS
6925/01/2017?Campbell County HealthSocial Security numbers and W-2 information for about 1,400 employees who worked over the past year at Campbell County Health are mistakenly released to someone impersonating a hospital executive.Account HjiackingQ Human health and social work activitiesCCUS
7025/01/2017Four TeenagersSeveral E-Commerce websitesFour teenagers are arrested for allegedly digitally shoplifting vouchers worth Rs92 lakh [$134,985.29 USD] exploiting a vulnerability in tha payment gateway (PayU).Payment gateway vulnerabilityJ Information and communicationCCIN
7125/01/2017?Tipton County SchoolsTipton County Schools are hit by a phishing scam aimed to steal employees' personal W-2 forms.Account HjiackingP EducationCCUS
7225/01/2017?Swedish Armed ForcesDaily newspaper Dagens Nyheter reports that Sweden's armed forces were recently exposed to an extensive cyber attack that prompted them to shut down an the Caxcis IT system, used in military exercisesUnknownO Public administration and defence, compulsory social securityCESE
7326/01/2017?Hong Kong Securities BrokersHong Kong's securities regulator says that brokers in the city has suffered major DDoS cyber attacks and warn of possible further incidents across the industry.DDoSK Financial and insurance activitiesCCHK
7426/01/2017?Odessa School DistrictThe Odessa School District is hit by a phishing scam aimed to steal employees' personal W-2 forms.Account HjiackingP EducationCCUS
7526/01/2017?High FidelityHigh Fidelity users receive an e-mail from Philip Rosedale, CEO and founder of the new social VR world, announcing the compromise of a staff email account in late December and Early January.Account HjiackingR Arts entertainment and recreationCCUS
7627/01/2017?D.C. PoliceRansomware infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts,MalwareO Public administration and defence, compulsory social securityCCUS
7727/01/2017?NATOTalos reveals the details of Matryoshka Doll, a spear phishing campaign targeting NATO officials during the Christmas and New Year HolidayTargeted AttackO Public administration and defence, compulsory social securityCEINT
7827/01/2017?Australian Nuclear Science and Technology Organisation (ANSTO)The Australian Nuclear Science and Technology Organisation (ANSTO) investigate a computer security breach at the Australian Synchrotron that saw hackers steal scientists' usernames and passwords.Undisclosed VulnerabilitiesO Public administration and defence, compulsory social securityCCAU
7927/01/2017?SunrunSolar panel maker Sunrun is hit with a spearphishing attack, impersonating the CEO Lynn Jurich, that gets away with the company employee W-2 information.Account HjiackingC ManufacturingCCUS
8027/01/2017?Princeton Pain ManagementPrinceton Pain Management is notifying 4,668 patients of a hack that was detected on November 28. Although they found no evidence that data were removed from their system, protected health information (PHI) was accessed.UnknownQ Human health and social work activitiesCCUS
8128/01/2017?Romantik Seehotel JaegerwirtOne of Europe's top hotels, Romantik Seehotel Jaegerwirt, admits they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests out of their rooms until the money was paid.MalwareI Accommodation and food service activitiesCCAT
8228/01/2017OurMineMultiple Twitter accounts associated with the World Wrestling Entertainment GroupOurMine hacks multiple Twitter accounts associated with the World Wrestling Entertainment group, including that of WWE Universe, WWE NXT, WWE Network, Summer Slam as well as wrestlers John Cena and Triple H. WWE's Tumblr page is also compromised.Account HjiackingR Arts entertainment and recreationCCUS
8328/01/2017?Dr.Web EmsisoftIn the past week, two security firms, Dr.Web and Emsisoft, suffered DDoS attacks at the hands of cyber-criminals who attempted to bring down their websites as payback for meddling with their illegal activities.DDoSJ Information and communicationCCRU AT
8430/01/2017APT28 AKA Fancy BearPolish Foreign MinistryThe Polish daily newspaper Rzeczpospolita reveals that the hack against the Polish Foreign Ministry occurred in December was probably orchestrated by APT28.Targeted AttackO Public administration and defence, compulsory social securityCEPL
8531/01/2017?Czech Foreign MinistryCzech Foreign Minister Lubomir Zaoralek says that hackers breached dozens of email accounts at the Czech Foreign Ministry in an attack resembling one against the U.S. Democratic Party.Targeted AttackO Public administration and defence, compulsory social securityCECZ
8631/01/2017Gaza CybergangSeveral Govrenments in the Middle East AreaResearchers at Palo Alto Networks reveal the details of a new cyber espionage campaign carried on by the Gaza Cybergang.Targeted AttackO Public administration and defence, compulsory social securityCE>1
8731/01/2017?CD Projekt RedCD Projekt Red, the Poland-based developer behind the popular 'Witcher' game and comic series, is hit with a forum hack that compromised over 1.8 million user credentials. The hack allegedly took place in March last year.UnknownR Arts entertainment and recreationCCPL
8831/01/2017?Linking CountyLicking County servers are targeted by a rnsomware infection.MalwareO Public administration and defence, compulsory social securityCCUS
8931/01/2017?Xbox360 and Playstation Portable ISO ForumsAn unidentified hacker reportedly breaches the XBOX 360 and PlayStation Portable ISO forums compromising 2.5 million gamer accounts. The breach is unconfirmed.UnknownR Arts entertainment and recreationCCUS JP
9031/01/2017?Sunny 107.9 WFBS-LPFMAnother station is hijacked to play the "F*** Donald Trump" song.Barix box hijackingJ Information and communicationCCUS
9101/02/2017?Point of Sale infrastructure un Brazil and other countriesArbor Networks researchers reveal the details of the Flokibot malware family targeting Point of Sale infrastructure in Brazil and other countries.PoS MalwareK Financial and insurance activitiesCCBR
9202/02/2017Chinese state-sponsored hackersMilitary and aerospace interests in Russia and BelarusProofpoint reveals the details of an ongoing cyber-espionage campaign targeting military and aerospace interests in Russia and Belarus via ZeroT and the PlugX RAT.Targeted AttackC ManufacturingCERU BY
9302/02/2017?City of TroyThe City of Troy computer system is the victim of a ransomware attack.MalwareO Public administration and defence, compulsory social securityCCUS
9403/02/2017APT29Norwegian Labour PartyNorway’s security service says nine email accounts — including those belonging to the Labour party, the foreign ministry and defense ministry — have been targeted by hackers belonging APT29.Targeted AttackO Public administration and defence, compulsory social securityCENO
9503/02/2017?Tiverton Town CouncilJohn Vanderwolfe, a town clerk wipes council documents dating back to 2015 after mistakenly opening an email containing a ransomware malware.MalwareO Public administration and defence, compulsory social securityCCGB
9603/02/2017AnonymousFreedom Hosting IIThe Anonymous take down Freedom Hosting II, the largest repository of dark web sites. The hackers are able to steal 75GB worth of files and 2.6 GB of databasesUnknownJ Information and communicationHN/A
9703/02/2017?Manatee County School DistrictThe Manatee County School District is the victim of a phishing scam that compromises the information from almost 8,000 employees.Account HijackingP EducationCCUS
9804/02/2017BerkutPoliceOneMotherboard reveals that a hacker going with the handle of Berkut is selling a database allegedly containing over 700,000 user accounts from PoliceOne, a popular law enforcement forum.UnknownJ Information and communicationCCUS
9904/02/2017?David BeckhamDavid Beckham's emails are held hostage by hackers, and published after his representatives refuse to pay a ransom of €1 million (£860,000). The ‘Beckileaks' came as part of a breach on sports and entertainment agency, Doyen Global (18.6 million emails apparently accessed in 2015 and 2016).UnknownR Arts entertainment and recreationCCGB
10004/02/2017Stackoverflowin150,000 online printersA grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online.Online Printers VulnerabilityX IndividualCC>1
10105/02/2017?Email accounts of Irish solicitorsThe Sunday Independent reveals that cybercriminals are hacking the email accounts of Irish solicitors in an attempt to steal tens of thousands of euro from unsuspecting home buyers.Account HijackingM Professional scientific and technical activitiesCCIE
10206/02/2017?45 CommitteeThe website of 45 Committee, a PAC supporting President Donald Trump, is defaced.DefacementN Administrative and support service activitiesHUS
10306/02/2017?Verity Health SystemVerity Health System has now issued a statement about a breach reported to HHS on January 11 as affecting 10,164 patients.UnknownQ Human health and social work activitiesCCUS
10406/02/2017Charming KittenMac UsersTwo security researchers reveal the details of a new campaign linked to Charming Kitten, a cyber espionage group linked to the Iranian Government using an unsophisticated strain of malware, dubbed MacDownloader, to steal credentials and other data from Mac computers.MalwareX IndividualCC>1
10506/02/2017?Logic SupplyUS-based industrial computer supplier Logic Supply resets user passwords following an nauthorised access through the firm's website, which may have exposed customer/company names, usernames and passwords, and order information.UnknownC ManufacturingCCUS
10607/02/2017Turla?Multiple foreign embassies and ministriesAccording to Forcepoint, an unknown actor whose targets and tactics resemble those of Turla, a Russian APT, has been compromising the websites of foreign embassies, ministries and organizations, in an attempt to infect certain site visitors with malware.Malicious Code InjectionO Public administration and defence, compulsory social securityCE>1
10707/02/2017Fallaga Hacker TeamSix NHS WebsitesThe Independent reveals that, over the past six weeks, six NHS websites were defaced showing gruesome images of the conflict in Syria with the hashtags: #Op_Russia and #save_aleppo.DefacementQ Human health and social work activitiesHGB
10807/02/2017Aslan Neferler Tim (ANT), or Lion Soldiers TeamAustria's ParliamentAustria's parliament says that a Turkish hackers' group dubbed Aslan Neferler Tim (ANT), or Lion Soldiers Team has claimed responsibility for a cyber attack that brought down its website for 20 minutes during the weekend.DDoSO Public administration and defence, compulsory social securityHAT
10907/02/2017?National Treasury Management AgencyThe National Treasury Management Agency temporarily suspends access to its website for several hours today after a suspected defacement attack.DefacementO Public administration and defence, compulsory social securityHIE
11007/02/2017?Darcy Vescio's Twitter account (@darcyvee)AFL Women's league player Darcy Vescio Twitter account is hacked.Account HijackingX IndividualCCAU
11107/02/2017?Canadian TireCanadian Tire shuts down customer access to online accounts after detecting unusual traffic in their website.UnknownG Wholesale and retail tradeCCCA
11208/02/2017?Several Organizations WorldwideKaspersky Lab reveals the details of a fileless malware targeting several organizations worldwide.MalwareY Multiple targetsCC>1
11308/02/2017?Sports DirectSports Direct is accused to have suffered (and kept hidden) a data breach affecting 30,000 employees. The breach allegedly happened on September 2016.CMS Vulnerability (DNN)G Wholesale and retail tradeCCGB
11408/02/2017? magazine publisher Future's FileSilo website ( is raided by hackers, who make off with, among other information, unencrypted user account passwords.UnknownJ Information and communicationCCGB
11508/02/2017zerodark70UPI.comzerodark70 sells a database supposedly containing 83,000 compromised accounts from, the website of the 110-year-old American news agency United Press International.UnknownJ Information and communicationCCUS
11608/02/2017?Alton Steel, Inc.A security breach at Alton Steel, Inc. has left its employees open to identity theft, and more than one employee has already this year had fraudulent tax returns filed in their name.Account HijackingC ManufacturingCCUS
11709/02/2017?Arby'sThe fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations.PoS MalwareI Accommodation and food service activitiesCCUS
11809/02/2017?Hitachi Payment ServicesHitachi Payments Services confirms that its systems were compromised by a sophisticated malware in mid-2016, that led to one of the biggest cyber security breaches in the country with 3.2 million cards affected.MalwareK Financial and insurance activitiesCCIN
11909/02/2017?LoblawsLoblaw warns PC Plus rewards collectors to reset their passwords after points were stolen from some members’ accounts.Account HijackingG Wholesale and retail tradeCCCA
12009/02/2017?Taiwanese Ministry of Foreign Affair's Bureau of Consular Affairs (BOCA)15,000 data files of Taiwanese nationals could have been hacked due to an intrusion in the email system.UnknownO Public administration and defence, compulsory social securityCETW
12110/02/2017Russian Hackers?Italian Foreign MinistryRussia is suspected by Italian officials of being behind a sustained hacking attack against the Italian foreign ministry last year that compromised email communications and lasted for many months before it was detectedTargeted AttackO Public administration and defence, compulsory social securityCEIT
12210/02/2017?Mazagon Dock Shipbuilders LimitedMazagon Dock Shipbuilders Limited is the victim of a targeted attack.Targeted AttackC ManufacturingCEIN
12311/02/2017?Mexican researchers and public health activists supporting the Mexican soda taxThe New York Times reveals that Mexican researchers and public health activists supporting the Mexican soda tax were reportedly targeted by hackers using Israeli-based cyberweapons manufacturer, NSO Group's, spyware dubbed Pegasus.Targeted AttackQ Human health and social work activitiesCEMX
12412/02/2017>1Great BritainIn his first key interview, Ciaran Martin, head of GCHQ’s new National Cyber Security Centre (NCSC), warns that Britain is being hit by 60 significant cyber-attacks a month, including attempts by Russian state-sponsored hackers to steal defence and foreign policy secrets from government departments.>1O Public administration and defence, compulsory social securityCWGB
12513/02/2017Lazarus APTSeveral Banks WorldwideSymantec reveals the details of a new malware campaign targeting 100 banks and other financial institutions in 31 countries.MalwareK Financial and insurance activitiesCC>1
12614/02/2017Russian Hackers?Emmanuel MacronFrench front-runner Emmanuel Macron calls for the European Union to stand firm against Russia as his French election campaign is targeted by computer hackers. The Kremlin denies any allegations.UnknownX IndividualCWFR
12714/02/2017?Activists and journalists in Qatar and NepalAmnesty International reveals the details of Operation Kingphish: a Campaign of Cyber Attacks against activists and journalists in Qatar and Nepal.Targeted AttackX IndividualCEQA NP
12814/02/2017?FunPlusAn unknown hacker steals user account information (3.3 million records) and alleged product source code from FunPlus, the company that makes highly popular free-to-play mobile game Family Farm Seaside.UnknownR Arts entertainment and recreationCCCN
12914/02/2017APT28Macbook UsersBitdefender Lab reveals the details of Xagent, a malware designed for victims running Mac OS X to steal passwords, grab screenshots and steal iPhone backupsMalwareX IndividualCE>1
13014/02/2017?Citizens Memorial HospitalCitizens Memorial Hospital employee data are compromised by a W-2 phishing scam.Account HijackingQ Human health and social work activitiesCCUS
13114/02/2017?San Antonio SymphonyComputer hackers break into the computer network for the San Antonio Symphony, stealing the names, birth dates, Social Security numbers, addresses and W-2 tax forms for about 250 employees.UnknownM Professional scientific and technical activitiesCCUS
13215/02/2017RussiaUkraineUkraine accuses Russian hackers of targeting its power grid, financial system and other infrastructure with a new type of virus that attacks industrial processes, the latest in a series of cyber offensives against the country.Targeted AttackO Public administration and defence, compulsory social securityCWUA
13315/02/2017RasputinOver 60 global organisations, including US government agencies and international universities.Recorded Future reveals the details of a massive campaign carried on by a Russian hacker called Rasputin, and targeting multiple organizations worldwide, incuding the Cornell University, New York University, University of Washington, University of Oxford, University of Cambridge, US National Oceanic and Atmospheric Administration and US Department of Housing and Urban Development.SQLiY Multiple targetsCC>1
13415/02/2017?PharmaNetThe personal information of approximately 7,500 British Columbians may have been compromised through the provincial government's PharmaNet system, when an "unknown/unauthorized person obtained and used a physician's login to access PharmaNet."Account HijackingO Public administration and defence, compulsory social securityCCCA
13510/02/2017?Texas Department of TransportationThe Texas Department of Transportation says some personal information of employees was compromised last week due to a “security incident.”UnknownO Public administration and defence, compulsory social securityCCUS
13614/02/2017?Unnamed Oklahoma AgencyThe Office of Management and Enterprise Services confirms that an unnamed agency has been targeted by ransomware.MalwareO Public administration and defence, compulsory social securityCCUS
13715/02/2017?Yahoo!Yahoo sends out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo's mail service that allowed an attacker—most likely a "state actor," according to Yahoo—to use a forged "cookie" created by software stolen from within Yahoo's internal systems to gain access to user accounts without a password.Forged CookieJ Information and communicationCEUS
13815/02/2017?Multiple Targets in Saudi ArabiaSecurity researchers reveal the details of a cyber espionage operation dubbed Magic Hound linked to Iran and the recent Shamoon 2 attacks.MalwareY Multiple targetsCCSA
13916/02/2017?Israeli Defense ForceTwo separate papers from Kaspersky and Lookout reveal the details of ViperRAT, an active APT targeting the Israeli Defense Force.Targeted AttackO Public administration and defence, compulsory social securityCEIL
14016/02/2017?Islamic State SupportersIslamic State supporters are targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit.Targeted AttackX IndividualCEN/A
14117/02/2017?ZcoinA simple one-digit typo within the source code of a cryptocurrency called Zcoin has allowed a hacker to make a profit of over $400,000 worth of cryptocurrency.Coding ErrorV FintechCCN/A
14217/02/2017?Bingham CountyHackers demand $25K-$30K after ransomware attack takes down Bingham County serversMalwareO Public administration and defence, compulsory social securityCCUS
14317/02/2017?Lexington Medical CenterLexington Medical Center notifies employees of breach affecting its database.UnknownQ Human health and social work activitiesCCUS
14418/02/2017?Family Service RochesterFamily Services Rochester notifies individuals that portions of its computer systems that contained personal information has been compromised by ransomware.MalwareQ Human health and social work activitiesCCUS
14519/02/2017Pro_Mast3rsecure2donaldjtrump.comA hacked dubbed Pro_Mast3r defaces a server associated with President Donald Trump's presidential campaign donations.DefacementN Administrative and support service activitiesCCUS
14619/02/2017Kuroi’SHAsiana AirlinesKuroi’SH defaces the official website of Asiana Airlines, one of the major airlines in South Korea.DefacementH Transportation and storageHKR
14720/02/2017?Airsoft GI Forum ( hacker claims to have hacked the official web forum of a gun retailer Airsoft GI ( and uploaded its data on Dropbox.SQLiG Wholesale and retail tradeCCUS
14821/02/2017?Several industries, including critical infrastructure and news media.Researchers at CyberX discover a cyber espionage campaign called Bugdrop, that siphoned more than 600 gigabytes from about 70 targets in several industries, including critical infrastructure and news media.Targeted AttackY Multiple TargetsCE>1
14921/02/2017?BitfinexTop Bitcoin trading platform Bitfinex is hit by a "severe DDoS attack."DDoSV FintechCCN/A
15022/02/2017BerkutCoachella Music FestivalNearly one million Coachella accounts are reportedly currently up for sale on the dark web.UnknownR Arts entertainment and recreationCCUS
15122/02/2017?Montenegrin government and several state institutionsThe websites of the Montenegrin government and several state institutions, as well as some pro-government media, are targeted with multiple cyberattacks started since February, 15th.UnknownO Public administration and defence, compulsory social securityCWME
15222/02/2017RTMRemote Banking Systems (RBS).Experts at software firm ESET reveal the details of the activity of a cybercrime group tracked as RTM using a sophisticated malware written in Delphi language to target Remote Banking Systems (RBS). The Remote Banking Systems are business software used to make bulk financial transfers.MalwareK Financial and insurance activitiesCC>1
15322/02/2017?South Washington County School DistrictThe South Washington County school district tightens security after a high school student hacks into the district’s server and takes names, Social Security numbers and some addresses.UnknownP EducationCCUS
15423/02/2017North Korea?South Korea?Talos reveals the details of a malware campaign against South Korean users, active between November 2016 and January 2017, targeting a limited number of people. The infection vector is a Hangul Word Processor document (HWP), a popular alternative to Microsoft Office for South Korean users developed by Hancom.Targeted AttackO Public administration and defence, compulsory social securityCEKR
15523/02/2017?AppleA mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, after malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service.MalwareC ManufacturingCCUS
15624/02/2017?Multiple TargetsThe carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber obtained by exploiting the recently discovered Cloudbleed.CloudbleedY Multiple targetsCC>1
15724/02/2017?1,500 organizations from 100 countriesKaspersky Lab exposes the details of a new wave of attacks carried on via the Adwind Remote Access Tool targeting 1,500 organizations from 100 countries.Malware (Adwind)Y Multiple targetsCC>1
15825/02/2017?Roberts HawaiiThe tour company Roberts Hawaii warns its customers about a security breach that may have affected people who purchased tours and other services on its website between July 2015 and December 2016Malicious CodeI Accommodation and food service activitiesCCUS
15925/02/2017National Hackers Agency (NHA)605 Websites hosted by DomainMonsterA hacking crew that goes by the name of National Hackers Agency (NHA) has defaced 605 websites in one go after they managed to get access to a server from UK hosting firm DomainMonster.DefacementY Multiple targetsCCGB
16027/02/2017?Luxembourg Government's serversThe Luxembourg government's servers are hit in a massive DDoS attack that lasts over 24 hours. The attack s believed to have affected over a hundred websites hosted by the government's servers.DDoSO Public administration and defence, compulsory social securityCCLU
16127/02/2017GamaredonUkrainian government, military and law enforcement officials.According to the experts from Palo Alto Networks, a Russian state-actor dubbed Gamaredon is using a custom-developed malware in cyber espionage campaigns against the Ukrainian government, military and law enforcement officials.Targeted AttackO Public administration and defence, compulsory social securityCEUA
16227/02/2017CrimeAgency126 vBulletin ForumA hacker going by the online handle of “CrimeAgency” claims to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum.vBulletin VulnerabilityJ Information and communicationCC>1
16327/02/2017?Japanese Companies and IndividualsCylance discovers Snake Wine another prolonged campaign that appears to exclusively target Japanese companies and individuals.Targeted AttackY Multiple targetsCEJP
16427/02/2017?Amalgamated SugarNearly 3,000 workers at Amalgamated Sugar receive notifications of an intruder accessing the company's network and their personal information being disclosed.UnknownI Accommodation and food service activitiesCCUS
16528/02/2017?Singapore's Ministry of Defence (Mindef)Singapore's Ministry of Defence (Mindef) confirms that the personal details more than 850 national servicemen and employees were stolen in a "targeted and well-planned" cyberattack earlier this month.Targeted AttackO Public administration and defence, compulsory social securityCESG
16628/02/2017?AptosShoppers of 40 online stores have had their bank card numbers and addresses stolen by a malware infection at backend provider Aptos occurred late last yearMalwareG Wholesale and retail tradeCCUS
16701/03/2017?Single IndividualsMalware Must Die publishes the details of a massive credential harvesting campaign carried on via an SSH Direct TCP Forward attack orchestrated via an IoT botnet.SSH Direct TCP ForwardX IndividualCC>1
16801/03/2017?Association of British Travel Agents (ABTA)The UK's largest travel trade organisation, the Association of British Travel Agents (ABTA) experiences a cyberattack on its website that puts 43,000 holidaymakers and travel agents at risk of identity theft.UnknownI Accommodation and food service activitiesCCUK
16901/03/2017?Kennesaw State UniversityThe FBI is investigating an alleged hack of Kennesaw State University server.UnknownP EducationCCUS
17002/03/2017China?Lotte Duty Free ( Korea's Lotte Duty Free website ( is taken down by a DDoS attack orchestrated from a Chinese IP.DDoSG Wholesale and retail tradeCCKR
17102/03/2017?Radio Station WZZY-FMRadio station WZZY-FM falls victim to a prank when hackers access its computer systems and begin broadcasting fake news alerts of a zombie attack, along with a disease outbreak caused by the resulting carnage.UnknownJ Information and communicationCCUS
17202/03/2017?Daytona State CollegeDaytona State College notifies staff of potential W-2 incidentAccount HijackingP EducationCCUS
17303/03/2017?Pennsylvania Senate DemocratsThe Pennsylvania Senate Democrats are hit by a ransomware attack that locks senators and employees out of their computer networkMalwareO Public administration and defence, compulsory social securityCCUS
17404/03/2017?Advertisement board in Mexico CityA digital advertisement board owned by Grupo Carteleras located on a busy road in Mexico City is hacked on Friday and features a pornographic video for a few minutes.UnknownS Other service activitiesCCMX
17506/03/2017Cozy Bear (APT29)?Several US progressive groupsNew reports reveal that Russian hackers are targeting U.S. progressive groups in a new wave of attacks. According to the report, at least a dozen groups have faced extortion attempts since the U.S. presidential election. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.Targeted AttackN Administrative and support service activitiesCCUS
17606/03/2017?Several organisations across Saudi Arabia and EuropeKaspersky Lab reveals the details of a new wiper malware, dubbed StoneDrill, has been uncovered by security researchers, believed to be targeting more organisations across Saudi Arabia and Europe.Targeted AttackY Multiple targetsCC>1
17706/03/2017?University of IdahoUniversity of Idaho notifies 257 employees after phishing incident.Account HijackingP EducationCCUS
17807/03/2017?VerifoneCredit and debit card payments giant Verifone investigates a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions.MalwareK Financial and insurance activitiesCCUS
17908/03/2017?Government organizations in the Middle EastMalware researchers at Palo Alto Networks spot a new strain of ransomware, dubbed RanRan, that has been used in targeted attacks against government organizations in the Middle East.Targeted AttackO Public administration and defence, compulsory social securityCC>1
18009/03/2017?GMO Payment Gateway IncGMO Payment Gateway confirms data leakage from two client websites, due to the Apache Struts vulnerability. The victims are the Tokyo Metropolitan Government, and the Japan Housing Finance Agency. The total leaked recors are more than 700,000.Apache Struts VulnerabilityK Financial and insurance activitiesCCJP
18109/03/2017?Queensland School PhotographyQueensland School Photography emails students' parents to notify that payment card information has been compromised.MalwareP EducationCCAU
18210/03/2017?Products from surveillance technology company AVTechTrend Micro discovers a new family of Linux malware targeting products from surveillance technology company AVTech exploiting a CGI vulnerability that was disclosed in 2016.CGI VulnerabilityC ManufacturingCCTW
18310/03/2017?Metropolitan Urology GroupMetropolitan Urology Group Notifies Patients Of Breach Of Unsecured Personal InformationMalwareQ Human health and social work activitiesCCUS
18411/03/2017?Several Dutch WebsitesTurkish hacker groups target a large number of Dutch websites after the political fallout between the Netherlands and Turkey over the weekend.DDoS/DefacementY Multiple targetsHNL
18511/03/2017?Single IndividualsDanish-speaking users were infected by malware spread through Dropbox.MalwareX IndividualCCDK
18612/03/2017Rekan Herrorfifthharmony.comA Kurdish hacker going by the online handle of “Rekan Error” defaces the official website of Fifth Harmony, an American girl group formed on the second season of The X Factor US in July 2012 and posts messages against ISIS.DefacementR Arts entertainment and recreationHUS
18713/03/2017?Welsh NHSDetails of thousands of medical staff of Welsh NHS are stolen from a private contractor's computer server (Landauer). The breach happened in October 2016 and the total number of affected staff is 4,766.UnknownQ Human health and social work activitiesCCUK
18813/03/2017?Single IndividualsGoogle declares to have identified and shut down a massive ad fraud Android botnet called Chamois, which may have infected multiple Android devices.Mobile MalwareX IndividualCC>1
18914/03/2017?Statistics Canada ( Canadian government confirms that the Statistics Canada website is hacked and taken offline for over two days. In the aftermath of the cyberattack parts of the Canada Revenue Agency's (CRA) site is also reportedly taken offline by authorities as a precaution.Apache Struts VulnerabilityO Public administration and defence, compulsory social securityCCCA
19014/03/2017?Several targetsKaspersky Lab reveals the details of PetrWrap, a new Petya-based ransomware used in targeted attacks.MalwareY Multiple targetsCCTR
19114/03/2017?Magento installationsSucuri reveals that Cybercriminals continue to target the Magento platform, abusing a payment module (Realex Payments Magento extension, SF9) to steal payment card data from online shops running on Magento e-commerce platform.Malicious Function InjectionJ Information and communicationCC>1
19214/03/2017?Mountain Home Water DepartmentThe servers of Mountain Home Water Department fall victim of a ransomware attack.MalwareE Water supply, sewerage waste management, and remediation activitiesCCUS
19315/03/2017?Dun & BradstreetA Dun & Bradstreet 52GB database containing about 33.6 million records with very specific details about each of the people involved from job title to email address is exposed.UnknownN Administrative and support service activitiesCCUS
19415/03/2017?Wishbone AppHackers steal 2.2 million email addresses and 287,000 cellphone numbers from popular teen quiz App Wishbone users, many of whom are young women under the age of 18.UnknownJ Information and communicationCCUS
19515/03/2017?Single Individuals (via TwitterCounter)A large number of Twitter accounts including verified big-name brands, from Justin Bieber to Forbes Magazine, are hacked to display Nazi symbols, a message written in Turkish and two hashtags that translate to "NaziGermany" and "NaziHolland." The issues appear to be linked to a service called Twitter Counter, an analytics company that was previously embroiled in a similar incident last year.Account HijackingX IndividualCC>1
19615/03/2017?Several business organizations in North AmericaTrend Micro reveals the details of MajikPOS, a new PoS malware, targeting business in North America and Canada.PoS MalwareY Multiple targetsCCUS CA
19715/03/ Anonymous deface the official website of Boa Esporte, a second division football club in the state of Minas Gerais, after the team hired goalkeeper Bruno Fernandes das Dores de Souza convicrd for murdering his ex-girlfriend.DefacementR Arts entertainment and recreationHBR
19816/03/2017?Defense Point Security, LLCThe CEO of Defense Point Security, LLC tells all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.Account HijackingM Professional scientific and technical activitiesCCUS
19916/03/2017?Datapoint POSDatapoint POS appears to have been hacked.PoS MalwareK Financial and insurance activitiesCCUS
20016/03/2017?The Independent Electoral and Boundaries Commission (IEBC)The Independent Electoral and Boundaries Commission (IEBC) admits hackers attempted to breach its systems to steal crucial information ahead of the 2017 election.UnknownO Public administration and defence, compulsory social securityCCKE
20117/03/2017?Lane Community CollegeA virus-infected computer at the Lane Community College health clinic may have relayed patient information such as names, addresses, Social Security numbers and more, to an unknown third party for more than a yearMalwareP EducationCCUS
20217/03/2017?Arkansas Department WorkforceInvestigators try to determine whether personal information -- including Social Security numbers -- for an estimated 19,000 Arkansas job seekers was stolen after a virus was detected in a statewide database, a government spokesman said.MalwareO Public administration and defence, compulsory social securityCCUS
20319/03/2017?Several Celebrities including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian MurrayFappening 2.0 is here: nude pictures of several celebrities are leaked online, including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian Murray.UnknownX IndividualCC>1
20420/03/2017?Alfa BankAlfa Bank announces to have been targeted by a large-scale DNS Botnet attack.DDoSK Financial and insurance activitiesCCRU
20521/03/2017?Multipe targetsA study by security firm Dragos reveals that malware posing as legitimate software for Siemens ICS devices has apparently infected 10 industrial equipment worldwide over the past four years.MalwareY Multiple targetsCE>1
20621/03/2017?Chinese Mobile UsersResearchers from Check Point reveal a new mechanism to spread the "Swearing Trojan", using fake base transceiver stations (BTSs) that send phishing SMS messages masquerading as ones coming from Chinese telecom service providers China Mobile and China Unicom.MalwareX IndividualCCCN
20721/03/2017?Joblink AllianceJoblink Alliance, a provider of the nationwide web-based database Joblink, which is used by the State of Vermont, notifies the State that the job seeker functionality of its website has been compromised by a malicious software.MalwareN Administrative and support service activitiesCCUS
20822/03/2017El MacheteMultiple International Government OrganizationsResearchers from Cylance reveal the details of "El Machete" a massive cyber espionage campaign targeting high-profile international government organisations across the globe. Primary targets are in Latin America, but the campaign has also targeted organisations in Canada, England, Germany, Korea, Russia, the Ukraine and the United States.Targeted AttackO Public administration and defence, compulsory social securityCE>1
20922/03/2017?UK viewers or popular porn sitesMalwarebytes warns about an increase in malware attacks currently targeting UK viewers of popular pornography websites. The campaign abuses a legitimate ad network called ExoClick distributing the Ramnit malware.MalvertisingX IndividualCCUK
21023/03/2017@The6Clerk and @PlzNoHackOfficial Twitter Accounts of ABC News (@ABC) and Good Morning America (@GMA)The official Twitter accounts of mainstream US news outlet ABC News and its daily show Good Morning America, are ken over by hackers. The profiles, each with millions of followers, displayed a series of explicit messages left by the culprits.Account HijackingJ Information and communicationCCUS
21123/03/2017?Saudi Arabia Governmental OrganizationsMalwarebytes reveal the details of a new spear phishing campaign targeting Saudi Arabia governmental organizations.Targeted AttackO Public administration and defence, compulsory social securityCESA
21223/03/2017?Payment Processors on websitesA new bot targeting card payment processes on websites is spotted in the wild. Called GiftGhostBot, the bot tries to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites.MalwareX IndividualCC>1
21323/03/2017?Idaho Department of LaborA hacking incident that occurred on March 12 and March 13 compromised more than 170,000 job-seeker accounts of the Idaho Department of Labor.UnknownO Public administration and defence, compulsory social securityCCUS
21423/03/2017?FIRST Forum ( and FIRST Tech Challenge Forum ( Forum ( and FIRST Tech Challenge Forum ( notify a data breach.UnknownS Other service activitiesCCUS
21524/03/2017?Illinois Department of Employment Security (Ides)The Illinois Department of Employment Security (Ides) revealed on Friday (24 March) that one of its vendors was hacked, potentially compromising personal information of approximately 1.4 million job seekers in the state.UnknownO Public administration and defence, compulsory social securityCCUS
21624/03/2017?Android ForumsAndroid Forums announces that its servers were accessed by a third-party resulting in a data breach affecting the 2.5% of the active users.UnknownJ Information and communicationCCUS
21724/03/2017?Washington University School of MedicineWashington University School of Medicine notifies to have been targeted by a Phishing Attack.Account HijackingP EducationCCUS
21825/03/2017Cfnt25 Vulnerable ForumsA hacker going by the handle of “Cfnt” compromises 25 web forums using an outdated version of vBulletin and put the data on sell on a popular Dark Web marketplace.UnknownJ Information and communicationCC>1
21926/03/2017?12 million accounts from at least 11 separate cryptocurrency forumRoughly 12 million accounts pilfered from at least 11 separate cryptocurrency forums over the past six years are being sold on the Dark Web, with a vendor under the pseudonym 'doubleflag' marketing the trove of stolen credentials as a "package" deal.UnknownV FintechCC>1
22027/03/2017?World of Warcraft usersMalwarebytes reveals the details of a phishing campaign attempting to bait World of Warcraft users with the promise of free in-game petsAccount HijackingX IndividualCC>1
22128/03/2017?GitHub UsersResearchers from Palo Alto Networks reveal the details of a new campaign targeting developers sharing code on GitHub with a malicious with a stealth malware called Dimnie.Targeted AttackX IndividualCE>1
22228/03/2017?Tweede Kamer (Lower House of Dutch Parliament)Ransomware is found on the computer systems of the Tweede Kamer, the lower house of Dutch parliament,MalwareO Public administration and defence, compulsory social securityCCNL
22328/03/2017?Forsyth Public SchoolsForsyth Public Schools are hit with computer malware causing problems for teachers, students, parents and district administrators.MalwareP EducationCCUS
22429/03/2017?German ParliamentBerlin's cyber security watchdog reveals that the German parliament was the target of fresh cyber attacks in January that attempted to piggy-back on an Israeli newspaper site to target politicians in Germany.Targeted AttackO Public administration and defence, compulsory social securityCEDE
22529/03/2017?Dueling NetworkA hacker makes off with at least 6.5 million email addresses and poorly hashed passwords from a Yu-Gi-Oh fan project called “Dueling Network.”SQLiR Arts entertainment and recreationCCUS
22629/03/2017?Undisclosed US CollegeResearch from Incapsula discover a new Mirai variant used to launch a 54-hour DDoS attack against a US college.DDoSP EducationCCUS
22730/03/2017?Skype usersSeveral users complain that ads served through Microsoft's Skype app are serving malicious downloads, which if opened, can trigger ransomware.MalvertisingX IndividualCC>1
22830/03/2017?Amaq MediaAmaq media, the news outlet associated with ISIS, claims its website was hacked by perpetrators who were spreading malware on the site.MalwareJ Information and communicationCEN/A
22930/03/2017?ShowTix4UShowTix4U notifies that an unauthorized actor was able to gain access to a third-party vendor’s server and install malicious software on their website.MalwareJ Information and communicationCCUS
23031/03/2017?McDonald's CanadaMcDonald's Canada says that its career website has been hacked, compromising the personal data of around 95,000 restaurant job applicants. The accessed information includes names, addresses, email addresses, phone numbers, employment background and other standard job application information of people who applied online for a job at McDonald's Canada restaurants between March 2014 and March 2017.UnknownI Accommodation and food service activitiesCCCA
23131/03/2017?Major US UniversitiesResearchers find nearly 14M email addresses and passwords belonging to faculty, staff, students and alumni of major universities across the country on the dark web.UnknownP EducationCCUS
23201/04/2017?New York Post AppThe New York Post issues an apology after its app is hacked in an April Fool's Day prank and sends out a flurry of bizarre news alerts including one that read, "Heil President Donald Trump".Account HijackingJ Information and communicationCCUS
23301/04/2017?Airline ConsumersBarracuda Labs reveal the details of a phishing campaign targeting airline consumers.Targeted AttackX IndividualCC>1
23401/04/2017?Unnamed targetsResearchers from Forcepoint unveil the details of Felismus RAT, a piece of malware used in targeted campaigns.Targeted AttackZ UnknownCEN/A
23502/04/2017?German Bundeswehr (armed forces)The head of the German military's new cyber command, Lieutenant General Ludwig Leinhos, reveals that army computers were targeted hundreds of thousands of times in the first nine weeks of 2017.Targeted AttackO Public administration and defence, compulsory social securityCEDE
23603/04/2017APT28 AKA Fancy BearIAAFIAAF, the governing body of global athletics says it has suffered a cyber attack that it believes has compromised information about athletes' medical records.Targeted AttackU Activities of extraterritorial organizations and bodiesCEN/A
23703/04/2017United Cyber Caliphate (UCC)8,786 individualsThe pro-ISIS hacking group United Cyber Caliphate (UCC) posts a 'kill list' containing the name and addresses of 8,786 individuals.UnknownX IndividualHUS UK
23803/04/2017North Korea?South Korean users in the public sectorResearchers from the Cisco Talos Labs reveal the details of ROKRAT, a sophisticated remote access tool targeting South Korean users in the public sector.Targeted AttackO Public administration and defence, compulsory social securityCEKR
23903/04/2017NSO Group Technology?Android usersGoogle and Lookout reveal the details of the Android Chrysaor Malware, a surveillance malware remained undetected for at least three years.MalwareX IndividualCE>1
24004/04/2017APT10Several Major MSPsBAE Systems and PWC reveal the details of Operation Cloud Hopper, a campaign of intrusions against several major MSPs, active since late 2016.Targeted AttackS Other service activitiesCE>1
24104/04/2017?Unnamed Russian BankKaspersky reveals the details of ATMitch, a fileless malware used to steal cash from ATMs in Russia and Kazakshtan.MalwareK Financial and insurance activitiesCCRU KZ
24204/04/2017?Unnamed Brazilian BankKaspersky reveals that on October 2016, a group of hackers rerouted all the traffic of an unnamed brazilian bank's customers to perfectly reconstructed fakes of the bank’s properties.DNS HjiackingK Financial and insurance activitiesCCBR
24304/04/2017?ABCD PediatricsWhile investigating ransomware incident, ABCD Pediatrics uncovers evidence of other intrusion: more than 55,000 patients are notified.UnknownQ Human health and social work activitiesCCUS
24405/04/2017North KoreaSouth Korea and United StatesAs part of OPlan 5027, North Korean hackers have reportedly accessed secretive war-plans drawn up by South Korea and the United States, detailing how the allied military forces would respond to the outbreak of war in the region – including first strike targets and troop deployments.Targeted AttackO Public administration and defence, compulsory social securityCEKR US
24505/04/2017?AnonymousAnonymous members who want to participate in this year's annual #OpIsrael cyber-attacks are the targets of an intelligence gathering operation carried out by an unknown threat actor.Targeted AttackX IndividualHN/A
24606/04/2017?Internal Revenue ServiceThe Internal Revenue Service says that the personal data of as many as 100,000 taxpayers could have been compromised through a scheme in which hackers posed as students using an online tool to apply for financial aid.Account HijackingO Public administration and defence, compulsory social securityCCUS
24706/04/2017? (A possible China-linked group)National Foreign Trade Council (NFTC)Fidelis Cibersecurity reveals that ahead of the trade summit between US President Donald Trump and his Chinese counterpart, Xi Jinping, a nation-state hacking group conducted espionage on a number of key industry players and lobbyists with links to the talks.Targeted AttackO Public administration and defence, compulsory social securityCEUS
24806/04/2017?Wordpress WebsitesResearchers from security firm Wordfence reveal that tens of thousands, of home routers have been hacked, exploiting the CVE-2014-9222 flaw, also known as ‘Misfortune Cookie’, and used to power cyber attacks on WordPress websites.Brute-ForceX IndividualCC>1
24906/04/2017?U.S. and Middle Eastern targetsA joint investigation by Palo Alto Networks and ClearSky Cyber Security sheds light on a recently discovered malware campaign that tries to infect U.S. and Middle Eastern targets with four distinct families of Windows and Android-based downloaders and information stealers.Targeted AttackY Multiple targetsCE>1
25006/04/2017?iOS UsersMalwarebytes reveals the details of a malvertising campaign targeting iOS users delivered via rogue ads on popular torrent sites.MalvertisingX IndividualCC>1
25106/04/2017?Single usersSecurity researchers from ESET discover a new malware called Sathurbot that relies on malicious torrent files to spread to new victims and carries out coordinated brute-force attacks on WordPress sites.MalwareX IndividualCC>1
25207/04/2017?GamestopVideo game giant GameStop Corp says it is investigating reports that hackers may have siphoned credit card and customer data from its website Wholesale and retail tradeCCUS
25307/04/2017?University of LouisvilleTax information for dozens of University of Louisville employees is compromised after a hack of the online system the university uses to give employees access to tax documents.UnknownP EducationCCUS
25408/04/2017?Sirens in DallasA computer hack sets off all the emergency sirens in Dallas for about 90 minutes.UnknownO Public administration and defence, compulsory social securityCCUS
25508/04/2017?>1Cyber-security firms McAfee and FireEye disclose in-the-wild attacks with a new Microsoft Office zero-day (CVE-2017-0199).Targeted AttackY Multiple targetsCE>1
25608/04/2017The Shadow BrokersNSAThe Shadow Brokers (TSB) are back, and release the password for the rest of the hacking tools they claim to have stolen from the NSA last year.UnknownO Public administration and defence, compulsory social securityCCUS
25709/04/2017?WongaAlmost 250,000 Wonga's UK customers are affected by a data breach. The payday lender says it is investigating 'illegal and unauthorised access' to some of its customers' personal information in both Britain and Poland. Stolen data may include account numbers, sort codes, addresses and the last four digits of users' bank cards.UnknownK Financial and insurance activitiesCCUK
25810/04/2017?Microsoft Word UsersProofpoint reveals that an unpatched zero-day vulnerability impacting every version of Microsoft Word has been exploited by hackers to spread a notorious banking Trojan called Dridex to millions of users around the world.RCE VulnerabilityX IndividualCC>1
25910/04/2017LonghornAt least 40 governments and private organizations across 16 countriesSecurity Experts from Symantec reveals that the Longhorn group has targeted at least 40 governments and private organizations across 16 countries using the tools detailed in the recent Vault 7 leak.Targeted AttackO Public administration and defence, compulsory social securityCE>1
26010/04/2017?Amazon third-party sellersAmazon third-party sellers, are hit repeatedly by hackers who post fake deals on legitimate sellers' pages.Account HijackingJ Information and communicationCCUS
26111/04/2017North Korean HackersUnion Bank of IndiaNorth Korean hackers are suspected of attempting to steal $170m from Union Bank of India, back in 2015.MalwareK Financial and insurance activitiesCCIN
26212/04/2017?AQA (Assessment and Qualifications Alliance)Data relating to 64,000 current and former examiners stored on some of AQA’s online systems are stolen by attackers, including examiners’ name, address, personal phone numbers, and passwords.UnknownP EducationCCUK
26313/04/2017Callisto Group>1F-Secure reveals the details of Callisto Group, a mysterious hacking collective known to target military personnel, government officials, think tanks and journalists, and also reportedly responsible for a series of cyber-espionage attacks against targets including the UK Foreign Office last yearTargeted AttackY Multiple targetsCE>1
26413/04/2017?Airbnb usersAn Airbnb investigation finds that several peoples' homes were robbed by guests using stolen accounts.Account HijackingX IndividualCC>1
26513/04/2017?Melbourne ITAustralian ISP Melbourne IT confirms that it was hit by “a large DDoS attack” that disrupted its web hosting.DDoSJ Information and communicationCCAU
26613/04/2017OurMinehundreds of popular Youtube channelsThe OurMine collective compromises hundreds of popular Youtube channels.Account HijackingX IndividualCC>1
26714/04/2017?Best American Hospitality Corp.Best American Hospitality Corp. issues a statement regarding stolen payment cards at some of the restaurants it manages and operates:MalwareI Accommodation and food service activitiesCCUS
26814/04/2017The Shadow BrokersNSAThe Shadow Brokers dumpe a new collection of files, containing what appears to be exploits and hacking tools targeting Microsoft's Windows OS and evidence the Equation Group had gained access to servers and targeted the SWIFT banking system of several banks across the world.UnknownO Public administration and defence, compulsory social securityCEUS
26914/04/2017?Britain FirstBritain First is hit by a massive hack that targeting its websites and Twitter accounts, and their YouTube channel.Account HijackingN Administrative and support service activitiesCCGB
27014/04/2017?Several CelebritiesHackers leake nude pictures and explicit videos of celebrities including Rosario Dawson, Miley Cyrus, Suki Waterhouse, Kate Hudson and Yvonne Strahovski.UnknownX IndividualCC>1
27115/04/2017?YoukuA dark web vendor going by the handle of CosmicDark sells a database containing 100,759,591 user accounts stolen from of Youku Inc., a popular video service in China.UnknownJ Information and communicationCCCN
27210/04/2017JanitorSierra TelThe Bricker Bot takes down the Zyxel HN-51 Modem belonging to Sierra Tel, a Californian ISP.MalwareJ Information and communicationCCUS
27311/04/2017?eConcordiaConcordia’s online course systems, eConcordia and KnowledgeOne, are hacked, 9000 users are compromised.Account HijackingP EducationCCUS
27416/04/2017?McAfee Linkedin PageThe LinkedIn page for McAfee is hijacked by a single person or an unknown number of individuals allegedly affiliated with the OurMine collective.Account HijackingJ Information and communicationCCUS
27516/04/2017?Westminster CollegeWestminster College in Missouri reveals the details of a breach discovered on March 26 after a phishing scam duped a staffer into sending off W-2 statements.Account HijackingP EducationCCUS
27618/04/2017?Northrop GrummanNorthrop Grumman admits one of its internal portals was broken into, exposing employees' sensitive tax records to W-2 Scams.Account HijackingC ManufacturingCCUS
27718/04/2017?Retina-X FlexiSpyMotherboard obtains the data of 130,000 customers of the two mobile surveillance software firms Retina-X and FlexiSpyUnknownJ Information and communicationCCUS
27820/04/2017?Android usersResearchers from Trend Micro discover MilkyDoor, an alleged successor of the infamous malware DressCode.MalwareX IndividualCC>1
27920/04/2017?Fashion Fantasy GameA 2016 data breach leaves Fashion Fantasy Game, an online game and social network for fashion lovers, with millions of user account credentials being leaked on the web.UnknownR Arts entertainment and recreationCCUS
28021/04/2017APT10 and Tonto teamSouth KoreaFireEye claims Chinese hackers are trying to break into South Korea's military to halt the deployment of an anti-ballistic weapons system in the country.Targeted AttackO Public administration and defence, compulsory social securityCWKP
28121/04/2017?Atlantic Digestive SpecialistsAtlantic Digestive Specialists notify patients of ransomware incidentMalwareQ Human health and social work activitiesCCUS
28221/04/2017?Cleveland Metropolitan School DistrictCleveland Metropolitan School District discloses phishing-related incidentAccount HijackingP EducationCCUS
28321/04/2017?Iowa Veterans HomeIowa Veterans Home warns nearly 3,000 of data breach after phishing incidentAccount HijackingO Public administration and defence, compulsory social securityCCUS
28422/04/2017?Alison BrieFappening 2.0 continues: this time Alison Brie is targeted and has some nude images leaked online.UnknownX IndividualCCUS
28522/04/2017?YapizonYapizon, a South Korean Bitcoin exchange suffers a massive data breach when hackers steal 3,800 Bitcoin (US$5 million) which is 37% of user funds.UnknownV FintechCCKR
28623/04/2017Zhengquan ZhangKCG HoldingsThe FBI arrests Zhengquan Zhang, a 31-year-old IT engineer, accused of installing malware on his employer's servers to steal proprietary source.MalwareK Financial and insurance activitiesCCUS
28723/04/2017Ayyildiz TimNorth Mundham Primary in ChichesterPolice are investigating after “malicious” messages are left on a school website by Turkish nationalists in an apparent hacking attempt.DefacementP EducationCCUK
28824/04/2017APT28 AKA Fancy BearDanish Armed ForcesDenmark’s security service, Politiets Efterretningstjeneste’s (PET) Centre for Cyber Security says in its report that Danish armed forces personnel have their emails hacked over the last two years. The hack has been attributed to ‘Fancy Bear'.Targeted AttackO Public administration and defence, compulsory social securityCEDK
28924/04/2017?7 Southeast Asian NationsAn anti-cybercrime operation by Interpol and investigators from seven southeast Asian nations reveal nearly 9,000 malware-laden servers and hundreds of compromised websites in the ASEAN region.MalwareY Multiple targetsCC>1
29024/04/2017?HipChatHipChat is hacked over the weekend due to a vulnerability in a third-party library. The incident affects a server in the HipChat Cloud web tier, and for a small number of instances (less than 0.05 percent), there's evidence messages and content in rooms may have been accessed.Vulnerability in a third-party libraryJ Information and communicationCCUS
29124/04/2017?City of NewarkA ransomware attack hits some municipal computers in New Jersey's most populous city, Newark.MalwareO Public administration and defence, compulsory social securityCCUS
29224/04/2017?Greenway HealthGreenway Health is the victim of a ransomware attackMalwareQ Human health and social work activitiesCCUS
29325/04/2017?ChipotleChipotle, the global fast-food chain specialising in Mexican dishes, urges its US customers to check for suspicious activity on their bank statements after "unauthorised" activity on its payment processing systems has led to fears the company has been hacked.PoS MalwareI Accommodation and food service activitiesCCUS
29425/04/2017APT28 AKA Fancy BearTwo German think tanks with ties to Christian Democratic Union (CDU) and Social Democratic Party (SPD).Trend Micro reveals that Kremlin-linked Fancy Bear hackers targeted two German think tanks with ties to Angela Merkel's ruling coalition parties Christian Democratic Union (CDU) and Social Democratic Party (SPD).Targeted AttackN Administrative and support service activitiesCEDE
29525/04/2017APT28 AKA Fancy BearEmmanuel MacronThe same reports reveals that French presidential candidate Emmanuel Macron was targeted by APT28.Targeted AttackX IndividualCEFR
29625/04/2017?R2GamesOnline gaming company Reality Squared Games (R2Games) is compromised for the second time in two years and more than one million accounts are compromised. Leaked data includes usernames, passwords, email addresses, IP addresses, and other optional record fields, such as instant messenger IDs, birthday, and Facebook related details (ID, name, access token).UnknownR Arts entertainment and recreationCCCN
29725/04/2017?Multiple Japanese BusinessesCybereason discovers ShadowWali, a backdoor used for targeted attacks, against Japanese businesses since at least 2015.Targeted AttackY Multiple targetsCEJP
29825/04/2017?Blowout CardsBlowout Cards issues a security alert to customers, warning that their payment card details may have been compromised after an attacker hacked its website and customers began reporting related card fraud.MalwareJ Information and communicationCCUS
29925/04/2017WauchulaGhost250 ISIS Twitter AccountsWauchulaGhost defaces 250 ISIS Twitter accounts with adult content.DefacementS Other service activitiesHN/A
30026/04/2017?Android usersCheck Point updates the damage report for the FalseGuide malware with five additional apps found containing the malware, estimating that 2 million Android users have unknowingly downloaded the malware.MalwareX IndividualCC>1
30126/04/2017OilRig120 Israeli TargetsThe Israeli Government reveals to have thwarted a major cyberattack against 120 targets. Israeli sources believe the attack has been launched by the Iran-linked OilRig APT group (aka Helix Kitten, NewsBeef ).Targeted AttackO Public administration and defence, compulsory social securityCCIL
30226/04/2017?CiphrCustomer data from encrypted phone company Ciphr is dumped online.UnknownC ManufacturingCCUS
30326/04/2017?Virginia Sex Offender and Crimes Against Children Registry (SOR)A malware infection affecting servers belonging to the Virginia State Police (VSP) shuts down the department's email system, along with its ability to update the Virginia Sex Offender and Crimes Against Children Registry (SOR).MalwareO Public administration and defence, compulsory social securityCCUS
30426/04/2017?Pekin Community High SchoolA ransomware attack takes down Pekin Community High School.MalwareP EducationCCUS
30527/04/2017?>1Reuters reveals that unknown attackers have been exploiting CVE-2017-0199 against target in Ukraina and Australia.Targeted AttackY Multiple targetsCEUA AU
30627/04/2017?OSX UsersCheck Point reveals the details of OSX/Dok, a new malware affecting all versions of OSX, signed with a valid developer certificate (authenticated by Apple), the first major scale malware to target OSX users via a coordinated email phishing campaign.MalwareX IndividualCC>1
30727/04/2017?NoTroveRiskIQ reveals that a group known as NoTrove is driving massive amounts of traffic to survey pages, scams sites, and shady software download portals, so much so that one of the domains they used in their campaings peaked at #517 in Amazon's Alexa traffic ranking.MalvertisingX IndividualCC>1
30828/04/2017The Dark OverlordNetflixTheDarkOverlord leaks upcoming episode of Orange is the New Black after Netflix doesn’t pay extortion demand. The hack happened via a "production vendor".UnknownR Arts entertainment and recreationCCUS
30928/04/2017Evaldas RimasauskasGoogle and FacebookGoogle and Facebook confirm that they fell victim to an alleged $100m (£77m) scam between 2013 and 2015.Account HijackingJ Information and communicationCCUS
31028/04/2017?20 UK BanksSecurity researchers from IBM Security warn that a strain of banking Trojan, dubbed TrickBot, is escalating attacks against UK banks and financial institutions. The operators of the malware have launched five campaigns only on April.MalwareK Financial and insurance activitiesCCUK
31128/04/2017?Diamond Institute for Infertility and MenopauseDiamond Institute for Infertility and Menopause notifies patients of an incident involving their electronic health records server, maintained by an unnamed third party. The incident happened in FebruaryUnknownQ Human health and social work activitiesCCUS
31228/04/2017Tsar TeamGrozio ChirurgijaCybercriminals steal 25,000 personal records and photos of patients from the data system of a Lithuanian plastic surgery clinic and put them up for sale.OpenCMS VulnerabilityQ Human health and social work activitiesCCLT
31329/04/2017?Hill Country Memorial HospitalHill Country Memorial Hospital notifies patients after employee email accessed without authorizationAccount HijackingQ Human health and social work activitiesCCUS
31429/04/2017?Greenwood County School District 50About 3,300 are affected by a security breach after the school discovers that an unauthorized user logged in to four Greenwood County School District 50 employees’ emails as well as current and former employees’ payroll accounts in January and February.Account HijackingP EducationCCUS
31530/04/2017?Some IBM flash drivesIBM detects that some USB flash drives containing the initialization tool shipped with several IBM Storwize systems contain a file that has been infected with malicious code and ask users to destroy them.MalwareC ManufacturingCCUS
31630/04/2017?Unity 3D ForumOurMine hackers deface the official domain of Unity 3D Forums leaving a deface page along with a note.DefacementM Professional scientific and technical activitiesCCUS
31702/05/2017?Gannett Co.A phishing email attack potentially compromises the accounts of as many as 18,000 current and former employees of media company Gannett Co.Account HijackingJ Information and communicationCCUS
31802/05/2017?HandBrakeTthe popular DVD-ripping HandBrake app, is hacked to installi a new variant of the Proton malware.MalwareS Other service activitiesCCFR
31902/05/2017?Android usersSophos reveals the details of Super Free Music Player, a fake music player app in the Google Play Store, downloaded by thousands of users since March 31st, and riddled with malware.Mobile MalwareX IndividualCC>1
32002/05/2017?UK BanksDomainTools reveals that hundreds of fake website domains are being used by hackers to mimic some of the most popular banking services in the UK in an attempt to trick victims into handing over personal details and sensitive login credentials.Domain SquattingK Financial and insurance activitiesCCUK
32102/05/2017?Sabre Corp. Hospitality UnitTravel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.MalwareI Accommodation and food service activitiesCCUS
32202/05/2017?City of FitchburgFitchburg, Mass. city officials report that the Social Security numbers of 1,800 residents were compromised during a data breach that was discovered on April 14, but took place more than three years ago.UnknownO Public administration and defence, compulsory social securityCCUS
32302/05/2017?Wellington's Victoria UniversityStudents and staff of Wellington's Victoria University have been warned their usernames and passwords may have been compromised following a data breach following an unauthorised access to the university's IT systems.UnknownP EducationCCNZ
32403/05/2017?Gmail usersA massive phishing campaign hits Google users and compromises about a million of its accounts exploiting a fake app abusing the Oauth authentication protocol.Account Hijacking via OauthX IndividualCC>1
32503/05/2017?German O2-Telefonica usersO2-Telefonica in Germany confirms to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.Account Hijacking via SS7 VulnerabilityX IndividualCCDE
32603/05/2017Snake AKA Turla, AKA UroburosOSX UsersFox-it reveals that the infamous threat actor Snake (AKA Turla, AKA Uroburos) is back and ready to target OSX users.Targeted AttackX IndividualCE>1
32703/05/2017?Assets related to North KoreaResearchers from Cisco Talos reveal the details of an unknown Remote Administration Tool, dubbed KONNI, in use, undetected, for over 3 years.Targeted AttackY Multiple targetsCE>1
32803/05/2017SkyscraperMultiple targetsApproximately 500,000 pediatric medical records, many from doctors' offices that didn't know they had been breached, are spotted for sale on the dark web.UnknownQ Human health and social work activitiesCCUS
32903/05/2017TuftsLeaksTufts UniversityA group calling itself TuftsLeaks publishes documents online that contain sensitive financial information from Tufts. The leak includes department budgets, the salaries of thousands of staff and faculty and the ID numbers of student employees with salaries listed.UnknownP EducationCCUS
33004/05/2017TheDarkOverlordAesthetic Dentistry OC Gastrocare Tampa Bay Surgery CenterTheDarkOverlord dumps 180,000 patients’ records from 3 hacks. The victims are: Aesthetic Dentistry, OC Gastrocare, Tampa Bay Surgery CenterUnknownQ Human health and social work activitiesCCUS
33104/05/2017?Several high-profile technology and financial organizationsMicrosoft reveals the details of Operation WilySuply, a sophisticated campaign exploiting the software remote update channel of the supply chain as an attack vector.Targeted AttackY Multiple TargetsCE>1
33204/05/2017?Charlotte Flair VictoriaWWE divas Charlotte Flair and Victoria ar ethe latest victims of the Celebgate leak.UnknownX IndividualCCUS
33305/05/2017?DebenhamsMalware infects the backend systems used by British high street chain Debenhams, and steals 26,000 people's personal information in the process. The hack happened after compromising the systems at Ecomnova, the firm that runs the Debenhams Flowers business, for six weeks.MalwareG Wholesale and retail tradeCCUK
33406/05/2017?Emmauel Macron's StaffThe French presidential candidate Emmanuel Macron is targeted by a “massive and coordinated” hacking attack, hours before voters go to the polls. Tens of thousands of internal emails and other documents (9Gb) are released online.UnknownN Administrative and support service activitiesCCFR
33506/05/2017?Confluence Charter SchoolsThe network servers for Confluence Charter Schools are hacked, but school leadership say there is no evidence that student or employee data have been compromised.UnknownP EducationCCUS
33607/05/2017?FCC (Federal Communications Commission)The FCC website is hit by a DDoS Attack.DDoSO Public administration and defence, compulsory social securityCCUS
33708/05/2017?Multiple targetsBitdefender reveals the details of Netpreser, a cyber espionage campaign carried on using readily available software tools.MalwareY Multiple targetsCE>1
33809/05/2017?FranceFrance's central bank warns of an increase in phishing attempts using its name and logo and email addresses purporting to be Bank of France ones.Account HijackingX IndividualCCFR
33909/05/2017Authors from Iran?IP CamerasTrend Micro reveals the details of Persirai, a new IoT botnet targeting IP cameras.MalwareY Multiple targetsCC>1
34009/05/2017? (linked to North Korea?)Unnamed TargetCylance reveals the details of Paipeu, an unkown malware used as an infostealer.Targeted AttackZ UnknownCEN/A
34110/05/2017?CedexisA DDos attack against Cedexis knocks out several major French news websites including Le Monde and Le Figaro.DDoSJ Information and communicationCCUS
34211/05/2017An unidentified group, APT28 and TurlaMultiple targetsSecurity vendors ESET and FireEye this week issued separate advisories on cyberattacks involving the use of three Microsoft zero-day flaws: CVE-2017-0261, CVE-2017-0262, CVE-2017-0263. The attacks are carried on by an unidentified group and also by APT28 and Turla.Targeted AttackY Multiple targetsCE>1
34311/05/2017Russian ForcesUkrainian SoldiersUkrainian soldiers are hit by an ongoing campaign of propaganda-texting. The campaign is attributed to Russian forces equipped with cell site simulators (IMSI-catchers).Cell Site Simulators (IMSI-catchers)O Public administration and defence, compulsory social securityCWUA
34411/05/2017nclay?EdmodoA hacker steals millions of user account details from popular education platform Edmodo, and the data is apparently for sale on the so-called dark web. The organization claims to have over 78 million members.UnknownJ Information and communicationCCUS
34512/05/2017?Multiple targetsThe WannaCrypt ransomware worm, aka WanaCrypt or Wcry, explodes across 74 countries, infecting hospitals, businesses including Fedex, rail stations, universities, at least one national telco (Telefonica), and more organizations.MalwareY Multiple targetsCC>1
34612/05/2017?National University of Singapore (NUS) Nanyang Technological University (NTU)Reports emerge that the two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the attackers specifically targeting government and research data.Targeted AttackP EducationCESG
34712/05/2017?Brooks BrothersU.S. clothing company Brooks Brothers reveals that payment card information of certain customers were compromised at some of its retail locations in the United States and Puerto Rico over 11 months until March.PoS MalwareC ManufacturingCCUS
34812/05/2017?Multiple targetsResearchers at Cylance reveal a new advanced threat, dubbed Baijiu, which uses heightened interest in North Korea and the GeoCities web service to prey on victims.Targeted AttackY Multiple targetsCE>1
34914/05/2017APT32 AKA OceanLotus GroupMultiple Targets with Interests in VietnamFireEye reveals the details of Operation Cobalt Kitty, a campaign carried on by APT32, an advanced threat group that conducts targeted intrusions at large multinational businesses with interests in Vietnam.Targeted AttackY Multiple targetsCE>1
35015/05/2017?Bell CanadaBell Canada says that 1.9 million customer account details have been stolen by unknown hackers, although no payment card numbers or passwords have been taken.UnknownJ Information and communicationCCCA
35115/05/2017?DocusignDocuSign acknowledges that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems.UnknownJ Information and communicationCCUS
35215/05/2017OilRig?Unnamed Military ContractorTrapX reveals to have repelled an attack against an unnamed military contractor carried on by Iranian hackers using a Russian Toolset.Targeted AttackO Public administration and defence, compulsory social securityCEUS
35315/05/2017?University of New Mexico FoundationA month after discovering a computer server breach that may have compromised personal information for about 23,000 people, the University of New Mexico Foundation begins sending notification letters about the incident.UnknownP EducationCCUS
35411/05/2017Suspected Russia-backed hackersenergy networks of the Baltic statesReuters reports that Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states.Targeted AttackD Electricity gas steam and air conditioning supplyCW>1
35517/05/2017?UK ParliamentThe Telegraph reveals that members of UK Parliament have been deliberately targeted by hackers trying to break into online accounts, earlier this year.Account HijackingO Public administration and defence, compulsory social securityCEUK
35617/05/2017nclayZomatoZomato, the popular restaurant and event listing service, is hacked and 17 million accounts are listed for sale on the dark web. The data on sale includes emails and hashed passwords of Zomato users, but the company said no payment or credit card data was leaked.UnknownJ Information and communicationCCIN
35717/05/2017?PanicApple app maker Panic's CEO Steven Frank says he mistakenly downloaded the malware-laced DVD-ripping app HandBrake resulting in some of the company's source code being stolen.MalwareJ Information and communicationCCUS
35818/05/2017Russia?US Department of DefenseA Times report suggests that Russia may have used Twitter as a tool of international espionage: agents of the Russian government could have sent malware-laced Twitter messages to more than 10,000 employees of the US Department of Defense.MalwareO Public administration and defence, compulsory social securityCEUS
35918/05/2017?DaFont.comThe popular font sharing site is hacked, exposing the site's entire database of 699,464 user accounts.SQLiJ Information and communicationCCUS
36018/05/2017?PureMatrimony.comMuslim focused site says it has informed its users of an apparent data breach, and asked them to reset their passwords. 120,000 accounts are compromised.UnknownR Arts entertainment and recreationCCUS
36118/05/2017?EquifaxEquifax reveals the details of an unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. The list of victims includes including defense contractor giant Northrop Grumman; staffing firm Allegis Group; Saint-Gobain Corp.; Erickson Living; and the University of Louisville.Account HijackingK Financial and insurance activitiesCCUS
36219/05/2017?Salem State University Twitter AccountSalem State University officials apologize after several racist tweets (against Black Lives Matter) were sent out when the school’s Twitter account was hacked (@SalemState).Account HijackingP EducationCCUS
36319/05/2017?Blackburn High SchoolPolice investigate a major privacy breach at Blackburn High School, which saw the personal information of families, including their phone numbers, addresses and Medicare details, published online.Account HijackingP EducationCCAU
36422/05/2017?Florida Department of Agriculture and Consumer ServicesFlorida officials reveal that hackers may have stolen the names of over 16,000 people who have concealed weapon permits in the state. The breach occurred two weeks ago through its online payment system, which processes payments for customers' permits and other applications.UnknownO Public administration and defence, compulsory social securityCCUS
36522/05/2017?Xbox UsersMicrosoft files a complaint against iGSKY, presenting itself as a gaming serving company, accusing it to sell hacked Xbox accounts.UnknownX IndividualCC>1
36623/05/2017?Single Business UsersResearchers from security firm Cylance reveal that Qakbot, an information-stealing Trojan and backdoor malware that targets the Microsoft Windows operating system, is back with a new campaign nastier than before.MalwareX IndividualCC>1
36724/05/2017?Qatar News AgencyUnknown hackers break into the website of the Qatar state-run news agency and publish a fake story quoting the ruling emir making controversial comments. The Twitter feed is also compromised posting fake quotes from Qatar's foreign minister alleging a plot against the country by other Arab nations.Account HijackingJ Information and communicationCCQA
36825/05/2017APT28200 victims, including journalists and activists critical of the Russian government, people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the worldSecurity researchers from CitizenLab expose the details of Tainted Leaks, a sophisticated hacking and disinformation campaign that targeted more than 200 Gmail users.Account HijackingX IndividualCE>1
36925/05/2017?Android UsersResearchers from Check Point reveal the details of Judy, what could be possibly the largest malware campaign spreading through Google Play. The suspicious code was observed in more than 40 applications, most allegedly developed by a Korean company called Kiniwini.MalwareX IndividualCC>1
37025/05/2017?The Harvard CrimsonThe website of Harvard’s 144-year-old newspaper is defaced and posts fake stories and an altered picture of Facebook CEO Mark Zuckerberg (who was visiting the institution).DefacementP EducationCCUS
37125/05/2017?Multiple WebsitesMalwarebytes reveals the details of RoughTed, an anti ad-blocker malvertiser able to distribute the Cerbrer ransomware.MalvertisingX IndividualCC>1
37225/05/2017?University of Wisconsin HealthUW Health says that 2,036 patients had information compromised after an employee's email account was used by an unauthorized user on March 28, 2017.Account HijackingQ Human health and social work activitiesCCUS
37326/05/2017Russia?Trump OrganizationABC News reveals that the FBI is investigating an attempted overseas cyberattack against the Trump Organization, summoning President Donald Trump’s sons, Don Jr. and Eric, for an emergency session with the bureau’s cybersecurity agents and representatives of the CIA.UnknownN Administrative and support service activitiesCEUS
37426/05/2017?Prairie Mountain HealthPersonal and medical information of more than 1,000 Prairie Mountain Health patients are at risk after an internal website is hacked.UnknownQ Human health and social work activitiesCCUS
37528/05/2017?Fast HealthFast Health reports a security breach that could affect over 700 of their patients, when a third-party altered a code on their server, stealing the credit card information of close to 700 customers who paid bills online from January 14, 2016 to December 20, 2016.MalwareQ Human health and social work activitiesCCUS
37628/05/2017?Augusta UniversityA phishing attack hits Augusta University faculty email accounts containing the health information of patients.Account HijackingP EducationCCUS
37729/05/2017?Liverpool One Shopping CentreLiverpool One shopping centre is forced to shut down a slew of digital billboards after an unknown hacker tampers with the signage.UnknownG Wholesale and retail tradeCCUK
37830/05/2017?Old MutualFinancial services company Old Mutual has notified its customers of a data breach, after it detected unauthorised entry to one of its systems which led to some personal customer information being accessed.UnknownK Financial and insurance activitiesCCAU
37931/05/2017?OneLoginOneLogin reveals the details about an attack on its systems, confirming that a "threat actor" has accessed database tables including "information about users, apps, and various types of keys." The attacker has been able to rifle through OneLogin's infrastructure for seven hours, may have been able to decrypt customer data.AWS Keys HijackingJ Information and communicationCCUS
38031/05/2017?KmartFor the second time in less than three years, Kmart Stores suffers a malware-based security breach of its store credit card processing systems.PoS MalwareG Wholesale and retail tradeCCUS
38131/05/2017?QnectQnect, a Sydney startup has its customer data stolen with the hackers threatening to publish the information unless bitcoins are paid out.UnknownJ Information and communicationCCAU
38231/05/2017?University of AlaskaA phishing scam in December 2016 resulted in a data breach at the University of Alaska, affecting around 25,000 students, staff and faculty members.Account HijackingP EducationCCUS
38331/05/2017?Road Sign in HustomSomeone hacks a road sign in Houston with a message against Donald Trump.UnknownN Administrative and support service activitiesCCUS
38401/06/2017?Stanford University SubdomainFor almost four months, one of Stanford's subdomains (Paul F. Glenn Center for the Biology of Aging at Stanford University) has been compromised and used for hosting web shells, mailers, and other types of web malware.WebShellP EducationCCUS
38501/06/2017?Single UsersResearchers from Check Point reveal the details of Fireball, a high volume Chinese threat operation which has infected over 250 million computers worldwide (despite Microsoft later claims the number of infected machine is "only" 40 million.MalwareX IndividualCC>1
38601/06/2017?Good Choice (hotel reservation app)Hackers suspected of breaching a popular South Korean mobile app and stealing the personal data of more than 990,000 are arrested by local police in Korea.UnknownJ Information and communicationCCKR
38702/06/2017?Google SearchA malvertising campaign exploits ads in Google Search results for Target, redirecting the users to a tach support scam. Apparently a similar campaing has also been carried on for searches related to Walmart.MalvertisingX IndividualCCUS
38803/06/2017? sends an email to some customers advising that their username, password, email address, and the last four digits of stored credit card numbers were potentially stolen last month (between may 22 and 29).UnknownJ Information and communicationCCUS
38904/06/2017The Dark OverlordSteve Harvey's FunderdomeThe Dark Overlord, which recently leaked ten episodes of Netflix's "Orange is the New Black" makes a resurgence, releasing on the Pirate Bay a selection of eight episodes from ABC's upcoming network television show "Steve Harvey's Funderdome".UnknownR Arts entertainment and recreationCCUS
39005/06/2017Russia?A new report reveals that Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to 122 local election officials just days before last November’s presidential election.Targeted AttackO Public administration and defence, compulsory social securityCWUS
39105/06/2017?, the popular Bitcoin and Litecoin exchange platform is the target of a DDoS Attack.DDoSV FintechCCRU
39205/06/2017?Wind TreItaly’s data protection authority, Garante Privacy, has ordered Wind Tre to write to customers to notify them of a data breach following a cyber attack that occurred on 20 March.UnknownJ Information and communicationCCIT
39306/06/2017APT28MontenegroSecurity firm FireEye reveals the details of a wave of attacks targeting Montenegro using spear-phishing, after its decision to join the NATO.Targeted AttackO Public administration and defence, compulsory social securityCWME
39406/06/2017Turla>1Security firm ESET reveals the details of a recently discovered backdoor Trojan using comments posted to Britney Spears's official Instagram account to locate the control server that sends instructions and offloads stolen data to and from infected computers.Targeted AttackY Multiple targetsCE>1
39507/06/2017?Southern Oregon UniversitySouthern Oregon University announces that it is the latest organization to fall victim to a business email compromise (BEC) attack after fraudsters tricked the educational establishment into transferring money into a bank account under their control. The university fell for the scam in late April when it wired $1.9 million into a bank account. They believed they were paying Andersen Construction, a contractor responsible for constructing a pavilion and student recreation center.Account Hijacking (Business Email Compromise)P EducationCCUS
39607/06/2017Chris HutchesonGordon RamsayThe father-in-law of celebrity chef Gordon Ramsay is jailed for six months after pleading guilty to attempting to hack into his computer to steal financial information and 'dirty' secrets on the star for the hacking plot to crack into Ramsay's private emails following a family falling-out.Account HijackingX IndividualCCUK
39707/06/2017Platinum APT>1Microsoft reveals the details of Platinum APT, the first example of a threat actor abusing Intel Chip Management Feature.Targeted AttackY Multiple targetsCE>1
39808/06/2017?Al Jazeera Media NetworkThe websites and digital platforms of Al Jazeera Media Network are undergoing "systematic and continual hacking attempts". Internal sources reveal that the network is facing a DDoS attack.DDoSJ Information and communicationCCQA
39908/06/2017?Android UsersResearchers from security firm Kaspersky Lab reveal that more than 50,000 Android devices have downloaded a strain of Android malware, known as "DvMap", which contains rare abilities to allow hackers and cybercriminals to gain "root" access to a smartphone or tablet and inject malicious code directly into system libraries.MalwareX IndividualCC>1
40008/06/2017?CD Project RedCD Projekt Red, the Polish studio maker behind the popular The Witcher 3 RPG, suffers a data breach and the attacker is holding the company for ransom, threatening to release stolen files if the game maker doesn't pay an undisclosed sum of money.UnknownR Arts entertainment and recreationCCPL
40109/06/2017?Linux ServersResearchers from Kaspersky Lab reveal that an unknown threat actor is using a vulnerability in Samba installations to take over Linux machines and use them as pawns in a vast cryptocurrency mining operation. The malware is dubbed SambaCry.MalwareY Multiple targetsCC>1
40209/06/2017?Android UsersResearchers from security company Qihoo 360 discover an Android ransomware developed in China dubbed WannaLocker, which copies WannaCry using similar graphics to trick users into paying the ransom.MalwareX IndividualCCCN
40309/06/2017FIN7Restaurants across the USMorphisec Lab reveals the details of a sophisticated fileless attack carried on by the FIN7 group and targeting restaurants across the US, allowing attackers to seize system control and install a backdoor to steal financial information at will.MalwareI Accommodation and food service activitiesCCUS
40409/06/2017?Select RestaurantOhio-based Select Restaurant chain reports it suffered a point-of-sale breach during which customer payment card information was compromised. The breach took place between October 36, 2016 and February 3, 2017 at 12 of the company's restaurants, which are located across the United States,PoS MalwareI Accommodation and food service activitiesCCUS
40512/06/2017?Google News (via compromising of Palate Press and the Boyne City Gazette)Legitimate news sites listed on Google News replace articles with spam ads for drugs and dating sites. The incident occurred after two online wine magazine (Palate Press and the Boyne City Gazette) were hacked.Spam InjectionJ Information and communicationCCUS
40613/06/2017Russia?U.S. Electoral SystemNew investigations reveal that Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported (39 states).Targeted AttackO Public administration and defence, compulsory social securityCWUS
40714/06/2017Hidden Cobra>1The US-CERT identifies the North Korean government as being behind Hidden Cobra, a theat actor using DeltaCharlie, a DDoS botnet infrastructure that has been used to target media, financial, aerospace, and critical infrastructure organizations in the US and elsewhere.Targeted AttackY Multiple targetsCWUS
40814/06/2017?Android UsersSecurity firm Trend Micro reveals that over 800 Android apps on Google Play have been found infected with Xavier, a "silent" data stealing and leaking malware. The malicious adware has been around since 2016 and functions under the radar, making it difficult to detect its activities.MalwareX IndividualCC>1
40914/06/2017?CashCrateMotherboard reveals that hackers made off with 6 million user accounts for CashCrate, a site where users can be paid to complete online surveys.UnknownJ Information and communicationCCUS
41014/06/2017?ATMs in IndiaATMs in India are under attack via Rufus, a Chinese malware targeting cash machines running outdated Windows XP.MalwareK Financial and insurance activitiesCCIN
41114/06/2017?NayanaA South Lorean Web-hosting service provider, Nayana, agrees to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites via the Erebus ransomware.MalwareJ Information and communicationCCKR
41215/06/2017?University College LondonUniversity College London is hit by a “major” ransomware attack which brings down its shared drives and student management system. The attack also leads to a number of hospital trusts suspending their email servers as a precautionary measure, in an attempt to prevent the repetition WannaCry epidemic.MalwareP EducationCCUK
41315/06/2017?Ulster UniversityThe Ulster University is also hit by Ransomware.MalwareP EducationCCUK
41415/06/2017?BitfinexBitfinex, the world’s largest US dollar-based Bitcoin exchange, is still suffering from the effects of a DDoS attack on its systems earlier this week, rendering IOTA deposits unavailable for users.DDoSV FintechCCHK
41515/06/2017Attackers from NigeriaMultiple Industrial FirmsKaspersy Lab reveal the details of a massive BEC campaign targeting over 500 companies, mostly in the industrial and transportation sector, from 50 countries.Account Hijacking (Business Email Compromise)Y Multiple TargetsCC>1
41614/06/2017?Waverly Health CenterWaverly Health Center is hit by ransomware, causing the medical facility to shut down their IT systems.MalwareQ Human health and social work activitiesCCUS
41716/06/2017?The Buckle Inc.The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, discloses that its retail locations have been hit by malicious software designed to steal customer credit card data.PoS MalwareG Wholesale and retail tradeCCUS
41816/06/2017?Lori SattlerLori Sattler, a state Supreme Court judge, is scammed out of more than $1 million after being fooled by an email she thought had been sent by her real estate lawyer, sending the money to an account to Commerce Bank of China.Account HijackingX IndividualCCUS
41916/06/2017?Unnamed Italian OrganizationsResearchers from security firm Yoroi reveal the details of a False Flag Attack on Multi-Stage Delivery of Malware aimed to target Italian OrganizationsMalwareY Multiple targetsCCIT
42016/06/2017FIN10Canadian Mining, Casino IndustriesFireEye reveals the details of FIN10, a previously unknown threat actor that has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign active since 2013.Targeted AttackY Multiple targetsCCCA
42116/06/ hacker calling himself Vigilance hacks a database belonging to the Minnesota state government, and steals about 1,400 email addresses and passwords.UnknownO Public administration and defence, compulsory social securityHUS
42218/06/2017MoRo4 School Districts in FloridaIt looks like two months before the U.S. Presidential Elections. MoRo, a group of hackers from Morocco allegedly tried to hack the US voting systems. In an attempt, they hacked four school districts from Florida.MalwareP EducationHUS
42319/06/2017?Argentina's Army WebsiteArgentina's army says that its website has been hacked and images purported to be of members of the Islamic State militant group were posted on it.DefacementO Public administration and defence, compulsory social securityHAR
42419/06/2017CyberTeamSkypeA hacking group called CyberTeam claims responsibility for a DDoS attack against Skype.DDoSJ Information and communicationCCUS
42519/06/2017Mexican GovernmentMexico’s most prominent human rights lawyers, journalists and anti-corruption activistsThe New York Time reveals that Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by Pegasus, an advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.MalwareX IndividualCEMX
42620/06/2017AdGholas>1ProofPoint reveals the details of a massive malvertising campaign carried on by the AdGholas group and aimed to distribute ransomware.MalvertisingY Multiple targetsCC>1
42721/06/2017?UkraineOne week before NotPetya, a researcher dubbed MalwareHunter spots a ransomware campaign called PSCrypt targeting Ukraine.MalwareY Multiple targetsCWUA
42822/06/2017Russia?Election Systems in 21 US StatesJeanette Manfra of the Department of Homeland Security (DHS), during her testimony before a Senate panel, reveals that Russian hackers targeted election systems in 21 US states during last year's campaign.Targeted AttackO Public administration and defence, compulsory social securityCWUS
42922/06/2017Russia?US County DatabaseNew details emerge about the alleged hacks before the 2016 elections. Ken Menzel, general counsel of the State Board of Elections, reveals that nearly 90,000 records containing personal information were accessed by Russian hackers, with 90 percent of those records containing some kind of personal information.Targeted AttackO Public administration and defence, compulsory social securityCWUS
43022/06/2017?MicrosoftBritish police announces to have arrested two suspects part of an international group that hacked into Microsoft's network.UnknownJ Information and communicationCCUS
43122/06/2017?Airway OxygenAirway Oxygen notifies that a ransomware attack in mid-April resulted in the compromise of data belonging to 550,000 customers and employees.MalwareC ManufacturingCCUS
43222/06/2017OceanLotusSingle Individuals in VietnamResearchers from Palo Alto Networks reveal that the alleged Vietnamese ATP group OceanLotus has evolved its Mac spyware trojan, creating one of the most advanced backdoors never seen on macOS.Targeted AttackX IndividualCEVN
43322/06/2017BlackTechTargets in East AsiaTrend Micro reveals the details of a cyberespionage group dubbed BlackTech operating against targets in East Asia focusing on Taiwan and occasionally Japan and Hong Kong with the goal of stealing technology.Targeted AttackY Multiple targetsCE>1
43422/06/2017?Cleveland Medical AssociatesCleveland Medical Associates reveals the details of a ransomware attack happened on April 21, 2017.MalwareQ Human health and social work activitiesCCUS
43523/06/2017?UK ParliamentUp to 90 email accounts are compromised amid a brute-force cyber-attack on UK Parliament.Brute ForceO Public administration and defence, compulsory social securityCCUK
43623/06/2017Russia?British cabinet ministers, ambassadors and senior police officersThe Times reports that passwords belonging to British cabinet ministers, ambassadors and senior police officers are traded online by Russian hackers.UnknownO Public administration and defence, compulsory social securityCCUK
43723/06/2017?MicrosoftA massive trove of Microsoft's internal Windows 10 operating system builds and portions of its core source code (a total of 32TB) are leaked online.UnknownJ Information and communicationCCUS
43825/06/2017Team System DZOhio Gov. John Kasich’s WebsiteOhio Gov. John Kasich’s website is hacked, appearing to show pro-ISIS propaganda. Ohio first lady Karen Kasich’s website, along with the Ohio Department of Rehabilitation and Corrections website, are also hackedDefacementO Public administration and defence, compulsory social securityHUS
43927/06/2017?UkraineA new ransomware outbreak appears in Ukraine and spreads rapidly all over the world. The malware is called NotPetya or Nyetya. The initial vector is a rogue update from a local accounting software called MeDoc.MalwareY Multiple targetsCW>1
44027/06/2017?8tracksMotherboard reveals that millions of accounts for internet radio service 8tracks are being traded on the digital underground. The total number of affected account could be as high as 18 million.UnknownR Arts entertainment and recreationCCUS
44128/06/2017Hackers linked to Russia?At least a dozen U.S. power plantsHomeland Security and the FBI send out a general warning about hackers working for a foreign government, which recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas.Targeted AttackD Electricity gas steam and air conditioning supplyCWUS
44228/06/2017?Ventura County Office Of EducationThe websites of numerous school districts in Ventura County go offline amid an attack able to redirect users to a group's webpage where pro-ISIS views were postedUnknownP EducationCCUS
44328/06/2017?Wooster-Ashland Regional Council of GovernmentsThe Wooster-Ashland Regional Council of Governments computer network is hacked and more than 200,000 records in are compromised.UnknownO Public administration and defence, compulsory social securityCCUS
44429/06/2017?ClassicEtherWallet.comAn unknown attacker gains control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency, being able to phish credentials and redirect transactions. Based on reported cases, the hacker might have siphoned off nearly $300,000 worth of ETC funds from hacked accounts.DNS HijackingV FintechCCN/A
44529/06/2017?UkraineMalwareHunter spots a fourth ransomware campaign focused on Ukraine. The campaign follows the same patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya.MalwareY Multiple targetsCWUA
44629/06/2017?BithumbThe largest bitcoin and ether exchange in South Korea by volume, Bithumb, is hacked. The losses could be around ten million South Korean Won (approx USD 8,700).Account HijackingV FintechCCKR
44729/06/2017?Two Israeli HospitalsResearchers from Trend Micro discover a malware, dubbed WORM_RETADUP.A, targeting two Israeli hospitals with highly obfuscated information-stealing malware that abuses LNK shortcut files.MalwareQ Human health and social work activitiesCEIL
44801/07/2017?PVHS-ICM Employee Health and WellnessPVHS-ICM Employee Health and Wellness notifies his patients to have been hit by a ransomware attack.MalwareQ Human health and social work activitiesCCUS
44903/07/2017?MedicareThe Guardian reveals that a darknet trader is illegally selling the Medicare patient details of any Australian on request by “exploiting a vulnerability” in a government system.Undisclosed VulnerabilityQ Human health and social work activitiesCCAU
45003/07/2017?GoogleIn the wake of the breach occurred to Sabre Hospitality Solutions earlier in May, the personal details of a small number of Google staffers have been exposed, according to a notification letter Google sends out to affected employees.Account HijackingJ Information and communicationCCUS
45106/07/2017?Hard Rock Hotels & CasinosAnother consequence of the Sabre breach, Hard Rock Hotels and & Casinos reveals that for seven months, attackers had unauthorized access to a third-party reservation system, which allowed them to attain unencrypted credit card payment information, as well as guest names, addresses and phone numbers.Account HijackingI Accommodation and food service activitiesCCUS
45206/07/2017?Loews HotelsAnd the same happens for luxury hotel chain Loews Hotels.Account HijackingI Accommodation and food service activitiesCCUS
45306/07/2017?Four Seasons Hotels and ResortsAnd the list of the victims of the Sabre attack also includes Four Seasons Hotels and Resorts.Account HijackingI Accommodation and food service activitiesCCUS
45406/07/2017?Android DevicesCheck Point reveals the details of CopyCat, a new strain of a malware that has infected more than 14 million Android devices around the world, rooting phones and hijacking apps to make millions in fraudulent ad revenue.MalwareX IndividualCC>1
45506/07/2017?Android DevicesTrend Micro reveals the details of SLocker, a variant of the oldest lock-screen and file-encrypting, using the WannaCry interface.MalwareX IndividualCC>1
45607/07/2017?gandi.netFrench domain registrar Gandi loses control over 751 customer domains, which have their DNS records altered to point incoming traffic to websites hosting exploits kits.DNS HijackingJ Information and communicationCCFR
45707/07/2017?B&B TheatresB&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems starting in September 2015.MalwareR Arts entertainment and recreationCCUS
45807/07/2017?Critical infrastructure and energy companies around the world, primarily in Europe and the United StatesTalos reveals the details of an email-based attack targeting the energy sector, including nuclear power for multiple energy companies around the world, primarily in Europe and the US.Targeted AttackD Electricity gas steam and air conditioning supplyCE>1
45908/07/2017?Avanti MarketsAvanti Markets, a self-service payment kiosks vendors acknowledges to have suffered of breach of its internal networks in which hackers were able to push malicious software out to payment devices.MalwareC ManufacturingCCUS
46008/07/2017?Deep HostingDeep Hosting, a Dark Web hosting service, admits to have suffered a major security incident during which "some sites have been exported"Remote ShellG Wholesale and retail tradeCCN/A
46109/07/2017?Reliance JioPersonal details of some 120 Million Reliance Jio customers are exposed on the Internet in probably the biggest breach of personal data ever in India.UnknownJ Information and communicationCCIN
46209/07/2017?Real Estate Business Services (REBS)Real Estate Business Services (REBS), a subsidiary of the California Association of Realtors, acknowledges to have suffered a data breach that exposed user information for a two-month period earlier this year.PoS MalwareL Real estate activitiesCCUS
46310/07/2017?Swiss BanksResearchers from Trend Micro discover a new variant of the Operation Emmental, targeting the Swiss banks using a variant of the DoK Mac OS X malware.MalwareK Financial and insurance activitiesCCCH
46410/07/2017?Android DevicesResearchers from McAfee reveal the details of a mobile ransomware known as LeakerLocker, threatening to dox users as a mean of extortion.MalwareX IndividualCC>1
46511/07/2017?Trump International Hotels ManagementTrump International Hotels Management reveals that the data breach to Sabre Corp, occurred in May 2017, compromised card payment details at 14 of its properties. The compromised information included payment card numbers and card security codes for some of the hotel chain's reservations.MalwareI Accommodation and food service activitiesCCUS
46611/07/2017?Single IndividualsTrend Micro reveals the details of a surging campaign using a remote access tool (RAT) known as Adwind, which has the ability to steal passwords, collect keystrokes and covertly record audio using an infected device's microphone.MalwareX IndividualCCUS
46711/07/2017?Mansfield 103.2The UK Communications Regulator (Ofcom) is hunting a pirate who persistently overrides frequency of Mansfield 103.2 to play a modified version of "The Winker’s Song".UnknownJ Information and communicationCCUK
46811/07/2017?Community Care of St. Catharines and ThoroldCommunity Care of St. Catharines and Thorold notifies to be still recovering from a cyberattack that shut its computers down for more than a week.MalwareQ Human health and social work activitiesCCUS
46913/07/2017?Unfinished Wordpress InstallationsResearchers from security firm Wordfence say they have observed a wave of web attacks that took aim at unfinished WordPress installations.Account HijackingX IndividualCC>1
47014/07/2017?Square EnixSquare Enix attributes the connectivity issues that have plagued Final Fantasy 14's Stormblood expansion since its release in June on continuous distributed denial-of-service (DDoS) attacks from a third party.DDoSR Arts entertainment and recreationCCJP
47114/07/2017?Peachtree Neurological ClinicWhile investigating a ransomware incident, Peachtree Neurological Clinic discovers that its computer system previously had been accessed without its knowledge by unauthorized individuals between February 2016 and May 2017.UnknownQ Human health and social work activitiesCCUS
47215/07/2017?Republic of Ireland’s Power GridThe Times reveals that hackers backed by the Russian government have attacked energy networks running the national grid in parts of the UK. In particular the hackers targeted the Republic of Ireland’s energy sector, aiming to infiltrate control systemsTargeted AttackD Electricity gas steam and air conditioning supplyCWUK
47316/07/2017?South Carolina's Voter Registration SystemAccording to a post-election report by the South Carolina State Election Commission, South Carolina's voter registration system was reportedly hit by almost 150,000 hack attempts on Election Day 2016.>1O Public administration and defence, compulsory social securityCWUS
47416/07/2017?Twitter usersZeroFOX Threat Research reveal the details of a large-scale, spam pornography botnet on Twitter dubbed SIRENAccount HijackingX IndividualCC>1
47517/07/2017?UK Energy SectorThe National Cyber Security Centre (NCSC), part of the UK's intelligence agency GCHQ, issues a warning about hackers targeting the country's energy sector, and says that some industrial control system organizations are likely to have been successfully compromised.Targeted AttackD Electricity gas steam and air conditioning supplyCWUK
47617/07/2017?CoinDashAn unknown hacker takes over the official website of the CoinDash platform and modifies an Ethereum wallet address during the company's ICO (Initial Coin Offering) being able to steal $7 million worth of Ethereum.UnknownV FintechCCUS
47717/07/2017?Android UsersTrend Micro reveals the details of GhostCtrl, an Android malware able to take control of devices to spy, steal and do its bidding.MalwareX IndividualCC>1
47817/07/2017?Customers of international and U.S.-based financial institutions.Researchers from Flashpoint observe a new, Necurs-powered Trickbot spam campaign developed to target and infect customers of international and U.S.-based financial institutions.MalwareK Financial and insurance activitiesCC>1
47918/07/2017?Women’s Health Care Group of PA (WHCGPA)Women’s Health Care Group of PA (WHCGPA) reveals to have been hit by ransomware on May 16, 2017. 300,000 patient records are affected.MalwareQ Human health and social work activitiesCCUS
48018/07/2017?KQEDKQED, a San Francisco radio station is still recovering from a ransomware attack, nearly one month after.MalwareJ Information and communicationCCUS
48118/07/2017?Sarah HylandNude photos and video of Sarah Hyland are leaked online.Account HijackingX IndividualCCUS
48219/07/2017DarkHotelPolitical figures and senior business usersBitdefender reveals a new high-level spear-phishing attack targeting political figures and senior business users. Dubbed 'Inexsmar', the attack appears to be operated by the DarkHotel group, which has been perpetrating similar threats since 2007.Targeted AttackX IndividualCE>1
48319/07/2017?Individuals using Parity's Ethereum walletA vulnerability in Parity's Ethereum wallet software is exploited by thieves to rob victims on a massive scale. Targeted accounts are drained of 150,000 coins worth just over US$30 million at the current price.VulnerabilityX IndividualCC>1
48419/07/2017?LoblawsAccording to an email sent out to Loblaws account holders, the security of a ‘small number’ of accounts has been compromised, marking the second time the company has suffered a security breach this year. Comprised websites include, and, as well as other Loblaws grocery chain websites.UnknownG Wholesale and retail tradeCCCA
48520/07/2017?Kansas Department of CommerceA security breach in the Kansas Department of Commerce exposes millions of Social Security numbers from people across 10 states to hackers. Many other accounts are also attacked.UnknownO Public administration and defence, compulsory social securityCCUS
48620/07/2017?Newcastle UniversityNewcastle University issues an alert, warning prospective students to be careful when seeking to apply and pay online for courses, after discovering the existence of a sophisticated phishing scam.Account HijackingP EducationCCUK
48720/07/2017?Android UsersAccording to a new report released by ESET, over 500,000 users have had their computers infected with a stealthy malware named Stantinko.MalwareX IndividualCC>1
48821/07/2017?Bank of America customersA new campaign targets Bank of America customers via emails pretending to be from representatives of the Bank of America.Account HijackingK Financial and insurance activitiesCCUS
48921/07/2017?University of Vermont Medical CenterUniversity of Vermont Medical Center notifies 2,300 patients of a phishing incident occurred back in May 2017.Account HijackingQ Human health and social work activitiesCCUS
49023/07/2017chikri95Kylie Jenner's Snapchat accountKylie Jenner's Snapchat account is hacked. The attacker claims to reveal nude pictures.Account HijackingX IndividualCCUS
49123/07/2017@headassgangVictoria Justice's Twitter accountVictoria Justice's Twitter account is hacked. The attacker claims to reveal nude pictures.Account HijackingX IndividualCCUS
49224/07/2017?VeritaseumAnother day another Ethereum related breach. This time the target is Veritaseum, whose Initial Coin Offering (ICO) suffers a data breach in which around US$8.4 million worth of Ethereum are stolen.UnknownV FintechCCUS
49324/07/2017Spring DragonSome high-profile organizations around the South China Sea.Kaspersky Lab reveals the details of a new wave of attacks carried on by a long running APT actor dubbed Spring Dragon.Targeted AttackY Multiple targetsCECN
49425/07/2017?Over 110,000 people from EdinburghCybercriminals have reportedly been found selling personal information of over 110,000 people from Edinburgh on an unspecified dark web marketplaceUnknownO Public administration and defence, compulsory social securityCCUK
49525/07/2017LoganOver 40 million US voter recordsA dark web vendor is reportedly selling over 40 million US voter records from nine states in an underground market called RaidForums. The data being sold allegedly includes full names, addresses, voter IDs, voter status and party affiliations.Account HijackingO Public administration and defence, compulsory social securityCCUS
49625/07/2017CopyKittensSeveral countries including Israel, Saudi Arabia, the United States, Germany, Jordan and TurkeyTrend Micro reveals the details of a new massive cyber espionage campaign called "Operation Wilted Tulip", carried on by CopyKittens, an Iran-linked cyber espionage group targeting several countries including Israel, Saudi Arabia, the United States, Germany, Jordan and Turkey.Targeted AttackY Multiple targetsCE>1
49725/07/2017?Single IndividualsKaspersky Lab analysts detect CowerSnail, a malicious program for Windows apparently created by the same group responsible for SambaCry.MalwareX IndividualCC>1
49825/07/2017?942,609 Yorkshire peopleThe Yorkshire Post reveals that the personal data of 942,609 Yorkshire people is listed for sale on an underground marketplace.Account HijackingX IndividualCCUK
49926/07/2017?Android UsersGoogle discovers a new family of spyware called Lipizzan containing references to a cyber arms company called Equus Technologies.MalwareX IndividualCE>1
50026/07/2017?UniCreditUniCredit SpA, Italy’s No. 1 bank, says that hackers took biographical and loan data from 400,000 client accounts. The attack occurred in September and October of 2016 and June and July of this year.Unknown (third party breach)K Financial and insurance activitiesCCIT
50127/07/2017Russia?Macron CampaignReuters reveals that Russian intelligence agents attempted to spy on President Emmanuel Macron's election campaign earlier this year by creating phony Facebook personas.Account HijackingO Public administration and defence, compulsory social securityCEFR
50227/07/2017?Virgin AmericaVirgin America confirms that a hacker broke into its corporate network earlier this year on March 13.UnknownH Transportation and storageCCUS
50327/07/2017CobaltGipsy (a group allegedly linked to Iran)Several entities in the Middle East and North Africa with a focus on Saudi Arabian organizationsSecurworks reveal the details of a group, allegedly linked to Iran, dubbed "Cobalt Gypsy", reportedly using well-established fake online personas of attractive women to befriend targets, gain their trust and later dupe them into opening malicious software that could provide hackers with "full access" to private computer networks.Targeted AttackY Multiple targetsCE>1
50427/07/2017?Critical InfrastructuresThe Epoch Times reveals that an underground dark web marketplace, dubbed CMarket, is selling access to the private computer networks of critical infrastructure targets, including power plants, government departments, hospitals, financial firms and airlines in exchange for bitcoinUnknownY Multiple targetsCC>1
50527/07/2017?Unnamed Canadian OrganizationCytelligence reveals that an undisclosed Canadian organization has reportedly paid criminals $425,000 in bitcoin after its systems were crippled in a ransomware attack.MalwareZ UnknownCCCA
50628/07/2017?CIAWikiLeaks publishes three new alleged CIA hacking tools as part of its new Vault 7 dump.UnknownO Public administration and defence, compulsory social securityHUS
50728/07/2017?Plastic Surgery AssociatesPlastic Surgery Associates reveals that a data breach may have compromised patient records after it was hit with a ransomware attack earlier this year on 12 February.MalwareQ Human health and social work activitiesCCUS
50828/07/2017?Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL)The author of the BrickerBot malware claims responsibility for a cyber-attack that took place in various Indian states and causes over 60,000 modems and routers to lose Internet connectivity.MalwareJ Information and communicationCCIN
50928/07/2017?Android UsersSecurity researchers from Dr.Web find the Triada malware inside the firmware of several low-cost Android smartphones, such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20.MalwareX IndividualCC>1
51028/07/2017?WestJetWestJet says it is working with police in Calgary and the RCMP cybercrime unit after some members' profile data were disclosed online.UnknownH Transportation and storageCCCA
51131/07/2017?HBOHBO joins the ranks of Hollywood entertainment companies to suffer a major cyber attack. The company network is compromised and the attacker claim to have stolen 1.5 TB of data. Few days after they leak an episode of the new season of Games of ThronesUnknownR Arts entertainment and recreationCCUS
51231/07/2017?Android UsersKaspersky Lab reveals the details of a new variant of the Svpeng trojan working as a keylogger and stealing data through the accessibility services.MalwareX IndividualCC>1
51331/07/2017?Mandiant (a FireEye company)A Mandiant threat intelligence analyst is the victim of Operation #LeakTheAnalyst. Attackers infiltrate his computer for more than a year and leak some internal data.Targeted AttackJ Information and communicationCCUS
51431/07/2017?Wix.comWebsite-building service reveals to have been the subject of a massive cyber-attack in April 2016 when a botnet of rogue Chrome extensions was creating Wix websites to spread itself to new users.MalwareJ Information and communicationCCUS
51531/07/2017FIN7U.S.-based chain restaurantsProofPoint researchers reveal that the threat actor commonly referred to as FIN7 has added a new JScript backdoor called Bateleur and updated macros to its toolkit to target U.S.-based chain restaurants.Targeted AttackI Accommodation and food service activitiesCCUS
51631/07/2017?Copyfish Chrome Web Store AccountPhishers hack Copyfish, an extension for Google Chrome, after compromising the Chrome Web Store account of German developer team a9t9 software and abuse to distribute spam messages to unsuspecting users.Account HijackingX IndividualCCDE
51701/08/2017?University of California Los AngelesUCLA reports a cyberattack against a Summer Sessions & International Education Office server that contains personal information provided by students. The attack happened on May 18 and affects potentially up to 32,000 students.UnknownP EducationCCUS
51801/08/2017?Chinese Telecom FirmThe Kaspersky Lab Q2 2017 DDoS Intelligence Report reveals the details of a DDoS attack launched against a Chinese Telecom Firm, lasting for 11 days.DDoSJ Information and communicationCCCN
51901/08/2017?Single IndividualsMalware researcher Jakub Kroustek from Avast discovers an anti-Israel & pro-Palestinian data wiper dubbed IsraBye.MalwareX IndividualCCIL
52001/08/2017?Big Screen in Cardiff's Queen StreetA big screen in Cardiff’s main shopping street, Queen Street, is reportedly hacked with images of swastikas and messages about ‘Shariah’ appearing.UnknownS Other service activitiesCCUK
52101/08/2017?Users of Node.jsA two-week-old campaign to steal developers' credentials using malicious code distributed through npm, the Node.js package management registry, is halted with the removal of 39 malicious npm packages.Malware via TyposquattingX IndividualCC>1
52201/08/2017?Kaleida HealthKaleida Health notifies 2,789 patients about a phishing incident happened on May 24.Account HijackingQ Human health and social work activitiesCCUS
52302/08/2017?Chrome Web Store Account for Web DeveloperThe Chrome Web Store Account for Web Developer, a popular extension, is compromised via a phishing trick, and pushes adware to millions.Account HijackingX IndividualCCUS
52403/08/ Indian hacker going by the online handle of Ne0-H4ck3r defaces the official government portal of Pakistan (, leaving a deface page along with a message and a patriotic Indian song.DefacementO Public administration and defence, compulsory social securityCWPK
52504/08/2017?Ariana Grande Instagram accountAriana Grande is the latest celebrity that gets hacked. This time her Instagram account is hacked.Account HijackingX IndividualCCUS
52606/08/2017?Surgical Dermatology GroupSurgical Dermatology Group notifies patients after its cloud hosting and server management provider TekLinks discovers a security breach dating back to March 23, 2017.UnknownQ Human health and social work activitiesCCUS
52707/08/2017?Ukrposhta (Ukraine National Postal Service)The website for Ukraine's national postal service Ukrposhta was recently taken down by DDoS attacks for two days in a row, Interfax reports.DDoSO Public administration and defence, compulsory social securityCCUA
52807/08/2017?Steve Weichert Twitter AccountSteve Weichert, a politician running for District 17’s State Senate Seat in the 2018 election reveals that his Twitter account has been hacked. The alleged attackers post pornographic content.Account HijackingX IndividualCCUS
52907/08/2017The Binary GuardiansAbout 40 Venezuelan websites including those of the government, the Supreme Court and the legislature.A hacking collective called The Binary Guardians defaces roughly 40 Venezuelan websites including those of the government, the Supreme Court and the legislature.DefacementO Public administration and defence, compulsory social securityHVE
53007/08/2017?Russian Speaking EnterprisesTrend Micro reveals the details of a malicious email campaign against Russian-speaking enterprises, employing a combination of exploits and Windows components to deliver a new backdoor leveraging CVE-2017-0199.Targeted AttackY Multiple TargetsCERU
53107/08/2017Turkish hackersSeveral Armenian WebsitesTurkish hackers continue to target Armenian websites. The list of the targets involved in the latest spree of attacks includes the official website of the Development Foundation of Armenia and the official website of the Civil Service Council of Armenia.UnknownO Public administration and defence, compulsory social securityCWAM
53208/08/2017?Several North Korean OrganizationsResearchers from Cylance reveal that North Korean organisations are being increasingly targeted by an unknown hacker group, using the Konni malware, a remote access trojan (RAT). In 2017 alone, three separate campaigns targeting North Korean organisations have been spotted.Malware (Konni)Y Multiple targetsCWKP
53308/08/2017?Three major banks in HungaryThe National Bank of Hungary reveals that hackers have been targeting three major banks in Hungary with a slew of phishing attempts.Account HijackingK Financial and insurance activitiesCCHU
53409/08/2017?Corporations in Brazil and Saudi ArabiaResearchers at Kaspersky Lab reveal that a new run of Mamba infections have been spotted again in Brazil and Saudi Arabia.MalwareY Multiple targetsCCBR SA
53509/08/2017?Kenya Electoral Commission IT SystemKenya opposition presidential candidate Raila Odinga claims the electoral commission's IT system has been hacked to manipulate the election results.Account HijackingO Public administration and defence, compulsory social securityCCKE
53611/08/2017APT28Hotel Wi-Fi UsersResearchers from FireEye reveal that APT28 AKA Fancy Bear have been using the infamous Eternal Blue vulnerability in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks.Targeted AttackY Multiple targetsCE>1
53711/08/2017?Single IndividualsSophosLabs warn of a fresh spike of attacks due to new variants of the well known Emotet malware.MalwareX IndividualCC>1
53812/08/2017AnonymousOfficial website of CharlottesvilleThe Anonymous claim responsibility for carrying out a DDoS attack on the official website of Charlottesville city Virginia. The attack is conducted under the banner of #OpDomesticTerrorismDDoSO Public administration and defence, compulsory social securityHUS
53912/08/2017Unknown Iraqi developerAndroid usersResearchers from mobile security firm Lookout say they found at least three Android apps on the Google Play Store containing a form of advanced spyware they believe was created by an Iraqi developer. The malware author modified a version of the official Telegram app.MalwareX IndividualCC>1
54013/08/2017?Blizzard EntertainmentThe web servers of Blizzard Entertainment suffer a series of massive distributed denial-of-service (DDoS) attacksDDoSR Arts entertainment and recreationCCUS
54114/08/201731337FireEyeA group of hackers called 31337 leaks a second dump of data allegedly stolen from security company FireEye.Account HijackingJ Information and communicationCCUS
54214/08/2017The Lazarus GroupIndividuals involved with US Defense ContractorsResearchers from Palo Alto Networks reveal the details of a new operation carried on by the North Korea-linked Lazarus Group against individuals involved with US Defense Contractors.Targeted AttackO Public administration and defence, compulsory social securityCEUS
54314/08/2017?7 Chrome ExtensionsResearchers from ProofPoint reveal that seven additional Chrome Extensions have been compromised after their author’s Google Account credentials were stolen via a phishing scheme.Account HijackingX IndividualCC>1
54415/08/2017? (Chinese Attackers)NetSarangResearchers at Kaspersky Lab find a well-hidden backdoor in NetSarang's server management software. It is assumed someone (allegedly from China) managed to hack into NetSarang's operations and silently insert the backdoor ShadowPad.MalwareJ Information and communicationCEKR
54515/08/2017?Scottish ParliamentOfficials reveal that the Scottish Parliament has been targeted by a "brute force" cyber attack. The attack, from "external sources", was similar to that which affected Westminster in June.Brute ForceO Public administration and defence, compulsory social securityCEUK
54615/08/2017Unnamed Nigerian criminal4,000 organizations worldwideResearchers from Check Point reveal the details of an operation targeting 4,000 organizations worldwide, carried on by an unnamed Nigerian criminal under the motto "Get Rich or Try Dying".MalwareY Multiple targetsCC>1
54716/08/2017OurMineSeveral HBO Twitter AccountsSeveral HBO Twitter accounts are taken over by the notorious OurMine hacking group, posting #HBOHacked messages and warnings about security. Affected accounts include the main HBO Twitter account, as well as those for TV shows including Game of Thrones and Girls.Account HijackingR Arts entertainment and recreationCCUS
54816/08/2017?OSHA (Occupational Safety and Health Administration)OSHA suspends user access to the Injury Tracking Application (ITA) after the Department of Homeland Security notifies the Department of Labor of a potential compromise of user information.UnknownO Public administration and defence, compulsory social securityCCUS
54917/08/2017TurlaG20 ParticipantsProofPoint reveals that Turla appears to be actively targeting G20 participants and those interested in its activities including policymakers, member nations and journalists. The analysis is based on the discovery of a new JavaScript dropper for a backdoor called KopiLuwak that Turla has been known to use.Targeted AttackO Public administration and defence, compulsory social securityCE>1
55017/08/2017Anonymous22 GOP SenatorsHacktivist collective Anonymous reportedly leaks the private contact details of 22 GOP senators, in the wake of the Charlottesville violence and US President Donald Trump's controversial response to the event, asking for Trump's impeachment.UnknownO Public administration and defence, compulsory social securityHUS
55117/08/2017?Android UsersResearchers from Kaspersky Lab discover a new version of the malicious Android banking Trojan Faketoken, targeting users of popular apps for booking taxis and paying traffic tickets.MalwareX IndividualCC>1
55218/08/2017AnonymousNHS (via SwiftQueue)A member of the Anonymous hacking collective claims to have stolen data belonging to 1.2 million patients of the United Kingdom's National Health Service (NHS). The breach affected SwiftQueue, a software provider of dashboard and metrics solutions to healthcare clinics, according to which only 32,000 records were stolen.UnknownQ Human health and social work activitiesHUK
55318/08/2017?Single IndividualsA second wave of the Locky ransomware variant called IKARUSdilapidated is identified. The source of the ransomware is a botnet of zombie computers able to send 62,000 emails in three days.MalwareX IndividualCC>1
55418/08/2017?Single IndividualsTwo new Locky variants are discovered called Diablo6 and Lukitus. This new wave is boosted by the Necurs botnet.MalwareX IndividualCC>1
55519/08/2017?BittrexA fake website pretends to be the official site for Bittrex exchange, but in reality, it is a phishing domain not only stealing login credentials of unsuspecting users but also the money saved in the exchange.Account HijackingV FintechCCUS
55619/08/2017?Pacific Alliance Medical CenterPacific Alliance Medical Center notifies 266,123 patients of a ransomware incident occurred on June 14MalwareQ Human health and social work activitiesCCUS
55720/08/2017?Official Twitter and Facebook PlayStation accountsThe official Twitter and Facebook PlayStation accounts are taken over by the hacking group OurMine. The attackers also claim to have managed to access a PSN database.Account HijackingR Arts entertainment and recreationCCJP
55821/08/2017?LGGlobal consumer electronics manufacturer LG confirms it had to shut down some parts of its network after systems fell victim to WannaCry ransomware. More security news. Ransomware is found on an LG self-service kiosk in South Korea.MalwareC ManufacturingCCKR
55921/08/2017?Sinopec’s Shengli OilfieldSinopec’s Shengli Oilfield says it will cut its Internet connection for some of its offices after a ransomware attacked 21 of its Internet terminals.MalwareD Electricity gas steam and air conditioning supplyCCCN
56021/08/2017?Enigma Blockchain ProjectAnother attack exploiting an Initial Coin Offering. As much as $500,000 in ether is stolen from supporters of the Enigma blockchain project following a security compromise. Attackers are able to take control of the project’s website domain, one of the administrator accounts on its Slack channel and its mailing lists. Once in control, the attackers distribute solicitations for an initial coin offering "presale."Account HijackingV FintechCCUS
56121/08/2017?Single IndividualsTrend Micro reveals the details of CoinMiner, a new malware family (cryptocurrency miner) using the EternalBlue exploit to infect victims and the WMI toolkit as a method to run commands on infected systems.MalwareX IndividualCC>1
56221/08/2017?Android UsersThe Lookout Security Intelligence team discovers an advertising SDK called Igexin that has the capability of spying on victims through benign apps by downloading malicious plugins. Over 500 apps available on Google Play used the Igexin ad SDK, which were downloaded over 100 million times.MalwareX IndividualCC>1
56321/08/2017?22 Malaysian websitesA group of hackers called ExtremeCrew believed to be linked to Indonesia claim responsibility for defacing at least 33 Malaysian websites after an embarrassing blunder saw the Indonesian flag printed upside down on the official guidebook for the Southeast Asian Games.DefacementY Multiple targetsCWMY
56421/08/2017?Several Stars including Tiger Woods, Katharine McPhee, Lindsey Vonn, Miley Cyrus, Kristen Stewart, Stella Maxwell and Dakota JohnsonFappening 2017: private nude photos of various naked stars emerge, including Tiger Woods, Katharine McPhee, Lindsey Vonn, Miley Cyrus, Kristen Stewart, Stella Maxwell and Dakota Johnson.UnknownX IndividualCC>1
56521/08/2017?Android UsersAndroid users are warned to avoid two applications discovered on the Google Play Store, after they were found to be laced with the notorius BankBot Trojan.MalwareX IndividualCC>1
56622/08/2017APT28 AKA Fancy BearsSeveral Football playersAPT 28 AKA Fancy Bears release documents alleging 'drug use' in football.UnknownX IndividualCC>1
56722/08/2017?Single IndividualsEasyJet warns Facebook users over an online scam offering free flights.Account HijackingX IndividualCC>1
56822/08/2017?Single IndividualsResearchers from FireEye discover a new global malvertising campaign using the Neptune Exploit Kit (AKA Terror) to drop the Monero coin miner.MalvertisingX IndividualCC>1
56922/08/2017?Crystal Finance MillenniumHackers breach the servers of Crystal Finance Millennium (CFM), another Ukraine company that makes accounting software for local businesses, sparking fear of a new global cyberattack.MalwareJ Information and communicationCCUA
57022/08/2017?Worldwide gamersSecurity researchers from ESET discover a new malware, dubbed Joao, targeting gamers around the world.MalwareX IndividualCC>1
57123/08/2017OurMineFC Barcelona Twitter and Facebook AccountsThe OurMine collective takes over the official Twitter and Facebook accounts of Barcelona and falsely announce the signing of Angel Di Maria from Paris Saint-Germain.Account HijackingR Arts entertainment and recreationCCES
57223/08/2017?Counter-Strike: Global Offensive (CS:GO) playersSentinel One reveals the details of a campaign targeting Counter-Strike: Global Offensive (CS:GO) players. A malicious version of a cheating tool called vHook installs a Monero miner detected under the name of OSX.Pwnet.A.MalwareX IndividualCC>1
57323/08/2017?HIDS4UUK firm HIDS4U, warns customers to be wary of phishing emails after it came to light that a database of customers was found on a hacked website.Account HijackingC ManufacturingCCUK
57423/08/2017?Multiple IndustriesFlashpoint reveals the details of a business email compromise campaign emanating out of Western Africa, and targeting companies in a wide swathe of industries.Account HijackingY Multiple TargetsCC>1
57524/08/2017North Korea?Unnamed Bitcoin Exchange in South KoreaThe CWIC Cyber Warfare Research Center in South Korea reveals that a domestic exchange for bitcoin has been the target of an attempted hacking. Suspects are directed to North Korea.UnknownV FintechCWKR
57624/08/2017?Single IndividualsNetskope Threat Research Labs detects several samples related to a coin miner malware named Zminer, whose kill chain begins with the delivery of a drive-by executable that downloads payloads from Amazon S3 to the victim’s machine.MalwareX IndividualCC>1
57724/08/2017?Healthcare, education, manufacturing and tech sectors in the US and UKA new ransomware dubbed Defray is discovered by ProofPoint, going after the healthcare, education, manufacturing and tech sectors in the US and UK.MalwareY Multiple targetsCCUS UK
57824/08/2017?Facebook UsersKaspersky Lab reveals the details of a new multi platform malware/adware spreading via Facebook Messenger.MalwareX IndividualCC>1
57924/08/2017?DreamHostDreamHost is hit by a powerful and sustained DDoS attack after briefly hosting a new edition of the neo-Nazi website Daily Stormer.DDoSJ Information and communicationHUS
58024/08/2017?33,000 Entries of Telnet credentialsA list of 33,000 entries of Telnet credentials is discovered, sitting online on Pastebin since June 11.UnknownY Multiple targetsCC>1
58125/08/2017?NHS LanarkshireNHS services in Lanarkshire (Scotland) are hit by a new ransomware campaign. The culprit is identified as a new variant of Bitpaymer ransomware.MalwareQ Human health and social work activitiesCCUK
58225/08/2017Chinese State-Sponsored Actors (Deputy Dog? AKA APt17)Multiple TargetsProofPoint reveals the details of Operation Rat Cook, a targeted email campaign attempting a spear phishing attack using a Game of Thrones lure. The malicious attachment attempts to install a “9002” remote access Trojan (RAT) historically used by state-sponsored actors.Targeted AttackY Multiple targetsCE>1
58325/08/2017?LoopiaSwedish web hosting provider Loopia reveals to have been hacked with the attackers able to access part of the customer database.UnknownJ Information and communicationCCSE
58428/08/2017?ZazzleZazzle sends an email to customers revealing that that hackers in June used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site.Brute-forceJ Information and communicationCCUS
58528/08/2017?Indian and Pakistani EntitiesSymantec reveals to have identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues. The espionage campaign dates back to October 2016.Targeted AttackO Public administration and defence, compulsory social securityCEIN PK
58628/08/2017?US CitizensThe Internal Revenue Service (IRS) warns US citizens of a new phishing scheme that poses as official IRS communications in the hopes that victims access a link, download a file, and hopefully get infected with ransomware.MalwareX IndividualCCUS
58728/08/2017?Selena Gomez Instagram accountThe Instagram hack begins… Selena Gomez’s Instagram account is hacked and posts several nude photos of Justin BieberAccount HijackingX IndividualCCUS
58828/08/2017?South Korean Android usersSecurity researchers from McAfee reveal the details of a new Android banking Trojan dubbed MoqHao, targeting South Korean users via SMS phishing messages.MalwareX IndividualCCKR
58928/08/2017OurMineReal Madrid Twitter AccountReal Madrid’s official Twitter account is hacked with a post announcing the signing of rival Lionel Messi appearing on their feed.Account HijackingR Arts entertainment and recreationCCES
59028/08/2017?Medical Oncology Hematology ConsultantsMedical Oncology Hematology Consultants, reports a ransomware attack that affected 19,203 patients.MalwareQ Human health and social work activitiesCCUS
59129/08/2017?CeXSecond-hand electronics dealership CeX notifies two million customers that their personal information may have been compromised by hackers.UnknownG Wholesale and retail tradeCCUK
59229/08/2017?Swiss IndividualsThe Reporting and Analysis Centre for Information Assurance (MELANI) says that around 21,000 passwords and personal details used to access online services have been stolen and could be used illegally.UnknownX IndividualCCCH
59329/08/2017?Coinbase usersResearchers from Forcepoint discover a new variant of Trickbot variant able to monitor Coinbase exchange sites.MalwareX IndividualCC>1
59430/08/2017?Single IndividualsMore than 700 million email addresses, as well as a number of passwords, leak publicly thanks to a misconfigured spambot, in one of the largest data breaches ever.UnknownX IndividualCC>1
59530/08/2017TurlaEmbassies and Consulates in EuropeResearchers from ESET uncover Gazer, a new malware tool used by the infamous threat actor Turla to spy on embassies and consulates in Europe.Targeted AttackO Public administration and defence, compulsory social securityCE>1
59630/08/2017?Central German state of Saxony-AnhaltInternet and telephone networks at the regional parliament in the central German state of Saxony-Anhalt are offline after a ransomware attack.MalwareO Public administration and defence, compulsory social securityCCDE
59730/08/2017?CMS UsersSucuri detects a massive online scanning campaign that's searching for websites that use the Adminer database management script.Adminer vulnerabilityY Multiple targetsCC>1
59830/08/2017?Single IndividualsSecurity researcher MalwareBreakdown releases the analysis of a new attack performed when a user visits a compromised site and is asked to install the Roboto Condensed. The fake font pack is used to install malware.MalwareX IndividualCC>1
59930/08/2017?dms[.]nwcg[.]govAnkit Anubhav of NewSky Security discovers a U.S. government website hosting a malicious JavaScript downloader, leading victims to installations of Cerber ransomware.MalwareO Public administration and defence, compulsory social securityCCUS
60030/08/2017?Kaleida HealthKaleida Health notifies (once again) 2,800 patients of a new phishing attack.Account HijackingQ Human health and social work activitiesCCUS
60131/08/2017?MacEwan UniversityMacEwan University staffers are tricked into transferring $11.8 million into scammers’ bank accounts. The majority of the money, $11.4 million, has been traced to bank accounts in Montreal and Hong Kong.Account HijackingP EducationCCCA
60231/08/2017?InstagramInstagram reveals that one or more hackers have been stealing celebrities' e-mail addresses, phone numbers, and other personal information by exploiting a bug. A database, Doxagram, is published online immediately after with the attacker claiming to have stolen 6 million records. FewInstagram API VulnerabilityJ Information and communicationCCUS
60331/08/2017China?Vietnam?Security company FireEye reveals to Reuters that cyber spies working for or on behalf of China’s government have broadened attacks against official and corporate targets in Vietnam at a time of raised tension over the South China Sea,Targeted AttackO Public administration and defence, compulsory social securityCWVN
60431/08/2017?WikiLeaksWikiLeaks’ website appears to have been hacked by the OurMine collective.DNS HijackingU Activities of extraterritorial organizations and bodiesCCINT
60531/08/2017?Free Online File ConverterAn anonymous researcher reveals that the server hosting dozens of free-to-use online file conversion websites, including,,,,, and, has been hacked several times in the past yearImageMagick VulnerabilityS Other service activitiesCCFR
60631/08/2017?Single IndividualsResearchers at Malwarebytes uncover a campaign which is harnessing RIG on hacked websites in order to distribute the Princess/PrincessLocker ransomware.MalwareX IndividualCC>1
60701/09/2017?TrueStresserA dissatisfied customer breaches the server of TrueStresser, a DDoS-for-hire service, pilfering its database, and leaking some of the content online.UnknownS Other service activitiesCCUS
60801/09/2017?Google Chrome UsersSecurity Expert Brad Duncan spot a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware.MalwareX IndividualCC>1
60901/09/2017?Alaska Department of Health and Social Services ( Alaska Department of Health and Social Services reveals to have suffered a security breach in July that may have disclosed personal information of individuals who have interacted with the Office of Children’s Services.MalwareO Public administration and defence, compulsory social securityCCUS
61001/09/2017The Dark OverlordHand Rehabilitation SpecialistsHand Rehabilitation Specialists notifies patients of a possible hack by The Dark Overlord occurred back in July.UnknownQ Human health and social work activitiesCCUS
61101/09/2017?Single Individuals in CambodiaResearchers from Palo Alto observe activity involving the Remote Access Trojan KHRAT used by threat actors to target the citizens of Cambodia.Targeted AttackO Public administration and defence, compulsory social securityCEKH
61201/09/2017?The Young Illustrator Award site administered by Meridian Secondary SchoolThe Young Illustrator Award site administered by Meridian Secondary School is taken down after being hacked.UnknownP EducationCCSG
61302/09/2017?Victoria PoliceA pirate broadcaster posing as a police officer interfere in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers.Radio Frequency HijackingO Public administration and defence, compulsory social securityCCAU
61402/09/2017?Canoe.caThe free news and entertainment portal, operated by MediaQMI Inc. and owned by Sun Media Corp. prior to 2015, wishes to inform users that some of its databases containing records from the period of 1996 to 2008 have been breached.UnknownJ Information and communicationCCCA
61504/09/2017?TaringaLeakBase, a breach notification service, obtains a copy of the hacked database of Taringa, a social network popular in Latin America, containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords.UnknownJ Information and communicationCCAR
61604/09/2017?VerritVerrit, a political fact-checking site is DDoSed almost immediately after it was endorsed by Hillary Clinton.DDoSJ Information and communicationCCUS
61704/09/2017?cpjobs.comOnline jobs platform reports an unauthorised third-party attack on the website, compromising the security of user data. Impacted pages are shut down and all users’ passwords are deactivated.UnknownN Administrative and support service activitiesCCHK
61804/09/ mongodb@tfwno.gfUnprotected MongoDB instancesSecurity researchers Dylan Katz and Victor Gevers reveal a new wave of attacks aimed to wipe unprotected MongoDB instances and asking for a ransom to have the data back. This wave, carried on by three different groups, targets 26,000 database instances.MongoDB VulnerabilityY Multiple targetsCC>1
61904/09/2017Russia?Julia Kloeckner WebsiteJulia Kloeckner, a top leader of German Chancellor Angela Merkel’s conservative party says her website has been hit by thousands of cyber attacks -- many from Russian IP addresses -- ahead of the television election debate between Merkel and her Social Democratic rival Martin Schulz.UnknownN Administrative and support service activitiesCWDE
62005/09/2017China?Multiple Political GroupsResearchers from LookOut discover a new cyberespionage tool, dubbed xRAT, suspected to have been developed and used by Chinese hackers, and used to target political groups.Targeted AttackN Administrative and support service activitiesCE>1
62105/09/2017?West Australian TAFEAn attacker infiltrates the systems of a West Australian TAFE on August 28 and September 5 and accesses the sensitive personal details of staff and more than 13,000 students.UnknownP EducationCCAU
62205/09/2017?Community Memorial Health SystemThe Community Memorial Health System sends out a notice regarding a data security breach involving patient information after a phishing attack happened on June 23.Account HijackingQ Human health and social work activitiesCCUS
62306/09/2017DragonFly 2.0Multiple US and European energy companiesSymantec reveals that nation-sponsored hackers have penetrated the operational networks that multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of peopleTargeted AttackD Electricity gas steam and air conditioning supplyCE>1
62407/09/2017?EquifaxEquifax, reveals to have been hit by a data breach could potentially affect 143 million consumers in the United States. The breach has been discovered on July 29th.Apache Struts Vulnerability (CVE-2017-5638)K Financial and insurance activitiesCCUS
62507/09/2017?AXA InsuranceAXA Insurance sends out an email to some customers informing that the personal data of 5,400 customers in Singapore has been stolen due to a cyber attack.UnknownK Financial and insurance activitiesCCSG
62607/09/2017?Tettegouche State ParkThe popular Tettegouche State Park says its computer systems have been infected with malware, authorities on 25 August and warns visitors to check their credit cards.PoS MalwareR Arts entertainment and recreationCCUS
62707/09/2017The Dark OverlordAdult Internal Medicine of North ScottsdaleAdult Internal Medicine of North Scottsdale notifies an incident affecting 11,798 patients.UnknownQ Human health and social work activitiesCCUS
62808/09/2017?Schuyler County Sheriff’s DepartmentSchuyler County Sheriff’s Department is disrupted by a hacking attack.Brute ForceO Public administration and defence, compulsory social securityCEUS
62908/09/2017?Children’s Hospital ColoradoChildren’s Hospital Colorado notifies 3,400 families after employee’s email account was improperly accessed on July 11, 2017.Account HijackingQ Human health and social work activitiesCCUS
63009/09/2017?Brazilian UsersSecurity researchers spot a malware group using Facebook's CDN servers to store malicious files used to infect users with banking trojans.MalwareX IndividualCCBR
63110/09/2017?Road Sign in ModestoAn electronic road sign in the city of Modesto, California is hacked and defaced with a message against President Donald TrumpUnknownN Administrative and support service activitiesCCUS
63211/09/2017North KoreaSouth KoreaA new report from security firm FireEye reveals that hackers from Kim Jong Un’s regime are increasing their attacks on cryptocurrency exchanges in South Korea and related sites.>1V FintechCC>1
63311/09/2017?Android UsersResearchers at Kaspersky Lab detect a new Android malware dubbed Xafecopy aiming at stealing personal and financial information of unsuspecting users around the world.MalwareX IndividualCC>1
63412/09/2017?LinkedIn UsersResearchers from Malwarebytes warn of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail.Account HijackingX IndividualCC>1
63512/09/2017?Wordpress WebsitesWordfence reveals that the popular Wordpress plugin Display Widgets, installed on approximately 200,000 installations, is infected with a backdoor and advises users to uninstall it.MalwareY Multiple targetsCC>1
63612/09/2017?4,000 Elasticsearch serversResearchers from MacKeeper find over 4,000 Elasticsearch servers hosting PoS malware strains AlinaPoS and JackPoS.PoS MalwareY Multiple targetsCC>1
63713/09/2017?Netgear WNR2000 RoutersA Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that turns infected devices into SOCKS proxies and carry out credential stuffing attacks. According to Forkbombus Labs, the US cyber-security firm that uncovered this new threat, the hacker is using CVE-2016-10176, a vulnerability targeting Netgear WNR2000 routers.MalwareX IndividualCC>1
63813/09/2017?Android UsersSecurity researchers from Trend Micro discover more apps carrying the malicious BankBot Android banking malware.MalwareX IndividualCC>1
63913/09/2017?Russian-Speaking UsersSecurity Firm FireEye reveals that the 0-day vulnerability CVE-2017-0199 in Microsoft Office was exploited by suspected nation state hackers to spread the FinSpy malwareTargeted AttackX IndividualCCRU
64014/09/2017OurMineVevoVevo, the joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc. is hacked by OurMine. Roughly 3.12TB worth of internal files are posted onlineAccount HijackingR Arts entertainment and recreationCCUS
64114/09/2017?Android UsersResearchers from Check Point find at least 50 apps in the official Google Play market, infected with a malware dubbed ExpensiveWall, that made charges for fee-based services without the knowledge or permission of users. The apps were downloaded as many as 4.2 million times.MalwareX IndividualCC>1
64214/09/2017?Single IndividualsResearchers from ESET discover a malvertising campaign delivering JavaScript code (a variant of MineCrunch AKA Web Miner) able to mine multiple cryptocurrencies inside the browser.MalvertisingX IndividualCC>1
64314/09/2017?Users in South KoreaResearchers from Trend Micro spot a new campaign leveraging the Hangul Word Processor (HWP) to target users in South Korea.Targeted AttackX IndividualCEKR
64415/09/2017?Unidentified public organisation in SingaporeAccording to a report released by the Cyber Security Agency of Singapore (CSA), an unidentified public organisation in Singapore faced a foreign "state-sponsored" cyberattack late last year.Targeted AttackO Public administration and defence, compulsory social securityCESG
64515/09/2017TurlaSwiss Defence MinistrySwitzerland’s defence ministry reveals to have detected a Cyber Attack carried on by the infamous Turla APT.Targeted AttackO Public administration and defence, compulsory social securityCECH
64615/09/2017?Augusta Medical CenterNearly five months after it happened, Augusta Medical Center announces that some patients may have had their personal information compromised by an attack on faculty email accounts.Account HijackingQ Human health and social work activitiesCCUS
64715/09/2017?Morehead Memorial HospitalMorehead Memorial says that a data breach due to a phishing attack has potentially exposed patient and employee information.Account HijackingQ Human health and social work activitiesCCUS
64812/09/2017?LitebitHackers gain access to Litebit’s backend and obtain email addresses, hashed passwords, and IBAN information, among other things. No money is stolen in the process, though.UnknownV FintechCCNL
64912/09/2017?Single IndividualsSecurity researchers at Sophos discover a new RAT called Kedi that uses Gmail to steal data from the targeted computer. The malware is disguised as a Citrix utility.MalwareX IndividualCC>1
65013/09/2017?UAE GovernmentA trove of leaking emails belonging to the UAE government reveals an alleged plot to "conquer" Qatar.UnknownO Public administration and defence, compulsory social securityCCUAE
65113/09/2017The Dark OverlordSMART Physical TherapySMART (“Sports Medicine and Rehabilitation Therapy”) Physical Therapy is the n-th victim of The Dark Overlord.UnknownQ Human health and social work activitiesCCUS
65216/09/2017?The Pirate Bay UsersA cryptocurrency miner appear on The Pirate Bay website, using the computer resources of visitors to mine Monero coins and hence spiking its visitors' CPU.Cryptocurrency MinerX IndividualCC>1
65318/09/2017?Multiple CompaniesCisco Talos publishes a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. The analysis reveals that the attack was conceived to target multiple companies including Cisco itself.MalwareY Multiple targetsCE>1
65418/09/2017The Dark OverlordColumbia Falls and Flathead County School DistrictsThe Dark Overlord sends a threatening ransom note to the Columbia Falls (Montana) school district forcing officials to shutter its schools to ensure the safety of the students.UnknownP EducationCCUS
65518/09/2017?Multiple TargetsResearchers from Kaspersky reveal the details of a new attack technique leveraging an undocumented Word feature to gather information on users.Targeted AttackY Multiple targetsCC>1
65619/09/2017?Single IndividualsResearchers from Barracuda Advanced Technology Group spot a new Locky campaign launching around 20 million fresh attacks in just a day.MalwareX IndividualCC>1
65719/09/2017?Android UsersResearchers from SfyLabs reveal the details of Red Alert 2.0, an Android malware targeting over 60 bank and social media apps on Google Play.MalwareX IndividualCC>1
65819/09/2017?The Irish National Teachers Organisation (INTO)The Irish National Teachers Organisation warns users of its online learning portal that their personal data may have been compromised following the hacking of the website. Around 30,000 users details were potentially compromised by the hack.UnknownP EducationCCIE
65919/09/2017?Google Chrome UsersSafeBrowse, a Chrome browser extension, with over 140,000 users, is found containing a JavaScript Crypto Miner based on Coinhive.MalwareX IndividualCC>1
66020/09/2017APT 33Aviation Firms in the US and Saudi ArabiaFireEye reveals the details of APT33, a group operational since 2013 and focused on the aerospace industry, successfully hacking firms with aviation in the U.S. and Saudi Arabia in the last year. Other targets include Petrochemical firms in South Korea and Saudi Arabia.Targeted AttackC ManufacturingCCUS UAE
66120/09/2017?U.S. Securities and Exchange CommissionThe U.S Securities and Exchange Commission reveals that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading. The breach was discovered in August.UnknownO Public administration and defence, compulsory social securityCCUS
66221/09/2017?Single IndividualsResearchers at MalwareHunterTeam spot a ransomware, called nRansomware, demanding naked photographies instead of Bitcoins.MalwareX IndividualCC>1
66324/09/2017?Arkansas Oral & Facial Surgery CenterArkansas Oral & Facial Surgery Center disclose a ransomware incident that may or may not have resulted in access to protected health information of as many as 128,000 patients.MalwareP EducationCCUS
66425/09/2017?DeloitteThe Guardian reveals that Deloitte, one of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients.Targeted AttackM Professional scientific and technical activitiesCCUK
66525/09/2017?Android UsersResearchers from Trend Micro reveal the details of ZNIU, the first Android malware to exploit the Dirty Cow (CVE-2016-5195) vulnerability. ZNIU has been detected in more than 40 countries, in about 1,200 and has affected so far more than 5,000 users.MalwareX IndividualCC>1
66625/09/2017? showtimeanytime.comTwo Showtime domains are found serving Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites. It is not clear if the event is the consegue of a hack or an experiment.MalwareX IndividualCCUS
66726/09/2017?Sonic Drive-InSonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, acknowledges a breach affecting an unknown number of store payment systems.PoS MalwareI Accommodation and food service activitiesCCUS
66826/09/2017?National Football League (NFL)Researchers from MacKeeper discover a misconfigured Elasticsearch database containing the details of 1,133 NFL players. Unfortunately the researchers also show evidence that criminals have been able to access the data.Misconfigured databaseR Arts entertainment and recreationCCUS
66926/09/2017The Dark OverlordAuburn Eye Care AssociatesTheDarkOverlord reveal another hack involving patient data. This time the victim is Auburn Eye Care Associates, despite the original hack dates back in June.UnknownQ Human health and social work activitiesCCUS
67027/09/2017Aslan Neferler TimDanish Ministries of Immigration and Foreign AffairsThe Ministry of Immigration and the Ministry of Foreign Affairs of Denmark, are hit by a DDoS attack thought to have come from a Turkish hacker group dubbed Aslan Neferler Tim.DDoSO Public administration and defence, compulsory social securityHDK
67128/09/2017?Whole Foods MarketWhole Foods Market says payment card information has been stolen from taprooms, restaurants and other venues located within some of its stores.PoS MalwareG Wholesale and retail tradeCCUS
67228/09/2017?Unpatched IIS 6.0 serversESET reveals that a malware author (or authors) has made around $63,000 during the past five months by hacking unpatched IIS 6.0 servers and mining Monero using CVE-2017-7269.VulnerabilityX IndividualCC>1
67328/09/2017?Free Press Fight For the FutureThe Electronic Frontier Foundation (EFF) reveals the details of “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future discovered between July 7th and August 8th of 2017.Targeted AttackJ Information and communicationCEN/A
67428/09/2017?Single IndividualsResearchers from Malwarebytes spot a campaign abusing native ad and content provider Taboola to serve malvertising,MalvertisingX IndividualCC>1
67528/09/2017?San Ysidro School DistrictMalware infect of the San Ysidro School District, deleting emails and forcing the district to temporarily shut down part of its systems.MalwareP EducationCCUS
67628/09/2017?Toms River Police DepartmentThe township of Toms River plans to notify about 3,700 people that their personal information may have been compromised by a data breach inside the police department over the summer.UnknownO Public administration and defence, compulsory social securityCCUS
67729/09/2017?Saudi Arabia’s General Entertainment Authority (GEA)Saudi Arabia’s General Entertainment Authority (GEA), says that its website had been the target of cyber attacks from outside the kingdom.DDoSO Public administration and defence, compulsory social securityCCAE
67829/09/2017?IRINN (Indian Registry for Internet Names and Numbers)Researchers from Seqrite’s Cyber Intelligence Labs discover 6000 login credentials up for sale on DarkNet, belonging to Indian ISPs, government departments and private businesses. The researchers identify the origin of the breach from the IRINN.UnknownJ Information and communicationCCIN
67929/09/2017?Wordpress UsersA cyber-criminal hides the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO" The attacker tried to leverage the reputation of a legitimate and highly popular WordPress plugin called "WP-SpamShield Anti-Spam".PHP BackdoorX IndividualCC>1
68030/09/2017?Gianfranco Dell'AlbaThe director of the General Confederation of Italian Industry group in Brussels falls victim of an email scam and transfers 500,000 EUR (590,000 USD) to an unknown bank account.Account HijackingX IndividualCCIT
68130/09/2017? reveals that a DDOS attack took down the website of the National Lottery,DDoSR Arts entertainment and recreationCCUK
68230/09/2017?R6DBR6DB, a fan-powered online gaming service that provides statistics for players of Ubisoft's tactical FPS Rainbow Six Siege, is hit by hackers, who wipe its databases and hold the data for ransom.Malicious BotR Arts entertainment and recreationCCUS
68301/10/2017?Etherparty.ioHackers disrupt the Etherparty ICO (Initial Coin Offering) after hijacking the platform's website, displaying their own Ethereum address, tricking 59 ICO participants into sending funds to the wrong wallets.UnknownV FintechCCUS
68401/10/2017?OKExAfter victims reported losing a collective of over 600 Bitcoin, worth around 20 million Chinese yuan, at the time of the thefts, or around 3 million USD, OKEx, a Bitcoin exchange based in China, issues a statement, denying it was hacked earlier in August, and blaming recent thefts on careless users who didn't secure their accounts.Account HijackingV FintechCCCN
68504/10/2017?4,000 NATO SoldiersThe Wall Street Journal reports that Russian hackers have so far accessed the phones of 4,000 NATO troops in EuropeUnknownO Public administration and defence, compulsory social securityCEINT
68605/10/2017Russia?National Security AgencyThe Wall Street Journal reveals that hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. It appears that a backdoor in the Kaspersky Antivirus software played a role in the attack.Targeted AttackO Public administration and defence, compulsory social securityCEUS
68705/10/2017?Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South KoreaResearchers from FireEye reveal to have observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South KoreaTargeted AttackY Multiple TargetsCEUS
68805/10/2017?Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South KoreaResearchers from FireEye reveal to have observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South KoreaTargeted AttackY Multiple TargetsCEKR
68905/10/2017?Movimento 5 StelleA new attack takes down Rousseau, the online voting platform used by the Italian Movimento 5 Stelle. Some internal screenshots are also posted online.DDoSN Administrative and support service activitiesCCIT
69005/10/2017?John Kelly's personal cellphoneWhite House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.Account HijackingX IndividualCEUS
69106/10/2017?A bank based in Middle East, a trademark and intellectual property service companies based in Europe, an international sporting organization, and individuals with indirect ties to a country in North East Asia.Researchers from Palo Alto Networks reveal the details of Operation FreeMilk, a campaign targeting a bank based in the Middle East, a trademark and intellectual property service company based in Europe, an international sporting organization, and even lone individuals with indirect ties to a country in North East Asia.Targeted AttackY Multiple targetsCE>1
69206/10/2017?DisqusDisqus confirms a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts.UnknownJ Information and communicationCCUS
69306/10/2017?Forrester ResearchForrester, one of the world's leading market research and investment advisory firms, admits that a security breach took place during the past week. An unidentified attacker (or attackers) has gained access to the infrastructure hosting its website stealing valid credentials.UnknownM Professional scientific and technical activitiesCCUS
69406/10/2017KovCoreG groupPornHub usersProofpoint researchers detect a large-scale malvertising attack by the so-called KovCoreG group, targeting PornHub users.MalvertisingX IndividualCC>1
69506/10/2017?Office 365 AccountsResearchers from Skyhigh Networks discover a new attack with a stealthy technique, dubbed KnockKnock, that targets Office 365 accounts.Account HijackingX IndividualCC>1
69608/10/2017FIN7Multiple TargetsResearchers from security company Iceberg reveal the details of a new campaign carried on by the financial motivated threat actor FIN7 (AKA Carbanak) exploiting new evasion techniques.Targeted AttackK Financial and insurance activitiesCC>1
69709/10/2017?Taiwanese BankA hacking gang abuses the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers. Two arrests are made in Sri Lanka related to the attack.MalwareK Financial and insurance activitiesCCTW
69809/10/2017OilRigUnnamed UAE Government OrganizationResearchers from Palo Alto Networks spot a new campaign launched by the notorious APT group OilRig against an organization within the government of the United Arab Emirates (UAE).Targeted AttackO Public administration and defence, compulsory social securityCEUAE
69910/10/2017?South Korea-US Operational PlanKorean News Agency Yonhap News reveals that North Korean hackers are believed to have stolen Operational Plan 5015 a large amount of classified military documents (235 GB), including the latest South Korea-U.S. wartime operational plan, last year.Targeted AttackO Public administration and defence, compulsory social securityCEUS KR
70010/10/2017North KoreaU.S. Electric Power CompaniesFireEye says in a new report to private clients that hackers linked to North Korea recently targeted U.S. electric power companies with spearphishing emails.Targeted AttackD Electricity gas steam and air conditioning supplyCCUS
70110/10/2017?Several targets in the financial sectorSecurity researchers at Kaspersky Lab reveal the details of a new malware strain called ATMii because it attacks ATMs that run on Windows 7 and Windows Vista.MalwareK Financial and insurance activitiesCC>1
70210/10/2017IsraelKasperskyThe New York Times reveals that Israeli hackers broke into the Kaspersky network back in 2014 and advised the US about the NSA breach previously reported.Targeted AttackJ Information and communicationCERU
70310/10/2017?Musgrave GroupMusgrave Group, the owner of Ireland’s most popular supermarket is hit by a cyber attack, with criminals trying to get shoppers’ credit and debit card details.UnknownG Wholesale and retail tradeCCIE
70410/10/2017?Unnamed banks in several former Soviet Union states.Trustwave discovers a new campaign targeting banks om several former Soviet states. Trustwave investigation accounted for about $40 million in fraudulent withdrawals.UnknownK Financial and insurance activitiesCC>1
70510/10/2017?Single IndividualsGoogle removes a malicious extension from its Chrome Web Store that poses as the popular AdBlock Plus ad blocker but forcibly opened new tabs to show ads to users.MalwareX IndividualCC>1
70610/10/2017?Rivermend HealthRivermend Health notifies 1,300 patients who had information in an employee’s email account that was compromised.Account HijackingQ Human health and social work activitiesCCUS
70710/10/2017?Netflix UsersPhishMe reveals the details of a phishing campaign aimed to compromise business accounts of Netflix users.Account HijackingX IndividualCC>1
70811/10/2017Unknown attacker codenamed "Alf"Australian Signals Directorate (ASD)Australia's foreign intelligence collection agency, the Australian Signals Directorate (ASD), says a hacker stole over 30 GB of data on the country's military capabilities, including details on fighter jets, military aircraft, and naval ships. The breach occurred at an unnamed Department of Defence contractor. Stolen data includes details on the new F-35 Joint Strike Fighter jet, the Boeing P-8 Poseidon submarine-hunting airplane, Lockheed-Marting C-130 transport aircrafts, JDAM guided bombs, and data on "some naval ships."Account HijackingO Public administration and defence, compulsory social securityCEAU
70911/10/2017?Sweden Transport Administration (Trafikverket)A DDoS attack targets the Sweden Transport Administration (Trafikverket)DDoSO Public administration and defence, compulsory social securityCCSE
71011/10/2017?Multiple TargetsResearchers from Cisco Talos reveal a new wave of attacks carried on via an evolved version of DNSMessenger distributed by mean of a targeted spear phishing email mimicking fake SEC emails, and also leveraging compromised U.S. state government serversTargeted AttackY Multiple targetsCC>1
71111/10/2017?Single IndividualsResearchers at Akamai identify a botnet of over 14,000 IP addresses used in malware distribution operations.MalwareX IndividualCC>1
71211/10/2017?Victory PhonesVictory Phones, a phone polling firm is hacked, exposing several database files, one of which totaled 223 gigabytes in size and amounted to about two billion lines. The data was stolen in January.UnknownM Professional scientific and technical activitiesCCUS
71312/10/2017?Hyatt Hotels Corp.Hyatt Hotels Corp reveals to have discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017PoS MalwareI Accommodation and food service activitiesCCUS
71412/10/2017?EquifaxEquifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software.MalwareK Financial and insurance activitiesCCUS
71512/10/2017?Sweden Transport Agency (Transportstyrelsen) Public Transport Operator VästtrafikThe Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik are hit by a DDOS attack.DDoSO Public administration and defence, compulsory social securityCCSE
71612/10/2017Bronze ButlerVarious Japanese OrganizationsSecureWorks reveals the details of several intrusions carried out by the Bronze Butler threat group at various Japanese organizations.Targeted AttackY Multiple targetsCEJP
71712/10/2017?Multiple WebsitesA study by AdGuard reveals a growing number of websites using cryptocurrency mining as a source of revenues.MalwareX IndividualCC>1
71813/10/2017?We Heart ItWe Heart It, an image-sharing site, informs users their personal data may have been compromised. The breach, involving 8 million users, took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013.UnknownJ Information and communicationCCUS
71913/10/2017?PolitifactPolitifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers via CoinHive.MalwareJ Information and communicationCCUS
72015/10/2017?Pizza HutPizza Hut admits to have suffered a data breach, through which a hacker has stolen payment card details for a small number of clients.UnknownI Accommodation and food service activitiesCCUS
72115/10/2017?Namaste Health CareNamaste Health notifies about 1,600 patients its office experienced a security incident over the weekend of Aug. 12-13, when, when the file server was targeted by Ransomware.MalwareQ Human health and social work activitiesCCUS
72203/10/2017?Multiple TargetsSANS Internet Storm Center (ISC) handler Xavier Mertens spots a new attack, exploiting CVE-2017-8759 to install a Remote Administration Tool.MalwareY Multiple targetsCC>1
72304/10/2017The Dark OverlordAustin Manual Therapy AssociatesThe Dark Overlord claims to have hacked Austin Manual Therapy Associates and leaks a sample data.UnknownQ Human health and social work activitiesCCUS
72410/10/2017?Rivermend HealthRivermend Health notifies 1,300 patients who had information in an employee’s email account that was compromised earlier in July.Account HijackingQ Human health and social work activitiesCCUS
72516/10/2017?BithumbLocal news publications and leading media outlets in South Korea reported that Bithumb, the world’s largest cryptocurrency exchange by trading volume, suffered a security breach that affected 30,000 users on the trading platform.UnknownV FintechCCKR
72616/10/2017BlackOasisMultiple TargetsKaspersky Lab reveal the details of BlackOasis, a malicious actor leveraging CVE-2017-11292.Targeted AttackY Multiple targetsCE>1
72716/10/2017LeviathanTargets in Defense and GovernmentProofpoint researchers reveals the details of Leviathan, an espionage actor active since 2014, targeting organizations and high-value targets in defense and government.Targeted AttackO Public administration and defence, compulsory social securityCE>1
72816/10/2017LeviathanTargets in Defense and GovernmentProofpoint researchers reveals the details of Leviathan, an espionage actor active since 2014, targeting organizations and high-value targets in defense and government.Targeted AttackO Public administration and defence, compulsory social securityCE>1
72916/10/2017?Catholic United FinancialAn unknown attacker accesses nearly 130K accounts at Catholic United Financial. The attack happened on September 6th.UnknownQ Human health and social work activitiesCCUS
73017/10/2017Wild NeutronMicrosoftAccording to five former employees, Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago.Targeted AttackJ Information and communicationCEUS
73117/10/2017Hacker's DoorMultiple TargetsResearchers from security outfit Cylance discover a Remote Access Tool, resurfacing a decade later its original discovery.Targeted AttackY Multiple targetsCE>1
73217/10/2017?Chase Brexton Health CareChase Brexton Health Care notifies 16,562 patients after four employees fell for a phishing attack. The phishing emails were sent on August 2 and 3, and by August 4, the attackers had re-routed employees’ paychecks.Account HijackingQ Human health and social work activitiesCCUS
73317/10/2017?Single IndividualsMinerva Labs reveal the details of WaterMiner, a new evasive cryptocurrency mining campaign distributed via modified video games on Russian forum.MalwareX IndividualCC>1
73417/10/2017?Chase Brexton Health CareChase Brexton Health Care notifies 16,562 patients after four employees fell for a phishing attack, earlier in August, re-routing employees’ paychecks.Account HijackingQ Human health and social work activitiesCCUS
73518/10/2017?Android UsersResearchers from Symantec discover some malicious Minecraft-based Android apps in the Google Play store infected with Sockbot (and downloaded as many as 2.6 million time).MalwareX IndividualCC>1
73618/10/2017APT28Several Government EntitiesResearchers from ProofPoint reveal the details of a new campaign carried on by the infamous APT28 AKA Fancy Bear, exploiting a recently patched Adobe Flash vulnerability, CVE-2017-11292.Targeted AttackO Public administration and defence, compulsory social securityCE>1
73718/10/2017?Griffin Funeral HomeA sick hack: hackers take over the email account of Griffin Funeral Home, and send email scams to the company's customers, asking for money.Account HijackingS Other service activitiesCCUS
73818/10/2017?Wordpress UsersWordfence warns of a significant spike in SSH private key scanning activity.SSH ScanningX IndividualCC>1
73919/10/2017?Malaysian telcos and mobile virtual network operatorsRoughly 46.2 million mobile phone numbers from Malaysian telcos and mobile virtual network operators (MVNO) have been leaked online.UnknownJ Information and communicationCCMY
74019/10/2017?Domino's PizzaDomino's Australia investigates a potential breach of its computer systems after a number of customers received personalised spam emails from the pizza company. The company claims the breach happened to a "secondary supplier".UnknownI Accommodation and food service activitiesCCAU
74119/10/2017?Users of Elmedia PlayerThe servers of Eltima are compromised to distribute the Proton OSX Remote Access Tool via a fake update of the Elmedia Player.tiny_mce JavaScript library vulnerabilityX IndividualCC>1
74219/10/2017?Unsecure IoT devicesResearchers from Check Point and Qihoo 360 Netlab reveal the details of a new IoT botnet dubbed Reaper or iot_reaper, targeting million of organizations worldwide (even if some subsequent estimates tend to reduce the size of the botnet).Multiple VulnerabilitiesY Multiple targetsCC>1
74320/10/2017DragonFly 2.0US Energy and other critical infrastructure sectorsThe US Department of Home Security and the Federal Bureau of Investigation issue the warning TA17-293A, for advanced persistent threat activity targeting energy and other critical infrastructure sectors.Targeted AttackD Electricity gas steam and air conditioning supplyCEUS
74420/10/2017?FirstHealthThe network of FirstHealth is hit by WannaCry and forced to suspend the operations.MalwareQ Human health and social work activitiesCCUS
74521/10/2017AnonymousSeveral Spanish government websitesIn name of #OpCatalunya the Anonymous take down several Spanish government websites including Spain's Ministry of Public Works and Transport, and the Institutional Court.DDoSO Public administration and defence, compulsory social securityHES
74621/10/2017?Czech Statistical Office (CSU)Two websites run by the Czech Statistical Office (CSU) are taken offline after a DDoS attack tries to disrupt reporting of the country’s parliamentary elections.DDoSO Public administration and defence, compulsory social securityCCCZ
74722/10/2017APT28Attendees of the NATO's Cyber Conflict U.S. conference.Cisco Talos discovers a new malicious campaign from the well known actor Group APT28 AKA Fancy Bear carried on via a deceptive flyer relating to the Cyber Conflict U.S. Conference organized by NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE).Targeted AttackX IndividualCE>1
74823/10/2017?Poloniex UsersUsers of the popular cryptocurrency exchange Poloniex are the target of two credential-stealing apps, discovered on Google Play disguised as legitimate Poloniex mobile apps.MalwareX IndividualCC>1
74923/10/2017?Coinhive.comThe DNS records for are manipulated to redirect requests for the coinhive.min.js to a third party server hosting a modified version of the JavaScript file with a hardcoded site key and letting the attacker "steal" hashes from users.DNS HijackingJ Information and communicationCCN/A
75023/10/2017The Dark OverlordLondon Bridge Plastic Surgery (LBPS)The Dark Overlord hackers break into London Bridge Plastic Surgery, a high profile, London-based plastic surgeon, and steal photos, including in-progress genitalia and breast enhancement.UnknownQ Human health and social work activitiesCCUK
75123/10/2017?Single IndividualsSANS Internet Storm Center (ISC) handler Brad Duncan spots a new phising campaign, originated by the Necurs botnet, using Microsoft Dynamic Data Exchange (DDE), to distribute the Locky ransomware.MalwareX IndividualCC>1
75224/10/2017?UkraineUkraine is targeted by a new destructive ransomware dubbed Bad Rabbit, allegedly distributed via a fake Flash Player update delivered via a drive-by-download. The sites redirecting to BadRabbit are a variety of sites that are based in Russia, Bulgaria, and Turkey.MalwareY Multiple targetsCWUA
75324/10/2017?ApplebyAppleby, a Bermuda law firm, admits to have been hacked, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich.UnknownM Professional scientific and technical activitiesHPA
75424/10/2017?Dell TechnologiesKrebsOnSecurity reveals that a web site set up by PC maker Dell Inc. to help customers recover from malicious software ( may have been hijacked for a few weeks this summer.DNS HijackingC ManufacturingCCUS
75524/10/2017Mat AKA @0xScriptsBasetools.wsA hacker dubbed Mat AKA @0xScripts breaches, an underground forum and demands a $50K ransom to avoid sharing stolen data with law enforcement.UnknownJ Information and communicationCCN/A
75625/10/2017?Amazon Web Services of Aviva and GemaltoAccording to the security group RedLock, a group of hackers managed to breach Amazon Web Services belonging to two companies on the Amazon Cloud: Aviva and Gemalto. The breach was due to poor password policy and aimed to use the resources to mine cryptocurrency.Account HijackingK Financial and insurance activitiesCCUK
75725/10/2017?Amazon Web Services of Aviva and GemaltoAccording to the security group RedLock, a group of hackers managed to breach Amazon Web Services belonging to two companies on the Amazon Cloud: Aviva and Gemalto. The breach was due to poor password policy and aimed to use the resources to mine cryptocurrency.Account HijackingC ManufacturingCCNL
75825/10/2017Cru3ltyTarte CosmeticsTarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data has been deleted or encrypted.Account HijackingR Arts entertainment and recreationCCUS
75925/10/2017?Android UsersResearchers from Syf Labs discover LokiBot, an Android malware, able to steal over $1.5m in Bitcoins from the victims.MalwareX IndividualCC>1
76025/10/2017?Iran UsersThe Iran Computer Emergency Response Team Coordination Center (Iran CERTCC) issues a security alert about a ransomware distribution campaign currently active in the country, distributing the Tyrant ransomware.MalwareX IndividualCCIR
76125/10/2017?Single IndividualsZscaler researchers warn users of a new malvertising campaign redirecting users to the Terror Exploit Kit.MalvertisingX IndividualCC>1
76226/10/2017?Users of Myethereumwallet.comA new Ethereum phishing campaign is discovered, targeting users of the online Ethereum wallet website Hackers make away with over $15,000 in just two hours.Account HijackingX IndividualCC>1
76326/10/2017?Customers of Japanese BanksResearchers from IBM X-Force reveal the details of Ursnif (AKA Gozi), a campaign against customers of Japanese Banks.MalwareK Financial and insurance activitiesCCJP
76426/10/2017n3tr1x str0ngblog.jquery.comTwo hackers going by the online handle of “n3tr1x” and “str0ng” deface the official blog ( of jQuery.DefacementJ Information and communicationCCUS
76527/10/2017?T-Mobile UsersT-Mobile warns customers targeted by hackers trying to take control of their SIM cards, exploiting a vulnerability on its website.Account HijackingX IndividualCCUS
76627/10/2017?Android UsersResearchers from Symantec uncover a new wave of new Ramnit-infected apps in the Google Play store: 92 distinct apps with a total of 250,000 downloads between them.MalwareX IndividualCC>1
76727/10/2017?Midland CountyThe Midland County District Attorney warns residents after their third-party payment system is hacked.UnknownO Public administration and defence, compulsory social securityCCUS
76827/10/2017?Catholic CharitiesThe personal information of about 4,600 past and present clients and several employees of Catholic Charities may have been exposed after a computer server in the Glens Falls office was hacked as early as 2015.UnknownQ Human health and social work activitiesCCUS
76930/10/2017?Android UsersResearchers from Trend Micro discover two new malware strains – dubbed JsMiner and CpuMiner – in at least three apps on Google's Play Store.MalwareX IndividualCC>1
77030/10/2017?Facebook UsersResearchers from security firm F-Secure uncover a phishing campaign spreading via Facebook Messenger and targeting users across Europe including Germany, Sweden and Finland.Account HijackingX IndividualCC>1
77130/10/2017Gaza CybergangSeveral entities in MENAResearchers from Kaspersky Lab reveal a new spike of activity by the infamous Gaza Cybergang exploiting CVE 2017-0199 and targeting government entities and oil and gas targetsin MENA.Targeted AttackO Public administration and defence, compulsory social securityH>1
77230/10/2017Gaza CybergangSeveral entities in MENAResearchers from Kaspersky Lab reveal a new spike of activity by the infamous Gaza Cybergang exploiting CVE 2017-0199 and targeting government entities and oil and gas targetsin MENA.Targeted AttackD Electricity gas steam and air conditioning supplyH>1
77330/10/2017The Dark OverlordLine 204Line 204, a Hollywood film and television production and rental company, reveals that hackers from The Dark Overlord collective have stolen its client database. The breach probably happened in September 2017.UnknownR Arts entertainment and recreationCCUS
77431/10/2017?Single IndividualsKaspersky Lab reveal the details of CryptoShuffler, a malware aimed to hijack bitcoin wallets.MalwareX IndividualCC>1
77531/10/2017North KoreaDaewoo Shipbuilding & Marine Engineering Co LtdNorth Korea is suspected to have stolen South Korean warship blueprints after hacking into Daewoo Shipbuilding & Marine Engineering Co Ltd’s database in April last year.Targeted AttackC ManufacturingCEKR
77631/10/2017?Japanese CompaniesResearchers from Cyberseason reveal the details of a long-lasting campaign against Japanese companies using the ransomware/wiper ONI.MalwareY Multiple TargetsCCJP
77701/11/2017?HetznerA key database operated by large South African data centre operator and website hosting service provider Hetzner is compromised, and the company advises clients to change their passwords immediately. Compromised data includes customer and bank account details.SQLiJ Information and communicationCCZA
77801/11/2017?Customers of TD, Des-Jardins, RBC, Scotia Bank, Banque NationalSecurity researchers at Deep Instinct discover a comeback of the sophisticated banking trojan CoreBot to target online banking customers via phishing emails. The modified variant of the malware is distributed via malicious spam emails with Microsoft Office documents attached.MalwareK Financial and insurance activitiesCCCA
77901/11/2017?The Trump OrganizationSecurity researchers discover evidence that hackers were able to register at least 250 shadow domains under the umbrella of the Trump Organization. These subdomains are associated with Russian IP addresses and appear to have ties to possible malware campaigns. The subdomains have been active since 2013.Account HijackingN Administrative and support service activitiesCCUS
78001/11/2017?Russian Banks Malaysian and Armenian organizationsResearchers from Kasperky Lab discover a new targeted attack using a Trojan by the name of Silence against financial institutions. Russian Banks, Malaysian and Armenian organizations are infected.Targeted AttackK Financial and insurance activitiesCCRU MY AM
78101/11/2017?University of Fraser Valley (UFV)An unknown attacker (or groups of attckers) breaches the network of University of Fraser Valley (UFV) and threaten to dump student information unless university top brass pay 30,000 CAD (23,000 USD)UnknownP EducationCCCA
78201/11/2017?Ethereum-mining farmsResearchers from Bitdefender spot a wave of attacks to open SSH connections of EthOS, the operating system of Ethereum-mining farms in the attempt to hijack the funds by replacing the user’s wallet with their one.Account HijackingY Multiple targetsCC>1
78302/11/2017?VerticalscopeFor the second time since June 2016, hackers compromise, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts, and sell the stolen account in the black market.Web ShellS Other service activitiesCCCA
78402/11/2017?Single IndividualsResearchers from Cisco Talos reveal that the actors behind the Zeus Panda trojan are exploiting Search Engine Optimizazion (SEO) poisoning techniques to spread their malware.MalwareX IndividualCC>1
78502/11/2017KeyBoyUnnamed Western OrganizationsResearchers from PwC reveal that the Chinese threat actor dubbed KeyBoy is back in business with a new cyber espionage campaign against several western organizations.Targeted AttackY Multiple targetsCE>1
78602/11/2017APT28BellingcatResearchers from ThreatConnect unveil the latest campaign of APT28 (AKA Fancy Bear) targeting Bellingcat journalists via a targeted phising campaign aimed to steal their Gmail passwords.Targeted AttackJ Information and communicationCEUK
78702/11/2017AkincilaThe Times of Israel and Asia Times websitesThe Times of Israel and Asia Times websites are hijacked and defaced by suspected Turkish hackers, who post messages in favor of Palestine, on the 100th anniversary of the Balfour Declaration.DefacementJ Information and communicationHIL
78803/11/2017?Android usersMore than one million people are tricked into downloading yet another malicious Android app in disguise of a WhatsApp update.MalwareX IndividualCC>1
78903/11/2017?Customers of large Austrian banksResearchers from Proofpoint reveal the details of a new campaign using the Marcher trojan to target customers of large Austrian banks.MalwareK Financial and insurance activitiesCCAT
79003/11/2017?Netflix UsersResearchers from Mailguard reveal the details of a phishing campaign targeting Netflix users.Account HijackingX IndividualCC>1
79104/11/2017? is the victim of a DNS hijack attack, so the visitors are redirected to a malicious website designed to infect them with malware.DNS HijackingR Arts entertainment and recreationCCUS
79204/11/2017?NIC Asia BankNIC Asia Bank, based in Kathmandu, suffers a hack on its computer networks, which abused the SWIFT financial messaging system to help steal approximately $4.4m (£3.3m). After multiple investigations, most of the stolen funds have been recovered, with roughly $580,000 yet to be located by authorities.MalwareK Financial and insurance activitiesCCNP
79305/11/2017?PaigeA new file containing more x-rated photos of WWE Diva Paige is leaked online. Although it is unclear who is behind the leak this time it can be confirmed that leaked content belongs to Paige.UnknownX IndividualCCUK
79405/11/2017?Maria KanellisAnother WWE Diva has her private photos leaked. This time the victim is Maria KanellisUnknownX IndividualCCUS
79505/11/2017?Joseann 'JoJo' OffermanAnd Joseann 'JoJo' Offerman is the third WWE Diva who suffers nude photo leaked.UnknownX IndividualCCUS
79606/11/2017?SiaAnd Australian singer SIA, having heard of her nude photos possibly being leaked, prevents the fappening, by posting herself personal naked photos.UnknownX IndividualCCAU
79706/11/2017?ElectroneumUK cryptocurrency startup Electroneum is the victim of a DDoS attack immediately after having raised $40m (£30m).DDoSV FintechCCUK
79806/11/2017Team System DzSchoolDeskHackers from Team System Dz deface hundreds of websites across the US to post pro-ISIS messages, images of Saddam Hussein and a recruitment video. SchoolDesk, the Atlanta, Georgia-based web hosting company servicing these sites, confirmed the attackDefacementP EducationHUS
79906/11/2017APT32 AKA OceanLotusMultiple Websites in Asian CountriesSecurity researchers from Volexity reveal that hackers from APT32 managed to compromise >100 websites in multiple Asian Countries, implanting malware and maintaining persistence.MalwareY Multiple targetsCE>1
80006/11/2017?Single IndividualsMicrosoft warns user on the rise of two well known malware strains: Qakbot and Emotet.MalwareX IndividualCC>1
80107/11/2017APT28Multiple TargetsResearchers at McAfee reveal that they've been tracking a new spear phishing campaign from the Russia-linked hacker team APT 28, exploiting the Microsoft DDE feature and leveraging the New York terror attack.Targeted AttackY Multiple targetsCE>1
80207/11/2017SowbugOrganizations in South America and Southeast AsiaResearchers from Symantec identify a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targetsTargeted AttackY Multiple targetsCE>1
80308/11/2017Team System DzPrince Albert Police homepageHackers from Team System Dz deface the Prince Albert Police homepage and leave the message "I love Islamic State".DefacementO Public administration and defence, compulsory social securityHCA
80408/11/2017Joseph WillnerBrokerage AccountsThe Department of Justice files an indictment against Joseph Willner, 42, of Ambler, Pennsylvania, accusing the day trader of hacking into brokerage accounts at various financial companies and placing unauthorized trades between September 2014 and May 2017. The attacker and his partners stole $700,000.Account HijackingX IndividualCCUS
80508/11/2017?Single IndividualsResearchers at Avira Virus Lab detect a new strain of the Locky ransomware spreading through malicious attachments disguised as legitimate documents from productivity applications like Microsoft Word and Libre Office.MalwareX IndividualCC>1
80608/11/2017?City of Spring Hill, TennesseeThe City of Spring Hill, Tennessee is hit by a ransomware attack. The attackers demand a $250,000 ransom.MalwareO Public administration and defence, compulsory social securityCCUS
80708/11/2017?Android usersResearchers from security firm RiskIQ detect BankBot, a trojan available in the Google Play market in disguise of a cryptcurrency market application.MalwareX IndividualCC>1
80808/11/2017?Single IndividualsAn unknown attacker upload a version of the Reaper botnet IP Scanner infected with a backdoor.MalwareX IndividualCC>1
80909/11/2017?North Korean Radio station on 6400kHzA North Korean radio station is reportedly hijacked by an unknown hacker to play the 1980's hit song "The Final Countdown". The short-wave radio station, 6400kHz is known to be used by Pyongyang to transmit secret codes.UnknownJ Information and communicationHKP
81009/11/2017?Android usersResearchers from Trend Micro discover two malicious apps in the Google Play Store, downloaded by more than 500,000 users. The apps are the first example of exploitation of the vulnerability CVE-2017-0752. The malware is dubbed ToastAmigo.MalwareX IndividualCC>1
81109/11/2017?German UsersA new ransomware strain called Ordinypt is currently targeting victims in Germany, but instead of encrypting users' documents, the ransomware rewrites files with random data.MalwareX IndividualCCDE
81210/11/2017?ParityA startup called Cappasity claims that the bug that triggered a $280m Ethereum wallet freeze was a deliberate hack.Vulnerability in Parity CodeX IndividualCC>1
81310/11/2017?Entities perceived by the Chinese Government as dangerous.Researchers from Palo Alto Networks' Unit 42 discover a new malware family dubbed Reaver linked to SunOrcal malware and targeting entities perceived by the Chinese Government as dangerous.Targeted AttackY Multiple targetsCE>1
81410/11/2017?Mix MegapolA private radio station in Sweden, Mix Megapol, suffers a cyber attack when someone hacks its transmission to play a pro-ISIS song for 30 minutes.UnknownJ Information and communicationHSE
81511/11/2017AnonymousItalian GovernmentThe Anonymous collective publishes some internal document stolen from the email accounts of some government employees.Account HijackingO Public administration and defence, compulsory social securityHIT
81613/11/2017?McAfee ClickProtectSecurity firm McAfee blocks access to the website of its service McAfee ClickProtect after reposts suggested the site was used to distribute the Emotet malware.MalwareJ Information and communicationCCUS
81713/11/2017?Single IndividualsMalware researchers at IBM X-Force discover a new strain of banking malware dubbed IcedID has capabilities similar to other financial threats like Gozi, Zeus, and DridexMalwareX IndividualCC>1
81814/11/2017Hidden CobraAerospace, telecommunications and financial industriesThe U.S. government issues a technical alert about Hidden Cobra, a wave of cyber attacks sponsored by the North Korean government that have targeted the aerospace, telecommunications and financial industries since 2016. Attackers are using a type of malware known as “FALLCHILL” to gain entry to computer systems and compromise network systems.Targeted AttackY Multiple TargetsCE>1
81914/11/2017?Forever 21Fashion retailer Forever 21 discloses a breach due to an unauthorized access to data from payment cards used at certain of its stores.PoS MalwareG Wholesale and retail tradeCCUS
82014/11/2017?Android usersResearchers from McAfee reveal that up to 17.4 million Android users have downloaded a Trojan dubbed Grabos found in 144 separate mobile applications.MalwareX IndividualCC>1
82114/11/2017Anonymous12 neo-Nazi sitesThe hacktivist collective Anonymous claims responsibility for taking down over a dozen neo-Nazi sites in retaliation for recent ongoing events in the US. These attacks are a part of the ongoing #OpDomesticTerrorism campaign.DefacementN Administrative and support service activitiesH>1
82214/11/2017?JewsonBuilders merchant Jewson notifies 1,659 customers that their private information could have been exposed in a breach occurred late this summer. The breach happened after malicious code was implanted in the Jeson Direct website.MalwareC ManufacturingCCUK
82314/11/2017MuddyWaterMiddle Eastern nationsResesarchers from Palo Alto Networks' Unit 42 reveal the details of MuddyWater, a campaign carried on by a politically-motivated actor targeting Middle Eastern nations.Targeted AttackY Multiple targetsCE>1
82415/11/2017Russian BotSingle IndividualsThe Times reveals that a network of 150,000 fake Twitter accounts posted more than 45,000 messages about Brexit in 48 hours during last year’s referendum in an apparently co-ordinated attempt to sow discord.Fake Twitter AccountsX IndividualCWUK
82515/11/2017?J. Sterling Morton school districtAn in-development home made ransomware named J. Sterling Ransomware is discovered. This ransomware strain targets the high school students of the J. Sterling Morton school district in Cicero, Illinois by pretending to be a student survey.MalwareP EducationCCUS
82615/11/2017?Android usersResearchers from ESET discover a multi-stage Android malware, tracked as Android/TrojanDropper.Agent.BKY, available for download in the official Google Play store in eight malicious apps.MalwareX IndividualCC>1
82715/11/2017?Small Medium BusinessesResearchers from Sophos reveal the details of a wave of attacks, targeting medium businesses and exploiting RDP to install ransomware.RDP Brute ForceY Multiple targetsCC>1
82813/11/2017?Vulnerable Wordpress websitesResearchers from Sucuri observe a new wave of wp-vcd malware attacks targeting WordPress sites leveraging flaws in outdated plugins and themes.Malicious code InjectionX IndividualCC>1
82915/11/2017?UPMC SusquehannaUPMC Susquehanna notifies 1,200 patients treated at various locations that their personal information, including names, dates of birth, contact information and Social Security numbers, may have been inappropriately accessed.Account HijackingQ Human health and social work activitiesCCUS
83016/11/2017?Cash ConvertersCash Converters warns customers about a data breach on its website. The company says customer usernames, passwords and addresses have potentially been accessed by a third party. The breach happened on the company's old UK website, which was replaced in September 2017.UnknownG Wholesale and retail tradeCCUK
83116/11/2017?Bank CustomersResearchers from Bitdefender unveil the details of Terdot, a Banker Trojan that derives inspiration from the 2011 Zeus source code leak.MalwareK Financial and insurance activitiesCC>1
83217/11/2017?Algérie TelecomThe Algerian state telecom operator Algérie Telecom is hit by a prolonged DDoS attack.DDoSJ Information and communicationCCDZ
83317/11/2017?Medical College of WisconsinThe Medical College of Wisconsin reveals that the confidential medical information or other personal data of 9,500 patients was compromised by a targeted attack on the school’s email system in July.Targeted AttackP EducationCCUS
83417/11/2017?Montgomery CountyThe Montgomery County Emergency Management Agency reported that much of the county's computer system went down last week due to what it is calling a malware incident.MalwareO Public administration and defence, compulsory social securityCCUS
83518/11/2017?Melbourne International Shooting ClubPolice investigate the hacking of Melbourne International Shooting Club, a gun club database that may have exposed where more than 1500 semi-automatic handguns are stored. The breach happened in September.UnknownR Arts entertainment and recreationCCAU
83618/11/2017?Xinmin Secondary SchoolXinmin Secondary School discovers to have been breached when names and identity card numbers of its students have been leaked on pastebin.UnknownP EducationCCSG
83718/11/2017DaeshgramISISA group of Iraqi hackers called Daeshgram places pornographic images into the terror group's communication networks in order to mine ISIS credibility.UnknownS Other service activitiesHN/A
83819/11/2017?Sacramento Regional Transit systemThe Sacramento Regional Transit system is hit by destructive ransomware, and the attackers threaten to do more damages if the SacRT doesn’t pay them the equivalent of $8,000 in bitcoins.MalwareH Transportation and storageCCUS
83919/11/2017?Single IndividualsCrooks finds an ingenious way to spread a new variant of the OSX.Proton malware via a fake Symantec blog.MalwareX IndividualCCN/A
84020/11/2017MuddyWaterSaudi Arabian GovernmentSaudi Arabian security officials confirm that the country has been targeted by the MuddyWater campaign uncovered by Palo Alto Networks few days before.Targeted AttackO Public administration and defence, compulsory social securityCESA
84120/11/2017The Lazarus GroupSouth KoreaResearchers from McAfee discover a new campaign by the infamous Lazarus Group, carried on via a malicious Android App in disguise of a Bible reader in Korean.Targeted AttackO Public administration and defence, compulsory social securityCEKR
84220/11/2017?TetherTether, a start-up known for offering dollar-backed cryptocurrency, announces that hackers have breached their security and stole a whopping $30 million worth of tokens. The breach took place on 19th November 2017.UnknownV FintechCCHK
84321/11/2017?Uber TechnologiesBloomberg reveals that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year, after paying $100,000 to the attackers. Compromised data from the October 2016 attack includes names, email addresses and phone numbers of 50 million Uber riders around the world. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers.Account HijackingH Transportation and storageCCUS
84421/11/2017Russian CriminalsUK CitizensThe Times reveals the details of ongoing campaign carried on by Russian cybercriminals. The criminals steal reward points from UK Citizens and enjoy five-star holidays at knockdown pricesAccount HijackingX IndividualCCUK
84522/11/2017?Bitcoin GoldMore than $3.3 million worth of Cryptocurrency is stolen as part of an elaborate scam that took advantage of bitcoin users seeking to claim their share of the newly created cryptocurrency Bitcoin Gold.Account HijackingV FintechCCPA
84622/11/2017?Loake ShoesLoake Shoes warns its customers to have been the victim of a cyber attack. Apparently the email server has been compromised even if no other details are disclosed.UnknownG Wholesale and retail tradeCCUK
84722/11/2017?CoinPouchHackers allegedly steal over $655,000 worth of Verge cryptocurrency from the CoinPouch wallet.UnknownV FintechCCUS
84822/11/2017?SIngle Individual's Bitcoin walletAustrian police say cyber-thieves transferred bitcoin worth more than €100,000 ($117,000) from a man's account while he was logged in on a restaurant's public WiFi network.Fake Wi-Fi NetworkX IndividualCCAT
84922/11/2017?YMCA of Central FloridaThe YMCA of Central Florida (YMCA) announces it is notifying individuals related to an isolated security incident involving certain personal information.Account HijackingP EducationCCUS
85023/11/2017?ImgurImgur is notified of a potential security breach that occurred in 2014 and affected the email addresses and passwords of 1.7 million user accounts.UnknownJ Information and communicationCCUS
85123/11/2017?Single IndividualsThe Necurs botnet starts a massive spam campaign sending 12.5 million emails in 6 hours distributing the Scarab ransomware.MalwareX IndividualCC>1
85223/11/2017?Single IndividualsSecurity researcher Troy Mursch discovers a massive cryptojacking campaign carried on injecting Coinhive into one of the JavaScript files used by LiveHelpNow, a live chat and support widget.Malicious JS injectionX IndividualCCUS
85327/11/2017?Android usersResearchers from Google unveil the detail of Tizi, and Android spyware with extensive data-stealing capabilities. Although immediately removed from Play Store, the malware is believed to have infected 1,300 devices.MalwareX IndividualCC>1
85427/11/2017?Russian speakersResearchers from Fortinet reveal the details of a campaign against Russian speakers, exploiting CVE-2017-11882, a 17-year old vulnerability in Microsoft Office recently patched.MalwareX IndividualCCRU
85527/11/2017?Bulletproof CoffeeBulletproof Coffee, the company behind the trendy energy-boosting, butter-infused java, says it has suffered a data breach, compromising the personal and financial details of its customers. The company discovered "unauthorised computer code" added to the software that operates the checkout page on its website.MalwareR Arts entertainment and recreationCCUS
85628/11/2017?Australian Bank customersResearchers from IBM X-Force reveal the details of a new version of the Ursnif banking Trojan with code modifications and new attack techniques that attempt to make it even more effective.MalwareK Financial and insurance activitiesCCAU
85728/11/2017?FTSE 100 CompaniesAnomali finds thousands logins belonging to FTSE 100 companies in the dark web.UnknownY Multiple targetsCC>1
85828/11/2017?Individuals or organizations linked to South Korea or the video game industry.Researchers from Palo Alto Networks Unit 42 reveal the details of a new remote access Trojan dubbed UBoatRAT, distributed via Google Drive, and targeting individuals or organizations linked to South Korea or the video game industry.Targeted AttackR Arts entertainment and recreationCEKR
85929/11/2017?Clarkson PlcBritish shipping services provider Clarkson Plc reveals to have been the victim of a cyber security hack and warns that the person or persons behind the attack may release some data shortly.Account HijackingH Transportation and storageCCUK
86030/11/2017?Several East Texas school districtsSeveral East Texas school districts are affected by Ransomware, according to a notice from the Texas Department of Agriculture. Affected school districts include New Diana, Ore City, Gilmer, Gladewater, Harleton, Harrison County Juvenile Services, Karnack, Union Grove and Union Hill.MalwareP EducationCCUS
86101/12/2017?TIO NetworksPayPal Holdings suspends the operations of TIO Networks, a publicly traded payment processor PayPal acquired in July 2017, after a review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers.UnknownK Financial and insurance activitiesCCUS
86201/12/2017?Tenafly High SchoolTenafly High School informs parents that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after.UnknownP EducationCCUS
86302/12/2017Charming KittensAcademic researchers, human rights activists, media outlets and political advisors focusing on IranResearchers from ClearSky publish a report that reveals a new campaign carried on by the alleged Iran-linked APT Charming Kittens targeting academic researchers, human rights activists, media outlets and political advisors focusing on Iran via fake social network profiles or also a fake news site.Targeted AttackX IndividualCEIL
86402/12/2017AnonymousBrazilThe Anonymous leak some topology data belonging to Brazilian public sector.UnknownO Public administration and defence, compulsory social securityHBR
86504/12/2017?Mecklenburg CountyMecklenburg County, which includes the city of Charlotte and surrounding areas, is hit with ransomware and struggles to get its systems back online ever since. In the meantime, county officials are forced to revert to paper systems.MalwareO Public administration and defence, compulsory social securityCCUS
86604/12/2017?Home and Small-office RoutersResearchers unveil the details of a new variant of the Mirai botnet called Satori. The botnet exploits a recently discovered 0-day vulnerability to infect two widely used lines of home and small-office routers even when they're secured.0-day vulnerabilityX IndividualCC>1
86704/12/2017?WWE wrestler Maria KanellisA new batch of explicit photos of WWE wrestler Maria Kanellis is leaked.Account HijackingX IndividualCCUS
86804/12/2017?Mad River Township Fire and EMS stationMad River Township Fire and EMS station has all its data encrypted by ransomware.MalwareO Public administration and defence, compulsory social securityCCUS
86905/12/2017DfrankNetshoesData of 500,000 customers of Brazilian retailer Netshoes is dumped on pastebin.UnknownG Wholesale and retail tradeCCBR
87005/12/2017?Baptist Health LouisvilleBaptist Health Louisville notifies 880 patients of a phishing incident occurred early October.Account HijackingQ Human health and social work activitiesCCUS
87105/12/2017?Warwick RowersThe website of a naked charity calendar featuring male rowers at Warwick University is taken down by a DDoS attack after having allegedly offended Russia’s “gay propaganda” laws.DDoSQ Human health and social work activitiesHUK
87205/12/2017?Colorado Center for Reproductive Medicine MinneapolisColorado Center for Reproductive Medicine Minneapolis warns customers that, in the wake of a ransomware attack occurred in October 2017, unauthorized third-party may have breached the clinic’s computer security and viewed or accessed patient information that was on the server.MalwareQ Human health and social work activitiesCCUS
87306/12/2017?NiceHashBitcoin mining platform and exchange NiceHash is hacked and forced to suspend the operations for 24 hours after cyber criminals make off with $68 million worth in BTC.UnknownV FintechCCUS
87406/12/2017?Royal National Institute for the Blind (RNIB)Police launch an investigation after 817 people report fraud attempts following a breach of the Royal National Institute for the Blind (RNIB) web store occurred on November 16th.UnknownQ Human health and social work activitiesCCUK
87506/12/2017?5,500 WordPress sitesSucuri unveils the details of a new attack affecting 5,500 WordPress sites, infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner.Malicious ScriptX IndividualCC>1
87606/12/2017?Henry Ford Health SystemRoughly 18,500 patients at Henry Ford Health System have possibly had their personal information stolen in a data breach occurred in early October after the email credentials of a group of employees were stolen.Account HijackingQ Human health and social work activitiesCCUS
87707/12/2017?Sinai Health SystemAt least two employees at Sinai Health System had their email accounts compromised in a phishing incident, potentially affecting the information of 11,350 people.Account HijackingQ Human health and social work activitiesCCUS
87807/12/2017?Bitcoin InvestorsResearchers at Fortinet spot a new phishing campaign targeting bitcoin investors serving an Orcus RAT malware in disguise of a trading app.Targeted AttackX IndividualCC>1
87907/12/2017?Village of NashotahThe Village of Nashotah pays an unidentified hacker a $2,000 ransom to decrypt its computer system after a hack in late November.MalwareO Public administration and defence, compulsory social securityCCUS
88007/12/2017?Clarion UniversityClarion University employees are notified after two employees fall victim of a phishing attack.Account HijackingP EducationCCUS
88107/12/2017APT34Government organization in the Middle EastFireEye reveals the details of a new campaign carried on by the suspected Iranian threat group APT34 exploiting the recently patched CVE-2017-11882 exploit.Targeted AttackO Public administration and defence, compulsory social securityCEN/A
88208/12/2017?Single IndividualsWhile scanning the deep and dark web for stolen, leaked or lost data, security company 4iQ discovers a single file with a database of 1.4 billion clear text credentials, the largest aggregate database found in the dark web to date.UnknownX IndividualCC>1
88308/12/2017AnonymousIsraelIn name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them.UnknownO Public administration and defence, compulsory social securityHIL US
88408/12/2017?Single IndividualsResearchers from ESET reveal that the cybergang behind the now defunct FinFisher man–in-the-middle attacks has switched over to using a new spyware dubbed StrongPity2 distributed via watering hole attacks.MalwareX IndividualCE>1
88508/12/2017?Road Sign near North Central Expressway in DallasA traffic sign near North Central Expressway in Dallas is hacked and defaced with an obscene message against the President of United States Donald Trump and his voters.UnknownN Administrative and support service activitiesCCUS
88610/12/2017Le Duc Hoang HaiPerth AirportA Vietnamese man, Le Duc Hoang Hai, is arrested for stealing sensitive security details and building plans from Perth Airport after breaking into its computer systems. The hack happened in March last year, and was carried on using the credentials of a third-party contractor,Account HijackingH Transportation and storageCCAU
88710/12/2017?Jeffree StarJeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits.Account HijackingX IndividualCCUS
88811/12/2017MoneyTakerU.S and Russian BanksSecurity firm Group-IB reveals the details of a previously unknown ring of Russian-speaking hackers, allegedly able to have stolen as much as $10 million from U.S. and Russian banks in the last 18 months. The gang of criminals is dubbed MoneyTaker.MalwareK Financial and insurance activitiesCCRU US
88911/12/2017?Polish BanksResearchers from ESET discover a malicious banking app hidden in the Google Play store in disguise of a Crypto Monitor.MalwareK Financial and insurance activitiesCCPL
89011/12/2017?Jerome School DistrictJerome School District falls victim to ransomware.MalwareP EducationCCUS
89111/12/2017?National Capital Poison CenterNational Capital Poison Center reports a ransomware incident.MalwareQ Human health and social work activitiesCCUS
89211/12/2017?Rose McGowanAnother round of "The Fappening". Hackers leak alleged nude pics and sex tape of “Charmed” star Rose McGowan.UnknownX IndividualCCUS
89312/12/2017?BitfinexBitfinex is forced to shut down its ongoing operations after suffering a series of non-stop DDoS attacks.DDoSV FintechCCVG
89412/12/2017?Midland Memorial HospitalMidland Memorial Hospital announces a data security incident involving a limited number of patients’ personal information after an unauthorized third party may have obtained access to an employee’s e-mail account on or about Oct. 10.Account HijackingQ Human health and social work activitiesCCUS
89513/12/2017?Google, Facebook, Apple, and Microsoft usersAccording to internet monitoring service BGPMon, traffic sent to and from Google, Facebook, Apple, and Microsoft is briefly routed through a previously unknown Russian Internet provider. The hijack lasts a total of six minutes and affects 80 separate address blocks.BGP HijackingX IndividualCC>1
89613/12/2017?Osaka UniversityOsaka University says that personal data of around 80,000 students, graduates, staff, former workers and others may have been stolen by hackers.Account HijackingP EducationCCJP
89713/12/2017?Anderson Cooper's Twitter account (@andersoncooper)CNN says Anderson Cooper's Twitter account was hacked after a since-removed tweet from his handle called the president a "tool" and a "pathetic loser" following Democrat Doug Jones win in Alabama's Senate election.Account HijackingX IndividualCCUS
89813/12/2017?Android UsersGoogle removes more than 80 malicious Android apps from Google's official Play Store, which were designed to hijack credentials for VK, Russia's Facebook-like social network.MalwareX IndividualCCRU
89914/12/2017?Undisclosed Oil Plant in Saudi ArabiaSecurity firm FireEye and Schneider Electric SE reveal the details of a new operation. targeting Triconex industrial safety technology widely used inside nuclear, oil and gas plants. The first victim is allegedly located in Saudi Arabia. The malware is dubbed Triton.Targeted AttackD Electricity gas steam and air conditioning supplyCWSA
90014/12/2017?John KahlbetzerJohn Kahlbetzer, one of Australia’s richest men suffers a $1m loss after his assistant is taken in by a classic Business Email Compromise (BEC) scam.Account HijackingX IndividualCCAU
90114/12/2017?Fox-ITDutch security firm Fox-IT reveals to have fallen victim of a DNS Hijacking attack on September 19th 2017. The attacker modifies a DNS record for one particular server to point to a server in their possession and to intercept and forward the traffic to the original server that belongs to Fox-IT.DNS HijackingJ Information and communicationCENL
90214/12/2017?Unnamed Brazilian BankResearchers from Trend Micro unveil the details of Prilex, a new ATM malware used for targeted attacks against a Brazilian bank.Targeted AttackK Financial and insurance activitiesCCBR
90314/12/2017?Proctor School DistrictThe Proctor school district is hit by ransomware.MalwareP EducationCCUS
90415/12/2017The Lazarus GroupBitcoin Insiders in LondonSecureworks reveals a new spearphishing campaign circulating across bitcoin industry insiders in London, carried on via a fake job opening, and aimed to steal their online credentials. The fingers are pointed to the North Korean hackers of the Lazarus GroupTargeted AttackK Financial and insurance activitiesCEUK
90515/12/2017?TransneftTransneft reveals that its computers have been used for the unauthorized manufacture, or “mining”, of the cryptocurrency Monero.MalwareD Electricity gas steam and air conditioning supplyCCRU
90615/12/2017?California votersResearchers at Kromtech discover an unprotected instance of MongoDB database that appear to have contained 19 million California voters data. The database has been deleted by Cyber Criminals and held for ransom with the attackers demanding 0.2 BTC ($ 3,000 at the time of writing).Unsecure MongoDB databaseO Public administration and defence, compulsory social securityCCUS
90715/12/2017?Stanislaus County's Mental Health Department500 computers from Stanislaus County's Mental Health Department are quarantined after ransomware is detected in the network.MalwareO Public administration and defence, compulsory social securityCCUS
90815/12/2017?39 East Texas School DistrictsStudents from 39 East Texas School Districts have their information compromised by an October hack.UnknownP EducationCCUS
90915/12/2017?OSX UsersSecurity firm Cybereason discovers an invasive adware variant dubbed OSX.Pirrit. The malware targets macOS users adding spyware capabilities.MalwareX IndividualCC>1
91011/12/2017?PinterestPinterest notifies users of suspicious activity due to attackers trying to compromise account using 'credential stuffing' (credentials obtained from other breaches).Credential StuffingJ Information and communicationCCUS
91115/12/2017?Linux and Windows ServersResearchers from F5 Networks discover an aggressive and sophisticated malware campaign, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency. The campaign is dubbed Zealot.MalwareY Multiple targetsCC>1
91217/12/2017?BitfinexBitfinex is, once again hit by a massive DDoS attack.DDoSV FintechCCUS
91318/12/2017?Android UsersKaspersky Lab reveals the details of a new Android malware called Trojan.AndroidOS.Loapi. the malware features a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks and much more.MalwareX IndividualCC>1
91418/12/2017?Wordpress SitesWordPress sites around the globe are the targets of a massive brute-force campaign where hackers attempt to guess admin account logins in order to install a Monero miner on compromised sites.Brute ForceX IndividualCC>1
91518/12/2017?iOS UsersA phony iOS version of Cuphead, a very popular retro game, finds its way into Apple's notoriously restrictive iTunes App store.MalwareX IndividualCCUS
91619/12/2017?YoubitThe South Korean Bitcoin exchange Youbit, previously known as Yapizon quits its operation and files for bankruptcy due to two cyber attacks in last eight months. The company suffers another data breach in which 17% of total assets have been stolen. However, the total value of stolen assets is not mentioned.UnknownV FintechCCKR
91719/12/2017APT-C-15?Arabic Speaking Android UsersResearchers at Trend Micro discover a new Android malware, dubbed AnubisSpy, linked with the Sphinx cyberespionage campaign, which was discovered in 2014-15 and launched by the APT-C-15.MalwareX IndividualCE>1
91819/12/2017?Wordpress SitesCaptcha, a WordPress plugin installed on over 300,000 sites is recently modified to download and install a hidden backdoor.Compromised Wordpress PluginsX IndividualCC>1
91919/12/2017?Multiple Systems WorldwideResearchers from security firm GuardiCore discover multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers target systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet.MalwareY Multiple targetsCC>1
92019/12/2017?MedhostThe website of is redirected to a page where the attackers post a message claiming to have stolen personal information from the servers. However they do not provide any evidence of the data.DNS HijackingQ Human health and social work activitiesCCUS
92120/12/2017People’s Republic of China (PRC)-based actorsFour Western think tanks and an additional two non-governmental organizations (NGOs).Crowdstrike reveals the details of espionage-driven targeted attacks carried on by Chinese actors against four Western think tanks and an additional two non-governmental organizations (NGOs).Targeted AttackM Professional scientific and technical activitiesCE>1
92220/12/2017People’s Republic of China (PRC)-based actorsFour Western think tanks and an additional two non-governmental organizations (NGOs).Crowdstrike reveals the details of espionage-driven targeted attacks carried on by Chinese actors against four Western think tanks and an additional two non-governmental organizations (NGOs).Targeted AttackU Activities of extraterritorial organizations and bodiesCE>1
92320/12/2017?EtherDeltaPopular cryptocurrency exchange EtherDelta is hacked, with many users unknowingly sending their tokens to the hacker instead of the exchange. At least 308 ETH ($266,789) were stolen, as well as a large number of tokens potentially worth hundreds of thousands of dollars.DNS HijackingV FintechCCUS
92420/12/2017?Single IndividualsResearchers from Trend Micro spot a new campaign exploiting CVE-2017-11882 to distribute the Loki Infostealer.MalwareX IndividualCC>1
92520/12/2017?Golden OptometricGoldon Optometric informs some patients whose information was affected by a CrySiS ransomware attack.MalwareQ Human health and social work activitiesCCUS
92621/12/2017?Nissan Canada FinanceNissan Canada's vehicle-financing wing has been hacked, putting personal information on as many as 1.13 million customers at risk. The exposed data includes at least customer names, addresses, vehicle makes and models, vehicle identification numbers (VINs), credit scores, loan amounts and monthly payment figures.UnknownC ManufacturingCCCA
92721/12/2017The Lazarus GroupSingle IndividualsProofpoint researchers uncover what it’s calling the first publicly documented instance of a nation-state targeting a POS-related framework for the theft of credit-card data, carried out by the notorious Lazarus Group hacking arm of Pyongyang.PoS MalwareX IndividualCC>1
92821/12/2017Cron Cybercrime GroupSingle IndividualsSecurity researchers from AVAST warn of new malware designed to harvest banking and card details, which could be linked to the infamous Cron cybercrime group. The malware is dubbed Catelites Bot.MalwareX IndividualCC>1
92921/12/2017?Android UsersSecurity researchers at Lookout find three fake Bitcoin wallet apps on Play Store developed with the intention to steal Bitcoin-related data from users.MalwareX IndividualCC>1
93021/12/2017?Facebook Messenger UsersResearchers at Trend Micro discover a malicious new cryptocurrency mining malware that specifically targets Facebook Messenger users . The malware has been dubbed as Digmine.MalwareX IndividualCC>1
93121/12/2017?WWE Diva PaigeUnknown hackers leak new private photo of WWE Diva PaigeUnknownX IndividualCEUK
93221/12/2017Nexus ZetaHuawei home router HG532Researchers from Check Point discover a zero-day vulnerability in Huawei home router HG532 and a campaign aimed to exploit this vulnerability to inject the SATORI payload.0-Day VulnerabilityX IndividualCC>1
93321/12/2017?GlobexHackers try to steal 55 million rubles ($940,000) from Russian state bank Globex using the SWIFT international payments messaging system. At the end the hackers only withdraw around $100,000.MalwareK Financial and insurance activitiesCCRU
93421/12/2017?Multiple OrganizationsResearchers from Barracuda spot a new campaign where cybercriminals are spoofing scanners to launch attacks containing malicious attachments that appear to be coming from the network printer.MalwareY Multiple targetsCC>1
93522/12/2017?Single IndividualsA new variant of the GlobeImposter ransomware is distributed via a massive malspam campaign.MalwareX IndividualCC>1
93622/12/2017?Jason's DeliJason's Deli notifies its customers that a large quantity of payment card information has appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations.UnknownI Accommodation and food service activitiesCCUS
93722/12/2017?Colorado Mental Health InstituteColorado Mental Health Institute notifies 650 patients after phishing incident.Account HijackingQ Human health and social work activitiesCCUS
93823/12/2017?Veyna & ForschinoVeyna & Forschino disclose a breach involving an unauthorized access to a company email. Compromised information includes individuals’ name, date of birth, telephone numbers, address, Social Security number, W-2 information, 1099 records including account and direct deposit bank account information.Account HijackingK Financial and insurance activitiesCCUS
93926/12/2017?Single IndividualsThe Necurs botnet continues its massive campaign aimed to distribute ransomware with as many as 47 million emails per day.MalwareX IndividualCC>1
94026/12/2017?Offset iCloud accountMigos' Offset iCloud is hacked and nude images of fiancé Cardi B leaked.Account HijackingX IndividualCCUS
94127/12/2017?Longs Peak Family PracticeLongs Peak Family Practice notifies patients following a ransomware and hacking incident that were first detected on November 5.MalwareQ Human health and social work activitiesCCUS
94227/12/2017?, a popular torrent tracker is hacked. The attacker claims to have downloaded the entire database and the site source code.UnknownJ Information and communicationCCNL
94328/12/2017?ExmoA UK-based Bitcoin exchange called Exmo ishit by atargeted DDoS attack. The attack happens just days after one of Exmo's leading analysts, a blockchain expert named Pavel Lerner, is kidnapped in Kiev while leaving his office. A $1M bitcoin ransom is paid to release him.DDoSV FintechCCUK
94428/12/2017?John McAfee Twitter Account (@officialmcafee)John McAfee has his Twitter account hacked and used to promote lesser-known crypto-currencies.Account HijackingX IndividualCCUK
94528/12/2017?Magento SitesDutch security researcher Willem de Groot discovers that Hackers are actively targeting Magento sites running a popular helpdesk extension called Mirasvit Helpdesk.Vulnerable Magento extensionX IndividualCC>1
94628/12/2017?Three PluginsThe Wordpress security team removes three plugins infected with backdoors tied to the same threat actor.Compromised Wordpress PluginsX IndividualCC>1
94728/12/2017?Unnamed OrganizationsThe Italian researcher Marco Ramilli finds a new infostealer campaign in the wild.MalwareY Multiple targetsCC>1
94828/12/2017?Jones Memorial HospitalA cyberattack disrupts computer systems at Jones Memorial Hospital.MalwareQ Human health and social work activitiesCCUS
94929/12/2017?Chrome UsersArchive Poster, a popular Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks.MalwareX IndividualCC>1
95029/12/2017?Miracle-EarMiracle-Ear Inc. says that 554 patient records have been compromised in a security breach to its e-mail system. The incident occurred Oct. 24, when “an unknown and unauthorized intruder” gained access to the e-mail account of an employee of Miracle-Ear’s parent company, Amplifon.Account HijackingC ManufacturingCCUS
95131/12/2017AnonymousCorreggio Speed Cameras databaseThe Anonymous hack the speed cameras database of an Italian city (Correggio) and dump the content.UnknownO Public administration and defence, compulsory social securityHIT