| 1 | 01/01/2017 | >1 | Several Institutions in the British Government | The British National Cyber Security Centre reveals to have foiled 86 attacks in its first month of activity most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs. Top targets include the Bank of England , the Ministry of Defence , nuclear bases, security services and infrastructure such as transport, the NHS and power systems. | >1 | O Public administration and defence, compulsory social security | CE | GB |
| 2 | 01/01/2017 | ? | Transmission and electricity producing lines | Sources from the Energy Ministry claim that a major cyber-attack is the source of the widespread electricity cuts across Istanbul. Turkey sources blame the US for the Attack | Unknown | D Electricity gas steam and air conditioning supply | CW? | TR |
| 3 | 01/01/2017 | CyberZeist | fbi.gov | Exploiting a vulnerability of Plone CMS, CyberZeist claim to have hacked fbi.gov and leaks the records of 155 FBI officials on pastebin. Plone denies that a 0-day vulnerability has been exploited to carry on the attack. | Plone CMS vulnerability | O Public administration and defence, compulsory social security | CC | US |
| 4 | 01/01/2017 | ? | Susan M. Hughes Center (hughescenter.net) | The Susan M. Hughes Center notifies a ransomware incident affecting 11,400 patients. | Malware | Q Human health and social work activities | CC | US |
| 5 | 03/01/2017 | Anonymous | humanrightscommission.vic.gov.au | A group claiming to be part of the Anonymous collective defaces Victoria’s Human Rights Commission website (humanrightscommission.vic.gov.au) with a nonsensical message about its social network AnonPlus. | Defacement | O Public administration and defence, compulsory social security | H | GB |
| 6 | 04/01/2017 | ? | India National Defence Academy (NDA) and National Investigation Agency (NIA) | Indian security forces have been alerted by central intelligence agencies that a WhatsApp virus is threatening to hack into their personal information and banking data. | Malware | O Public administration and defence, compulsory social security | CE | IN |
| 7 | 04/01/2017 | Kuroi’SH | google.com.br | Kuroi’SH hjacks the DNS record of google.com.br and redirects the users to a defaced page. The hacks happens compromising the records held by registro.br. | DNS Hijacking | J Information and communication | CC | BR |
| 8 | 04/01/2017 | ? | Emory Brain Health Center | Emory Healthcare is one of the victims of the MongoDB ransomware attacks and has its database, managed by a third-party and containing 90,000 records encrypted. | Malware | Q Human health and social work activities | CC | US |
| 9 | 04/01/2017 | ? | Northside Independent School District | The Northside Independent School District sends letters to about 23,000 former and current students and employees regarding a security breach that might have put their personal information at risk after several employees' email accounts have been compromised. | Account Hijacking | P Education | CC | US |
| 10 | 05/01/2017 | DragonOK APT | Several Entities in Japan | Palo Alto reveals the details of DragonOK APT, an operation carried on by a Chinese malicious actor targeting primarily Japan, and other regions such as Taiwan, Tibet, and Russia | Targeted Attack | Y Multiple targets | CE | >1 |
| 11 | 05/01/2017 | OilRig APT | Several entities in Israel | ClearSky Security discovers a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The campaign targets at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office. | Targeted Attack | Y Multiple targets | CE | IL |
| 12 | 05/01/2017 | ? | University of Alberta | The Universtity of Alberta discloses the details of a malware attack, occurred late last year, involving 300 computers and putting over 3,000 students at risk. | Malware | P Education | CC | CA |
| 13 | 06/01/2017 | Cyberwolfgang | Square Enix's European Twitter Account (@SQUARE_ENIX_EU) | Video game giant Square Enix's European Twitter account is hacked by a group of hackers calling themselves the "cyberwolfgang" and posts multiple tweets mocking other companies including rival gaming company EA, media outlet TechCrunch . | Account Hijacking | R Arts entertainment and recreation | CC | JP |
| 14 | 06/01/2017 | ? | Arizona Department of Administration | Arizona officials investigate how and when several computers used by state legislators and their staffs became infected with malware. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 15 | 06/01/2017 | ? | 123-Reg | 123-Reg is the target of a DDoS attack which disrupted the company's services only days into 2017. | DDoS | J Information and communication | CC | GB |
| 16 | 06/01/2017 | Kapustkiy | esguarnacpuntademata.mil.ve | One of the websites belonging to Venezuela’s ministry of defense (esguarnacpuntademata.mil.ve) is hacked by Kapustkiy in protest of what the attacker described as the dictatorship of President Nicolas Maduro in the country. The attacker leaks 2,100 records. | SQLi | O Public administration and defence, compulsory social security | H | VE |
| 17 | 07/01/2017 | ? | MJ Freeway | MJ Freeway, a Denver company whose tracking software is used by hundreds of marijuana companies to comply with state regulations, says its main servers and backup system are down after a "targeted cyber attack". | Targeted Attack | J Information and communication | CC | US |
| 18 | 07/01/2017 | ? | Princeton University | Princeton University is one of the 27,000 victims that have their data wiped by attackers leveraging a vulnerable MongoDB. | Malware | P Education | CC | US |
| 19 | 08/01/2017 | ? | esea.net | Over 1.5 million user profiles featuring names, email addresses and personal IDs from the eSports Entertainment Association (Esea), a leading competitive videogame community, are leaked online after being hijacked by hackers in late December last year. | Unknown | R Arts entertainment and recreation | CC | US |
| 20 | 09/01/2017 | ? | Netflix Users in the US | FireEye Labs discovers a sophisticated phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States. | Account Hijacking | X Individual | CC | US |
| 21 | 09/01/2017 | ? | http://forumserver.twoplustwo.com | The operators of the world’s largest online poker discussion forum, TwoPlusTwo, confirm that the forum was hacked at some point late in 2016, with the personal data then being offered for sale. | Unknown | R Arts entertainment and recreation | CC | US |
| 22 | 10/01/2017 | ? | The Los Angeles Valley College (LAVC) | The Los Angeles Valley College (LAVC) is forced to pay $28,000 in bitcoin after cybercriminals successfully infected its computer networks, email systems and voicemail lines with ransomware. | Malware | P Education | CC | US |
| 23 | 10/01/2017 | Anonymous | Multipe Thai Governmantal job portals | The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. | Unknown | O Public administration and defence, compulsory social security | H | TH |
| 24 | 11/01/2017 | Giulio Occhionero and Francesca Maria Occhionero | leading Italian politicians, businessmen and Masons | Italian siblings Giulio and Francesca Maria Occhionero are arrested in Rome, charged with conducting a long-running cyber espionage campaign against leading Italian politicians, businessmen and Masons using a variant of the malware family EyePyramid | Targeted Attack | X Individual | CE | IT |
| 25 | 11/01/2017 | ? | Jabbim | The Jabbim Instant Messaging service is hacked and the database (8gb) is dumped in the dark web. | Unknown | J Information and communication | CC | CZ |
| 26 | 11/01/2017 | The Dark Ovelord? | littlereddooreci.org | The Dark Overlord hacks the computers of an Indiana-based cancer agency and asks for a large payment of 50 Bitcoin ($44,800) not to release the data. Intially the attack seemed to have been caused by ransomware. | Malware | Q Human health and social work activities | CC | US |
| 27 | 11/01/2017 | ? | Kanawha County Schools | Kanawha County Schools tells that their internal documents have been restored after a ransomware attack. | Malware | P Education | CC | US |
| 28 | 12/01/2017 | ? | Cellebrite | Motherboard obtains 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. | Unknown | J Information and communication | CC | IL |
| 29 | 12/01/2017 | ? | General Motors | Reports emerge claiming that GM employees’ names and social security numbers might have been exposed during a breach. | Unknown | C Manufacturing | CC | US |
| 30 | 13/01/2017 | Anonymous | Multipe Thai Governmantal job portals | The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. | Unknown | O Public administration and defence, compulsory social security | H | TH |
| 31 | 13/01/2017 | ? | Barts health trust, which runs five hospitals in east London: the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham | The largest NHS trust in England is hit by rmalware. Unlike early reports suggest, ransomware is ruled out as the cause of the outage. | Malware | Q Human health and social work activities | CC | GB |
| 32 | 13/01/2017 | Anonymous | Multipe Thai Governmantal job portals | The Anonymous kick off another run of #OpSingleGateway and take down multiple governmental job portals, leaking personal and sensitive details of officials and job seekers. | Unknown | O Public administration and defence, compulsory social security | H | TH |
| 33 | 13/01/2017 | ? | University of Maryland School of Medicine | A doctor’s practice plan affiliated with the University of Maryland School of Medicine notifies patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. 1500 patients are affected. | Unknown | Q Human health and social work activities | CC | US |
| 34 | 14/01/2017 | Kapustkiy | gdc.gob.ve | In a form of protest against President Nicolas Maduro, Kapustkiy hacks a website of a local government and dumps around 900 records on pastebin. | LFI/SQLi | O Public administration and defence, compulsory social security | H | VE |
| 35 | 14/01/2017 | ? | MrExcel.com | MrExcel.com reveals that its forum has been compromised on the morning of December 6, 2016. | vBulletin Vulnerability | J Information and communication | CC | US |
| 36 | 14/01/2017 | ? | Dracut Public Schools | Current and former employees’ personal information, including SSN, is acquired by a hacker after an employee falls for what the district describes as a “sophisticated phishing scheme.” | Account Hijacking | P Education | CC | US |
| 37 | 15/01/2017 | ? | Several Indian Banks | Several Indian Banks discover that their SWIFT systems have been compromised to create fake documents. | Unknown | K Financial and insurance activities | CC | IN |
| 38 | 13/01/2017 | Indonesian Hackers | Legitimate Websites | Researchers from Sucuri discover two connected advertising fraud campaigns that compromise legitimate web sites and abuse Google AdSense. | Clickjacking via Malicious Javascript | X Individual | CC | >1 |
| 39 | 15/01/2017 | ? | IHOP (International House of Pancakes) | IHOPTwitter account (@IHOP) is hacked and posts a political tweet against Hillary Clinton. | Account Hjiacking | I Accommodation and food service activities | CC | US |
| 40 | 16/01/2017 | ? | Sentara Healthcare | A cyber security breach at a third party vendor for Sentara Healthcare compromises the records of over 5,000 patients. | Unknown | Q Human health and social work activities | CC | US |
| 41 | 16/01/2017 | ? | Channel One | Russian state television Channel One blames hackers for the leak online of the final episode of the BBC drama Sherlock a day before its actual planning. | Unknown | J Information and communication | CC | RU |
| 42 | 16/01/2017 | ? | Laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal. | The Korea Times reveals the details of an attempt made by oversea attackers to hack into a laptop belonging to the special investigation team probing President Park Geun-hye’s political scandal. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR |
| 43 | 17/01/2017 | ? | Supercell | Supercell Forum is hacked and 1.1 million accounts are leaked. The breach allegedly took place in September 2016. | Unknown | R Arts entertainment and recreation | CC | FI |
| 44 | 17/01/2017 | ? | 20,000 individuals in the Netherlands | Police in the Netherlands are set to email 20,000 possible fraud victims urging them to change their account details, after discovering their credentials had been stolen by a man arrested last year on suspicion of multiple cybercrime offences. | Malware/Account Hijacking | X Individual | CC | NL |
| 45 | 17/01/2017 | ? | Racingpulse.in | A popular horse racing website (Racingpulse.in) is hacked with Ransomware. | Malware | R Arts entertainment and recreation | CC | IN |
| 46 | 17/01/2017 | ? | Advanced Flexible Composites Inc. | The computer system of Advanced Flexible Composites Inc. is hacked preventing the firm from processing quote requests or orders and from receiving emails. | Malware | C Manufacturing | CC | US |
| 47 | 18/01/2017 | ? | College students across the United States | The FBI’s Internet Crime Complaint Center publishes an alert against a scam tricking college students into depositing fraudulent checks into their bank accounts. | Account Hjiacking | P Education | CC | US |
| 48 | 18/01/2017 | ? | Several biomedical research facilities | Malwarebytes reveals the details of a newly discovered Mac malware, which has likely been targeting biomedical research facilities for at least two years without detection. | Malware | M Professional scientific and technical activities | CC | US |
| 49 | 18/01/2017 | ? | POPEYES | CCC Restaurant Enterprises, LLC, doing business as POPEYES, announce that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at 10 Restaurant locations between May 5, 2016 and August 18, 2016. | PoS Malware | I Accommodation and food service activities | CC | US |
| 50 | 20/01/2017 | ? | WCHQ 100.9 FM | Crescent Hill Radio WCHQ 100.9 FM, a popular, non-profit radio station in Louisville, Kentucky is hacked to play an anti-Trump song for almost 15 minutes by interrupting regular programming. | Unknown | J Information and communication | CC | US |
| 51 | 20/01/2017 | ? | St Louis Public Library | St Louis Public Library is hit by a ransomware attack. Hattackers demand $35,000 worth in Bitcoin. | Malware | Q Human health and social work activities | CC | US |
| 52 | 20/01/2017 | ? | Bowlmor AMF | Bowlmor AMF, the world’s largest bowling center operator, says that it had a possible data breach at 21 of its more than 300 domestic locations in 12 states between Feb. 4 and March 19. | PoS Malware | R Arts entertainment and recreation | CC | US |
| 53 | 20/01/2017 | ? | Ohio State Veterinary Medical Center | A malware infection is to blame for a security breach that could put the personal information of up to 4,611 clients of the Ohio State Veterinary Medical Center. | Malware | P Education | CC | US |
| 54 | 21/01/2017 | ? | BBC Northampton Twitter account (@BBCNorthampton) | The BBC Northampton Twitter account (@BBCNorthampton) is hacked and reports the false news that Donald Trump had been shot. | Account Hjiacking | J Information and communication | CC | GB |
| 55 | 21/01/2017 | Sc0rp10nGh0s7 | www.nari-icmr.res.in | Sc0rp10nGh0s7 from the Shad0w Security crew breaks into the servers of the National Aids Research Institute NARI (India) and claims to have accessed a more than 1 GB archive containing the results for dozens Hiv test. | SQLi? | Q Human health and social work activities | CC | IN |
| 56 | 21/01/2017 | ? | Sundance Film Festival | The box office and other systems at the Sundance Film Festival are shut down by hackers. | DDoS | R Arts entertainment and recreation | CC | US |
| 57 | 22/01/2017 | Chipher0007 | AlphaBay | About 218,000 unencrypted private messages posted to the AlphaBay dark web marketplace are accessed and released to the public. | Undisclosed Vulnerabilities | G Wholesale and retail trade | CC | N/A |
| 58 | 22/01/2017 | OurMine | New York Times Video Twitter Account (@nytvideo) | OurMine hacks the Twitter account of New York Time Video (@nytvideo) and posts fake news. | Account Hjiacking | J Information and communication | CC | US |
| 59 | 23/01/2017 | ? | Lloyds Bank | The Financial Time reveals that Lloyds Bank has been targeted by a large scale DDoS attack over the past two weeks. Two crooks claims responsibility for the attack. | DDoS | K Financial and insurance activities | CC | GB |
| 60 | 23/01/2017 | ? | Several targets in Saudi Arabia | Saudi Arabia warns organizations in the Kingdom to be on the alert for cyber attacks carried on via a new variant of the Shamoon virus. Targets include a chemical firm (Sadara Chemical Co) and the Ministry of Labor and Social Development. | Malware | Y Multiple targets | CW | SA |
| 61 | 23/01/2017 | ? | XP Investimentos SA | Hackers who stole data from 29,000 clients of XP Investimentos SA allegedly tried to get the Brazilian independent securities firm to pay 22.5 million reais ($7.1 million) to keep the security breach secret. | Industry: Securities | Z Unknown | CC | BR |
| 62 | 24/01/2017 | ? | Grey Eagle Resort and Casino | Grey Eagle Resort and Casino and the attackers threatne to dump hundreds of gigabytes of data. The Casino confirms the breach. | Unknown | I Accommodation and food service activities | CC | US |
| 63 | 24/01/2017 | ? | larisa@steamreal.ru ewartumba@mail.ru | Websites of the Democratic Party in the Wisconsin area are hacked by alleged Russian Hackers. | Undisclosed Vulnerabilities | N Administrative and support service activities | CC | US |
| 64 | 25/01/2017 | APT28 AKA Fancy Bear | Unnamed TV Station in the UK | SecureWorks reveals that APT28 was able to infiltrate an unnamed TV station in the UK and stay undetected for 12 months starting from July 2015. | Targeted Attack | J Information and communication | CE | GB |
| 65 | 25/01/2017 | ? | Cockrell Hill Police | Police in Cockrell Hill, Texas admits in a press release to have lost years worth of evidence after the department's server was infected with ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 66 | 25/01/2017 | ? | Argyle school district | Argyle school district warns its workers that their W-2 tax forms were lost in a phishing attack. | Account Hjiacking | P Education | CC | US |
| 67 | 25/01/2017 | ? | Several Chinese Internet Giants | A dark web vendor going by the handle “DoubleFlag” sells 1 billion accounts stolen from several Chinese Internet giants, including NetEase Inc and its subsidiaries 126.com, 163.com and Yeah.net. Tencent Holdings Limited owned QQ.com, TOM Group’s Tom.com 163.net, Sina Corporation’s Sina.com/Sina.com.cn, Sohu, Inc.’s Sohu.com and Letter Network Information Technology Co., Ltd owned eYou.com. | Unknown | J Information and communication | CC | CN |
| 68 | 25/01/2017 | ? | U.S. Cellular | DoubleFlag now claims to sell a database containing 126 million customer records from U.S. Cellular. The company denies the hack. | Unknown | J Information and communication | CC | US |
| 69 | 25/01/2017 | ? | Campbell County Health | Social Security numbers and W-2 information for about 1,400 employees who worked over the past year at Campbell County Health are mistakenly released to someone impersonating a hospital executive. | Account Hjiacking | Q Human health and social work activities | CC | US |
| 70 | 25/01/2017 | Four Teenagers | Several E-Commerce websites | Four teenagers are arrested for allegedly digitally shoplifting vouchers worth Rs92 lakh [$134,985.29 USD] exploiting a vulnerability in tha payment gateway (PayU). | Payment gateway vulnerability | J Information and communication | CC | IN |
| 71 | 25/01/2017 | ? | Tipton County Schools | Tipton County Schools are hit by a phishing scam aimed to steal employees' personal W-2 forms. | Account Hjiacking | P Education | CC | US |
| 72 | 25/01/2017 | ? | Swedish Armed Forces | Daily newspaper Dagens Nyheter reports that Sweden's armed forces were recently exposed to an extensive cyber attack that prompted them to shut down an the Caxcis IT system, used in military exercises | Unknown | O Public administration and defence, compulsory social security | CE | SE |
| 73 | 26/01/2017 | ? | Hong Kong Securities Brokers | Hong Kong's securities regulator says that brokers in the city has suffered major DDoS cyber attacks and warn of possible further incidents across the industry. | DDoS | K Financial and insurance activities | CC | HK |
| 74 | 26/01/2017 | ? | Odessa School District | The Odessa School District is hit by a phishing scam aimed to steal employees' personal W-2 forms. | Account Hjiacking | P Education | CC | US |
| 75 | 26/01/2017 | ? | High Fidelity | High Fidelity users receive an e-mail from Philip Rosedale, CEO and founder of the new social VR world, announcing the compromise of a staff email account in late December and Early January. | Account Hjiacking | R Arts entertainment and recreation | CC | US |
| 76 | 27/01/2017 | ? | D.C. Police | Ransomware infected 70 percent of storage devices that record data from D.C. police surveillance cameras eight days before President Trump’s inauguration, forcing major citywide reinstallation efforts, | Malware | O Public administration and defence, compulsory social security | CC | US |
| 77 | 27/01/2017 | ? | NATO | Talos reveals the details of Matryoshka Doll, a spear phishing campaign targeting NATO officials during the Christmas and New Year Holiday | Targeted Attack | O Public administration and defence, compulsory social security | CE | INT |
| 78 | 27/01/2017 | ? | Australian Nuclear Science and Technology Organisation (ANSTO) | The Australian Nuclear Science and Technology Organisation (ANSTO) investigate a computer security breach at the Australian Synchrotron that saw hackers steal scientists' usernames and passwords. | Undisclosed Vulnerabilities | O Public administration and defence, compulsory social security | CC | AU |
| 79 | 27/01/2017 | ? | Sunrun | Solar panel maker Sunrun is hit with a spearphishing attack, impersonating the CEO Lynn Jurich, that gets away with the company employee W-2 information. | Account Hjiacking | C Manufacturing | CC | US |
| 80 | 27/01/2017 | ? | Princeton Pain Management | Princeton Pain Management is notifying 4,668 patients of a hack that was detected on November 28. Although they found no evidence that data were removed from their system, protected health information (PHI) was accessed. | Unknown | Q Human health and social work activities | CC | US |
| 81 | 28/01/2017 | ? | Romantik Seehotel Jaegerwirt | One of Europe's top hotels, Romantik Seehotel Jaegerwirt, admits they had to pay thousands in Bitcoin ransom to cybercriminals who managed to hack their electronic key system, locking hundreds of guests out of their rooms until the money was paid. | Malware | I Accommodation and food service activities | CC | AT |
| 82 | 28/01/2017 | OurMine | Multiple Twitter accounts associated with the World Wrestling Entertainment Group | OurMine hacks multiple Twitter accounts associated with the World Wrestling Entertainment group, including that of WWE Universe, WWE NXT, WWE Network, Summer Slam as well as wrestlers John Cena and Triple H. WWE's Tumblr page is also compromised. | Account Hjiacking | R Arts entertainment and recreation | CC | US |
| 83 | 28/01/2017 | ? | Dr.Web Emsisoft | In the past week, two security firms, Dr.Web and Emsisoft, suffered DDoS attacks at the hands of cyber-criminals who attempted to bring down their websites as payback for meddling with their illegal activities. | DDoS | J Information and communication | CC | RU AT |
| 84 | 30/01/2017 | APT28 AKA Fancy Bear | Polish Foreign Ministry | The Polish daily newspaper Rzeczpospolita reveals that the hack against the Polish Foreign Ministry occurred in December was probably orchestrated by APT28. | Targeted Attack | O Public administration and defence, compulsory social security | CE | PL |
| 85 | 31/01/2017 | ? | Czech Foreign Ministry | Czech Foreign Minister Lubomir Zaoralek says that hackers breached dozens of email accounts at the Czech Foreign Ministry in an attack resembling one against the U.S. Democratic Party. | Targeted Attack | O Public administration and defence, compulsory social security | CE | CZ |
| 86 | 31/01/2017 | Gaza Cybergang | Several Govrenments in the Middle East Area | Researchers at Palo Alto Networks reveal the details of a new cyber espionage campaign carried on by the Gaza Cybergang. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 87 | 31/01/2017 | ? | CD Projekt Red | CD Projekt Red, the Poland-based developer behind the popular 'Witcher' game and comic series, is hit with a forum hack that compromised over 1.8 million user credentials. The hack allegedly took place in March last year. | Unknown | R Arts entertainment and recreation | CC | PL |
| 88 | 31/01/2017 | ? | Linking County | Licking County servers are targeted by a rnsomware infection. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 89 | 31/01/2017 | ? | Xbox360 and Playstation Portable ISO Forums | An unidentified hacker reportedly breaches the XBOX 360 and PlayStation Portable ISO forums compromising 2.5 million gamer accounts. The breach is unconfirmed. | Unknown | R Arts entertainment and recreation | CC | US JP |
| 90 | 31/01/2017 | ? | Sunny 107.9 WFBS-LPFM | Another station is hijacked to play the "F*** Donald Trump" song. | Barix box hijacking | J Information and communication | CC | US |
| 91 | 01/02/2017 | ? | Point of Sale infrastructure un Brazil and other countries | Arbor Networks researchers reveal the details of the Flokibot malware family targeting Point of Sale infrastructure in Brazil and other countries. | PoS Malware | K Financial and insurance activities | CC | BR |
| 92 | 02/02/2017 | Chinese state-sponsored hackers | Military and aerospace interests in Russia and Belarus | Proofpoint reveals the details of an ongoing cyber-espionage campaign targeting military and aerospace interests in Russia and Belarus via ZeroT and the PlugX RAT. | Targeted Attack | C Manufacturing | CE | RU BY |
| 93 | 02/02/2017 | ? | City of Troy | The City of Troy computer system is the victim of a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 94 | 03/02/2017 | APT29 | Norwegian Labour Party | Norway’s security service says nine email accounts — including those belonging to the Labour party, the foreign ministry and defense ministry — have been targeted by hackers belonging APT29. | Targeted Attack | O Public administration and defence, compulsory social security | CE | NO |
| 95 | 03/02/2017 | ? | Tiverton Town Council | John Vanderwolfe, a town clerk wipes council documents dating back to 2015 after mistakenly opening an email containing a ransomware malware. | Malware | O Public administration and defence, compulsory social security | CC | GB |
| 96 | 03/02/2017 | Anonymous | Freedom Hosting II | The Anonymous take down Freedom Hosting II, the largest repository of dark web sites. The hackers are able to steal 75GB worth of files and 2.6 GB of databases | Unknown | J Information and communication | H | N/A |
| 97 | 03/02/2017 | ? | Manatee County School District | The Manatee County School District is the victim of a phishing scam that compromises the information from almost 8,000 employees. | Account Hijacking | P Education | CC | US |
| 98 | 04/02/2017 | Berkut | PoliceOne | Motherboard reveals that a hacker going with the handle of Berkut is selling a database allegedly containing over 700,000 user accounts from PoliceOne, a popular law enforcement forum. | Unknown | J Information and communication | CC | US |
| 99 | 04/02/2017 | ? | David Beckham | David Beckham's emails are held hostage by hackers, and published after his representatives refuse to pay a ransom of €1 million (£860,000). The ‘Beckileaks' came as part of a breach on sports and entertainment agency, Doyen Global (18.6 million emails apparently accessed in 2015 and 2016). | Unknown | R Arts entertainment and recreation | CC | GB |
| 100 | 04/02/2017 | Stackoverflowin | 150,000 online printers | A grey-hat hacker going by the name of Stackoverflowin says he's pwned over 150,000 printers that have been left accessible online. | Online Printers Vulnerability | X Individual | CC | >1 |
| 101 | 05/02/2017 | ? | Email accounts of Irish solicitors | The Sunday Independent reveals that cybercriminals are hacking the email accounts of Irish solicitors in an attempt to steal tens of thousands of euro from unsuspecting home buyers. | Account Hijacking | M Professional scientific and technical activities | CC | IE |
| 102 | 06/02/2017 | ? | 45 Committee | The website of 45 Committee, a PAC supporting President Donald Trump, is defaced. | Defacement | N Administrative and support service activities | H | US |
| 103 | 06/02/2017 | ? | Verity Health System | Verity Health System has now issued a statement about a breach reported to HHS on January 11 as affecting 10,164 patients. | Unknown | Q Human health and social work activities | CC | US |
| 104 | 06/02/2017 | Charming Kitten | Mac Users | Two security researchers reveal the details of a new campaign linked to Charming Kitten, a cyber espionage group linked to the Iranian Government using an unsophisticated strain of malware, dubbed MacDownloader, to steal credentials and other data from Mac computers. | Malware | X Individual | CC | >1 |
| 105 | 06/02/2017 | ? | Logic Supply | US-based industrial computer supplier Logic Supply resets user passwords following an nauthorised access through the firm's website, which may have exposed customer/company names, usernames and passwords, and order information. | Unknown | C Manufacturing | CC | US |
| 106 | 07/02/2017 | Turla? | Multiple foreign embassies and ministries | According to Forcepoint, an unknown actor whose targets and tactics resemble those of Turla, a Russian APT, has been compromising the websites of foreign embassies, ministries and organizations, in an attempt to infect certain site visitors with malware. | Malicious Code Injection | O Public administration and defence, compulsory social security | CE | >1 |
| 107 | 07/02/2017 | Fallaga Hacker Team | Six NHS Websites | The Independent reveals that, over the past six weeks, six NHS websites were defaced showing gruesome images of the conflict in Syria with the hashtags: #Op_Russia and #save_aleppo. | Defacement | Q Human health and social work activities | H | GB |
| 108 | 07/02/2017 | Aslan Neferler Tim (ANT), or Lion Soldiers Team | Austria's Parliament | Austria's parliament says that a Turkish hackers' group dubbed Aslan Neferler Tim (ANT), or Lion Soldiers Team has claimed responsibility for a cyber attack that brought down its website for 20 minutes during the weekend. | DDoS | O Public administration and defence, compulsory social security | H | AT |
| 109 | 07/02/2017 | ? | National Treasury Management Agency | The National Treasury Management Agency temporarily suspends access to its website for several hours today after a suspected defacement attack. | Defacement | O Public administration and defence, compulsory social security | H | IE |
| 110 | 07/02/2017 | ? | Darcy Vescio's Twitter account (@darcyvee) | AFL Women's league player Darcy Vescio Twitter account is hacked. | Account Hijacking | X Individual | CC | AU |
| 111 | 07/02/2017 | ? | Canadian Tire | Canadian Tire shuts down customer access to online accounts after detecting unusual traffic in their website. | Unknown | G Wholesale and retail trade | CC | CA |
| 112 | 08/02/2017 | ? | Several Organizations Worldwide | Kaspersky Lab reveals the details of a fileless malware targeting several organizations worldwide. | Malware | Y Multiple targets | CC | >1 |
| 113 | 08/02/2017 | ? | Sports Direct | Sports Direct is accused to have suffered (and kept hidden) a data breach affecting 30,000 employees. The breach allegedly happened on September 2016. | CMS Vulnerability (DNN) | G Wholesale and retail trade | CC | GB |
| 114 | 08/02/2017 | ? | FileSilo.co.uk | UK magazine publisher Future's FileSilo website (FileSilo.co.uk) is raided by hackers, who make off with, among other information, unencrypted user account passwords. | Unknown | J Information and communication | CC | GB |
| 115 | 08/02/2017 | zerodark70 | UPI.com | zerodark70 sells a database supposedly containing 83,000 compromised accounts from UPI.com, the website of the 110-year-old American news agency United Press International. | Unknown | J Information and communication | CC | US |
| 116 | 08/02/2017 | ? | Alton Steel, Inc. | A security breach at Alton Steel, Inc. has left its employees open to identity theft, and more than one employee has already this year had fraudulent tax returns filed in their name. | Account Hijacking | C Manufacturing | CC | US |
| 117 | 09/02/2017 | ? | Arby's | The fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations. | PoS Malware | I Accommodation and food service activities | CC | US |
| 118 | 09/02/2017 | ? | Hitachi Payment Services | Hitachi Payments Services confirms that its systems were compromised by a sophisticated malware in mid-2016, that led to one of the biggest cyber security breaches in the country with 3.2 million cards affected. | Malware | K Financial and insurance activities | CC | IN |
| 119 | 09/02/2017 | ? | Loblaws | Loblaw warns PC Plus rewards collectors to reset their passwords after points were stolen from some members’ accounts. | Account Hijacking | G Wholesale and retail trade | CC | CA |
| 120 | 09/02/2017 | ? | Taiwanese Ministry of Foreign Affair's Bureau of Consular Affairs (BOCA) | 15,000 data files of Taiwanese nationals could have been hacked due to an intrusion in the email system. | Unknown | O Public administration and defence, compulsory social security | CE | TW |
| 121 | 10/02/2017 | Russian Hackers? | Italian Foreign Ministry | Russia is suspected by Italian officials of being behind a sustained hacking attack against the Italian foreign ministry last year that compromised email communications and lasted for many months before it was detected | Targeted Attack | O Public administration and defence, compulsory social security | CE | IT |
| 122 | 10/02/2017 | ? | Mazagon Dock Shipbuilders Limited | Mazagon Dock Shipbuilders Limited is the victim of a targeted attack. | Targeted Attack | C Manufacturing | CE | IN |
| 123 | 11/02/2017 | ? | Mexican researchers and public health activists supporting the Mexican soda tax | The New York Times reveals that Mexican researchers and public health activists supporting the Mexican soda tax were reportedly targeted by hackers using Israeli-based cyberweapons manufacturer, NSO Group's, spyware dubbed Pegasus. | Targeted Attack | Q Human health and social work activities | CE | MX |
| 124 | 12/02/2017 | >1 | Great Britain | In his first key interview, Ciaran Martin, head of GCHQ’s new National Cyber Security Centre (NCSC), warns that Britain is being hit by 60 significant cyber-attacks a month, including attempts by Russian state-sponsored hackers to steal defence and foreign policy secrets from government departments. | >1 | O Public administration and defence, compulsory social security | CW | GB |
| 125 | 13/02/2017 | Lazarus APT | Several Banks Worldwide | Symantec reveals the details of a new malware campaign targeting 100 banks and other financial institutions in 31 countries. | Malware | K Financial and insurance activities | CC | >1 |
| 126 | 14/02/2017 | Russian Hackers? | Emmanuel Macron | French front-runner Emmanuel Macron calls for the European Union to stand firm against Russia as his French election campaign is targeted by computer hackers. The Kremlin denies any allegations. | Unknown | X Individual | CW | FR |
| 127 | 14/02/2017 | ? | Activists and journalists in Qatar and Nepal | Amnesty International reveals the details of Operation Kingphish: a Campaign of Cyber Attacks against activists and journalists in Qatar and Nepal. | Targeted Attack | X Individual | CE | QA NP |
| 128 | 14/02/2017 | ? | FunPlus | An unknown hacker steals user account information (3.3 million records) and alleged product source code from FunPlus, the company that makes highly popular free-to-play mobile game Family Farm Seaside. | Unknown | R Arts entertainment and recreation | CC | CN |
| 129 | 14/02/2017 | APT28 | Macbook Users | Bitdefender Lab reveals the details of Xagent, a malware designed for victims running Mac OS X to steal passwords, grab screenshots and steal iPhone backups | Malware | X Individual | CE | >1 |
| 130 | 14/02/2017 | ? | Citizens Memorial Hospital | Citizens Memorial Hospital employee data are compromised by a W-2 phishing scam. | Account Hijacking | Q Human health and social work activities | CC | US |
| 131 | 14/02/2017 | ? | San Antonio Symphony | Computer hackers break into the computer network for the San Antonio Symphony, stealing the names, birth dates, Social Security numbers, addresses and W-2 tax forms for about 250 employees. | Unknown | M Professional scientific and technical activities | CC | US |
| 132 | 15/02/2017 | Russia | Ukraine | Ukraine accuses Russian hackers of targeting its power grid, financial system and other infrastructure with a new type of virus that attacks industrial processes, the latest in a series of cyber offensives against the country. | Targeted Attack | O Public administration and defence, compulsory social security | CW | UA |
| 133 | 15/02/2017 | Rasputin | Over 60 global organisations, including US government agencies and international universities. | Recorded Future reveals the details of a massive campaign carried on by a Russian hacker called Rasputin, and targeting multiple organizations worldwide, incuding the Cornell University, New York University, University of Washington, University of Oxford, University of Cambridge, US National Oceanic and Atmospheric Administration and US Department of Housing and Urban Development. | SQLi | Y Multiple targets | CC | >1 |
| 134 | 15/02/2017 | ? | PharmaNet | The personal information of approximately 7,500 British Columbians may have been compromised through the provincial government's PharmaNet system, when an "unknown/unauthorized person obtained and used a physician's login to access PharmaNet." | Account Hijacking | O Public administration and defence, compulsory social security | CC | CA |
| 135 | 10/02/2017 | ? | Texas Department of Transportation | The Texas Department of Transportation says some personal information of employees was compromised last week due to a “security incident.” | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 136 | 14/02/2017 | ? | Unnamed Oklahoma Agency | The Office of Management and Enterprise Services confirms that an unnamed agency has been targeted by ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 137 | 15/02/2017 | ? | Yahoo! | Yahoo sends out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo's mail service that allowed an attacker—most likely a "state actor," according to Yahoo—to use a forged "cookie" created by software stolen from within Yahoo's internal systems to gain access to user accounts without a password. | Forged Cookie | J Information and communication | CE | US |
| 138 | 15/02/2017 | ? | Multiple Targets in Saudi Arabia | Security researchers reveal the details of a cyber espionage operation dubbed Magic Hound linked to Iran and the recent Shamoon 2 attacks. | Malware | Y Multiple targets | CC | SA |
| 139 | 16/02/2017 | ? | Israeli Defense Force | Two separate papers from Kaspersky and Lookout reveal the details of ViperRAT, an active APT targeting the Israeli Defense Force. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IL |
| 140 | 16/02/2017 | ? | Islamic State Supporters | Islamic State supporters are targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit. | Targeted Attack | X Individual | CE | N/A |
| 141 | 17/02/2017 | ? | Zcoin | A simple one-digit typo within the source code of a cryptocurrency called Zcoin has allowed a hacker to make a profit of over $400,000 worth of cryptocurrency. | Coding Error | V Fintech | CC | N/A |
| 142 | 17/02/2017 | ? | Bingham County | Hackers demand $25K-$30K after ransomware attack takes down Bingham County servers | Malware | O Public administration and defence, compulsory social security | CC | US |
| 143 | 17/02/2017 | ? | Lexington Medical Center | Lexington Medical Center notifies employees of breach affecting its database. | Unknown | Q Human health and social work activities | CC | US |
| 144 | 18/02/2017 | ? | Family Service Rochester | Family Services Rochester notifies individuals that portions of its computer systems that contained personal information has been compromised by ransomware. | Malware | Q Human health and social work activities | CC | US |
| 145 | 19/02/2017 | Pro_Mast3r | secure2donaldjtrump.com | A hacked dubbed Pro_Mast3r defaces a server associated with President Donald Trump's presidential campaign donations. | Defacement | N Administrative and support service activities | CC | US |
| 146 | 19/02/2017 | Kuroi’SH | Asiana Airlines | Kuroi’SH defaces the official website of Asiana Airlines, one of the major airlines in South Korea. | Defacement | H Transportation and storage | H | KR |
| 147 | 20/02/2017 | ? | Airsoft GI Forum (airsoftgiforum.com) | A hacker claims to have hacked the official web forum of a gun retailer Airsoft GI (airsoftgiforum.com) and uploaded its data on Dropbox. | SQLi | G Wholesale and retail trade | CC | US |
| 148 | 21/02/2017 | ? | Several industries, including critical infrastructure and news media. | Researchers at CyberX discover a cyber espionage campaign called Bugdrop, that siphoned more than 600 gigabytes from about 70 targets in several industries, including critical infrastructure and news media. | Targeted Attack | Y Multiple Targets | CE | >1 |
| 149 | 21/02/2017 | ? | Bitfinex | Top Bitcoin trading platform Bitfinex is hit by a "severe DDoS attack." | DDoS | V Fintech | CC | N/A |
| 150 | 22/02/2017 | Berkut | Coachella Music Festival | Nearly one million Coachella accounts are reportedly currently up for sale on the dark web. | Unknown | R Arts entertainment and recreation | CC | US |
| 151 | 22/02/2017 | ? | Montenegrin government and several state institutions | The websites of the Montenegrin government and several state institutions, as well as some pro-government media, are targeted with multiple cyberattacks started since February, 15th. | Unknown | O Public administration and defence, compulsory social security | CW | ME |
| 152 | 22/02/2017 | RTM | Remote Banking Systems (RBS). | Experts at software firm ESET reveal the details of the activity of a cybercrime group tracked as RTM using a sophisticated malware written in Delphi language to target Remote Banking Systems (RBS). The Remote Banking Systems are business software used to make bulk financial transfers. | Malware | K Financial and insurance activities | CC | >1 |
| 153 | 22/02/2017 | ? | South Washington County School District | The South Washington County school district tightens security after a high school student hacks into the district’s server and takes names, Social Security numbers and some addresses. | Unknown | P Education | CC | US |
| 154 | 23/02/2017 | North Korea? | South Korea? | Talos reveals the details of a malware campaign against South Korean users, active between November 2016 and January 2017, targeting a limited number of people. The infection vector is a Hangul Word Processor document (HWP), a popular alternative to Microsoft Office for South Korean users developed by Hancom. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR |
| 155 | 23/02/2017 | ? | Apple | A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, after malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service. | Malware | C Manufacturing | CC | US |
| 156 | 24/02/2017 | ? | Multiple Targets | The carder forum CVV2Finder claims to have more than 150 million logins, from several popular services, including Netflix and Uber obtained by exploiting the recently discovered Cloudbleed. | Cloudbleed | Y Multiple targets | CC | >1 |
| 157 | 24/02/2017 | ? | 1,500 organizations from 100 countries | Kaspersky Lab exposes the details of a new wave of attacks carried on via the Adwind Remote Access Tool targeting 1,500 organizations from 100 countries. | Malware (Adwind) | Y Multiple targets | CC | >1 |
| 158 | 25/02/2017 | ? | Roberts Hawaii | The tour company Roberts Hawaii warns its customers about a security breach that may have affected people who purchased tours and other services on its website between July 2015 and December 2016 | Malicious Code | I Accommodation and food service activities | CC | US |
| 159 | 25/02/2017 | National Hackers Agency (NHA) | 605 Websites hosted by DomainMonster | A hacking crew that goes by the name of National Hackers Agency (NHA) has defaced 605 websites in one go after they managed to get access to a server from UK hosting firm DomainMonster. | Defacement | Y Multiple targets | CC | GB |
| 160 | 27/02/2017 | ? | Luxembourg Government's servers | The Luxembourg government's servers are hit in a massive DDoS attack that lasts over 24 hours. The attack s believed to have affected over a hundred websites hosted by the government's servers. | DDoS | O Public administration and defence, compulsory social security | CC | LU |
| 161 | 27/02/2017 | Gamaredon | Ukrainian government, military and law enforcement officials. | According to the experts from Palo Alto Networks, a Russian state-actor dubbed Gamaredon is using a custom-developed malware in cyber espionage campaigns against the Ukrainian government, military and law enforcement officials. | Targeted Attack | O Public administration and defence, compulsory social security | CE | UA |
| 162 | 27/02/2017 | CrimeAgency | 126 vBulletin Forum | A hacker going by the online handle of “CrimeAgency” claims to have hacked 126 vBulletin (vB) based web forum stealing personal data of forum’s administrators and registered users ending up leaking it on an underground hacking forum. | vBulletin Vulnerability | J Information and communication | CC | >1 |
| 163 | 27/02/2017 | ? | Japanese Companies and Individuals | Cylance discovers Snake Wine another prolonged campaign that appears to exclusively target Japanese companies and individuals. | Targeted Attack | Y Multiple targets | CE | JP |
| 164 | 27/02/2017 | ? | Amalgamated Sugar | Nearly 3,000 workers at Amalgamated Sugar receive notifications of an intruder accessing the company's network and their personal information being disclosed. | Unknown | I Accommodation and food service activities | CC | US |
| 165 | 28/02/2017 | ? | Singapore's Ministry of Defence (Mindef) | Singapore's Ministry of Defence (Mindef) confirms that the personal details more than 850 national servicemen and employees were stolen in a "targeted and well-planned" cyberattack earlier this month. | Targeted Attack | O Public administration and defence, compulsory social security | CE | SG |
| 166 | 28/02/2017 | ? | Aptos | Shoppers of 40 online stores have had their bank card numbers and addresses stolen by a malware infection at backend provider Aptos occurred late last year | Malware | G Wholesale and retail trade | CC | US |
| 167 | 01/03/2017 | ? | Single Individuals | Malware Must Die publishes the details of a massive credential harvesting campaign carried on via an SSH Direct TCP Forward attack orchestrated via an IoT botnet. | SSH Direct TCP Forward | X Individual | CC | >1 |
| 168 | 01/03/2017 | ? | Association of British Travel Agents (ABTA) | The UK's largest travel trade organisation, the Association of British Travel Agents (ABTA) experiences a cyberattack on its website that puts 43,000 holidaymakers and travel agents at risk of identity theft. | Unknown | I Accommodation and food service activities | CC | UK |
| 169 | 01/03/2017 | ? | Kennesaw State University | The FBI is investigating an alleged hack of Kennesaw State University server. | Unknown | P Education | CC | US |
| 170 | 02/03/2017 | China? | Lotte Duty Free (lottedfs.com) | South Korea's Lotte Duty Free website (lottedfs.com) is taken down by a DDoS attack orchestrated from a Chinese IP. | DDoS | G Wholesale and retail trade | CC | KR |
| 171 | 02/03/2017 | ? | Radio Station WZZY-FM | Radio station WZZY-FM falls victim to a prank when hackers access its computer systems and begin broadcasting fake news alerts of a zombie attack, along with a disease outbreak caused by the resulting carnage. | Unknown | J Information and communication | CC | US |
| 172 | 02/03/2017 | ? | Daytona State College | Daytona State College notifies staff of potential W-2 incident | Account Hijacking | P Education | CC | US |
| 173 | 03/03/2017 | ? | Pennsylvania Senate Democrats | The Pennsylvania Senate Democrats are hit by a ransomware attack that locks senators and employees out of their computer network | Malware | O Public administration and defence, compulsory social security | CC | US |
| 174 | 04/03/2017 | ? | Advertisement board in Mexico City | A digital advertisement board owned by Grupo Carteleras located on a busy road in Mexico City is hacked on Friday and features a pornographic video for a few minutes. | Unknown | S Other service activities | CC | MX |
| 175 | 06/03/2017 | Cozy Bear (APT29)? | Several US progressive groups | New reports reveal that Russian hackers are targeting U.S. progressive groups in a new wave of attacks. According to the report, at least a dozen groups have faced extortion attempts since the U.S. presidential election. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession. | Targeted Attack | N Administrative and support service activities | CC | US |
| 176 | 06/03/2017 | ? | Several organisations across Saudi Arabia and Europe | Kaspersky Lab reveals the details of a new wiper malware, dubbed StoneDrill, has been uncovered by security researchers, believed to be targeting more organisations across Saudi Arabia and Europe. | Targeted Attack | Y Multiple targets | CC | >1 |
| 177 | 06/03/2017 | ? | University of Idaho | University of Idaho notifies 257 employees after phishing incident. | Account Hijacking | P Education | CC | US |
| 178 | 07/03/2017 | ? | Verifone | Credit and debit card payments giant Verifone investigates a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions. | Malware | K Financial and insurance activities | CC | US |
| 179 | 08/03/2017 | ? | Government organizations in the Middle East | Malware researchers at Palo Alto Networks spot a new strain of ransomware, dubbed RanRan, that has been used in targeted attacks against government organizations in the Middle East. | Targeted Attack | O Public administration and defence, compulsory social security | CC | >1 |
| 180 | 09/03/2017 | ? | GMO Payment Gateway Inc | GMO Payment Gateway confirms data leakage from two client websites, due to the Apache Struts vulnerability. The victims are the Tokyo Metropolitan Government, and the Japan Housing Finance Agency. The total leaked recors are more than 700,000. | Apache Struts Vulnerability | K Financial and insurance activities | CC | JP |
| 181 | 09/03/2017 | ? | Queensland School Photography | Queensland School Photography emails students' parents to notify that payment card information has been compromised. | Malware | P Education | CC | AU |
| 182 | 10/03/2017 | ? | Products from surveillance technology company AVTech | Trend Micro discovers a new family of Linux malware targeting products from surveillance technology company AVTech exploiting a CGI vulnerability that was disclosed in 2016. | CGI Vulnerability | C Manufacturing | CC | TW |
| 183 | 10/03/2017 | ? | Metropolitan Urology Group | Metropolitan Urology Group Notifies Patients Of Breach Of Unsecured Personal Information | Malware | Q Human health and social work activities | CC | US |
| 184 | 11/03/2017 | ? | Several Dutch Websites | Turkish hacker groups target a large number of Dutch websites after the political fallout between the Netherlands and Turkey over the weekend. | DDoS/Defacement | Y Multiple targets | H | NL |
| 185 | 11/03/2017 | ? | Single Individuals | Danish-speaking users were infected by malware spread through Dropbox. | Malware | X Individual | CC | DK |
| 186 | 12/03/2017 | Rekan Herror | fifthharmony.com | A Kurdish hacker going by the online handle of “Rekan Error” defaces the official website of Fifth Harmony, an American girl group formed on the second season of The X Factor US in July 2012 and posts messages against ISIS. | Defacement | R Arts entertainment and recreation | H | US |
| 187 | 13/03/2017 | ? | Welsh NHS | Details of thousands of medical staff of Welsh NHS are stolen from a private contractor's computer server (Landauer). The breach happened in October 2016 and the total number of affected staff is 4,766. | Unknown | Q Human health and social work activities | CC | UK |
| 188 | 13/03/2017 | ? | Single Individuals | Google declares to have identified and shut down a massive ad fraud Android botnet called Chamois, which may have infected multiple Android devices. | Mobile Malware | X Individual | CC | >1 |
| 189 | 14/03/2017 | ? | Statistics Canada (statcan.gc.ca) | The Canadian government confirms that the Statistics Canada website is hacked and taken offline for over two days. In the aftermath of the cyberattack parts of the Canada Revenue Agency's (CRA) site is also reportedly taken offline by authorities as a precaution. | Apache Struts Vulnerability | O Public administration and defence, compulsory social security | CC | CA |
| 190 | 14/03/2017 | ? | Several targets | Kaspersky Lab reveals the details of PetrWrap, a new Petya-based ransomware used in targeted attacks. | Malware | Y Multiple targets | CC | TR |
| 191 | 14/03/2017 | ? | Magento installations | Sucuri reveals that Cybercriminals continue to target the Magento platform, abusing a payment module (Realex Payments Magento extension, SF9) to steal payment card data from online shops running on Magento e-commerce platform. | Malicious Function Injection | J Information and communication | CC | >1 |
| 192 | 14/03/2017 | ? | Mountain Home Water Department | The servers of Mountain Home Water Department fall victim of a ransomware attack. | Malware | E Water supply, sewerage waste management, and remediation activities | CC | US |
| 193 | 15/03/2017 | ? | Dun & Bradstreet | A Dun & Bradstreet 52GB database containing about 33.6 million records with very specific details about each of the people involved from job title to email address is exposed. | Unknown | N Administrative and support service activities | CC | US |
| 194 | 15/03/2017 | ? | Wishbone App | Hackers steal 2.2 million email addresses and 287,000 cellphone numbers from popular teen quiz App Wishbone users, many of whom are young women under the age of 18. | Unknown | J Information and communication | CC | US |
| 195 | 15/03/2017 | ? | Single Individuals (via TwitterCounter) | A large number of Twitter accounts including verified big-name brands, from Justin Bieber to Forbes Magazine, are hacked to display Nazi symbols, a message written in Turkish and two hashtags that translate to "NaziGermany" and "NaziHolland." The issues appear to be linked to a service called Twitter Counter, an analytics company that was previously embroiled in a similar incident last year. | Account Hijacking | X Individual | CC | >1 |
| 196 | 15/03/2017 | ? | Several business organizations in North America | Trend Micro reveals the details of MajikPOS, a new PoS malware, targeting business in North America and Canada. | PoS Malware | Y Multiple targets | CC | US CA |
| 197 | 15/03/2017 | Anonymous | boaec.com.br | The Anonymous deface the official website of Boa Esporte, a second division football club in the state of Minas Gerais, after the team hired goalkeeper Bruno Fernandes das Dores de Souza convicrd for murdering his ex-girlfriend. | Defacement | R Arts entertainment and recreation | H | BR |
| 198 | 16/03/2017 | ? | Defense Point Security, LLC | The CEO of Defense Point Security, LLC tells all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net. | Account Hijacking | M Professional scientific and technical activities | CC | US |
| 199 | 16/03/2017 | ? | Datapoint POS | Datapoint POS appears to have been hacked. | PoS Malware | K Financial and insurance activities | CC | US |
| 200 | 16/03/2017 | ? | The Independent Electoral and Boundaries Commission (IEBC) | The Independent Electoral and Boundaries Commission (IEBC) admits hackers attempted to breach its systems to steal crucial information ahead of the 2017 election. | Unknown | O Public administration and defence, compulsory social security | CC | KE |
| 201 | 17/03/2017 | ? | Lane Community College | A virus-infected computer at the Lane Community College health clinic may have relayed patient information such as names, addresses, Social Security numbers and more, to an unknown third party for more than a year | Malware | P Education | CC | US |
| 202 | 17/03/2017 | ? | Arkansas Department Workforce | Investigators try to determine whether personal information -- including Social Security numbers -- for an estimated 19,000 Arkansas job seekers was stolen after a virus was detected in a statewide database, a government spokesman said. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 203 | 19/03/2017 | ? | Several Celebrities including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian Murray | Fappening 2.0 is here: nude pictures of several celebrities are leaked online, including Emma Watson, Rose McGowan, Amanda Seyfried and Jillian Murray. | Unknown | X Individual | CC | >1 |
| 204 | 20/03/2017 | ? | Alfa Bank | Alfa Bank announces to have been targeted by a large-scale DNS Botnet attack. | DDoS | K Financial and insurance activities | CC | RU |
| 205 | 21/03/2017 | ? | Multipe targets | A study by security firm Dragos reveals that malware posing as legitimate software for Siemens ICS devices has apparently infected 10 industrial equipment worldwide over the past four years. | Malware | Y Multiple targets | CE | >1 |
| 206 | 21/03/2017 | ? | Chinese Mobile Users | Researchers from Check Point reveal a new mechanism to spread the "Swearing Trojan", using fake base transceiver stations (BTSs) that send phishing SMS messages masquerading as ones coming from Chinese telecom service providers China Mobile and China Unicom. | Malware | X Individual | CC | CN |
| 207 | 21/03/2017 | ? | Joblink Alliance | Joblink Alliance, a provider of the nationwide web-based database Joblink, which is used by the State of Vermont, notifies the State that the job seeker functionality of its website has been compromised by a malicious software. | Malware | N Administrative and support service activities | CC | US |
| 208 | 22/03/2017 | El Machete | Multiple International Government Organizations | Researchers from Cylance reveal the details of "El Machete" a massive cyber espionage campaign targeting high-profile international government organisations across the globe. Primary targets are in Latin America, but the campaign has also targeted organisations in Canada, England, Germany, Korea, Russia, the Ukraine and the United States. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 209 | 22/03/2017 | ? | UK viewers or popular porn sites | Malwarebytes warns about an increase in malware attacks currently targeting UK viewers of popular pornography websites. The campaign abuses a legitimate ad network called ExoClick distributing the Ramnit malware. | Malvertising | X Individual | CC | UK |
| 210 | 23/03/2017 | @The6Clerk and @PlzNoHack | Official Twitter Accounts of ABC News (@ABC) and Good Morning America (@GMA) | The official Twitter accounts of mainstream US news outlet ABC News and its daily show Good Morning America, are ken over by hackers. The profiles, each with millions of followers, displayed a series of explicit messages left by the culprits. | Account Hijacking | J Information and communication | CC | US |
| 211 | 23/03/2017 | ? | Saudi Arabia Governmental Organizations | Malwarebytes reveal the details of a new spear phishing campaign targeting Saudi Arabia governmental organizations. | Targeted Attack | O Public administration and defence, compulsory social security | CE | SA |
| 212 | 23/03/2017 | ? | Payment Processors on websites | A new bot targeting card payment processes on websites is spotted in the wild. Called GiftGhostBot, the bot tries to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. | Malware | X Individual | CC | >1 |
| 213 | 23/03/2017 | ? | Idaho Department of Labor | A hacking incident that occurred on March 12 and March 13 compromised more than 170,000 job-seeker accounts of the Idaho Department of Labor. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 214 | 23/03/2017 | ? | FIRST Forum (forums.usfirst.org) and FIRST Tech Challenge Forum (ftcforum.usfirst.org) | FIRST Forum (forums.usfirst.org) and FIRST Tech Challenge Forum (ftcforum.usfirst.org) notify a data breach. | Unknown | S Other service activities | CC | US |
| 215 | 24/03/2017 | ? | Illinois Department of Employment Security (Ides) | The Illinois Department of Employment Security (Ides) revealed on Friday (24 March) that one of its vendors was hacked, potentially compromising personal information of approximately 1.4 million job seekers in the state. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 216 | 24/03/2017 | ? | Android Forums | Android Forums announces that its servers were accessed by a third-party resulting in a data breach affecting the 2.5% of the active users. | Unknown | J Information and communication | CC | US |
| 217 | 24/03/2017 | ? | Washington University School of Medicine | Washington University School of Medicine notifies to have been targeted by a Phishing Attack. | Account Hijacking | P Education | CC | US |
| 218 | 25/03/2017 | Cfnt | 25 Vulnerable Forums | A hacker going by the handle of “Cfnt” compromises 25 web forums using an outdated version of vBulletin and put the data on sell on a popular Dark Web marketplace. | Unknown | J Information and communication | CC | >1 |
| 219 | 26/03/2017 | ? | 12 million accounts from at least 11 separate cryptocurrency forum | Roughly 12 million accounts pilfered from at least 11 separate cryptocurrency forums over the past six years are being sold on the Dark Web, with a vendor under the pseudonym 'doubleflag' marketing the trove of stolen credentials as a "package" deal. | Unknown | V Fintech | CC | >1 |
| 220 | 27/03/2017 | ? | World of Warcraft users | Malwarebytes reveals the details of a phishing campaign attempting to bait World of Warcraft users with the promise of free in-game pets | Account Hijacking | X Individual | CC | >1 |
| 221 | 28/03/2017 | ? | GitHub Users | Researchers from Palo Alto Networks reveal the details of a new campaign targeting developers sharing code on GitHub with a malicious with a stealth malware called Dimnie. | Targeted Attack | X Individual | CE | >1 |
| 222 | 28/03/2017 | ? | Tweede Kamer (Lower House of Dutch Parliament) | Ransomware is found on the computer systems of the Tweede Kamer, the lower house of Dutch parliament, | Malware | O Public administration and defence, compulsory social security | CC | NL |
| 223 | 28/03/2017 | ? | Forsyth Public Schools | Forsyth Public Schools are hit with computer malware causing problems for teachers, students, parents and district administrators. | Malware | P Education | CC | US |
| 224 | 29/03/2017 | ? | German Parliament | Berlin's cyber security watchdog reveals that the German parliament was the target of fresh cyber attacks in January that attempted to piggy-back on an Israeli newspaper site to target politicians in Germany. | Targeted Attack | O Public administration and defence, compulsory social security | CE | DE |
| 225 | 29/03/2017 | ? | Dueling Network | A hacker makes off with at least 6.5 million email addresses and poorly hashed passwords from a Yu-Gi-Oh fan project called “Dueling Network.” | SQLi | R Arts entertainment and recreation | CC | US |
| 226 | 29/03/2017 | ? | Undisclosed US College | Research from Incapsula discover a new Mirai variant used to launch a 54-hour DDoS attack against a US college. | DDoS | P Education | CC | US |
| 227 | 30/03/2017 | ? | Skype users | Several users complain that ads served through Microsoft's Skype app are serving malicious downloads, which if opened, can trigger ransomware. | Malvertising | X Individual | CC | >1 |
| 228 | 30/03/2017 | ? | Amaq Media | Amaq media, the news outlet associated with ISIS, claims its website was hacked by perpetrators who were spreading malware on the site. | Malware | J Information and communication | CE | N/A |
| 229 | 30/03/2017 | ? | ShowTix4U | ShowTix4U notifies that an unauthorized actor was able to gain access to a third-party vendor’s server and install malicious software on their website. | Malware | J Information and communication | CC | US |
| 230 | 31/03/2017 | ? | McDonald's Canada | McDonald's Canada says that its career website has been hacked, compromising the personal data of around 95,000 restaurant job applicants. The accessed information includes names, addresses, email addresses, phone numbers, employment background and other standard job application information of people who applied online for a job at McDonald's Canada restaurants between March 2014 and March 2017. | Unknown | I Accommodation and food service activities | CC | CA |
| 231 | 31/03/2017 | ? | Major US Universities | Researchers find nearly 14M email addresses and passwords belonging to faculty, staff, students and alumni of major universities across the country on the dark web. | Unknown | P Education | CC | US |
| 232 | 01/04/2017 | ? | New York Post App | The New York Post issues an apology after its app is hacked in an April Fool's Day prank and sends out a flurry of bizarre news alerts including one that read, "Heil President Donald Trump". | Account Hijacking | J Information and communication | CC | US |
| 233 | 01/04/2017 | ? | Airline Consumers | Barracuda Labs reveal the details of a phishing campaign targeting airline consumers. | Targeted Attack | X Individual | CC | >1 |
| 234 | 01/04/2017 | ? | Unnamed targets | Researchers from Forcepoint unveil the details of Felismus RAT, a piece of malware used in targeted campaigns. | Targeted Attack | Z Unknown | CE | N/A |
| 235 | 02/04/2017 | ? | German Bundeswehr (armed forces) | The head of the German military's new cyber command, Lieutenant General Ludwig Leinhos, reveals that army computers were targeted hundreds of thousands of times in the first nine weeks of 2017. | Targeted Attack | O Public administration and defence, compulsory social security | CE | DE |
| 236 | 03/04/2017 | APT28 AKA Fancy Bear | IAAF | IAAF, the governing body of global athletics says it has suffered a cyber attack that it believes has compromised information about athletes' medical records. | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | N/A |
| 237 | 03/04/2017 | United Cyber Caliphate (UCC) | 8,786 individuals | The pro-ISIS hacking group United Cyber Caliphate (UCC) posts a 'kill list' containing the name and addresses of 8,786 individuals. | Unknown | X Individual | H | US UK |
| 238 | 03/04/2017 | North Korea? | South Korean users in the public sector | Researchers from the Cisco Talos Labs reveal the details of ROKRAT, a sophisticated remote access tool targeting South Korean users in the public sector. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR |
| 239 | 03/04/2017 | NSO Group Technology? | Android users | Google and Lookout reveal the details of the Android Chrysaor Malware, a surveillance malware remained undetected for at least three years. | Malware | X Individual | CE | >1 |
| 240 | 04/04/2017 | APT10 | Several Major MSPs | BAE Systems and PWC reveal the details of Operation Cloud Hopper, a campaign of intrusions against several major MSPs, active since late 2016. | Targeted Attack | S Other service activities | CE | >1 |
| 241 | 04/04/2017 | ? | Unnamed Russian Bank | Kaspersky reveals the details of ATMitch, a fileless malware used to steal cash from ATMs in Russia and Kazakshtan. | Malware | K Financial and insurance activities | CC | RU KZ |
| 242 | 04/04/2017 | ? | Unnamed Brazilian Bank | Kaspersky reveals that on October 2016, a group of hackers rerouted all the traffic of an unnamed brazilian bank's customers to perfectly reconstructed fakes of the bank’s properties. | DNS Hjiacking | K Financial and insurance activities | CC | BR |
| 243 | 04/04/2017 | ? | ABCD Pediatrics | While investigating ransomware incident, ABCD Pediatrics uncovers evidence of other intrusion: more than 55,000 patients are notified. | Unknown | Q Human health and social work activities | CC | US |
| 244 | 05/04/2017 | North Korea | South Korea and United States | As part of OPlan 5027, North Korean hackers have reportedly accessed secretive war-plans drawn up by South Korea and the United States, detailing how the allied military forces would respond to the outbreak of war in the region – including first strike targets and troop deployments. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR US |
| 245 | 05/04/2017 | ? | Anonymous | Anonymous members who want to participate in this year's annual #OpIsrael cyber-attacks are the targets of an intelligence gathering operation carried out by an unknown threat actor. | Targeted Attack | X Individual | H | N/A |
| 246 | 06/04/2017 | ? | Internal Revenue Service | The Internal Revenue Service says that the personal data of as many as 100,000 taxpayers could have been compromised through a scheme in which hackers posed as students using an online tool to apply for financial aid. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 247 | 06/04/2017 | ? (A possible China-linked group) | National Foreign Trade Council (NFTC) | Fidelis Cibersecurity reveals that ahead of the trade summit between US President Donald Trump and his Chinese counterpart, Xi Jinping, a nation-state hacking group conducted espionage on a number of key industry players and lobbyists with links to the talks. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US |
| 248 | 06/04/2017 | ? | Wordpress Websites | Researchers from security firm Wordfence reveal that tens of thousands, of home routers have been hacked, exploiting the CVE-2014-9222 flaw, also known as ‘Misfortune Cookie’, and used to power cyber attacks on WordPress websites. | Brute-Force | X Individual | CC | >1 |
| 249 | 06/04/2017 | ? | U.S. and Middle Eastern targets | A joint investigation by Palo Alto Networks and ClearSky Cyber Security sheds light on a recently discovered malware campaign that tries to infect U.S. and Middle Eastern targets with four distinct families of Windows and Android-based downloaders and information stealers. | Targeted Attack | Y Multiple targets | CE | >1 |
| 250 | 06/04/2017 | ? | iOS Users | Malwarebytes reveals the details of a malvertising campaign targeting iOS users delivered via rogue ads on popular torrent sites. | Malvertising | X Individual | CC | >1 |
| 251 | 06/04/2017 | ? | Single users | Security researchers from ESET discover a new malware called Sathurbot that relies on malicious torrent files to spread to new victims and carries out coordinated brute-force attacks on WordPress sites. | Malware | X Individual | CC | >1 |
| 252 | 07/04/2017 | ? | Gamestop | Video game giant GameStop Corp says it is investigating reports that hackers may have siphoned credit card and customer data from its website gamestop.com. | Malware | G Wholesale and retail trade | CC | US |
| 253 | 07/04/2017 | ? | University of Louisville | Tax information for dozens of University of Louisville employees is compromised after a hack of the online system the university uses to give employees access to tax documents. | Unknown | P Education | CC | US |
| 254 | 08/04/2017 | ? | Sirens in Dallas | A computer hack sets off all the emergency sirens in Dallas for about 90 minutes. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 255 | 08/04/2017 | ? | >1 | Cyber-security firms McAfee and FireEye disclose in-the-wild attacks with a new Microsoft Office zero-day (CVE-2017-0199). | Targeted Attack | Y Multiple targets | CE | >1 |
| 256 | 08/04/2017 | The Shadow Brokers | NSA | The Shadow Brokers (TSB) are back, and release the password for the rest of the hacking tools they claim to have stolen from the NSA last year. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 257 | 09/04/2017 | ? | Wonga | Almost 250,000 Wonga's UK customers are affected by a data breach. The payday lender says it is investigating 'illegal and unauthorised access' to some of its customers' personal information in both Britain and Poland. Stolen data may include account numbers, sort codes, addresses and the last four digits of users' bank cards. | Unknown | K Financial and insurance activities | CC | UK |
| 258 | 10/04/2017 | ? | Microsoft Word Users | Proofpoint reveals that an unpatched zero-day vulnerability impacting every version of Microsoft Word has been exploited by hackers to spread a notorious banking Trojan called Dridex to millions of users around the world. | RCE Vulnerability | X Individual | CC | >1 |
| 259 | 10/04/2017 | Longhorn | At least 40 governments and private organizations across 16 countries | Security Experts from Symantec reveals that the Longhorn group has targeted at least 40 governments and private organizations across 16 countries using the tools detailed in the recent Vault 7 leak. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 260 | 10/04/2017 | ? | Amazon third-party sellers | Amazon third-party sellers, are hit repeatedly by hackers who post fake deals on legitimate sellers' pages. | Account Hijacking | J Information and communication | CC | US |
| 261 | 11/04/2017 | North Korean Hackers | Union Bank of India | North Korean hackers are suspected of attempting to steal $170m from Union Bank of India, back in 2015. | Malware | K Financial and insurance activities | CC | IN |
| 262 | 12/04/2017 | ? | AQA (Assessment and Qualifications Alliance) | Data relating to 64,000 current and former examiners stored on some of AQA’s online systems are stolen by attackers, including examiners’ name, address, personal phone numbers, and passwords. | Unknown | P Education | CC | UK |
| 263 | 13/04/2017 | Callisto Group | >1 | F-Secure reveals the details of Callisto Group, a mysterious hacking collective known to target military personnel, government officials, think tanks and journalists, and also reportedly responsible for a series of cyber-espionage attacks against targets including the UK Foreign Office last year | Targeted Attack | Y Multiple targets | CE | >1 |
| 264 | 13/04/2017 | ? | Airbnb users | An Airbnb investigation finds that several peoples' homes were robbed by guests using stolen accounts. | Account Hijacking | X Individual | CC | >1 |
| 265 | 13/04/2017 | ? | Melbourne IT | Australian ISP Melbourne IT confirms that it was hit by “a large DDoS attack” that disrupted its web hosting. | DDoS | J Information and communication | CC | AU |
| 266 | 13/04/2017 | OurMine | hundreds of popular Youtube channels | The OurMine collective compromises hundreds of popular Youtube channels. | Account Hijacking | X Individual | CC | >1 |
| 267 | 14/04/2017 | ? | Best American Hospitality Corp. | Best American Hospitality Corp. issues a statement regarding stolen payment cards at some of the restaurants it manages and operates: | Malware | I Accommodation and food service activities | CC | US |
| 268 | 14/04/2017 | The Shadow Brokers | NSA | The Shadow Brokers dumpe a new collection of files, containing what appears to be exploits and hacking tools targeting Microsoft's Windows OS and evidence the Equation Group had gained access to servers and targeted the SWIFT banking system of several banks across the world. | Unknown | O Public administration and defence, compulsory social security | CE | US |
| 269 | 14/04/2017 | ? | Britain First | Britain First is hit by a massive hack that targeting its websites and Twitter accounts, and their YouTube channel. | Account Hijacking | N Administrative and support service activities | CC | GB |
| 270 | 14/04/2017 | ? | Several Celebrities | Hackers leake nude pictures and explicit videos of celebrities including Rosario Dawson, Miley Cyrus, Suki Waterhouse, Kate Hudson and Yvonne Strahovski. | Unknown | X Individual | CC | >1 |
| 271 | 15/04/2017 | ? | Youku | A dark web vendor going by the handle of CosmicDark sells a database containing 100,759,591 user accounts stolen from of Youku Inc., a popular video service in China. | Unknown | J Information and communication | CC | CN |
| 272 | 10/04/2017 | Janitor | Sierra Tel | The Bricker Bot takes down the Zyxel HN-51 Modem belonging to Sierra Tel, a Californian ISP. | Malware | J Information and communication | CC | US |
| 273 | 11/04/2017 | ? | eConcordia | Concordia’s online course systems, eConcordia and KnowledgeOne, are hacked, 9000 users are compromised. | Account Hijacking | P Education | CC | US |
| 274 | 16/04/2017 | ? | McAfee Linkedin Page | The LinkedIn page for McAfee is hijacked by a single person or an unknown number of individuals allegedly affiliated with the OurMine collective. | Account Hijacking | J Information and communication | CC | US |
| 275 | 16/04/2017 | ? | Westminster College | Westminster College in Missouri reveals the details of a breach discovered on March 26 after a phishing scam duped a staffer into sending off W-2 statements. | Account Hijacking | P Education | CC | US |
| 276 | 18/04/2017 | ? | Northrop Grumman | Northrop Grumman admits one of its internal portals was broken into, exposing employees' sensitive tax records to W-2 Scams. | Account Hijacking | C Manufacturing | CC | US |
| 277 | 18/04/2017 | ? | Retina-X FlexiSpy | Motherboard obtains the data of 130,000 customers of the two mobile surveillance software firms Retina-X and FlexiSpy | Unknown | J Information and communication | CC | US |
| 278 | 20/04/2017 | ? | Android users | Researchers from Trend Micro discover MilkyDoor, an alleged successor of the infamous malware DressCode. | Malware | X Individual | CC | >1 |
| 279 | 20/04/2017 | ? | Fashion Fantasy Game | A 2016 data breach leaves Fashion Fantasy Game, an online game and social network for fashion lovers, with millions of user account credentials being leaked on the web. | Unknown | R Arts entertainment and recreation | CC | US |
| 280 | 21/04/2017 | APT10 and Tonto team | South Korea | FireEye claims Chinese hackers are trying to break into South Korea's military to halt the deployment of an anti-ballistic weapons system in the country. | Targeted Attack | O Public administration and defence, compulsory social security | CW | KP |
| 281 | 21/04/2017 | ? | Atlantic Digestive Specialists | Atlantic Digestive Specialists notify patients of ransomware incident | Malware | Q Human health and social work activities | CC | US |
| 282 | 21/04/2017 | ? | Cleveland Metropolitan School District | Cleveland Metropolitan School District discloses phishing-related incident | Account Hijacking | P Education | CC | US |
| 283 | 21/04/2017 | ? | Iowa Veterans Home | Iowa Veterans Home warns nearly 3,000 of data breach after phishing incident | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 284 | 22/04/2017 | ? | Alison Brie | Fappening 2.0 continues: this time Alison Brie is targeted and has some nude images leaked online. | Unknown | X Individual | CC | US |
| 285 | 22/04/2017 | ? | Yapizon | Yapizon, a South Korean Bitcoin exchange suffers a massive data breach when hackers steal 3,800 Bitcoin (US$5 million) which is 37% of user funds. | Unknown | V Fintech | CC | KR |
| 286 | 23/04/2017 | Zhengquan Zhang | KCG Holdings | The FBI arrests Zhengquan Zhang, a 31-year-old IT engineer, accused of installing malware on his employer's servers to steal proprietary source. | Malware | K Financial and insurance activities | CC | US |
| 287 | 23/04/2017 | Ayyildiz Tim | North Mundham Primary in Chichester | Police are investigating after “malicious” messages are left on a school website by Turkish nationalists in an apparent hacking attempt. | Defacement | P Education | CC | UK |
| 288 | 24/04/2017 | APT28 AKA Fancy Bear | Danish Armed Forces | Denmark’s security service, Politiets Efterretningstjeneste’s (PET) Centre for Cyber Security says in its report that Danish armed forces personnel have their emails hacked over the last two years. The hack has been attributed to ‘Fancy Bear'. | Targeted Attack | O Public administration and defence, compulsory social security | CE | DK |
| 289 | 24/04/2017 | ? | 7 Southeast Asian Nations | An anti-cybercrime operation by Interpol and investigators from seven southeast Asian nations reveal nearly 9,000 malware-laden servers and hundreds of compromised websites in the ASEAN region. | Malware | Y Multiple targets | CC | >1 |
| 290 | 24/04/2017 | ? | HipChat | HipChat is hacked over the weekend due to a vulnerability in a third-party library. The incident affects a server in the HipChat Cloud web tier, and for a small number of instances (less than 0.05 percent), there's evidence messages and content in rooms may have been accessed. | Vulnerability in a third-party library | J Information and communication | CC | US |
| 291 | 24/04/2017 | ? | City of Newark | A ransomware attack hits some municipal computers in New Jersey's most populous city, Newark. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 292 | 24/04/2017 | ? | Greenway Health | Greenway Health is the victim of a ransomware attack | Malware | Q Human health and social work activities | CC | US |
| 293 | 25/04/2017 | ? | Chipotle | Chipotle, the global fast-food chain specialising in Mexican dishes, urges its US customers to check for suspicious activity on their bank statements after "unauthorised" activity on its payment processing systems has led to fears the company has been hacked. | PoS Malware | I Accommodation and food service activities | CC | US |
| 294 | 25/04/2017 | APT28 AKA Fancy Bear | Two German think tanks with ties to Christian Democratic Union (CDU) and Social Democratic Party (SPD). | Trend Micro reveals that Kremlin-linked Fancy Bear hackers targeted two German think tanks with ties to Angela Merkel's ruling coalition parties Christian Democratic Union (CDU) and Social Democratic Party (SPD). | Targeted Attack | N Administrative and support service activities | CE | DE |
| 295 | 25/04/2017 | APT28 AKA Fancy Bear | Emmanuel Macron | The same reports reveals that French presidential candidate Emmanuel Macron was targeted by APT28. | Targeted Attack | X Individual | CE | FR |
| 296 | 25/04/2017 | ? | R2Games | Online gaming company Reality Squared Games (R2Games) is compromised for the second time in two years and more than one million accounts are compromised. Leaked data includes usernames, passwords, email addresses, IP addresses, and other optional record fields, such as instant messenger IDs, birthday, and Facebook related details (ID, name, access token). | Unknown | R Arts entertainment and recreation | CC | CN |
| 297 | 25/04/2017 | ? | Multiple Japanese Businesses | Cybereason discovers ShadowWali, a backdoor used for targeted attacks, against Japanese businesses since at least 2015. | Targeted Attack | Y Multiple targets | CE | JP |
| 298 | 25/04/2017 | ? | Blowout Cards | Blowout Cards issues a security alert to customers, warning that their payment card details may have been compromised after an attacker hacked its website and customers began reporting related card fraud. | Malware | J Information and communication | CC | US |
| 299 | 25/04/2017 | WauchulaGhost | 250 ISIS Twitter Accounts | WauchulaGhost defaces 250 ISIS Twitter accounts with adult content. | Defacement | S Other service activities | H | N/A |
| 300 | 26/04/2017 | ? | Android users | Check Point updates the damage report for the FalseGuide malware with five additional apps found containing the malware, estimating that 2 million Android users have unknowingly downloaded the malware. | Malware | X Individual | CC | >1 |
| 301 | 26/04/2017 | OilRig | 120 Israeli Targets | The Israeli Government reveals to have thwarted a major cyberattack against 120 targets. Israeli sources believe the attack has been launched by the Iran-linked OilRig APT group (aka Helix Kitten, NewsBeef ). | Targeted Attack | O Public administration and defence, compulsory social security | CC | IL |
| 302 | 26/04/2017 | ? | Ciphr | Customer data from encrypted phone company Ciphr is dumped online. | Unknown | C Manufacturing | CC | US |
| 303 | 26/04/2017 | ? | Virginia Sex Offender and Crimes Against Children Registry (SOR) | A malware infection affecting servers belonging to the Virginia State Police (VSP) shuts down the department's email system, along with its ability to update the Virginia Sex Offender and Crimes Against Children Registry (SOR). | Malware | O Public administration and defence, compulsory social security | CC | US |
| 304 | 26/04/2017 | ? | Pekin Community High School | A ransomware attack takes down Pekin Community High School. | Malware | P Education | CC | US |
| 305 | 27/04/2017 | ? | >1 | Reuters reveals that unknown attackers have been exploiting CVE-2017-0199 against target in Ukraina and Australia. | Targeted Attack | Y Multiple targets | CE | UA AU |
| 306 | 27/04/2017 | ? | OSX Users | Check Point reveals the details of OSX/Dok, a new malware affecting all versions of OSX, signed with a valid developer certificate (authenticated by Apple), the first major scale malware to target OSX users via a coordinated email phishing campaign. | Malware | X Individual | CC | >1 |
| 307 | 27/04/2017 | ? | NoTrove | RiskIQ reveals that a group known as NoTrove is driving massive amounts of traffic to survey pages, scams sites, and shady software download portals, so much so that one of the domains they used in their campaings peaked at #517 in Amazon's Alexa traffic ranking. | Malvertising | X Individual | CC | >1 |
| 308 | 28/04/2017 | The Dark Overlord | Netflix | TheDarkOverlord leaks upcoming episode of Orange is the New Black after Netflix doesn’t pay extortion demand. The hack happened via a "production vendor". | Unknown | R Arts entertainment and recreation | CC | US |
| 309 | 28/04/2017 | Evaldas Rimasauskas | Google and Facebook | Google and Facebook confirm that they fell victim to an alleged $100m (£77m) scam between 2013 and 2015. | Account Hijacking | J Information and communication | CC | US |
| 310 | 28/04/2017 | ? | 20 UK Banks | Security researchers from IBM Security warn that a strain of banking Trojan, dubbed TrickBot, is escalating attacks against UK banks and financial institutions. The operators of the malware have launched five campaigns only on April. | Malware | K Financial and insurance activities | CC | UK |
| 311 | 28/04/2017 | ? | Diamond Institute for Infertility and Menopause | Diamond Institute for Infertility and Menopause notifies patients of an incident involving their electronic health records server, maintained by an unnamed third party. The incident happened in February | Unknown | Q Human health and social work activities | CC | US |
| 312 | 28/04/2017 | Tsar Team | Grozio Chirurgija | Cybercriminals steal 25,000 personal records and photos of patients from the data system of a Lithuanian plastic surgery clinic and put them up for sale. | OpenCMS Vulnerability | Q Human health and social work activities | CC | LT |
| 313 | 29/04/2017 | ? | Hill Country Memorial Hospital | Hill Country Memorial Hospital notifies patients after employee email accessed without authorization | Account Hijacking | Q Human health and social work activities | CC | US |
| 314 | 29/04/2017 | ? | Greenwood County School District 50 | About 3,300 are affected by a security breach after the school discovers that an unauthorized user logged in to four Greenwood County School District 50 employees’ emails as well as current and former employees’ payroll accounts in January and February. | Account Hijacking | P Education | CC | US |
| 315 | 30/04/2017 | ? | Some IBM flash drives | IBM detects that some USB flash drives containing the initialization tool shipped with several IBM Storwize systems contain a file that has been infected with malicious code and ask users to destroy them. | Malware | C Manufacturing | CC | US |
| 316 | 30/04/2017 | ? | Unity 3D Forum | OurMine hackers deface the official domain of Unity 3D Forums leaving a deface page along with a note. | Defacement | M Professional scientific and technical activities | CC | US |
| 317 | 02/05/2017 | ? | Gannett Co. | A phishing email attack potentially compromises the accounts of as many as 18,000 current and former employees of media company Gannett Co. | Account Hijacking | J Information and communication | CC | US |
| 318 | 02/05/2017 | ? | HandBrake | Tthe popular DVD-ripping HandBrake app, is hacked to installi a new variant of the Proton malware. | Malware | S Other service activities | CC | FR |
| 319 | 02/05/2017 | ? | Android users | Sophos reveals the details of Super Free Music Player, a fake music player app in the Google Play Store, downloaded by thousands of users since March 31st, and riddled with malware. | Mobile Malware | X Individual | CC | >1 |
| 320 | 02/05/2017 | ? | UK Banks | DomainTools reveals that hundreds of fake website domains are being used by hackers to mimic some of the most popular banking services in the UK in an attempt to trick victims into handing over personal details and sensitive login credentials. | Domain Squatting | K Financial and insurance activities | CC | UK |
| 321 | 02/05/2017 | ? | Sabre Corp. Hospitality Unit | Travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments. | Malware | I Accommodation and food service activities | CC | US |
| 322 | 02/05/2017 | ? | City of Fitchburg | Fitchburg, Mass. city officials report that the Social Security numbers of 1,800 residents were compromised during a data breach that was discovered on April 14, but took place more than three years ago. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 323 | 02/05/2017 | ? | Wellington's Victoria University | Students and staff of Wellington's Victoria University have been warned their usernames and passwords may have been compromised following a data breach following an unauthorised access to the university's IT systems. | Unknown | P Education | CC | NZ |
| 324 | 03/05/2017 | ? | Gmail users | A massive phishing campaign hits Google users and compromises about a million of its accounts exploiting a fake app abusing the Oauth authentication protocol. | Account Hijacking via Oauth | X Individual | CC | >1 |
| 325 | 03/05/2017 | ? | German O2-Telefonica users | O2-Telefonica in Germany confirms to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7. | Account Hijacking via SS7 Vulnerability | X Individual | CC | DE |
| 326 | 03/05/2017 | Snake AKA Turla, AKA Uroburos | OSX Users | Fox-it reveals that the infamous threat actor Snake (AKA Turla, AKA Uroburos) is back and ready to target OSX users. | Targeted Attack | X Individual | CE | >1 |
| 327 | 03/05/2017 | ? | Assets related to North Korea | Researchers from Cisco Talos reveal the details of an unknown Remote Administration Tool, dubbed KONNI, in use, undetected, for over 3 years. | Targeted Attack | Y Multiple targets | CE | >1 |
| 328 | 03/05/2017 | Skyscraper | Multiple targets | Approximately 500,000 pediatric medical records, many from doctors' offices that didn't know they had been breached, are spotted for sale on the dark web. | Unknown | Q Human health and social work activities | CC | US |
| 329 | 03/05/2017 | TuftsLeaks | Tufts University | A group calling itself TuftsLeaks publishes documents online that contain sensitive financial information from Tufts. The leak includes department budgets, the salaries of thousands of staff and faculty and the ID numbers of student employees with salaries listed. | Unknown | P Education | CC | US |
| 330 | 04/05/2017 | TheDarkOverlord | Aesthetic Dentistry OC Gastrocare Tampa Bay Surgery Center | TheDarkOverlord dumps 180,000 patients’ records from 3 hacks. The victims are: Aesthetic Dentistry, OC Gastrocare, Tampa Bay Surgery Center | Unknown | Q Human health and social work activities | CC | US |
| 331 | 04/05/2017 | ? | Several high-profile technology and financial organizations | Microsoft reveals the details of Operation WilySuply, a sophisticated campaign exploiting the software remote update channel of the supply chain as an attack vector. | Targeted Attack | Y Multiple Targets | CE | >1 |
| 332 | 04/05/2017 | ? | Charlotte Flair Victoria | WWE divas Charlotte Flair and Victoria ar ethe latest victims of the Celebgate leak. | Unknown | X Individual | CC | US |
| 333 | 05/05/2017 | ? | Debenhams | Malware infects the backend systems used by British high street chain Debenhams, and steals 26,000 people's personal information in the process. The hack happened after compromising the systems at Ecomnova, the firm that runs the Debenhams Flowers business, for six weeks. | Malware | G Wholesale and retail trade | CC | UK |
| 334 | 06/05/2017 | ? | Emmauel Macron's Staff | The French presidential candidate Emmanuel Macron is targeted by a “massive and coordinated” hacking attack, hours before voters go to the polls. Tens of thousands of internal emails and other documents (9Gb) are released online. | Unknown | N Administrative and support service activities | CC | FR |
| 335 | 06/05/2017 | ? | Confluence Charter Schools | The network servers for Confluence Charter Schools are hacked, but school leadership say there is no evidence that student or employee data have been compromised. | Unknown | P Education | CC | US |
| 336 | 07/05/2017 | ? | FCC (Federal Communications Commission) | The FCC website is hit by a DDoS Attack. | DDoS | O Public administration and defence, compulsory social security | CC | US |
| 337 | 08/05/2017 | ? | Multiple targets | Bitdefender reveals the details of Netpreser, a cyber espionage campaign carried on using readily available software tools. | Malware | Y Multiple targets | CE | >1 |
| 338 | 09/05/2017 | ? | France | France's central bank warns of an increase in phishing attempts using its name and logo and email addresses purporting to be Bank of France ones. | Account Hijacking | X Individual | CC | FR |
| 339 | 09/05/2017 | Authors from Iran? | IP Cameras | Trend Micro reveals the details of Persirai, a new IoT botnet targeting IP cameras. | Malware | Y Multiple targets | CC | >1 |
| 340 | 09/05/2017 | ? (linked to North Korea?) | Unnamed Target | Cylance reveals the details of Paipeu, an unkown malware used as an infostealer. | Targeted Attack | Z Unknown | CE | N/A |
| 341 | 10/05/2017 | ? | Cedexis | A DDos attack against Cedexis knocks out several major French news websites including Le Monde and Le Figaro. | DDoS | J Information and communication | CC | US |
| 342 | 11/05/2017 | An unidentified group, APT28 and Turla | Multiple targets | Security vendors ESET and FireEye this week issued separate advisories on cyberattacks involving the use of three Microsoft zero-day flaws: CVE-2017-0261, CVE-2017-0262, CVE-2017-0263. The attacks are carried on by an unidentified group and also by APT28 and Turla. | Targeted Attack | Y Multiple targets | CE | >1 |
| 343 | 11/05/2017 | Russian Forces | Ukrainian Soldiers | Ukrainian soldiers are hit by an ongoing campaign of propaganda-texting. The campaign is attributed to Russian forces equipped with cell site simulators (IMSI-catchers). | Cell Site Simulators (IMSI-catchers) | O Public administration and defence, compulsory social security | CW | UA |
| 344 | 11/05/2017 | nclay? | Edmodo | A hacker steals millions of user account details from popular education platform Edmodo, and the data is apparently for sale on the so-called dark web. The organization claims to have over 78 million members. | Unknown | J Information and communication | CC | US |
| 345 | 12/05/2017 | ? | Multiple targets | The WannaCrypt ransomware worm, aka WanaCrypt or Wcry, explodes across 74 countries, infecting hospitals, businesses including Fedex, rail stations, universities, at least one national telco (Telefonica), and more organizations. | Malware | Y Multiple targets | CC | >1 |
| 346 | 12/05/2017 | ? | National University of Singapore (NUS) Nanyang Technological University (NTU) | Reports emerge that the two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the attackers specifically targeting government and research data. | Targeted Attack | P Education | CE | SG |
| 347 | 12/05/2017 | ? | Brooks Brothers | U.S. clothing company Brooks Brothers reveals that payment card information of certain customers were compromised at some of its retail locations in the United States and Puerto Rico over 11 months until March. | PoS Malware | C Manufacturing | CC | US |
| 348 | 12/05/2017 | ? | Multiple targets | Researchers at Cylance reveal a new advanced threat, dubbed Baijiu, which uses heightened interest in North Korea and the GeoCities web service to prey on victims. | Targeted Attack | Y Multiple targets | CE | >1 |
| 349 | 14/05/2017 | APT32 AKA OceanLotus Group | Multiple Targets with Interests in Vietnam | FireEye reveals the details of Operation Cobalt Kitty, a campaign carried on by APT32, an advanced threat group that conducts targeted intrusions at large multinational businesses with interests in Vietnam. | Targeted Attack | Y Multiple targets | CE | >1 |
| 350 | 15/05/2017 | ? | Bell Canada | Bell Canada says that 1.9 million customer account details have been stolen by unknown hackers, although no payment card numbers or passwords have been taken. | Unknown | J Information and communication | CC | CA |
| 351 | 15/05/2017 | ? | Docusign | DocuSign acknowledges that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. | Unknown | J Information and communication | CC | US |
| 352 | 15/05/2017 | OilRig? | Unnamed Military Contractor | TrapX reveals to have repelled an attack against an unnamed military contractor carried on by Iranian hackers using a Russian Toolset. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US |
| 353 | 15/05/2017 | ? | University of New Mexico Foundation | A month after discovering a computer server breach that may have compromised personal information for about 23,000 people, the University of New Mexico Foundation begins sending notification letters about the incident. | Unknown | P Education | CC | US |
| 354 | 11/05/2017 | Suspected Russia-backed hackers | energy networks of the Baltic states | Reuters reports that Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states. | Targeted Attack | D Electricity gas steam and air conditioning supply | CW | >1 |
| 355 | 17/05/2017 | ? | UK Parliament | The Telegraph reveals that members of UK Parliament have been deliberately targeted by hackers trying to break into online accounts, earlier this year. | Account Hijacking | O Public administration and defence, compulsory social security | CE | UK |
| 356 | 17/05/2017 | nclay | Zomato | Zomato, the popular restaurant and event listing service, is hacked and 17 million accounts are listed for sale on the dark web. The data on sale includes emails and hashed passwords of Zomato users, but the company said no payment or credit card data was leaked. | Unknown | J Information and communication | CC | IN |
| 357 | 17/05/2017 | ? | Panic | Apple app maker Panic's CEO Steven Frank says he mistakenly downloaded the malware-laced DVD-ripping app HandBrake resulting in some of the company's source code being stolen. | Malware | J Information and communication | CC | US |
| 358 | 18/05/2017 | Russia? | US Department of Defense | A Times report suggests that Russia may have used Twitter as a tool of international espionage: agents of the Russian government could have sent malware-laced Twitter messages to more than 10,000 employees of the US Department of Defense. | Malware | O Public administration and defence, compulsory social security | CE | US |
| 359 | 18/05/2017 | ? | DaFont.com | The popular font sharing site DaFont.com is hacked, exposing the site's entire database of 699,464 user accounts. | SQLi | J Information and communication | CC | US |
| 360 | 18/05/2017 | ? | PureMatrimony.com | Muslim focused site PureMatrimony.com says it has informed its users of an apparent data breach, and asked them to reset their passwords. 120,000 accounts are compromised. | Unknown | R Arts entertainment and recreation | CC | US |
| 361 | 18/05/2017 | ? | Equifax | Equifax reveals the details of an unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. The list of victims includes including defense contractor giant Northrop Grumman; staffing firm Allegis Group; Saint-Gobain Corp.; Erickson Living; and the University of Louisville. | Account Hijacking | K Financial and insurance activities | CC | US |
| 362 | 19/05/2017 | ? | Salem State University Twitter Account | Salem State University officials apologize after several racist tweets (against Black Lives Matter) were sent out when the school’s Twitter account was hacked (@SalemState). | Account Hijacking | P Education | CC | US |
| 363 | 19/05/2017 | ? | Blackburn High School | Police investigate a major privacy breach at Blackburn High School, which saw the personal information of families, including their phone numbers, addresses and Medicare details, published online. | Account Hijacking | P Education | CC | AU |
| 364 | 22/05/2017 | ? | Florida Department of Agriculture and Consumer Services | Florida officials reveal that hackers may have stolen the names of over 16,000 people who have concealed weapon permits in the state. The breach occurred two weeks ago through its online payment system, which processes payments for customers' permits and other applications. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 365 | 22/05/2017 | ? | Xbox Users | Microsoft files a complaint against iGSKY, presenting itself as a gaming serving company, accusing it to sell hacked Xbox accounts. | Unknown | X Individual | CC | >1 |
| 366 | 23/05/2017 | ? | Single Business Users | Researchers from security firm Cylance reveal that Qakbot, an information-stealing Trojan and backdoor malware that targets the Microsoft Windows operating system, is back with a new campaign nastier than before. | Malware | X Individual | CC | >1 |
| 367 | 24/05/2017 | ? | Qatar News Agency | Unknown hackers break into the website of the Qatar state-run news agency and publish a fake story quoting the ruling emir making controversial comments. The Twitter feed is also compromised posting fake quotes from Qatar's foreign minister alleging a plot against the country by other Arab nations. | Account Hijacking | J Information and communication | CC | QA |
| 368 | 25/05/2017 | APT28 | 200 victims, including journalists and activists critical of the Russian government, people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the world | Security researchers from CitizenLab expose the details of Tainted Leaks, a sophisticated hacking and disinformation campaign that targeted more than 200 Gmail users. | Account Hijacking | X Individual | CE | >1 |
| 369 | 25/05/2017 | ? | Android Users | Researchers from Check Point reveal the details of Judy, what could be possibly the largest malware campaign spreading through Google Play. The suspicious code was observed in more than 40 applications, most allegedly developed by a Korean company called Kiniwini. | Malware | X Individual | CC | >1 |
| 370 | 25/05/2017 | ? | The Harvard Crimson | The website of Harvard’s 144-year-old newspaper is defaced and posts fake stories and an altered picture of Facebook CEO Mark Zuckerberg (who was visiting the institution). | Defacement | P Education | CC | US |
| 371 | 25/05/2017 | ? | Multiple Websites | Malwarebytes reveals the details of RoughTed, an anti ad-blocker malvertiser able to distribute the Cerbrer ransomware. | Malvertising | X Individual | CC | >1 |
| 372 | 25/05/2017 | ? | University of Wisconsin Health | UW Health says that 2,036 patients had information compromised after an employee's email account was used by an unauthorized user on March 28, 2017. | Account Hijacking | Q Human health and social work activities | CC | US |
| 373 | 26/05/2017 | Russia? | Trump Organization | ABC News reveals that the FBI is investigating an attempted overseas cyberattack against the Trump Organization, summoning President Donald Trump’s sons, Don Jr. and Eric, for an emergency session with the bureau’s cybersecurity agents and representatives of the CIA. | Unknown | N Administrative and support service activities | CE | US |
| 374 | 26/05/2017 | ? | Prairie Mountain Health | Personal and medical information of more than 1,000 Prairie Mountain Health patients are at risk after an internal website is hacked. | Unknown | Q Human health and social work activities | CC | US |
| 375 | 28/05/2017 | ? | Fast Health | Fast Health reports a security breach that could affect over 700 of their patients, when a third-party altered a code on their server, stealing the credit card information of close to 700 customers who paid bills online from January 14, 2016 to December 20, 2016. | Malware | Q Human health and social work activities | CC | US |
| 376 | 28/05/2017 | ? | Augusta University | A phishing attack hits Augusta University faculty email accounts containing the health information of patients. | Account Hijacking | P Education | CC | US |
| 377 | 29/05/2017 | ? | Liverpool One Shopping Centre | Liverpool One shopping centre is forced to shut down a slew of digital billboards after an unknown hacker tampers with the signage. | Unknown | G Wholesale and retail trade | CC | UK |
| 378 | 30/05/2017 | ? | Old Mutual | Financial services company Old Mutual has notified its customers of a data breach, after it detected unauthorised entry to one of its systems which led to some personal customer information being accessed. | Unknown | K Financial and insurance activities | CC | AU |
| 379 | 31/05/2017 | ? | OneLogin | OneLogin reveals the details about an attack on its systems, confirming that a "threat actor" has accessed database tables including "information about users, apps, and various types of keys." The attacker has been able to rifle through OneLogin's infrastructure for seven hours, may have been able to decrypt customer data. | AWS Keys Hijacking | J Information and communication | CC | US |
| 380 | 31/05/2017 | ? | Kmart | For the second time in less than three years, Kmart Stores suffers a malware-based security breach of its store credit card processing systems. | PoS Malware | G Wholesale and retail trade | CC | US |
| 381 | 31/05/2017 | ? | Qnect | Qnect, a Sydney startup has its customer data stolen with the hackers threatening to publish the information unless bitcoins are paid out. | Unknown | J Information and communication | CC | AU |
| 382 | 31/05/2017 | ? | University of Alaska | A phishing scam in December 2016 resulted in a data breach at the University of Alaska, affecting around 25,000 students, staff and faculty members. | Account Hijacking | P Education | CC | US |
| 383 | 31/05/2017 | ? | Road Sign in Hustom | Someone hacks a road sign in Houston with a message against Donald Trump. | Unknown | N Administrative and support service activities | CC | US |
| 384 | 01/06/2017 | ? | Stanford University Subdomain | For almost four months, one of Stanford's subdomains (Paul F. Glenn Center for the Biology of Aging at Stanford University) has been compromised and used for hosting web shells, mailers, and other types of web malware. | WebShell | P Education | CC | US |
| 385 | 01/06/2017 | ? | Single Users | Researchers from Check Point reveal the details of Fireball, a high volume Chinese threat operation which has infected over 250 million computers worldwide (despite Microsoft later claims the number of infected machine is "only" 40 million. | Malware | X Individual | CC | >1 |
| 386 | 01/06/2017 | ? | Good Choice (hotel reservation app) | Hackers suspected of breaching a popular South Korean mobile app and stealing the personal data of more than 990,000 are arrested by local police in Korea. | Unknown | J Information and communication | CC | KR |
| 387 | 02/06/2017 | ? | Google Search | A malvertising campaign exploits ads in Google Search results for Target, redirecting the users to a tach support scam. Apparently a similar campaing has also been carried on for searches related to Walmart. | Malvertising | X Individual | CC | US |
| 388 | 03/06/2017 | ? | Hotels.com | Hotels.com sends an email to some customers advising that their username, password, email address, and the last four digits of stored credit card numbers were potentially stolen last month (between may 22 and 29). | Unknown | J Information and communication | CC | US |
| 389 | 04/06/2017 | The Dark Overlord | Steve Harvey's Funderdome | The Dark Overlord, which recently leaked ten episodes of Netflix's "Orange is the New Black" makes a resurgence, releasing on the Pirate Bay a selection of eight episodes from ABC's upcoming network television show "Steve Harvey's Funderdome". | Unknown | R Arts entertainment and recreation | CC | US |
| 390 | 05/06/2017 | Russia? | | A new report reveals that Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to 122 local election officials just days before last November’s presidential election. | Targeted Attack | O Public administration and defence, compulsory social security | CW | US |
| 391 | 05/06/2017 | ? | BTC-E.com | BTC-E.com, the popular Bitcoin and Litecoin exchange platform is the target of a DDoS Attack. | DDoS | V Fintech | CC | RU |
| 392 | 05/06/2017 | ? | Wind Tre | Italy’s data protection authority, Garante Privacy, has ordered Wind Tre to write to customers to notify them of a data breach following a cyber attack that occurred on 20 March. | Unknown | J Information and communication | CC | IT |
| 393 | 06/06/2017 | APT28 | Montenegro | Security firm FireEye reveals the details of a wave of attacks targeting Montenegro using spear-phishing, after its decision to join the NATO. | Targeted Attack | O Public administration and defence, compulsory social security | CW | ME |
| 394 | 06/06/2017 | Turla | >1 | Security firm ESET reveals the details of a recently discovered backdoor Trojan using comments posted to Britney Spears's official Instagram account to locate the control server that sends instructions and offloads stolen data to and from infected computers. | Targeted Attack | Y Multiple targets | CE | >1 |
| 395 | 07/06/2017 | ? | Southern Oregon University | Southern Oregon University announces that it is the latest organization to fall victim to a business email compromise (BEC) attack after fraudsters tricked the educational establishment into transferring money into a bank account under their control. The university fell for the scam in late April when it wired $1.9 million into a bank account. They believed they were paying Andersen Construction, a contractor responsible for constructing a pavilion and student recreation center. | Account Hijacking (Business Email Compromise) | P Education | CC | US |
| 396 | 07/06/2017 | Chris Hutcheson | Gordon Ramsay | The father-in-law of celebrity chef Gordon Ramsay is jailed for six months after pleading guilty to attempting to hack into his computer to steal financial information and 'dirty' secrets on the star for the hacking plot to crack into Ramsay's private emails following a family falling-out. | Account Hijacking | X Individual | CC | UK |
| 397 | 07/06/2017 | Platinum APT | >1 | Microsoft reveals the details of Platinum APT, the first example of a threat actor abusing Intel Chip Management Feature. | Targeted Attack | Y Multiple targets | CE | >1 |
| 398 | 08/06/2017 | ? | Al Jazeera Media Network | The websites and digital platforms of Al Jazeera Media Network are undergoing "systematic and continual hacking attempts". Internal sources reveal that the network is facing a DDoS attack. | DDoS | J Information and communication | CC | QA |
| 399 | 08/06/2017 | ? | Android Users | Researchers from security firm Kaspersky Lab reveal that more than 50,000 Android devices have downloaded a strain of Android malware, known as "DvMap", which contains rare abilities to allow hackers and cybercriminals to gain "root" access to a smartphone or tablet and inject malicious code directly into system libraries. | Malware | X Individual | CC | >1 |
| 400 | 08/06/2017 | ? | CD Project Red | CD Projekt Red, the Polish studio maker behind the popular The Witcher 3 RPG, suffers a data breach and the attacker is holding the company for ransom, threatening to release stolen files if the game maker doesn't pay an undisclosed sum of money. | Unknown | R Arts entertainment and recreation | CC | PL |
| 401 | 09/06/2017 | ? | Linux Servers | Researchers from Kaspersky Lab reveal that an unknown threat actor is using a vulnerability in Samba installations to take over Linux machines and use them as pawns in a vast cryptocurrency mining operation. The malware is dubbed SambaCry. | Malware | Y Multiple targets | CC | >1 |
| 402 | 09/06/2017 | ? | Android Users | Researchers from security company Qihoo 360 discover an Android ransomware developed in China dubbed WannaLocker, which copies WannaCry using similar graphics to trick users into paying the ransom. | Malware | X Individual | CC | CN |
| 403 | 09/06/2017 | FIN7 | Restaurants across the US | Morphisec Lab reveals the details of a sophisticated fileless attack carried on by the FIN7 group and targeting restaurants across the US, allowing attackers to seize system control and install a backdoor to steal financial information at will. | Malware | I Accommodation and food service activities | CC | US |
| 404 | 09/06/2017 | ? | Select Restaurant | Ohio-based Select Restaurant chain reports it suffered a point-of-sale breach during which customer payment card information was compromised. The breach took place between October 36, 2016 and February 3, 2017 at 12 of the company's restaurants, which are located across the United States, | PoS Malware | I Accommodation and food service activities | CC | US |
| 405 | 12/06/2017 | ? | Google News (via compromising of Palate Press and the Boyne City Gazette) | Legitimate news sites listed on Google News replace articles with spam ads for drugs and dating sites. The incident occurred after two online wine magazine (Palate Press and the Boyne City Gazette) were hacked. | Spam Injection | J Information and communication | CC | US |
| 406 | 13/06/2017 | Russia? | U.S. Electoral System | New investigations reveal that Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported (39 states). | Targeted Attack | O Public administration and defence, compulsory social security | CW | US |
| 407 | 14/06/2017 | Hidden Cobra | >1 | The US-CERT identifies the North Korean government as being behind Hidden Cobra, a theat actor using DeltaCharlie, a DDoS botnet infrastructure that has been used to target media, financial, aerospace, and critical infrastructure organizations in the US and elsewhere. | Targeted Attack | Y Multiple targets | CW | US |
| 408 | 14/06/2017 | ? | Android Users | Security firm Trend Micro reveals that over 800 Android apps on Google Play have been found infected with Xavier, a "silent" data stealing and leaking malware. The malicious adware has been around since 2016 and functions under the radar, making it difficult to detect its activities. | Malware | X Individual | CC | >1 |
| 409 | 14/06/2017 | ? | CashCrate | Motherboard reveals that hackers made off with 6 million user accounts for CashCrate, a site where users can be paid to complete online surveys. | Unknown | J Information and communication | CC | US |
| 410 | 14/06/2017 | ? | ATMs in India | ATMs in India are under attack via Rufus, a Chinese malware targeting cash machines running outdated Windows XP. | Malware | K Financial and insurance activities | CC | IN |
| 411 | 14/06/2017 | ? | Nayana | A South Lorean Web-hosting service provider, Nayana, agrees to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites via the Erebus ransomware. | Malware | J Information and communication | CC | KR |
| 412 | 15/06/2017 | ? | University College London | University College London is hit by a “major” ransomware attack which brings down its shared drives and student management system. The attack also leads to a number of hospital trusts suspending their email servers as a precautionary measure, in an attempt to prevent the repetition WannaCry epidemic. | Malware | P Education | CC | UK |
| 413 | 15/06/2017 | ? | Ulster University | The Ulster University is also hit by Ransomware. | Malware | P Education | CC | UK |
| 414 | 15/06/2017 | ? | Bitfinex | Bitfinex, the world’s largest US dollar-based Bitcoin exchange, is still suffering from the effects of a DDoS attack on its systems earlier this week, rendering IOTA deposits unavailable for users. | DDoS | V Fintech | CC | HK |
| 415 | 15/06/2017 | Attackers from Nigeria | Multiple Industrial Firms | Kaspersy Lab reveal the details of a massive BEC campaign targeting over 500 companies, mostly in the industrial and transportation sector, from 50 countries. | Account Hijacking (Business Email Compromise) | Y Multiple Targets | CC | >1 |
| 416 | 14/06/2017 | ? | Waverly Health Center | Waverly Health Center is hit by ransomware, causing the medical facility to shut down their IT systems. | Malware | Q Human health and social work activities | CC | US |
| 417 | 16/06/2017 | ? | The Buckle Inc. | The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, discloses that its retail locations have been hit by malicious software designed to steal customer credit card data. | PoS Malware | G Wholesale and retail trade | CC | US |
| 418 | 16/06/2017 | ? | Lori Sattler | Lori Sattler, a state Supreme Court judge, is scammed out of more than $1 million after being fooled by an email she thought had been sent by her real estate lawyer, sending the money to an account to Commerce Bank of China. | Account Hijacking | X Individual | CC | US |
| 419 | 16/06/2017 | ? | Unnamed Italian Organizations | Researchers from security firm Yoroi reveal the details of a False Flag Attack on Multi-Stage Delivery of Malware aimed to target Italian Organizations | Malware | Y Multiple targets | CC | IT |
| 420 | 16/06/2017 | FIN10 | Canadian Mining, Casino Industries | FireEye reveals the details of FIN10, a previously unknown threat actor that has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign active since 2013. | Targeted Attack | Y Multiple targets | CC | CA |
| 421 | 16/06/2017 | Vigilance | admin.state.mn.us | A hacker calling himself Vigilance hacks a database belonging to the Minnesota state government, and steals about 1,400 email addresses and passwords. | Unknown | O Public administration and defence, compulsory social security | H | US |
| 422 | 18/06/2017 | MoRo | 4 School Districts in Florida | It looks like two months before the U.S. Presidential Elections. MoRo, a group of hackers from Morocco allegedly tried to hack the US voting systems. In an attempt, they hacked four school districts from Florida. | Malware | P Education | H | US |
| 423 | 19/06/2017 | ? | Argentina's Army Website | Argentina's army says that its website has been hacked and images purported to be of members of the Islamic State militant group were posted on it. | Defacement | O Public administration and defence, compulsory social security | H | AR |
| 424 | 19/06/2017 | CyberTeam | Skype | A hacking group called CyberTeam claims responsibility for a DDoS attack against Skype. | DDoS | J Information and communication | CC | US |
| 425 | 19/06/2017 | Mexican Government | Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists | The New York Time reveals that Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by Pegasus, an advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists. | Malware | X Individual | CE | MX |
| 426 | 20/06/2017 | AdGholas | >1 | ProofPoint reveals the details of a massive malvertising campaign carried on by the AdGholas group and aimed to distribute ransomware. | Malvertising | Y Multiple targets | CC | >1 |
| 427 | 21/06/2017 | ? | Ukraine | One week before NotPetya, a researcher dubbed MalwareHunter spots a ransomware campaign called PSCrypt targeting Ukraine. | Malware | Y Multiple targets | CW | UA |
| 428 | 22/06/2017 | Russia? | Election Systems in 21 US States | Jeanette Manfra of the Department of Homeland Security (DHS), during her testimony before a Senate panel, reveals that Russian hackers targeted election systems in 21 US states during last year's campaign. | Targeted Attack | O Public administration and defence, compulsory social security | CW | US |
| 429 | 22/06/2017 | Russia? | US County Database | New details emerge about the alleged hacks before the 2016 elections. Ken Menzel, general counsel of the State Board of Elections, reveals that nearly 90,000 records containing personal information were accessed by Russian hackers, with 90 percent of those records containing some kind of personal information. | Targeted Attack | O Public administration and defence, compulsory social security | CW | US |
| 430 | 22/06/2017 | ? | Microsoft | British police announces to have arrested two suspects part of an international group that hacked into Microsoft's network. | Unknown | J Information and communication | CC | US |
| 431 | 22/06/2017 | ? | Airway Oxygen | Airway Oxygen notifies that a ransomware attack in mid-April resulted in the compromise of data belonging to 550,000 customers and employees. | Malware | C Manufacturing | CC | US |
| 432 | 22/06/2017 | OceanLotus | Single Individuals in Vietnam | Researchers from Palo Alto Networks reveal that the alleged Vietnamese ATP group OceanLotus has evolved its Mac spyware trojan, creating one of the most advanced backdoors never seen on macOS. | Targeted Attack | X Individual | CE | VN |
| 433 | 22/06/2017 | BlackTech | Targets in East Asia | Trend Micro reveals the details of a cyberespionage group dubbed BlackTech operating against targets in East Asia focusing on Taiwan and occasionally Japan and Hong Kong with the goal of stealing technology. | Targeted Attack | Y Multiple targets | CE | >1 |
| 434 | 22/06/2017 | ? | Cleveland Medical Associates | Cleveland Medical Associates reveals the details of a ransomware attack happened on April 21, 2017. | Malware | Q Human health and social work activities | CC | US |
| 435 | 23/06/2017 | ? | UK Parliament | Up to 90 email accounts are compromised amid a brute-force cyber-attack on UK Parliament. | Brute Force | O Public administration and defence, compulsory social security | CC | UK |
| 436 | 23/06/2017 | Russia? | British cabinet ministers, ambassadors and senior police officers | The Times reports that passwords belonging to British cabinet ministers, ambassadors and senior police officers are traded online by Russian hackers. | Unknown | O Public administration and defence, compulsory social security | CC | UK |
| 437 | 23/06/2017 | ? | Microsoft | A massive trove of Microsoft's internal Windows 10 operating system builds and portions of its core source code (a total of 32TB) are leaked online. | Unknown | J Information and communication | CC | US |
| 438 | 25/06/2017 | Team System DZ | Ohio Gov. John Kasich’s Website | Ohio Gov. John Kasich’s website is hacked, appearing to show pro-ISIS propaganda. Ohio first lady Karen Kasich’s website, along with the Ohio Department of Rehabilitation and Corrections website, are also hacked | Defacement | O Public administration and defence, compulsory social security | H | US |
| 439 | 27/06/2017 | ? | Ukraine | A new ransomware outbreak appears in Ukraine and spreads rapidly all over the world. The malware is called NotPetya or Nyetya. The initial vector is a rogue update from a local accounting software called MeDoc. | Malware | Y Multiple targets | CW | >1 |
| 440 | 27/06/2017 | ? | 8tracks | Motherboard reveals that millions of accounts for internet radio service 8tracks are being traded on the digital underground. The total number of affected account could be as high as 18 million. | Unknown | R Arts entertainment and recreation | CC | US |
| 441 | 28/06/2017 | Hackers linked to Russia? | At least a dozen U.S. power plants | Homeland Security and the FBI send out a general warning about hackers working for a foreign government, which recently breached at least a dozen U.S. power plants, including the Wolf Creek nuclear facility in Kansas. | Targeted Attack | D Electricity gas steam and air conditioning supply | CW | US |
| 442 | 28/06/2017 | ? | Ventura County Office Of Education | The websites of numerous school districts in Ventura County go offline amid an attack able to redirect users to a group's webpage where pro-ISIS views were posted | Unknown | P Education | CC | US |
| 443 | 28/06/2017 | ? | Wooster-Ashland Regional Council of Governments | The Wooster-Ashland Regional Council of Governments computer network is hacked and more than 200,000 records in are compromised. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 444 | 29/06/2017 | ? | ClassicEtherWallet.com | An unknown attacker gains control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency, being able to phish credentials and redirect transactions. Based on reported cases, the hacker might have siphoned off nearly $300,000 worth of ETC funds from hacked accounts. | DNS Hijacking | V Fintech | CC | N/A |
| 445 | 29/06/2017 | ? | Ukraine | MalwareHunter spots a fourth ransomware campaign focused on Ukraine. The campaign follows the same patterns seen in past ransomware campaigns that have been aimed at the country, such as XData, PScrypt, and the infamous NotPetya. | Malware | Y Multiple targets | CW | UA |
| 446 | 29/06/2017 | ? | Bithumb | The largest bitcoin and ether exchange in South Korea by volume, Bithumb, is hacked. The losses could be around ten million South Korean Won (approx USD 8,700). | Account Hijacking | V Fintech | CC | KR |
| 447 | 29/06/2017 | ? | Two Israeli Hospitals | Researchers from Trend Micro discover a malware, dubbed WORM_RETADUP.A, targeting two Israeli hospitals with highly obfuscated information-stealing malware that abuses LNK shortcut files. | Malware | Q Human health and social work activities | CE | IL |
| 448 | 01/07/2017 | ? | PVHS-ICM Employee Health and Wellness | PVHS-ICM Employee Health and Wellness notifies his patients to have been hit by a ransomware attack. | Malware | Q Human health and social work activities | CC | US |
| 449 | 03/07/2017 | ? | Medicare | The Guardian reveals that a darknet trader is illegally selling the Medicare patient details of any Australian on request by “exploiting a vulnerability” in a government system. | Undisclosed Vulnerability | Q Human health and social work activities | CC | AU |
| 450 | 03/07/2017 | ? | Google | In the wake of the breach occurred to Sabre Hospitality Solutions earlier in May, the personal details of a small number of Google staffers have been exposed, according to a notification letter Google sends out to affected employees. | Account Hijacking | J Information and communication | CC | US |
| 451 | 06/07/2017 | ? | Hard Rock Hotels & Casinos | Another consequence of the Sabre breach, Hard Rock Hotels and & Casinos reveals that for seven months, attackers had unauthorized access to a third-party reservation system, which allowed them to attain unencrypted credit card payment information, as well as guest names, addresses and phone numbers. | Account Hijacking | I Accommodation and food service activities | CC | US |
| 452 | 06/07/2017 | ? | Loews Hotels | And the same happens for luxury hotel chain Loews Hotels. | Account Hijacking | I Accommodation and food service activities | CC | US |
| 453 | 06/07/2017 | ? | Four Seasons Hotels and Resorts | And the list of the victims of the Sabre attack also includes Four Seasons Hotels and Resorts. | Account Hijacking | I Accommodation and food service activities | CC | US |
| 454 | 06/07/2017 | ? | Android Devices | Check Point reveals the details of CopyCat, a new strain of a malware that has infected more than 14 million Android devices around the world, rooting phones and hijacking apps to make millions in fraudulent ad revenue. | Malware | X Individual | CC | >1 |
| 455 | 06/07/2017 | ? | Android Devices | Trend Micro reveals the details of SLocker, a variant of the oldest lock-screen and file-encrypting, using the WannaCry interface. | Malware | X Individual | CC | >1 |
| 456 | 07/07/2017 | ? | gandi.net | French domain registrar Gandi loses control over 751 customer domains, which have their DNS records altered to point incoming traffic to websites hosting exploits kits. | DNS Hijacking | J Information and communication | CC | FR |
| 457 | 07/07/2017 | ? | B&B Theatres | B&B Theatres, a company that owns and operates the 7th-largest theater chain in America, says it is investigating a breach of its credit card systems starting in September 2015. | Malware | R Arts entertainment and recreation | CC | US |
| 458 | 07/07/2017 | ? | Critical infrastructure and energy companies around the world, primarily in Europe and the United States | Talos reveals the details of an email-based attack targeting the energy sector, including nuclear power for multiple energy companies around the world, primarily in Europe and the US. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | >1 |
| 459 | 08/07/2017 | ? | Avanti Markets | Avanti Markets, a self-service payment kiosks vendors acknowledges to have suffered of breach of its internal networks in which hackers were able to push malicious software out to payment devices. | Malware | C Manufacturing | CC | US |
| 460 | 08/07/2017 | ? | Deep Hosting | Deep Hosting, a Dark Web hosting service, admits to have suffered a major security incident during which "some sites have been exported" | Remote Shell | G Wholesale and retail trade | CC | N/A |
| 461 | 09/07/2017 | ? | Reliance Jio | Personal details of some 120 Million Reliance Jio customers are exposed on the Internet in probably the biggest breach of personal data ever in India. | Unknown | J Information and communication | CC | IN |
| 462 | 09/07/2017 | ? | Real Estate Business Services (REBS) | Real Estate Business Services (REBS), a subsidiary of the California Association of Realtors, acknowledges to have suffered a data breach that exposed user information for a two-month period earlier this year. | PoS Malware | L Real estate activities | CC | US |
| 463 | 10/07/2017 | ? | Swiss Banks | Researchers from Trend Micro discover a new variant of the Operation Emmental, targeting the Swiss banks using a variant of the DoK Mac OS X malware. | Malware | K Financial and insurance activities | CC | CH |
| 464 | 10/07/2017 | ? | Android Devices | Researchers from McAfee reveal the details of a mobile ransomware known as LeakerLocker, threatening to dox users as a mean of extortion. | Malware | X Individual | CC | >1 |
| 465 | 11/07/2017 | ? | Trump International Hotels Management | Trump International Hotels Management reveals that the data breach to Sabre Corp, occurred in May 2017, compromised card payment details at 14 of its properties. The compromised information included payment card numbers and card security codes for some of the hotel chain's reservations. | Malware | I Accommodation and food service activities | CC | US |
| 466 | 11/07/2017 | ? | Single Individuals | Trend Micro reveals the details of a surging campaign using a remote access tool (RAT) known as Adwind, which has the ability to steal passwords, collect keystrokes and covertly record audio using an infected device's microphone. | Malware | X Individual | CC | US |
| 467 | 11/07/2017 | ? | Mansfield 103.2 | The UK Communications Regulator (Ofcom) is hunting a pirate who persistently overrides frequency of Mansfield 103.2 to play a modified version of "The Winker’s Song". | Unknown | J Information and communication | CC | UK |
| 468 | 11/07/2017 | ? | Community Care of St. Catharines and Thorold | Community Care of St. Catharines and Thorold notifies to be still recovering from a cyberattack that shut its computers down for more than a week. | Malware | Q Human health and social work activities | CC | US |
| 469 | 13/07/2017 | ? | Unfinished Wordpress Installations | Researchers from security firm Wordfence say they have observed a wave of web attacks that took aim at unfinished WordPress installations. | Account Hijacking | X Individual | CC | >1 |
| 470 | 14/07/2017 | ? | Square Enix | Square Enix attributes the connectivity issues that have plagued Final Fantasy 14's Stormblood expansion since its release in June on continuous distributed denial-of-service (DDoS) attacks from a third party. | DDoS | R Arts entertainment and recreation | CC | JP |
| 471 | 14/07/2017 | ? | Peachtree Neurological Clinic | While investigating a ransomware incident, Peachtree Neurological Clinic discovers that its computer system previously had been accessed without its knowledge by unauthorized individuals between February 2016 and May 2017. | Unknown | Q Human health and social work activities | CC | US |
| 472 | 15/07/2017 | ? | Republic of Ireland’s Power Grid | The Times reveals that hackers backed by the Russian government have attacked energy networks running the national grid in parts of the UK. In particular the hackers targeted the Republic of Ireland’s energy sector, aiming to infiltrate control systems | Targeted Attack | D Electricity gas steam and air conditioning supply | CW | UK |
| 473 | 16/07/2017 | ? | South Carolina's Voter Registration System | According to a post-election report by the South Carolina State Election Commission, South Carolina's voter registration system was reportedly hit by almost 150,000 hack attempts on Election Day 2016. | >1 | O Public administration and defence, compulsory social security | CW | US |
| 474 | 16/07/2017 | ? | Twitter users | ZeroFOX Threat Research reveal the details of a large-scale, spam pornography botnet on Twitter dubbed SIREN | Account Hijacking | X Individual | CC | >1 |
| 475 | 17/07/2017 | ? | UK Energy Sector | The National Cyber Security Centre (NCSC), part of the UK's intelligence agency GCHQ, issues a warning about hackers targeting the country's energy sector, and says that some industrial control system organizations are likely to have been successfully compromised. | Targeted Attack | D Electricity gas steam and air conditioning supply | CW | UK |
| 476 | 17/07/2017 | ? | CoinDash | An unknown hacker takes over the official website of the CoinDash platform and modifies an Ethereum wallet address during the company's ICO (Initial Coin Offering) being able to steal $7 million worth of Ethereum. | Unknown | V Fintech | CC | US |
| 477 | 17/07/2017 | ? | Android Users | Trend Micro reveals the details of GhostCtrl, an Android malware able to take control of devices to spy, steal and do its bidding. | Malware | X Individual | CC | >1 |
| 478 | 17/07/2017 | ? | Customers of international and U.S.-based financial institutions. | Researchers from Flashpoint observe a new, Necurs-powered Trickbot spam campaign developed to target and infect customers of international and U.S.-based financial institutions. | Malware | K Financial and insurance activities | CC | >1 |
| 479 | 18/07/2017 | ? | Women’s Health Care Group of PA (WHCGPA) | Women’s Health Care Group of PA (WHCGPA) reveals to have been hit by ransomware on May 16, 2017. 300,000 patient records are affected. | Malware | Q Human health and social work activities | CC | US |
| 480 | 18/07/2017 | ? | KQED | KQED, a San Francisco radio station is still recovering from a ransomware attack, nearly one month after. | Malware | J Information and communication | CC | US |
| 481 | 18/07/2017 | ? | Sarah Hyland | Nude photos and video of Sarah Hyland are leaked online. | Account Hijacking | X Individual | CC | US |
| 482 | 19/07/2017 | DarkHotel | Political figures and senior business users | Bitdefender reveals a new high-level spear-phishing attack targeting political figures and senior business users. Dubbed 'Inexsmar', the attack appears to be operated by the DarkHotel group, which has been perpetrating similar threats since 2007. | Targeted Attack | X Individual | CE | >1 |
| 483 | 19/07/2017 | ? | Individuals using Parity's Ethereum wallet | A vulnerability in Parity's Ethereum wallet software is exploited by thieves to rob victims on a massive scale. Targeted accounts are drained of 150,000 coins worth just over US$30 million at the current price. | Vulnerability | X Individual | CC | >1 |
| 484 | 19/07/2017 | ? | Loblaws | According to an email sent out to Loblaws account holders, the security of a ‘small number’ of accounts has been compromised, marking the second time the company has suffered a security breach this year. Comprised websites include Loblaws.ca, Joefresh.com and Beautyboutique.ca, as well as other Loblaws grocery chain websites. | Unknown | G Wholesale and retail trade | CC | CA |
| 485 | 20/07/2017 | ? | Kansas Department of Commerce | A security breach in the Kansas Department of Commerce exposes millions of Social Security numbers from people across 10 states to hackers. Many other accounts are also attacked. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 486 | 20/07/2017 | ? | Newcastle University | Newcastle University issues an alert, warning prospective students to be careful when seeking to apply and pay online for courses, after discovering the existence of a sophisticated phishing scam. | Account Hijacking | P Education | CC | UK |
| 487 | 20/07/2017 | ? | Android Users | According to a new report released by ESET, over 500,000 users have had their computers infected with a stealthy malware named Stantinko. | Malware | X Individual | CC | >1 |
| 488 | 21/07/2017 | ? | Bank of America customers | A new campaign targets Bank of America customers via emails pretending to be from representatives of the Bank of America. | Account Hijacking | K Financial and insurance activities | CC | US |
| 489 | 21/07/2017 | ? | University of Vermont Medical Center | University of Vermont Medical Center notifies 2,300 patients of a phishing incident occurred back in May 2017. | Account Hijacking | Q Human health and social work activities | CC | US |
| 490 | 23/07/2017 | chikri95 | Kylie Jenner's Snapchat account | Kylie Jenner's Snapchat account is hacked. The attacker claims to reveal nude pictures. | Account Hijacking | X Individual | CC | US |
| 491 | 23/07/2017 | @headassgang | Victoria Justice's Twitter account | Victoria Justice's Twitter account is hacked. The attacker claims to reveal nude pictures. | Account Hijacking | X Individual | CC | US |
| 492 | 24/07/2017 | ? | Veritaseum | Another day another Ethereum related breach. This time the target is Veritaseum, whose Initial Coin Offering (ICO) suffers a data breach in which around US$8.4 million worth of Ethereum are stolen. | Unknown | V Fintech | CC | US |
| 493 | 24/07/2017 | Spring Dragon | Some high-profile organizations around the South China Sea. | Kaspersky Lab reveals the details of a new wave of attacks carried on by a long running APT actor dubbed Spring Dragon. | Targeted Attack | Y Multiple targets | CE | CN |
| 494 | 25/07/2017 | ? | Over 110,000 people from Edinburgh | Cybercriminals have reportedly been found selling personal information of over 110,000 people from Edinburgh on an unspecified dark web marketplace | Unknown | O Public administration and defence, compulsory social security | CC | UK |
| 495 | 25/07/2017 | Logan | Over 40 million US voter records | A dark web vendor is reportedly selling over 40 million US voter records from nine states in an underground market called RaidForums. The data being sold allegedly includes full names, addresses, voter IDs, voter status and party affiliations. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US |
| 496 | 25/07/2017 | CopyKittens | Several countries including Israel, Saudi Arabia, the United States, Germany, Jordan and Turkey | Trend Micro reveals the details of a new massive cyber espionage campaign called "Operation Wilted Tulip", carried on by CopyKittens, an Iran-linked cyber espionage group targeting several countries including Israel, Saudi Arabia, the United States, Germany, Jordan and Turkey. | Targeted Attack | Y Multiple targets | CE | >1 |
| 497 | 25/07/2017 | ? | Single Individuals | Kaspersky Lab analysts detect CowerSnail, a malicious program for Windows apparently created by the same group responsible for SambaCry. | Malware | X Individual | CC | >1 |
| 498 | 25/07/2017 | ? | 942,609 Yorkshire people | The Yorkshire Post reveals that the personal data of 942,609 Yorkshire people is listed for sale on an underground marketplace. | Account Hijacking | X Individual | CC | UK |
| 499 | 26/07/2017 | ? | Android Users | Google discovers a new family of spyware called Lipizzan containing references to a cyber arms company called Equus Technologies. | Malware | X Individual | CE | >1 |
| 500 | 26/07/2017 | ? | UniCredit | UniCredit SpA, Italy’s No. 1 bank, says that hackers took biographical and loan data from 400,000 client accounts. The attack occurred in September and October of 2016 and June and July of this year. | Unknown (third party breach) | K Financial and insurance activities | CC | IT |
| 501 | 27/07/2017 | Russia? | Macron Campaign | Reuters reveals that Russian intelligence agents attempted to spy on President Emmanuel Macron's election campaign earlier this year by creating phony Facebook personas. | Account Hijacking | O Public administration and defence, compulsory social security | CE | FR |
| 502 | 27/07/2017 | ? | Virgin America | Virgin America confirms that a hacker broke into its corporate network earlier this year on March 13. | Unknown | H Transportation and storage | CC | US |
| 503 | 27/07/2017 | CobaltGipsy (a group allegedly linked to Iran) | Several entities in the Middle East and North Africa with a focus on Saudi Arabian organizations | Securworks reveal the details of a group, allegedly linked to Iran, dubbed "Cobalt Gypsy", reportedly using well-established fake online personas of attractive women to befriend targets, gain their trust and later dupe them into opening malicious software that could provide hackers with "full access" to private computer networks. | Targeted Attack | Y Multiple targets | CE | >1 |
| 504 | 27/07/2017 | ? | Critical Infrastructures | The Epoch Times reveals that an underground dark web marketplace, dubbed CMarket, is selling access to the private computer networks of critical infrastructure targets, including power plants, government departments, hospitals, financial firms and airlines in exchange for bitcoin | Unknown | Y Multiple targets | CC | >1 |
| 505 | 27/07/2017 | ? | Unnamed Canadian Organization | Cytelligence reveals that an undisclosed Canadian organization has reportedly paid criminals $425,000 in bitcoin after its systems were crippled in a ransomware attack. | Malware | Z Unknown | CC | CA |
| 506 | 28/07/2017 | ? | CIA | WikiLeaks publishes three new alleged CIA hacking tools as part of its new Vault 7 dump. | Unknown | O Public administration and defence, compulsory social security | H | US |
| 507 | 28/07/2017 | ? | Plastic Surgery Associates | Plastic Surgery Associates reveals that a data breach may have compromised patient records after it was hit with a ransomware attack earlier this year on 12 February. | Malware | Q Human health and social work activities | CC | US |
| 508 | 28/07/2017 | ? | Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL) | The author of the BrickerBot malware claims responsibility for a cyber-attack that took place in various Indian states and causes over 60,000 modems and routers to lose Internet connectivity. | Malware | J Information and communication | CC | IN |
| 509 | 28/07/2017 | ? | Android Users | Security researchers from Dr.Web find the Triada malware inside the firmware of several low-cost Android smartphones, such as Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. | Malware | X Individual | CC | >1 |
| 510 | 28/07/2017 | ? | WestJet | WestJet says it is working with police in Calgary and the RCMP cybercrime unit after some members' profile data were disclosed online. | Unknown | H Transportation and storage | CC | CA |
| 511 | 31/07/2017 | ? | HBO | HBO joins the ranks of Hollywood entertainment companies to suffer a major cyber attack. The company network is compromised and the attacker claim to have stolen 1.5 TB of data. Few days after they leak an episode of the new season of Games of Thrones | Unknown | R Arts entertainment and recreation | CC | US |
| 512 | 31/07/2017 | ? | Android Users | Kaspersky Lab reveals the details of a new variant of the Svpeng trojan working as a keylogger and stealing data through the accessibility services. | Malware | X Individual | CC | >1 |
| 513 | 31/07/2017 | ? | Mandiant (a FireEye company) | A Mandiant threat intelligence analyst is the victim of Operation #LeakTheAnalyst. Attackers infiltrate his computer for more than a year and leak some internal data. | Targeted Attack | J Information and communication | CC | US |
| 514 | 31/07/2017 | ? | Wix.com | Website-building service Wix.com reveals to have been the subject of a massive cyber-attack in April 2016 when a botnet of rogue Chrome extensions was creating Wix websites to spread itself to new users. | Malware | J Information and communication | CC | US |
| 515 | 31/07/2017 | FIN7 | U.S.-based chain restaurants | ProofPoint researchers reveal that the threat actor commonly referred to as FIN7 has added a new JScript backdoor called Bateleur and updated macros to its toolkit to target U.S.-based chain restaurants. | Targeted Attack | I Accommodation and food service activities | CC | US |
| 516 | 31/07/2017 | ? | Copyfish Chrome Web Store Account | Phishers hack Copyfish, an extension for Google Chrome, after compromising the Chrome Web Store account of German developer team a9t9 software and abuse to distribute spam messages to unsuspecting users. | Account Hijacking | X Individual | CC | DE |
| 517 | 01/08/2017 | ? | University of California Los Angeles | UCLA reports a cyberattack against a Summer Sessions & International Education Office server that contains personal information provided by students. The attack happened on May 18 and affects potentially up to 32,000 students. | Unknown | P Education | CC | US |
| 518 | 01/08/2017 | ? | Chinese Telecom Firm | The Kaspersky Lab Q2 2017 DDoS Intelligence Report reveals the details of a DDoS attack launched against a Chinese Telecom Firm, lasting for 11 days. | DDoS | J Information and communication | CC | CN |
| 519 | 01/08/2017 | ? | Single Individuals | Malware researcher Jakub Kroustek from Avast discovers an anti-Israel & pro-Palestinian data wiper dubbed IsraBye. | Malware | X Individual | CC | IL |
| 520 | 01/08/2017 | ? | Big Screen in Cardiff's Queen Street | A big screen in Cardiff’s main shopping street, Queen Street, is reportedly hacked with images of swastikas and messages about ‘Shariah’ appearing. | Unknown | S Other service activities | CC | UK |
| 521 | 01/08/2017 | ? | Users of Node.js | A two-week-old campaign to steal developers' credentials using malicious code distributed through npm, the Node.js package management registry, is halted with the removal of 39 malicious npm packages. | Malware via Typosquatting | X Individual | CC | >1 |
| 522 | 01/08/2017 | ? | Kaleida Health | Kaleida Health notifies 2,789 patients about a phishing incident happened on May 24. | Account Hijacking | Q Human health and social work activities | CC | US |
| 523 | 02/08/2017 | ? | Chrome Web Store Account for Web Developer | The Chrome Web Store Account for Web Developer, a popular extension, is compromised via a phishing trick, and pushes adware to millions. | Account Hijacking | X Individual | CC | US |
| 524 | 03/08/2017 | Ne0-H4ck3r | Pakistan.gov.pk | An Indian hacker going by the online handle of Ne0-H4ck3r defaces the official government portal of Pakistan (Pakistan.gov.pk), leaving a deface page along with a message and a patriotic Indian song. | Defacement | O Public administration and defence, compulsory social security | CW | PK |
| 525 | 04/08/2017 | ? | Ariana Grande Instagram account | Ariana Grande is the latest celebrity that gets hacked. This time her Instagram account is hacked. | Account Hijacking | X Individual | CC | US |
| 526 | 06/08/2017 | ? | Surgical Dermatology Group | Surgical Dermatology Group notifies patients after its cloud hosting and server management provider TekLinks discovers a security breach dating back to March 23, 2017. | Unknown | Q Human health and social work activities | CC | US |
| 527 | 07/08/2017 | ? | Ukrposhta (Ukraine National Postal Service) | The website for Ukraine's national postal service Ukrposhta was recently taken down by DDoS attacks for two days in a row, Interfax reports. | DDoS | O Public administration and defence, compulsory social security | CC | UA |
| 528 | 07/08/2017 | ? | Steve Weichert Twitter Account | Steve Weichert, a politician running for District 17’s State Senate Seat in the 2018 election reveals that his Twitter account has been hacked. The alleged attackers post pornographic content. | Account Hijacking | X Individual | CC | US |
| 529 | 07/08/2017 | The Binary Guardians | About 40 Venezuelan websites including those of the government, the Supreme Court and the legislature. | A hacking collective called The Binary Guardians defaces roughly 40 Venezuelan websites including those of the government, the Supreme Court and the legislature. | Defacement | O Public administration and defence, compulsory social security | H | VE |
| 530 | 07/08/2017 | ? | Russian Speaking Enterprises | Trend Micro reveals the details of a malicious email campaign against Russian-speaking enterprises, employing a combination of exploits and Windows components to deliver a new backdoor leveraging CVE-2017-0199. | Targeted Attack | Y Multiple Targets | CE | RU |
| 531 | 07/08/2017 | Turkish hackers | Several Armenian Websites | Turkish hackers continue to target Armenian websites. The list of the targets involved in the latest spree of attacks includes the official website of the Development Foundation of Armenia and the official website of the Civil Service Council of Armenia. | Unknown | O Public administration and defence, compulsory social security | CW | AM |
| 532 | 08/08/2017 | ? | Several North Korean Organizations | Researchers from Cylance reveal that North Korean organisations are being increasingly targeted by an unknown hacker group, using the Konni malware, a remote access trojan (RAT). In 2017 alone, three separate campaigns targeting North Korean organisations have been spotted. | Malware (Konni) | Y Multiple targets | CW | KP |
| 533 | 08/08/2017 | ? | Three major banks in Hungary | The National Bank of Hungary reveals that hackers have been targeting three major banks in Hungary with a slew of phishing attempts. | Account Hijacking | K Financial and insurance activities | CC | HU |
| 534 | 09/08/2017 | ? | Corporations in Brazil and Saudi Arabia | Researchers at Kaspersky Lab reveal that a new run of Mamba infections have been spotted again in Brazil and Saudi Arabia. | Malware | Y Multiple targets | CC | BR SA |
| 535 | 09/08/2017 | ? | Kenya Electoral Commission IT System | Kenya opposition presidential candidate Raila Odinga claims the electoral commission's IT system has been hacked to manipulate the election results. | Account Hijacking | O Public administration and defence, compulsory social security | CC | KE |
| 536 | 11/08/2017 | APT28 | Hotel Wi-Fi Users | Researchers from FireEye reveal that APT28 AKA Fancy Bear have been using the infamous Eternal Blue vulnerability in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. | Targeted Attack | Y Multiple targets | CE | >1 |
| 537 | 11/08/2017 | ? | Single Individuals | SophosLabs warn of a fresh spike of attacks due to new variants of the well known Emotet malware. | Malware | X Individual | CC | >1 |
| 538 | 12/08/2017 | Anonymous | Official website of Charlottesville | The Anonymous claim responsibility for carrying out a DDoS attack on the official website of Charlottesville city Virginia. The attack is conducted under the banner of #OpDomesticTerrorism | DDoS | O Public administration and defence, compulsory social security | H | US |
| 539 | 12/08/2017 | Unknown Iraqi developer | Android users | Researchers from mobile security firm Lookout say they found at least three Android apps on the Google Play Store containing a form of advanced spyware they believe was created by an Iraqi developer. The malware author modified a version of the official Telegram app. | Malware | X Individual | CC | >1 |
| 540 | 13/08/2017 | ? | Blizzard Entertainment | The web servers of Blizzard Entertainment suffer a series of massive distributed denial-of-service (DDoS) attacks | DDoS | R Arts entertainment and recreation | CC | US |
| 541 | 14/08/2017 | 31337 | FireEye | A group of hackers called 31337 leaks a second dump of data allegedly stolen from security company FireEye. | Account Hijacking | J Information and communication | CC | US |
| 542 | 14/08/2017 | The Lazarus Group | Individuals involved with US Defense Contractors | Researchers from Palo Alto Networks reveal the details of a new operation carried on by the North Korea-linked Lazarus Group against individuals involved with US Defense Contractors. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US |
| 543 | 14/08/2017 | ? | 7 Chrome Extensions | Researchers from ProofPoint reveal that seven additional Chrome Extensions have been compromised after their author’s Google Account credentials were stolen via a phishing scheme. | Account Hijacking | X Individual | CC | >1 |
| 544 | 15/08/2017 | ? (Chinese Attackers) | NetSarang | Researchers at Kaspersky Lab find a well-hidden backdoor in NetSarang's server management software. It is assumed someone (allegedly from China) managed to hack into NetSarang's operations and silently insert the backdoor ShadowPad. | Malware | J Information and communication | CE | KR |
| 545 | 15/08/2017 | ? | Scottish Parliament | Officials reveal that the Scottish Parliament has been targeted by a "brute force" cyber attack. The attack, from "external sources", was similar to that which affected Westminster in June. | Brute Force | O Public administration and defence, compulsory social security | CE | UK |
| 546 | 15/08/2017 | Unnamed Nigerian criminal | 4,000 organizations worldwide | Researchers from Check Point reveal the details of an operation targeting 4,000 organizations worldwide, carried on by an unnamed Nigerian criminal under the motto "Get Rich or Try Dying". | Malware | Y Multiple targets | CC | >1 |
| 547 | 16/08/2017 | OurMine | Several HBO Twitter Accounts | Several HBO Twitter accounts are taken over by the notorious OurMine hacking group, posting #HBOHacked messages and warnings about security. Affected accounts include the main HBO Twitter account, as well as those for TV shows including Game of Thrones and Girls. | Account Hijacking | R Arts entertainment and recreation | CC | US |
| 548 | 16/08/2017 | ? | OSHA (Occupational Safety and Health Administration) | OSHA suspends user access to the Injury Tracking Application (ITA) after the Department of Homeland Security notifies the Department of Labor of a potential compromise of user information. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 549 | 17/08/2017 | Turla | G20 Participants | ProofPoint reveals that Turla appears to be actively targeting G20 participants and those interested in its activities including policymakers, member nations and journalists. The analysis is based on the discovery of a new JavaScript dropper for a backdoor called KopiLuwak that Turla has been known to use. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 550 | 17/08/2017 | Anonymous | 22 GOP Senators | Hacktivist collective Anonymous reportedly leaks the private contact details of 22 GOP senators, in the wake of the Charlottesville violence and US President Donald Trump's controversial response to the event, asking for Trump's impeachment. | Unknown | O Public administration and defence, compulsory social security | H | US |
| 551 | 17/08/2017 | ? | Android Users | Researchers from Kaspersky Lab discover a new version of the malicious Android banking Trojan Faketoken, targeting users of popular apps for booking taxis and paying traffic tickets. | Malware | X Individual | CC | >1 |
| 552 | 18/08/2017 | Anonymous | NHS (via SwiftQueue) | A member of the Anonymous hacking collective claims to have stolen data belonging to 1.2 million patients of the United Kingdom's National Health Service (NHS). The breach affected SwiftQueue, a software provider of dashboard and metrics solutions to healthcare clinics, according to which only 32,000 records were stolen. | Unknown | Q Human health and social work activities | H | UK |
| 553 | 18/08/2017 | ? | Single Individuals | A second wave of the Locky ransomware variant called IKARUSdilapidated is identified. The source of the ransomware is a botnet of zombie computers able to send 62,000 emails in three days. | Malware | X Individual | CC | >1 |
| 554 | 18/08/2017 | ? | Single Individuals | Two new Locky variants are discovered called Diablo6 and Lukitus. This new wave is boosted by the Necurs botnet. | Malware | X Individual | CC | >1 |
| 555 | 19/08/2017 | ? | Bittrex | A fake website pretends to be the official site for Bittrex exchange, but in reality, it is a phishing domain not only stealing login credentials of unsuspecting users but also the money saved in the exchange. | Account Hijacking | V Fintech | CC | US |
| 556 | 19/08/2017 | ? | Pacific Alliance Medical Center | Pacific Alliance Medical Center notifies 266,123 patients of a ransomware incident occurred on June 14 | Malware | Q Human health and social work activities | CC | US |
| 557 | 20/08/2017 | ? | Official Twitter and Facebook PlayStation accounts | The official Twitter and Facebook PlayStation accounts are taken over by the hacking group OurMine. The attackers also claim to have managed to access a PSN database. | Account Hijacking | R Arts entertainment and recreation | CC | JP |
| 558 | 21/08/2017 | ? | LG | Global consumer electronics manufacturer LG confirms it had to shut down some parts of its network after systems fell victim to WannaCry ransomware. More security news. Ransomware is found on an LG self-service kiosk in South Korea. | Malware | C Manufacturing | CC | KR |
| 559 | 21/08/2017 | ? | Sinopec’s Shengli Oilfield | Sinopec’s Shengli Oilfield says it will cut its Internet connection for some of its offices after a ransomware attacked 21 of its Internet terminals. | Malware | D Electricity gas steam and air conditioning supply | CC | CN |
| 560 | 21/08/2017 | ? | Enigma Blockchain Project | Another attack exploiting an Initial Coin Offering. As much as $500,000 in ether is stolen from supporters of the Enigma blockchain project following a security compromise. Attackers are able to take control of the project’s website domain, one of the administrator accounts on its Slack channel and its mailing lists. Once in control, the attackers distribute solicitations for an initial coin offering "presale." | Account Hijacking | V Fintech | CC | US |
| 561 | 21/08/2017 | ? | Single Individuals | Trend Micro reveals the details of CoinMiner, a new malware family (cryptocurrency miner) using the EternalBlue exploit to infect victims and the WMI toolkit as a method to run commands on infected systems. | Malware | X Individual | CC | >1 |
| 562 | 21/08/2017 | ? | Android Users | The Lookout Security Intelligence team discovers an advertising SDK called Igexin that has the capability of spying on victims through benign apps by downloading malicious plugins. Over 500 apps available on Google Play used the Igexin ad SDK, which were downloaded over 100 million times. | Malware | X Individual | CC | >1 |
| 563 | 21/08/2017 | ? | 22 Malaysian websites | A group of hackers called ExtremeCrew believed to be linked to Indonesia claim responsibility for defacing at least 33 Malaysian websites after an embarrassing blunder saw the Indonesian flag printed upside down on the official guidebook for the Southeast Asian Games. | Defacement | Y Multiple targets | CW | MY |
| 564 | 21/08/2017 | ? | Several Stars including Tiger Woods, Katharine McPhee, Lindsey Vonn, Miley Cyrus, Kristen Stewart, Stella Maxwell and Dakota Johnson | Fappening 2017: private nude photos of various naked stars emerge, including Tiger Woods, Katharine McPhee, Lindsey Vonn, Miley Cyrus, Kristen Stewart, Stella Maxwell and Dakota Johnson. | Unknown | X Individual | CC | >1 |
| 565 | 21/08/2017 | ? | Android Users | Android users are warned to avoid two applications discovered on the Google Play Store, after they were found to be laced with the notorius BankBot Trojan. | Malware | X Individual | CC | >1 |
| 566 | 22/08/2017 | APT28 AKA Fancy Bears | Several Football players | APT 28 AKA Fancy Bears release documents alleging 'drug use' in football. | Unknown | X Individual | CC | >1 |
| 567 | 22/08/2017 | ? | Single Individuals | EasyJet warns Facebook users over an online scam offering free flights. | Account Hijacking | X Individual | CC | >1 |
| 568 | 22/08/2017 | ? | Single Individuals | Researchers from FireEye discover a new global malvertising campaign using the Neptune Exploit Kit (AKA Terror) to drop the Monero coin miner. | Malvertising | X Individual | CC | >1 |
| 569 | 22/08/2017 | ? | Crystal Finance Millennium | Hackers breach the servers of Crystal Finance Millennium (CFM), another Ukraine company that makes accounting software for local businesses, sparking fear of a new global cyberattack. | Malware | J Information and communication | CC | UA |
| 570 | 22/08/2017 | ? | Worldwide gamers | Security researchers from ESET discover a new malware, dubbed Joao, targeting gamers around the world. | Malware | X Individual | CC | >1 |
| 571 | 23/08/2017 | OurMine | FC Barcelona Twitter and Facebook Accounts | The OurMine collective takes over the official Twitter and Facebook accounts of Barcelona and falsely announce the signing of Angel Di Maria from Paris Saint-Germain. | Account Hijacking | R Arts entertainment and recreation | CC | ES |
| 572 | 23/08/2017 | ? | Counter-Strike: Global Offensive (CS:GO) players | Sentinel One reveals the details of a campaign targeting Counter-Strike: Global Offensive (CS:GO) players. A malicious version of a cheating tool called vHook installs a Monero miner detected under the name of OSX.Pwnet.A. | Malware | X Individual | CC | >1 |
| 573 | 23/08/2017 | ? | HIDS4U | UK firm HIDS4U, warns customers to be wary of phishing emails after it came to light that a database of customers was found on a hacked website. | Account Hijacking | C Manufacturing | CC | UK |
| 574 | 23/08/2017 | ? | Multiple Industries | Flashpoint reveals the details of a business email compromise campaign emanating out of Western Africa, and targeting companies in a wide swathe of industries. | Account Hijacking | Y Multiple Targets | CC | >1 |
| 575 | 24/08/2017 | North Korea? | Unnamed Bitcoin Exchange in South Korea | The CWIC Cyber Warfare Research Center in South Korea reveals that a domestic exchange for bitcoin has been the target of an attempted hacking. Suspects are directed to North Korea. | Unknown | V Fintech | CW | KR |
| 576 | 24/08/2017 | ? | Single Individuals | Netskope Threat Research Labs detects several samples related to a coin miner malware named Zminer, whose kill chain begins with the delivery of a drive-by executable that downloads payloads from Amazon S3 to the victim’s machine. | Malware | X Individual | CC | >1 |
| 577 | 24/08/2017 | ? | Healthcare, education, manufacturing and tech sectors in the US and UK | A new ransomware dubbed Defray is discovered by ProofPoint, going after the healthcare, education, manufacturing and tech sectors in the US and UK. | Malware | Y Multiple targets | CC | US UK |
| 578 | 24/08/2017 | ? | Facebook Users | Kaspersky Lab reveals the details of a new multi platform malware/adware spreading via Facebook Messenger. | Malware | X Individual | CC | >1 |
| 579 | 24/08/2017 | ? | DreamHost | DreamHost is hit by a powerful and sustained DDoS attack after briefly hosting a new edition of the neo-Nazi website Daily Stormer. | DDoS | J Information and communication | H | US |
| 580 | 24/08/2017 | ? | 33,000 Entries of Telnet credentials | A list of 33,000 entries of Telnet credentials is discovered, sitting online on Pastebin since June 11. | Unknown | Y Multiple targets | CC | >1 |
| 581 | 25/08/2017 | ? | NHS Lanarkshire | NHS services in Lanarkshire (Scotland) are hit by a new ransomware campaign. The culprit is identified as a new variant of Bitpaymer ransomware. | Malware | Q Human health and social work activities | CC | UK |
| 582 | 25/08/2017 | Chinese State-Sponsored Actors (Deputy Dog? AKA APt17) | Multiple Targets | ProofPoint reveals the details of Operation Rat Cook, a targeted email campaign attempting a spear phishing attack using a Game of Thrones lure. The malicious attachment attempts to install a “9002” remote access Trojan (RAT) historically used by state-sponsored actors. | Targeted Attack | Y Multiple targets | CE | >1 |
| 583 | 25/08/2017 | ? | Loopia | Swedish web hosting provider Loopia reveals to have been hacked with the attackers able to access part of the customer database. | Unknown | J Information and communication | CC | SE |
| 584 | 28/08/2017 | ? | Zazzle | Zazzle sends an email to customers revealing that that hackers in June used brute-force techniques to cycle through account usernames and passwords that were stolen from a breach of another unnamed site. | Brute-force | J Information and communication | CC | US |
| 585 | 28/08/2017 | ? | Indian and Pakistani Entities | Symantec reveals to have identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues. The espionage campaign dates back to October 2016. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IN PK |
| 586 | 28/08/2017 | ? | US Citizens | The Internal Revenue Service (IRS) warns US citizens of a new phishing scheme that poses as official IRS communications in the hopes that victims access a link, download a file, and hopefully get infected with ransomware. | Malware | X Individual | CC | US |
| 587 | 28/08/2017 | ? | Selena Gomez Instagram account | The Instagram hack begins… Selena Gomez’s Instagram account is hacked and posts several nude photos of Justin Bieber | Account Hijacking | X Individual | CC | US |
| 588 | 28/08/2017 | ? | South Korean Android users | Security researchers from McAfee reveal the details of a new Android banking Trojan dubbed MoqHao, targeting South Korean users via SMS phishing messages. | Malware | X Individual | CC | KR |
| 589 | 28/08/2017 | OurMine | Real Madrid Twitter Account | Real Madrid’s official Twitter account is hacked with a post announcing the signing of rival Lionel Messi appearing on their feed. | Account Hijacking | R Arts entertainment and recreation | CC | ES |
| 590 | 28/08/2017 | ? | Medical Oncology Hematology Consultants | Medical Oncology Hematology Consultants, reports a ransomware attack that affected 19,203 patients. | Malware | Q Human health and social work activities | CC | US |
| 591 | 29/08/2017 | ? | CeX | Second-hand electronics dealership CeX notifies two million customers that their personal information may have been compromised by hackers. | Unknown | G Wholesale and retail trade | CC | UK |
| 592 | 29/08/2017 | ? | Swiss Individuals | The Reporting and Analysis Centre for Information Assurance (MELANI) says that around 21,000 passwords and personal details used to access online services have been stolen and could be used illegally. | Unknown | X Individual | CC | CH |
| 593 | 29/08/2017 | ? | Coinbase users | Researchers from Forcepoint discover a new variant of Trickbot variant able to monitor Coinbase exchange sites. | Malware | X Individual | CC | >1 |
| 594 | 30/08/2017 | ? | Single Individuals | More than 700 million email addresses, as well as a number of passwords, leak publicly thanks to a misconfigured spambot, in one of the largest data breaches ever. | Unknown | X Individual | CC | >1 |
| 595 | 30/08/2017 | Turla | Embassies and Consulates in Europe | Researchers from ESET uncover Gazer, a new malware tool used by the infamous threat actor Turla to spy on embassies and consulates in Europe. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 596 | 30/08/2017 | ? | Central German state of Saxony-Anhalt | Internet and telephone networks at the regional parliament in the central German state of Saxony-Anhalt are offline after a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | DE |
| 597 | 30/08/2017 | ? | CMS Users | Sucuri detects a massive online scanning campaign that's searching for websites that use the Adminer database management script. | Adminer vulnerability | Y Multiple targets | CC | >1 |
| 598 | 30/08/2017 | ? | Single Individuals | Security researcher MalwareBreakdown releases the analysis of a new attack performed when a user visits a compromised site and is asked to install the Roboto Condensed. The fake font pack is used to install malware. | Malware | X Individual | CC | >1 |
| 599 | 30/08/2017 | ? | dms[.]nwcg[.]gov | Ankit Anubhav of NewSky Security discovers a U.S. government website hosting a malicious JavaScript downloader, leading victims to installations of Cerber ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 600 | 30/08/2017 | ? | Kaleida Health | Kaleida Health notifies (once again) 2,800 patients of a new phishing attack. | Account Hijacking | Q Human health and social work activities | CC | US |
| 601 | 31/08/2017 | ? | MacEwan University | MacEwan University staffers are tricked into transferring $11.8 million into scammers’ bank accounts. The majority of the money, $11.4 million, has been traced to bank accounts in Montreal and Hong Kong. | Account Hijacking | P Education | CC | CA |
| 602 | 31/08/2017 | ? | Instagram | Instagram reveals that one or more hackers have been stealing celebrities' e-mail addresses, phone numbers, and other personal information by exploiting a bug. A database, Doxagram, is published online immediately after with the attacker claiming to have stolen 6 million records. Few | Instagram API Vulnerability | J Information and communication | CC | US |
| 603 | 31/08/2017 | China? | Vietnam? | Security company FireEye reveals to Reuters that cyber spies working for or on behalf of China’s government have broadened attacks against official and corporate targets in Vietnam at a time of raised tension over the South China Sea, | Targeted Attack | O Public administration and defence, compulsory social security | CW | VN |
| 604 | 31/08/2017 | ? | WikiLeaks | WikiLeaks’ website appears to have been hacked by the OurMine collective. | DNS Hijacking | U Activities of extraterritorial organizations and bodies | CC | INT |
| 605 | 31/08/2017 | ? | Free Online File Converter | An anonymous researcher reveals that the server hosting dozens of free-to-use online file conversion websites, including combinepdf.com, imagetopdf.com, jpg2pdf.com, pdftoimage.com, pdfcompressor.com, and wordtojpeg.com, has been hacked several times in the past year | ImageMagick Vulnerability | S Other service activities | CC | FR |
| 606 | 31/08/2017 | ? | Single Individuals | Researchers at Malwarebytes uncover a campaign which is harnessing RIG on hacked websites in order to distribute the Princess/PrincessLocker ransomware. | Malware | X Individual | CC | >1 |
| 607 | 01/09/2017 | ? | TrueStresser | A dissatisfied customer breaches the server of TrueStresser, a DDoS-for-hire service, pilfering its database, and leaking some of the content online. | Unknown | S Other service activities | CC | US |
| 608 | 01/09/2017 | ? | Google Chrome Users | Security Expert Brad Duncan spot a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware. | Malware | X Individual | CC | >1 |
| 609 | 01/09/2017 | ? | Alaska Department of Health and Social Services (dhss.alaska.gov) | The Alaska Department of Health and Social Services reveals to have suffered a security breach in July that may have disclosed personal information of individuals who have interacted with the Office of Children’s Services. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 610 | 01/09/2017 | The Dark Overlord | Hand Rehabilitation Specialists | Hand Rehabilitation Specialists notifies patients of a possible hack by The Dark Overlord occurred back in July. | Unknown | Q Human health and social work activities | CC | US |
| 611 | 01/09/2017 | ? | Single Individuals in Cambodia | Researchers from Palo Alto observe activity involving the Remote Access Trojan KHRAT used by threat actors to target the citizens of Cambodia. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KH |
| 612 | 01/09/2017 | ? | The Young Illustrator Award site administered by Meridian Secondary School | The Young Illustrator Award site administered by Meridian Secondary School is taken down after being hacked. | Unknown | P Education | CC | SG |
| 613 | 02/09/2017 | ? | Victoria Police | A pirate broadcaster posing as a police officer interfere in a police chase this week in Australia, forcing officers to call off the pursuit of two suspected armed robbers. | Radio Frequency Hijacking | O Public administration and defence, compulsory social security | CC | AU |
| 614 | 02/09/2017 | ? | Canoe.ca | The free news and entertainment portal Canoe.ca, operated by MediaQMI Inc. and owned by Sun Media Corp. prior to 2015, wishes to inform users that some of its databases containing records from the period of 1996 to 2008 have been breached. | Unknown | J Information and communication | CC | CA |
| 615 | 04/09/2017 | ? | Taringa | LeakBase, a breach notification service, obtains a copy of the hacked database of Taringa, a social network popular in Latin America, containing details on 28,722,877 accounts, which includes usernames, email addresses and hashed passwords. | Unknown | J Information and communication | CC | AR |
| 616 | 04/09/2017 | ? | Verrit | Verrit, a political fact-checking site is DDoSed almost immediately after it was endorsed by Hillary Clinton. | DDoS | J Information and communication | CC | US |
| 617 | 04/09/2017 | ? | cpjobs.com | Online jobs platform cpjobs.com reports an unauthorised third-party attack on the website, compromising the security of user data. Impacted pages are shut down and all users’ passwords are deactivated. | Unknown | N Administrative and support service activities | CC | HK |
| 618 | 04/09/2017 | cru3lty@safe-mail.net wolsec@secmail.pro mongodb@tfwno.gf | Unprotected MongoDB instances | Security researchers Dylan Katz and Victor Gevers reveal a new wave of attacks aimed to wipe unprotected MongoDB instances and asking for a ransom to have the data back. This wave, carried on by three different groups, targets 26,000 database instances. | MongoDB Vulnerability | Y Multiple targets | CC | >1 |
| 619 | 04/09/2017 | Russia? | Julia Kloeckner Website | Julia Kloeckner, a top leader of German Chancellor Angela Merkel’s conservative party says her website has been hit by thousands of cyber attacks -- many from Russian IP addresses -- ahead of the television election debate between Merkel and her Social Democratic rival Martin Schulz. | Unknown | N Administrative and support service activities | CW | DE |
| 620 | 05/09/2017 | China? | Multiple Political Groups | Researchers from LookOut discover a new cyberespionage tool, dubbed xRAT, suspected to have been developed and used by Chinese hackers, and used to target political groups. | Targeted Attack | N Administrative and support service activities | CE | >1 |
| 621 | 05/09/2017 | ? | West Australian TAFE | An attacker infiltrates the systems of a West Australian TAFE on August 28 and September 5 and accesses the sensitive personal details of staff and more than 13,000 students. | Unknown | P Education | CC | AU |
| 622 | 05/09/2017 | ? | Community Memorial Health System | The Community Memorial Health System sends out a notice regarding a data security breach involving patient information after a phishing attack happened on June 23. | Account Hijacking | Q Human health and social work activities | CC | US |
| 623 | 06/09/2017 | DragonFly 2.0 | Multiple US and European energy companies | Symantec reveals that nation-sponsored hackers have penetrated the operational networks that multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of people | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | >1 |
| 624 | 07/09/2017 | ? | Equifax | Equifax, reveals to have been hit by a data breach could potentially affect 143 million consumers in the United States. The breach has been discovered on July 29th. | Apache Struts Vulnerability (CVE-2017-5638) | K Financial and insurance activities | CC | US |
| 625 | 07/09/2017 | ? | AXA Insurance | AXA Insurance sends out an email to some customers informing that the personal data of 5,400 customers in Singapore has been stolen due to a cyber attack. | Unknown | K Financial and insurance activities | CC | SG |
| 626 | 07/09/2017 | ? | Tettegouche State Park | The popular Tettegouche State Park says its computer systems have been infected with malware, authorities on 25 August and warns visitors to check their credit cards. | PoS Malware | R Arts entertainment and recreation | CC | US |
| 627 | 07/09/2017 | The Dark Overlord | Adult Internal Medicine of North Scottsdale | Adult Internal Medicine of North Scottsdale notifies an incident affecting 11,798 patients. | Unknown | Q Human health and social work activities | CC | US |
| 628 | 08/09/2017 | ? | Schuyler County Sheriff’s Department | Schuyler County Sheriff’s Department is disrupted by a hacking attack. | Brute Force | O Public administration and defence, compulsory social security | CE | US |
| 629 | 08/09/2017 | ? | Children’s Hospital Colorado | Children’s Hospital Colorado notifies 3,400 families after employee’s email account was improperly accessed on July 11, 2017. | Account Hijacking | Q Human health and social work activities | CC | US |
| 630 | 09/09/2017 | ? | Brazilian Users | Security researchers spot a malware group using Facebook's CDN servers to store malicious files used to infect users with banking trojans. | Malware | X Individual | CC | BR |
| 631 | 10/09/2017 | ? | Road Sign in Modesto | An electronic road sign in the city of Modesto, California is hacked and defaced with a message against President Donald Trump | Unknown | N Administrative and support service activities | CC | US |
| 632 | 11/09/2017 | North Korea | South Korea | A new report from security firm FireEye reveals that hackers from Kim Jong Un’s regime are increasing their attacks on cryptocurrency exchanges in South Korea and related sites. | >1 | V Fintech | CC | >1 |
| 633 | 11/09/2017 | ? | Android Users | Researchers at Kaspersky Lab detect a new Android malware dubbed Xafecopy aiming at stealing personal and financial information of unsuspecting users around the world. | Malware | X Individual | CC | >1 |
| 634 | 12/09/2017 | ? | LinkedIn Users | Researchers from Malwarebytes warn of a new phishing campaign using hijacked LinkedIn accounts to send malicious links in private messages and InMail. | Account Hijacking | X Individual | CC | >1 |
| 635 | 12/09/2017 | ? | Wordpress Websites | Wordfence reveals that the popular Wordpress plugin Display Widgets, installed on approximately 200,000 installations, is infected with a backdoor and advises users to uninstall it. | Malware | Y Multiple targets | CC | >1 |
| 636 | 12/09/2017 | ? | 4,000 Elasticsearch servers | Researchers from MacKeeper find over 4,000 Elasticsearch servers hosting PoS malware strains AlinaPoS and JackPoS. | PoS Malware | Y Multiple targets | CC | >1 |
| 637 | 13/09/2017 | ? | Netgear WNR2000 Routers | A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that turns infected devices into SOCKS proxies and carry out credential stuffing attacks. According to Forkbombus Labs, the US cyber-security firm that uncovered this new threat, the hacker is using CVE-2016-10176, a vulnerability targeting Netgear WNR2000 routers. | Malware | X Individual | CC | >1 |
| 638 | 13/09/2017 | ? | Android Users | Security researchers from Trend Micro discover more apps carrying the malicious BankBot Android banking malware. | Malware | X Individual | CC | >1 |
| 639 | 13/09/2017 | ? | Russian-Speaking Users | Security Firm FireEye reveals that the 0-day vulnerability CVE-2017-0199 in Microsoft Office was exploited by suspected nation state hackers to spread the FinSpy malware | Targeted Attack | X Individual | CC | RU |
| 640 | 14/09/2017 | OurMine | Vevo | Vevo, the joint venture between Universal Music Group, Sony Music Entertainment, Abu Dhabi Media, Warner Music Group, and Alphabet Inc. is hacked by OurMine. Roughly 3.12TB worth of internal files are posted online | Account Hijacking | R Arts entertainment and recreation | CC | US |
| 641 | 14/09/2017 | ? | Android Users | Researchers from Check Point find at least 50 apps in the official Google Play market, infected with a malware dubbed ExpensiveWall, that made charges for fee-based services without the knowledge or permission of users. The apps were downloaded as many as 4.2 million times. | Malware | X Individual | CC | >1 |
| 642 | 14/09/2017 | ? | Single Individuals | Researchers from ESET discover a malvertising campaign delivering JavaScript code (a variant of MineCrunch AKA Web Miner) able to mine multiple cryptocurrencies inside the browser. | Malvertising | X Individual | CC | >1 |
| 643 | 14/09/2017 | ? | Users in South Korea | Researchers from Trend Micro spot a new campaign leveraging the Hangul Word Processor (HWP) to target users in South Korea. | Targeted Attack | X Individual | CE | KR |
| 644 | 15/09/2017 | ? | Unidentified public organisation in Singapore | According to a report released by the Cyber Security Agency of Singapore (CSA), an unidentified public organisation in Singapore faced a foreign "state-sponsored" cyberattack late last year. | Targeted Attack | O Public administration and defence, compulsory social security | CE | SG |
| 645 | 15/09/2017 | Turla | Swiss Defence Ministry | Switzerland’s defence ministry reveals to have detected a Cyber Attack carried on by the infamous Turla APT. | Targeted Attack | O Public administration and defence, compulsory social security | CE | CH |
| 646 | 15/09/2017 | ? | Augusta Medical Center | Nearly five months after it happened, Augusta Medical Center announces that some patients may have had their personal information compromised by an attack on faculty email accounts. | Account Hijacking | Q Human health and social work activities | CC | US |
| 647 | 15/09/2017 | ? | Morehead Memorial Hospital | Morehead Memorial says that a data breach due to a phishing attack has potentially exposed patient and employee information. | Account Hijacking | Q Human health and social work activities | CC | US |
| 648 | 12/09/2017 | ? | Litebit | Hackers gain access to Litebit’s backend and obtain email addresses, hashed passwords, and IBAN information, among other things. No money is stolen in the process, though. | Unknown | V Fintech | CC | NL |
| 649 | 12/09/2017 | ? | Single Individuals | Security researchers at Sophos discover a new RAT called Kedi that uses Gmail to steal data from the targeted computer. The malware is disguised as a Citrix utility. | Malware | X Individual | CC | >1 |
| 650 | 13/09/2017 | ? | UAE Government | A trove of leaking emails belonging to the UAE government reveals an alleged plot to "conquer" Qatar. | Unknown | O Public administration and defence, compulsory social security | CC | UAE |
| 651 | 13/09/2017 | The Dark Overlord | SMART Physical Therapy | SMART (“Sports Medicine and Rehabilitation Therapy”) Physical Therapy is the n-th victim of The Dark Overlord. | Unknown | Q Human health and social work activities | CC | US |
| 652 | 16/09/2017 | ? | The Pirate Bay Users | A cryptocurrency miner appear on The Pirate Bay website, using the computer resources of visitors to mine Monero coins and hence spiking its visitors' CPU. | Cryptocurrency Miner | X Individual | CC | >1 |
| 653 | 18/09/2017 | ? | Multiple Companies | Cisco Talos publishes a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. The analysis reveals that the attack was conceived to target multiple companies including Cisco itself. | Malware | Y Multiple targets | CE | >1 |
| 654 | 18/09/2017 | The Dark Overlord | Columbia Falls and Flathead County School Districts | The Dark Overlord sends a threatening ransom note to the Columbia Falls (Montana) school district forcing officials to shutter its schools to ensure the safety of the students. | Unknown | P Education | CC | US |
| 655 | 18/09/2017 | ? | Multiple Targets | Researchers from Kaspersky reveal the details of a new attack technique leveraging an undocumented Word feature to gather information on users. | Targeted Attack | Y Multiple targets | CC | >1 |
| 656 | 19/09/2017 | ? | Single Individuals | Researchers from Barracuda Advanced Technology Group spot a new Locky campaign launching around 20 million fresh attacks in just a day. | Malware | X Individual | CC | >1 |
| 657 | 19/09/2017 | ? | Android Users | Researchers from SfyLabs reveal the details of Red Alert 2.0, an Android malware targeting over 60 bank and social media apps on Google Play. | Malware | X Individual | CC | >1 |
| 658 | 19/09/2017 | ? | The Irish National Teachers Organisation (INTO) | The Irish National Teachers Organisation warns users of its online learning portal that their personal data may have been compromised following the hacking of the website. Around 30,000 users details were potentially compromised by the hack. | Unknown | P Education | CC | IE |
| 659 | 19/09/2017 | ? | Google Chrome Users | SafeBrowse, a Chrome browser extension, with over 140,000 users, is found containing a JavaScript Crypto Miner based on Coinhive. | Malware | X Individual | CC | >1 |
| 660 | 20/09/2017 | APT 33 | Aviation Firms in the US and Saudi Arabia | FireEye reveals the details of APT33, a group operational since 2013 and focused on the aerospace industry, successfully hacking firms with aviation in the U.S. and Saudi Arabia in the last year. Other targets include Petrochemical firms in South Korea and Saudi Arabia. | Targeted Attack | C Manufacturing | CC | US UAE |
| 661 | 20/09/2017 | ? | U.S. Securities and Exchange Commission | The U.S Securities and Exchange Commission reveals that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading. The breach was discovered in August. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 662 | 21/09/2017 | ? | Single Individuals | Researchers at MalwareHunterTeam spot a ransomware, called nRansomware, demanding naked photographies instead of Bitcoins. | Malware | X Individual | CC | >1 |
| 663 | 24/09/2017 | ? | Arkansas Oral & Facial Surgery Center | Arkansas Oral & Facial Surgery Center disclose a ransomware incident that may or may not have resulted in access to protected health information of as many as 128,000 patients. | Malware | P Education | CC | US |
| 664 | 25/09/2017 | ? | Deloitte | The Guardian reveals that Deloitte, one of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients. | Targeted Attack | M Professional scientific and technical activities | CC | UK |
| 665 | 25/09/2017 | ? | Android Users | Researchers from Trend Micro reveal the details of ZNIU, the first Android malware to exploit the Dirty Cow (CVE-2016-5195) vulnerability. ZNIU has been detected in more than 40 countries, in about 1,200 and has affected so far more than 5,000 users. | Malware | X Individual | CC | >1 |
| 666 | 25/09/2017 | ? | showtime.com showtimeanytime.com | Two Showtime domains are found serving Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites. It is not clear if the event is the consegue of a hack or an experiment. | Malware | X Individual | CC | US |
| 667 | 26/09/2017 | ? | Sonic Drive-In | Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, acknowledges a breach affecting an unknown number of store payment systems. | PoS Malware | I Accommodation and food service activities | CC | US |
| 668 | 26/09/2017 | ? | National Football League (NFL) | Researchers from MacKeeper discover a misconfigured Elasticsearch database containing the details of 1,133 NFL players. Unfortunately the researchers also show evidence that criminals have been able to access the data. | Misconfigured database | R Arts entertainment and recreation | CC | US |
| 669 | 26/09/2017 | The Dark Overlord | Auburn Eye Care Associates | TheDarkOverlord reveal another hack involving patient data. This time the victim is Auburn Eye Care Associates, despite the original hack dates back in June. | Unknown | Q Human health and social work activities | CC | US |
| 670 | 27/09/2017 | Aslan Neferler Tim | Danish Ministries of Immigration and Foreign Affairs | The Ministry of Immigration and the Ministry of Foreign Affairs of Denmark, are hit by a DDoS attack thought to have come from a Turkish hacker group dubbed Aslan Neferler Tim. | DDoS | O Public administration and defence, compulsory social security | H | DK |
| 671 | 28/09/2017 | ? | Whole Foods Market | Whole Foods Market says payment card information has been stolen from taprooms, restaurants and other venues located within some of its stores. | PoS Malware | G Wholesale and retail trade | CC | US |
| 672 | 28/09/2017 | ? | Unpatched IIS 6.0 servers | ESET reveals that a malware author (or authors) has made around $63,000 during the past five months by hacking unpatched IIS 6.0 servers and mining Monero using CVE-2017-7269. | Vulnerability | X Individual | CC | >1 |
| 673 | 28/09/2017 | ? | Free Press Fight For the Future | The Electronic Frontier Foundation (EFF) reveals the details of “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future discovered between July 7th and August 8th of 2017. | Targeted Attack | J Information and communication | CE | N/A |
| 674 | 28/09/2017 | ? | Single Individuals | Researchers from Malwarebytes spot a campaign abusing native ad and content provider Taboola to serve malvertising, | Malvertising | X Individual | CC | >1 |
| 675 | 28/09/2017 | ? | San Ysidro School District | Malware infect of the San Ysidro School District, deleting emails and forcing the district to temporarily shut down part of its systems. | Malware | P Education | CC | US |
| 676 | 28/09/2017 | ? | Toms River Police Department | The township of Toms River plans to notify about 3,700 people that their personal information may have been compromised by a data breach inside the police department over the summer. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 677 | 29/09/2017 | ? | Saudi Arabia’s General Entertainment Authority (GEA) | Saudi Arabia’s General Entertainment Authority (GEA), says that its website had been the target of cyber attacks from outside the kingdom. | DDoS | O Public administration and defence, compulsory social security | CC | AE |
| 678 | 29/09/2017 | ? | IRINN (Indian Registry for Internet Names and Numbers) | Researchers from Seqrite’s Cyber Intelligence Labs discover 6000 login credentials up for sale on DarkNet, belonging to Indian ISPs, government departments and private businesses. The researchers identify the origin of the breach from the IRINN. | Unknown | J Information and communication | CC | IN |
| 679 | 29/09/2017 | ? | Wordpress Users | A cyber-criminal hides the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named "X-WP-SPAM-SHIELD-PRO" The attacker tried to leverage the reputation of a legitimate and highly popular WordPress plugin called "WP-SpamShield Anti-Spam". | PHP Backdoor | X Individual | CC | >1 |
| 680 | 30/09/2017 | ? | Gianfranco Dell'Alba | The director of the General Confederation of Italian Industry group in Brussels falls victim of an email scam and transfers 500,000 EUR (590,000 USD) to an unknown bank account. | Account Hijacking | X Individual | CC | IT |
| 681 | 30/09/2017 | ? | national-lottery.co.uk | Camelot reveals that a DDOS attack took down the website of the National Lottery, | DDoS | R Arts entertainment and recreation | CC | UK |
| 682 | 30/09/2017 | ? | R6DB | R6DB, a fan-powered online gaming service that provides statistics for players of Ubisoft's tactical FPS Rainbow Six Siege, is hit by hackers, who wipe its databases and hold the data for ransom. | Malicious Bot | R Arts entertainment and recreation | CC | US |
| 683 | 01/10/2017 | ? | Etherparty.io | Hackers disrupt the Etherparty ICO (Initial Coin Offering) after hijacking the platform's website, displaying their own Ethereum address, tricking 59 ICO participants into sending funds to the wrong wallets. | Unknown | V Fintech | CC | US |
| 684 | 01/10/2017 | ? | OKEx | After victims reported losing a collective of over 600 Bitcoin, worth around 20 million Chinese yuan, at the time of the thefts, or around 3 million USD, OKEx, a Bitcoin exchange based in China, issues a statement, denying it was hacked earlier in August, and blaming recent thefts on careless users who didn't secure their accounts. | Account Hijacking | V Fintech | CC | CN |
| 685 | 04/10/2017 | ? | 4,000 NATO Soldiers | The Wall Street Journal reports that Russian hackers have so far accessed the phones of 4,000 NATO troops in Europe | Unknown | O Public administration and defence, compulsory social security | CE | INT |
| 686 | 05/10/2017 | Russia? | National Security Agency | The Wall Street Journal reveals that hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. It appears that a backdoor in the Kaspersky Antivirus software played a role in the attack. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US |
| 687 | 05/10/2017 | ? | Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea | Researchers from FireEye reveal to have observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea | Targeted Attack | Y Multiple Targets | CE | US |
| 688 | 05/10/2017 | ? | Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea | Researchers from FireEye reveal to have observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea | Targeted Attack | Y Multiple Targets | CE | KR |
| 689 | 05/10/2017 | ? | Movimento 5 Stelle | A new attack takes down Rousseau, the online voting platform used by the Italian Movimento 5 Stelle. Some internal screenshots are also posted online. | DDoS | N Administrative and support service activities | CC | IT |
| 690 | 05/10/2017 | ? | John Kelly's personal cellphone | White House officials believe that chief of staff John Kelly’s personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials. | Account Hijacking | X Individual | CE | US |
| 691 | 06/10/2017 | ? | A bank based in Middle East, a trademark and intellectual property service companies based in Europe, an international sporting organization, and individuals with indirect ties to a country in North East Asia. | Researchers from Palo Alto Networks reveal the details of Operation FreeMilk, a campaign targeting a bank based in the Middle East, a trademark and intellectual property service company based in Europe, an international sporting organization, and even lone individuals with indirect ties to a country in North East Asia. | Targeted Attack | Y Multiple targets | CE | >1 |
| 692 | 06/10/2017 | ? | Disqus | Disqus confirms a data breach that appears to have taken place in the summer of 2012, and during which an unknown attacker(s) made off with details for at least 17.5 million user accounts. | Unknown | J Information and communication | CC | US |
| 693 | 06/10/2017 | ? | Forrester Research | Forrester, one of the world's leading market research and investment advisory firms, admits that a security breach took place during the past week. An unidentified attacker (or attackers) has gained access to the infrastructure hosting its website stealing valid credentials. | Unknown | M Professional scientific and technical activities | CC | US |
| 694 | 06/10/2017 | KovCoreG group | PornHub users | Proofpoint researchers detect a large-scale malvertising attack by the so-called KovCoreG group, targeting PornHub users. | Malvertising | X Individual | CC | >1 |
| 695 | 06/10/2017 | ? | Office 365 Accounts | Researchers from Skyhigh Networks discover a new attack with a stealthy technique, dubbed KnockKnock, that targets Office 365 accounts. | Account Hijacking | X Individual | CC | >1 |
| 696 | 08/10/2017 | FIN7 | Multiple Targets | Researchers from security company Iceberg reveal the details of a new campaign carried on by the financial motivated threat actor FIN7 (AKA Carbanak) exploiting new evasion techniques. | Targeted Attack | K Financial and insurance activities | CC | >1 |
| 697 | 09/10/2017 | ? | Taiwanese Bank | A hacking gang abuses the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers. Two arrests are made in Sri Lanka related to the attack. | Malware | K Financial and insurance activities | CC | TW |
| 698 | 09/10/2017 | OilRig | Unnamed UAE Government Organization | Researchers from Palo Alto Networks spot a new campaign launched by the notorious APT group OilRig against an organization within the government of the United Arab Emirates (UAE). | Targeted Attack | O Public administration and defence, compulsory social security | CE | UAE |
| 699 | 10/10/2017 | ? | South Korea-US Operational Plan | Korean News Agency Yonhap News reveals that North Korean hackers are believed to have stolen Operational Plan 5015 a large amount of classified military documents (235 GB), including the latest South Korea-U.S. wartime operational plan, last year. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US KR |
| 700 | 10/10/2017 | North Korea | U.S. Electric Power Companies | FireEye says in a new report to private clients that hackers linked to North Korea recently targeted U.S. electric power companies with spearphishing emails. | Targeted Attack | D Electricity gas steam and air conditioning supply | CC | US |
| 701 | 10/10/2017 | ? | Several targets in the financial sector | Security researchers at Kaspersky Lab reveal the details of a new malware strain called ATMii because it attacks ATMs that run on Windows 7 and Windows Vista. | Malware | K Financial and insurance activities | CC | >1 |
| 702 | 10/10/2017 | Israel | Kaspersky | The New York Times reveals that Israeli hackers broke into the Kaspersky network back in 2014 and advised the US about the NSA breach previously reported. | Targeted Attack | J Information and communication | CE | RU |
| 703 | 10/10/2017 | ? | Musgrave Group | Musgrave Group, the owner of Ireland’s most popular supermarket is hit by a cyber attack, with criminals trying to get shoppers’ credit and debit card details. | Unknown | G Wholesale and retail trade | CC | IE |
| 704 | 10/10/2017 | ? | Unnamed banks in several former Soviet Union states. | Trustwave discovers a new campaign targeting banks om several former Soviet states. Trustwave investigation accounted for about $40 million in fraudulent withdrawals. | Unknown | K Financial and insurance activities | CC | >1 |
| 705 | 10/10/2017 | ? | Single Individuals | Google removes a malicious extension from its Chrome Web Store that poses as the popular AdBlock Plus ad blocker but forcibly opened new tabs to show ads to users. | Malware | X Individual | CC | >1 |
| 706 | 10/10/2017 | ? | Rivermend Health | Rivermend Health notifies 1,300 patients who had information in an employee’s email account that was compromised. | Account Hijacking | Q Human health and social work activities | CC | US |
| 707 | 10/10/2017 | ? | Netflix Users | PhishMe reveals the details of a phishing campaign aimed to compromise business accounts of Netflix users. | Account Hijacking | X Individual | CC | >1 |
| 708 | 11/10/2017 | Unknown attacker codenamed "Alf" | Australian Signals Directorate (ASD) | Australia's foreign intelligence collection agency, the Australian Signals Directorate (ASD), says a hacker stole over 30 GB of data on the country's military capabilities, including details on fighter jets, military aircraft, and naval ships. The breach occurred at an unnamed Department of Defence contractor. Stolen data includes details on the new F-35 Joint Strike Fighter jet, the Boeing P-8 Poseidon submarine-hunting airplane, Lockheed-Marting C-130 transport aircrafts, JDAM guided bombs, and data on "some naval ships." | Account Hijacking | O Public administration and defence, compulsory social security | CE | AU |
| 709 | 11/10/2017 | ? | Sweden Transport Administration (Trafikverket) | A DDoS attack targets the Sweden Transport Administration (Trafikverket) | DDoS | O Public administration and defence, compulsory social security | CC | SE |
| 710 | 11/10/2017 | ? | Multiple Targets | Researchers from Cisco Talos reveal a new wave of attacks carried on via an evolved version of DNSMessenger distributed by mean of a targeted spear phishing email mimicking fake SEC emails, and also leveraging compromised U.S. state government servers | Targeted Attack | Y Multiple targets | CC | >1 |
| 711 | 11/10/2017 | ? | Single Individuals | Researchers at Akamai identify a botnet of over 14,000 IP addresses used in malware distribution operations. | Malware | X Individual | CC | >1 |
| 712 | 11/10/2017 | ? | Victory Phones | Victory Phones, a phone polling firm is hacked, exposing several database files, one of which totaled 223 gigabytes in size and amounted to about two billion lines. The data was stolen in January. | Unknown | M Professional scientific and technical activities | CC | US |
| 713 | 12/10/2017 | ? | Hyatt Hotels Corp. | Hyatt Hotels Corp reveals to have discovered unauthorized access to payment card information at certain Hyatt-managed locations worldwide between March 18, 2017 and July 2, 2017 | PoS Malware | I Accommodation and food service activities | CC | US |
| 714 | 12/10/2017 | ? | Equifax | Equifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software. | Malware | K Financial and insurance activities | CC | US |
| 715 | 12/10/2017 | ? | Sweden Transport Agency (Transportstyrelsen) Public Transport Operator Västtrafik | The Sweden Transport Agency (Transportstyrelsen), and public transport operator Västtrafik are hit by a DDOS attack. | DDoS | O Public administration and defence, compulsory social security | CC | SE |
| 716 | 12/10/2017 | Bronze Butler | Various Japanese Organizations | SecureWorks reveals the details of several intrusions carried out by the Bronze Butler threat group at various Japanese organizations. | Targeted Attack | Y Multiple targets | CE | JP |
| 717 | 12/10/2017 | ? | Multiple Websites | A study by AdGuard reveals a growing number of websites using cryptocurrency mining as a source of revenues. | Malware | X Individual | CC | >1 |
| 718 | 13/10/2017 | ? | We Heart It | We Heart It, an image-sharing site, informs users their personal data may have been compromised. The breach, involving 8 million users, took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013. | Unknown | J Information and communication | CC | US |
| 719 | 13/10/2017 | ? | Politifact | Politifact, the Pulitzer Prize-winning website devoted to checking the factual accuracy of US politicians' words, appears to have been hacked so that it secretly mines cryptocurrency in visitors' browsers via CoinHive. | Malware | J Information and communication | CC | US |
| 720 | 15/10/2017 | ? | Pizza Hut | Pizza Hut admits to have suffered a data breach, through which a hacker has stolen payment card details for a small number of clients. | Unknown | I Accommodation and food service activities | CC | US |
| 721 | 15/10/2017 | ? | Namaste Health Care | Namaste Health notifies about 1,600 patients its office experienced a security incident over the weekend of Aug. 12-13, when, when the file server was targeted by Ransomware. | Malware | Q Human health and social work activities | CC | US |
| 722 | 03/10/2017 | ? | Multiple Targets | SANS Internet Storm Center (ISC) handler Xavier Mertens spots a new attack, exploiting CVE-2017-8759 to install a Remote Administration Tool. | Malware | Y Multiple targets | CC | >1 |
| 723 | 04/10/2017 | The Dark Overlord | Austin Manual Therapy Associates | The Dark Overlord claims to have hacked Austin Manual Therapy Associates and leaks a sample data. | Unknown | Q Human health and social work activities | CC | US |
| 724 | 10/10/2017 | ? | Rivermend Health | Rivermend Health notifies 1,300 patients who had information in an employee’s email account that was compromised earlier in July. | Account Hijacking | Q Human health and social work activities | CC | US |
| 725 | 16/10/2017 | ? | Bithumb | Local news publications and leading media outlets in South Korea reported that Bithumb, the world’s largest cryptocurrency exchange by trading volume, suffered a security breach that affected 30,000 users on the trading platform. | Unknown | V Fintech | CC | KR |
| 726 | 16/10/2017 | BlackOasis | Multiple Targets | Kaspersky Lab reveal the details of BlackOasis, a malicious actor leveraging CVE-2017-11292. | Targeted Attack | Y Multiple targets | CE | >1 |
| 727 | 16/10/2017 | Leviathan | Targets in Defense and Government | Proofpoint researchers reveals the details of Leviathan, an espionage actor active since 2014, targeting organizations and high-value targets in defense and government. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 728 | 16/10/2017 | Leviathan | Targets in Defense and Government | Proofpoint researchers reveals the details of Leviathan, an espionage actor active since 2014, targeting organizations and high-value targets in defense and government. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 729 | 16/10/2017 | ? | Catholic United Financial | An unknown attacker accesses nearly 130K accounts at Catholic United Financial. The attack happened on September 6th. | Unknown | Q Human health and social work activities | CC | US |
| 730 | 17/10/2017 | Wild Neutron | Microsoft | According to five former employees, Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago. | Targeted Attack | J Information and communication | CE | US |
| 731 | 17/10/2017 | Hacker's Door | Multiple Targets | Researchers from security outfit Cylance discover a Remote Access Tool, resurfacing a decade later its original discovery. | Targeted Attack | Y Multiple targets | CE | >1 |
| 732 | 17/10/2017 | ? | Chase Brexton Health Care | Chase Brexton Health Care notifies 16,562 patients after four employees fell for a phishing attack. The phishing emails were sent on August 2 and 3, and by August 4, the attackers had re-routed employees’ paychecks. | Account Hijacking | Q Human health and social work activities | CC | US |
| 733 | 17/10/2017 | ? | Single Individuals | Minerva Labs reveal the details of WaterMiner, a new evasive cryptocurrency mining campaign distributed via modified video games on Russian forum. | Malware | X Individual | CC | >1 |
| 734 | 17/10/2017 | ? | Chase Brexton Health Care | Chase Brexton Health Care notifies 16,562 patients after four employees fell for a phishing attack, earlier in August, re-routing employees’ paychecks. | Account Hijacking | Q Human health and social work activities | CC | US |
| 735 | 18/10/2017 | ? | Android Users | Researchers from Symantec discover some malicious Minecraft-based Android apps in the Google Play store infected with Sockbot (and downloaded as many as 2.6 million time). | Malware | X Individual | CC | >1 |
| 736 | 18/10/2017 | APT28 | Several Government Entities | Researchers from ProofPoint reveal the details of a new campaign carried on by the infamous APT28 AKA Fancy Bear, exploiting a recently patched Adobe Flash vulnerability, CVE-2017-11292. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 |
| 737 | 18/10/2017 | ? | Griffin Funeral Home | A sick hack: hackers take over the email account of Griffin Funeral Home, and send email scams to the company's customers, asking for money. | Account Hijacking | S Other service activities | CC | US |
| 738 | 18/10/2017 | ? | Wordpress Users | Wordfence warns of a significant spike in SSH private key scanning activity. | SSH Scanning | X Individual | CC | >1 |
| 739 | 19/10/2017 | ? | Malaysian telcos and mobile virtual network operators | Roughly 46.2 million mobile phone numbers from Malaysian telcos and mobile virtual network operators (MVNO) have been leaked online. | Unknown | J Information and communication | CC | MY |
| 740 | 19/10/2017 | ? | Domino's Pizza | Domino's Australia investigates a potential breach of its computer systems after a number of customers received personalised spam emails from the pizza company. The company claims the breach happened to a "secondary supplier". | Unknown | I Accommodation and food service activities | CC | AU |
| 741 | 19/10/2017 | ? | Users of Elmedia Player | The servers of Eltima are compromised to distribute the Proton OSX Remote Access Tool via a fake update of the Elmedia Player. | tiny_mce JavaScript library vulnerability | X Individual | CC | >1 |
| 742 | 19/10/2017 | ? | Unsecure IoT devices | Researchers from Check Point and Qihoo 360 Netlab reveal the details of a new IoT botnet dubbed Reaper or iot_reaper, targeting million of organizations worldwide (even if some subsequent estimates tend to reduce the size of the botnet). | Multiple Vulnerabilities | Y Multiple targets | CC | >1 |
| 743 | 20/10/2017 | DragonFly 2.0 | US Energy and other critical infrastructure sectors | The US Department of Home Security and the Federal Bureau of Investigation issue the warning TA17-293A, for advanced persistent threat activity targeting energy and other critical infrastructure sectors. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | US |
| 744 | 20/10/2017 | ? | FirstHealth | The network of FirstHealth is hit by WannaCry and forced to suspend the operations. | Malware | Q Human health and social work activities | CC | US |
| 745 | 21/10/2017 | Anonymous | Several Spanish government websites | In name of #OpCatalunya the Anonymous take down several Spanish government websites including Spain's Ministry of Public Works and Transport, and the Institutional Court. | DDoS | O Public administration and defence, compulsory social security | H | ES |
| 746 | 21/10/2017 | ? | Czech Statistical Office (CSU) | Two websites run by the Czech Statistical Office (CSU) are taken offline after a DDoS attack tries to disrupt reporting of the country’s parliamentary elections. | DDoS | O Public administration and defence, compulsory social security | CC | CZ |
| 747 | 22/10/2017 | APT28 | Attendees of the NATO's Cyber Conflict U.S. conference. | Cisco Talos discovers a new malicious campaign from the well known actor Group APT28 AKA Fancy Bear carried on via a deceptive flyer relating to the Cyber Conflict U.S. Conference organized by NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). | Targeted Attack | X Individual | CE | >1 |
| 748 | 23/10/2017 | ? | Poloniex Users | Users of the popular cryptocurrency exchange Poloniex are the target of two credential-stealing apps, discovered on Google Play disguised as legitimate Poloniex mobile apps. | Malware | X Individual | CC | >1 |
| 749 | 23/10/2017 | ? | Coinhive.com | The DNS records for coinhive.com are manipulated to redirect requests for the coinhive.min.js to a third party server hosting a modified version of the JavaScript file with a hardcoded site key and letting the attacker "steal" hashes from users. | DNS Hijacking | J Information and communication | CC | N/A |
| 750 | 23/10/2017 | The Dark Overlord | London Bridge Plastic Surgery (LBPS) | The Dark Overlord hackers break into London Bridge Plastic Surgery, a high profile, London-based plastic surgeon, and steal photos, including in-progress genitalia and breast enhancement. | Unknown | Q Human health and social work activities | CC | UK |
| 751 | 23/10/2017 | ? | Single Individuals | SANS Internet Storm Center (ISC) handler Brad Duncan spots a new phising campaign, originated by the Necurs botnet, using Microsoft Dynamic Data Exchange (DDE), to distribute the Locky ransomware. | Malware | X Individual | CC | >1 |
| 752 | 24/10/2017 | ? | Ukraine | Ukraine is targeted by a new destructive ransomware dubbed Bad Rabbit, allegedly distributed via a fake Flash Player update delivered via a drive-by-download. The sites redirecting to BadRabbit are a variety of sites that are based in Russia, Bulgaria, and Turkey. | Malware | Y Multiple targets | CW | UA |
| 753 | 24/10/2017 | ? | Appleby | Appleby, a Bermuda law firm, admits to have been hacked, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich. | Unknown | M Professional scientific and technical activities | H | PA |
| 754 | 24/10/2017 | ? | Dell Technologies | KrebsOnSecurity reveals that a web site set up by PC maker Dell Inc. to help customers recover from malicious software (DellBackupandRecoveryCloudStorage.com) may have been hijacked for a few weeks this summer. | DNS Hijacking | C Manufacturing | CC | US |
| 755 | 24/10/2017 | Mat AKA @0xScripts | Basetools.ws | A hacker dubbed Mat AKA @0xScripts breaches Basetools.ws, an underground forum and demands a $50K ransom to avoid sharing stolen data with law enforcement. | Unknown | J Information and communication | CC | N/A |
| 756 | 25/10/2017 | ? | Amazon Web Services of Aviva and Gemalto | According to the security group RedLock, a group of hackers managed to breach Amazon Web Services belonging to two companies on the Amazon Cloud: Aviva and Gemalto. The breach was due to poor password policy and aimed to use the resources to mine cryptocurrency. | Account Hijacking | K Financial and insurance activities | CC | UK |
| 757 | 25/10/2017 | ? | Amazon Web Services of Aviva and Gemalto | According to the security group RedLock, a group of hackers managed to breach Amazon Web Services belonging to two companies on the Amazon Cloud: Aviva and Gemalto. The breach was due to poor password policy and aimed to use the resources to mine cryptocurrency. | Account Hijacking | C Manufacturing | CC | NL |
| 758 | 25/10/2017 | Cru3lty | Tarte Cosmetics | Tarte Cosmetics exposes nearly two million customers' personal data to the public via two unsecured MongoDB databases. Unfortunately the gang Cru3lty get hold of the data, demanding 0.2 Bitcoins for recovering the database once the data has been deleted or encrypted. | Account Hijacking | R Arts entertainment and recreation | CC | US |
| 759 | 25/10/2017 | ? | Android Users | Researchers from Syf Labs discover LokiBot, an Android malware, able to steal over $1.5m in Bitcoins from the victims. | Malware | X Individual | CC | >1 |
| 760 | 25/10/2017 | ? | Iran Users | The Iran Computer Emergency Response Team Coordination Center (Iran CERTCC) issues a security alert about a ransomware distribution campaign currently active in the country, distributing the Tyrant ransomware. | Malware | X Individual | CC | IR |
| 761 | 25/10/2017 | ? | Single Individuals | Zscaler researchers warn users of a new malvertising campaign redirecting users to the Terror Exploit Kit. | Malvertising | X Individual | CC | >1 |
| 762 | 26/10/2017 | ? | Users of Myethereumwallet.com | A new Ethereum phishing campaign is discovered, targeting users of the online Ethereum wallet website Myethereumwallet.com. Hackers make away with over $15,000 in just two hours. | Account Hijacking | X Individual | CC | >1 |
| 763 | 26/10/2017 | ? | Customers of Japanese Banks | Researchers from IBM X-Force reveal the details of Ursnif (AKA Gozi), a campaign against customers of Japanese Banks. | Malware | K Financial and insurance activities | CC | JP |
| 764 | 26/10/2017 | n3tr1x str0ng | blog.jquery.com | Two hackers going by the online handle of “n3tr1x” and “str0ng” deface the official blog (blog.jquery.com) of jQuery. | Defacement | J Information and communication | CC | US |
| 765 | 27/10/2017 | ? | T-Mobile Users | T-Mobile warns customers targeted by hackers trying to take control of their SIM cards, exploiting a vulnerability on its website. | Account Hijacking | X Individual | CC | US |
| 766 | 27/10/2017 | ? | Android Users | Researchers from Symantec uncover a new wave of new Ramnit-infected apps in the Google Play store: 92 distinct apps with a total of 250,000 downloads between them. | Malware | X Individual | CC | >1 |
| 767 | 27/10/2017 | ? | Midland County | The Midland County District Attorney warns residents after their third-party payment system is hacked. | Unknown | O Public administration and defence, compulsory social security | CC | US |
| 768 | 27/10/2017 | ? | Catholic Charities | The personal information of about 4,600 past and present clients and several employees of Catholic Charities may have been exposed after a computer server in the Glens Falls office was hacked as early as 2015. | Unknown | Q Human health and social work activities | CC | US |
| 769 | 30/10/2017 | ? | Android Users | Researchers from Trend Micro discover two new malware strains – dubbed JsMiner and CpuMiner – in at least three apps on Google's Play Store. | Malware | X Individual | CC | >1 |
| 770 | 30/10/2017 | ? | Facebook Users | Researchers from security firm F-Secure uncover a phishing campaign spreading via Facebook Messenger and targeting users across Europe including Germany, Sweden and Finland. | Account Hijacking | X Individual | CC | >1 |
| 771 | 30/10/2017 | Gaza Cybergang | Several entities in MENA | Researchers from Kaspersky Lab reveal a new spike of activity by the infamous Gaza Cybergang exploiting CVE 2017-0199 and targeting government entities and oil and gas targetsin MENA. | Targeted Attack | O Public administration and defence, compulsory social security | H | >1 |
| 772 | 30/10/2017 | Gaza Cybergang | Several entities in MENA | Researchers from Kaspersky Lab reveal a new spike of activity by the infamous Gaza Cybergang exploiting CVE 2017-0199 and targeting government entities and oil and gas targetsin MENA. | Targeted Attack | D Electricity gas steam and air conditioning supply | H | >1 |
| 773 | 30/10/2017 | The Dark Overlord | Line 204 | Line 204, a Hollywood film and television production and rental company, reveals that hackers from The Dark Overlord collective have stolen its client database. The breach probably happened in September 2017. | Unknown | R Arts entertainment and recreation | CC | US |
| 774 | 31/10/2017 | ? | Single Individuals | Kaspersky Lab reveal the details of CryptoShuffler, a malware aimed to hijack bitcoin wallets. | Malware | X Individual | CC | >1 |
| 775 | 31/10/2017 | North Korea | Daewoo Shipbuilding & Marine Engineering Co Ltd | North Korea is suspected to have stolen South Korean warship blueprints after hacking into Daewoo Shipbuilding & Marine Engineering Co Ltd’s database in April last year. | Targeted Attack | C Manufacturing | CE | KR |
| 776 | 31/10/2017 | ? | Japanese Companies | Researchers from Cyberseason reveal the details of a long-lasting campaign against Japanese companies using the ransomware/wiper ONI. | Malware | Y Multiple Targets | CC | JP |
| 777 | 01/11/2017 | ? | Hetzner | A key database operated by large South African data centre operator and website hosting service provider Hetzner is compromised, and the company advises clients to change their passwords immediately. Compromised data includes customer and bank account details. | SQLi | J Information and communication | CC | ZA |
| 778 | 01/11/2017 | ? | Customers of TD, Des-Jardins, RBC, Scotia Bank, Banque National | Security researchers at Deep Instinct discover a comeback of the sophisticated banking trojan CoreBot to target online banking customers via phishing emails. The modified variant of the malware is distributed via malicious spam emails with Microsoft Office documents attached. | Malware | K Financial and insurance activities | CC | CA |
| 779 | 01/11/2017 | ? | The Trump Organization | Security researchers discover evidence that hackers were able to register at least 250 shadow domains under the umbrella of the Trump Organization. These subdomains are associated with Russian IP addresses and appear to have ties to possible malware campaigns. The subdomains have been active since 2013. | Account Hijacking | N Administrative and support service activities | CC | US |
| 780 | 01/11/2017 | ? | Russian Banks Malaysian and Armenian organizations | Researchers from Kasperky Lab discover a new targeted attack using a Trojan by the name of Silence against financial institutions. Russian Banks, Malaysian and Armenian organizations are infected. | Targeted Attack | K Financial and insurance activities | CC | RU MY AM |
| 781 | 01/11/2017 | ? | University of Fraser Valley (UFV) | An unknown attacker (or groups of attckers) breaches the network of University of Fraser Valley (UFV) and threaten to dump student information unless university top brass pay 30,000 CAD (23,000 USD) | Unknown | P Education | CC | CA |
| 782 | 01/11/2017 | ? | Ethereum-mining farms | Researchers from Bitdefender spot a wave of attacks to open SSH connections of EthOS, the operating system of Ethereum-mining farms in the attempt to hijack the funds by replacing the user’s wallet with their one. | Account Hijacking | Y Multiple targets | CC | >1 |
| 783 | 02/11/2017 | ? | Verticalscope | For the second time since June 2016, hackers compromise Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts, and sell the stolen account in the black market. | Web Shell | S Other service activities | CC | CA |
| 784 | 02/11/2017 | ? | Single Individuals | Researchers from Cisco Talos reveal that the actors behind the Zeus Panda trojan are exploiting Search Engine Optimizazion (SEO) poisoning techniques to spread their malware. | Malware | X Individual | CC | >1 |
| 785 | 02/11/2017 | KeyBoy | Unnamed Western Organizations | Researchers from PwC reveal that the Chinese threat actor dubbed KeyBoy is back in business with a new cyber espionage campaign against several western organizations. | Targeted Attack | Y Multiple targets | CE | >1 |
| 786 | 02/11/2017 | APT28 | Bellingcat | Researchers from ThreatConnect unveil the latest campaign of APT28 (AKA Fancy Bear) targeting Bellingcat journalists via a targeted phising campaign aimed to steal their Gmail passwords. | Targeted Attack | J Information and communication | CE | UK |
| 787 | 02/11/2017 | Akincila | The Times of Israel and Asia Times websites | The Times of Israel and Asia Times websites are hijacked and defaced by suspected Turkish hackers, who post messages in favor of Palestine, on the 100th anniversary of the Balfour Declaration. | Defacement | J Information and communication | H | IL |
| 788 | 03/11/2017 | ? | Android users | More than one million people are tricked into downloading yet another malicious Android app in disguise of a WhatsApp update. | Malware | X Individual | CC | >1 |
| 789 | 03/11/2017 | ? | Customers of large Austrian banks | Researchers from Proofpoint reveal the details of a new campaign using the Marcher trojan to target customers of large Austrian banks. | Malware | K Financial and insurance activities | CC | AT |
| 790 | 03/11/2017 | ? | Netflix Users | Researchers from Mailguard reveal the details of a phishing campaign targeting Netflix users. | Account Hijacking | X Individual | CC | >1 |
| 791 | 04/11/2017 | ? | Crunchyroll.com | Crunchyroll.com is the victim of a DNS hijack attack, so the visitors are redirected to a malicious website designed to infect them with malware. | DNS Hijacking | R Arts entertainment and recreation | CC | US |
| 792 | 04/11/2017 | ? | NIC Asia Bank | NIC Asia Bank, based in Kathmandu, suffers a hack on its computer networks, which abused the SWIFT financial messaging system to help steal approximately $4.4m (£3.3m). After multiple investigations, most of the stolen funds have been recovered, with roughly $580,000 yet to be located by authorities. | Malware | K Financial and insurance activities | CC | NP |
| 793 | 05/11/2017 | ? | Paige | A new file containing more x-rated photos of WWE Diva Paige is leaked online. Although it is unclear who is behind the leak this time it can be confirmed that leaked content belongs to Paige. | Unknown | X Individual | CC | UK |
| 794 | 05/11/2017 | ? | Maria Kanellis | Another WWE Diva has her private photos leaked. This time the victim is Maria Kanellis | Unknown | X Individual | CC | US |
| 795 | 05/11/2017 | ? | Joseann 'JoJo' Offerman | And Joseann 'JoJo' Offerman is the third WWE Diva who suffers nude photo leaked. | Unknown | X Individual | CC | US |
| 796 | 06/11/2017 | ? | Sia | And Australian singer SIA, having heard of her nude photos possibly being leaked, prevents the fappening, by posting herself personal naked photos. | Unknown | X Individual | CC | AU |
| 797 | 06/11/2017 | ? | Electroneum | UK cryptocurrency startup Electroneum is the victim of a DDoS attack immediately after having raised $40m (£30m). | DDoS | V Fintech | CC | UK |
| 798 | 06/11/2017 | Team System Dz | SchoolDesk | Hackers from Team System Dz deface hundreds of websites across the US to post pro-ISIS messages, images of Saddam Hussein and a recruitment video. SchoolDesk, the Atlanta, Georgia-based web hosting company servicing these sites, confirmed the attack | Defacement | P Education | H | US |
| 799 | 06/11/2017 | APT32 AKA OceanLotus | Multiple Websites in Asian Countries | Security researchers from Volexity reveal that hackers from APT32 managed to compromise >100 websites in multiple Asian Countries, implanting malware and maintaining persistence. | Malware | Y Multiple targets | CE | >1 |
| 800 | 06/11/2017 | ? | Single Individuals | Microsoft warns user on the rise of two well known malware strains: Qakbot and Emotet. | Malware | X Individual | CC | >1 |
| 801 | 07/11/2017 | APT28 | Multiple Targets | Researchers at McAfee reveal that they've been tracking a new spear phishing campaign from the Russia-linked hacker team APT 28, exploiting the Microsoft DDE feature and leveraging the New York terror attack. | Targeted Attack | Y Multiple targets | CE | >1 |
| 802 | 07/11/2017 | Sowbug | Organizations in South America and Southeast Asia | Researchers from Symantec identify a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets | Targeted Attack | Y Multiple targets | CE | >1 |
| 803 | 08/11/2017 | Team System Dz | Prince Albert Police homepage | Hackers from Team System Dz deface the Prince Albert Police homepage and leave the message "I love Islamic State". | Defacement | O Public administration and defence, compulsory social security | H | CA |
| 804 | 08/11/2017 | Joseph Willner | Brokerage Accounts | The Department of Justice files an indictment against Joseph Willner, 42, of Ambler, Pennsylvania, accusing the day trader of hacking into brokerage accounts at various financial companies and placing unauthorized trades between September 2014 and May 2017. The attacker and his partners stole $700,000. | Account Hijacking | X Individual | CC | US |
| 805 | 08/11/2017 | ? | Single Individuals | Researchers at Avira Virus Lab detect a new strain of the Locky ransomware spreading through malicious attachments disguised as legitimate documents from productivity applications like Microsoft Word and Libre Office. | Malware | X Individual | CC | >1 |
| 806 | 08/11/2017 | ? | City of Spring Hill, Tennessee | The City of Spring Hill, Tennessee is hit by a ransomware attack. The attackers demand a $250,000 ransom. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 807 | 08/11/2017 | ? | Android users | Researchers from security firm RiskIQ detect BankBot, a trojan available in the Google Play market in disguise of a cryptcurrency market application. | Malware | X Individual | CC | >1 |
| 808 | 08/11/2017 | ? | Single Individuals | An unknown attacker upload a version of the Reaper botnet IP Scanner infected with a backdoor. | Malware | X Individual | CC | >1 |
| 809 | 09/11/2017 | ? | North Korean Radio station on 6400kHz | A North Korean radio station is reportedly hijacked by an unknown hacker to play the 1980's hit song "The Final Countdown". The short-wave radio station, 6400kHz is known to be used by Pyongyang to transmit secret codes. | Unknown | J Information and communication | H | KP |
| 810 | 09/11/2017 | ? | Android users | Researchers from Trend Micro discover two malicious apps in the Google Play Store, downloaded by more than 500,000 users. The apps are the first example of exploitation of the vulnerability CVE-2017-0752. The malware is dubbed ToastAmigo. | Malware | X Individual | CC | >1 |
| 811 | 09/11/2017 | ? | German Users | A new ransomware strain called Ordinypt is currently targeting victims in Germany, but instead of encrypting users' documents, the ransomware rewrites files with random data. | Malware | X Individual | CC | DE |
| 812 | 10/11/2017 | ? | Parity | A startup called Cappasity claims that the bug that triggered a $280m Ethereum wallet freeze was a deliberate hack. | Vulnerability in Parity Code | X Individual | CC | >1 |
| 813 | 10/11/2017 | ? | Entities perceived by the Chinese Government as dangerous. | Researchers from Palo Alto Networks' Unit 42 discover a new malware family dubbed Reaver linked to SunOrcal malware and targeting entities perceived by the Chinese Government as dangerous. | Targeted Attack | Y Multiple targets | CE | >1 |
| 814 | 10/11/2017 | ? | Mix Megapol | A private radio station in Sweden, Mix Megapol, suffers a cyber attack when someone hacks its transmission to play a pro-ISIS song for 30 minutes. | Unknown | J Information and communication | H | SE |
| 815 | 11/11/2017 | Anonymous | Italian Government | The Anonymous collective publishes some internal document stolen from the email accounts of some government employees. | Account Hijacking | O Public administration and defence, compulsory social security | H | IT |
| 816 | 13/11/2017 | ? | McAfee ClickProtect | Security firm McAfee blocks access to the website of its service McAfee ClickProtect after reposts suggested the site was used to distribute the Emotet malware. | Malware | J Information and communication | CC | US |
| 817 | 13/11/2017 | ? | Single Individuals | Malware researchers at IBM X-Force discover a new strain of banking malware dubbed IcedID has capabilities similar to other financial threats like Gozi, Zeus, and Dridex | Malware | X Individual | CC | >1 |
| 818 | 14/11/2017 | Hidden Cobra | Aerospace, telecommunications and financial industries | The U.S. government issues a technical alert about Hidden Cobra, a wave of cyber attacks sponsored by the North Korean government that have targeted the aerospace, telecommunications and financial industries since 2016. Attackers are using a type of malware known as “FALLCHILL” to gain entry to computer systems and compromise network systems. | Targeted Attack | Y Multiple Targets | CE | >1 |
| 819 | 14/11/2017 | ? | Forever 21 | Fashion retailer Forever 21 discloses a breach due to an unauthorized access to data from payment cards used at certain of its stores. | PoS Malware | G Wholesale and retail trade | CC | US |
| 820 | 14/11/2017 | ? | Android users | Researchers from McAfee reveal that up to 17.4 million Android users have downloaded a Trojan dubbed Grabos found in 144 separate mobile applications. | Malware | X Individual | CC | >1 |
| 821 | 14/11/2017 | Anonymous | 12 neo-Nazi sites | The hacktivist collective Anonymous claims responsibility for taking down over a dozen neo-Nazi sites in retaliation for recent ongoing events in the US. These attacks are a part of the ongoing #OpDomesticTerrorism campaign. | Defacement | N Administrative and support service activities | H | >1 |
| 822 | 14/11/2017 | ? | Jewson | Builders merchant Jewson notifies 1,659 customers that their private information could have been exposed in a breach occurred late this summer. The breach happened after malicious code was implanted in the Jeson Direct website. | Malware | C Manufacturing | CC | UK |
| 823 | 14/11/2017 | MuddyWater | Middle Eastern nations | Resesarchers from Palo Alto Networks' Unit 42 reveal the details of MuddyWater, a campaign carried on by a politically-motivated actor targeting Middle Eastern nations. | Targeted Attack | Y Multiple targets | CE | >1 |
| 824 | 15/11/2017 | Russian Bot | Single Individuals | The Times reveals that a network of 150,000 fake Twitter accounts posted more than 45,000 messages about Brexit in 48 hours during last year’s referendum in an apparently co-ordinated attempt to sow discord. | Fake Twitter Accounts | X Individual | CW | UK |
| 825 | 15/11/2017 | ? | J. Sterling Morton school district | An in-development home made ransomware named J. Sterling Ransomware is discovered. This ransomware strain targets the high school students of the J. Sterling Morton school district in Cicero, Illinois by pretending to be a student survey. | Malware | P Education | CC | US |
| 826 | 15/11/2017 | ? | Android users | Researchers from ESET discover a multi-stage Android malware, tracked as Android/TrojanDropper.Agent.BKY, available for download in the official Google Play store in eight malicious apps. | Malware | X Individual | CC | >1 |
| 827 | 15/11/2017 | ? | Small Medium Businesses | Researchers from Sophos reveal the details of a wave of attacks, targeting medium businesses and exploiting RDP to install ransomware. | RDP Brute Force | Y Multiple targets | CC | >1 |
| 828 | 13/11/2017 | ? | Vulnerable Wordpress websites | Researchers from Sucuri observe a new wave of wp-vcd malware attacks targeting WordPress sites leveraging flaws in outdated plugins and themes. | Malicious code Injection | X Individual | CC | >1 |
| 829 | 15/11/2017 | ? | UPMC Susquehanna | UPMC Susquehanna notifies 1,200 patients treated at various locations that their personal information, including names, dates of birth, contact information and Social Security numbers, may have been inappropriately accessed. | Account Hijacking | Q Human health and social work activities | CC | US |
| 830 | 16/11/2017 | ? | Cash Converters | Cash Converters warns customers about a data breach on its website. The company says customer usernames, passwords and addresses have potentially been accessed by a third party. The breach happened on the company's old UK website, which was replaced in September 2017. | Unknown | G Wholesale and retail trade | CC | UK |
| 831 | 16/11/2017 | ? | Bank Customers | Researchers from Bitdefender unveil the details of Terdot, a Banker Trojan that derives inspiration from the 2011 Zeus source code leak. | Malware | K Financial and insurance activities | CC | >1 |
| 832 | 17/11/2017 | ? | Algérie Telecom | The Algerian state telecom operator Algérie Telecom is hit by a prolonged DDoS attack. | DDoS | J Information and communication | CC | DZ |
| 833 | 17/11/2017 | ? | Medical College of Wisconsin | The Medical College of Wisconsin reveals that the confidential medical information or other personal data of 9,500 patients was compromised by a targeted attack on the school’s email system in July. | Targeted Attack | P Education | CC | US |
| 834 | 17/11/2017 | ? | Montgomery County | The Montgomery County Emergency Management Agency reported that much of the county's computer system went down last week due to what it is calling a malware incident. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 835 | 18/11/2017 | ? | Melbourne International Shooting Club | Police investigate the hacking of Melbourne International Shooting Club, a gun club database that may have exposed where more than 1500 semi-automatic handguns are stored. The breach happened in September. | Unknown | R Arts entertainment and recreation | CC | AU |
| 836 | 18/11/2017 | ? | Xinmin Secondary School | Xinmin Secondary School discovers to have been breached when names and identity card numbers of its students have been leaked on pastebin. | Unknown | P Education | CC | SG |
| 837 | 18/11/2017 | Daeshgram | ISIS | A group of Iraqi hackers called Daeshgram places pornographic images into the terror group's communication networks in order to mine ISIS credibility. | Unknown | S Other service activities | H | N/A |
| 838 | 19/11/2017 | ? | Sacramento Regional Transit system | The Sacramento Regional Transit system is hit by destructive ransomware, and the attackers threaten to do more damages if the SacRT doesn’t pay them the equivalent of $8,000 in bitcoins. | Malware | H Transportation and storage | CC | US |
| 839 | 19/11/2017 | ? | Single Individuals | Crooks finds an ingenious way to spread a new variant of the OSX.Proton malware via a fake Symantec blog. | Malware | X Individual | CC | N/A |
| 840 | 20/11/2017 | MuddyWater | Saudi Arabian Government | Saudi Arabian security officials confirm that the country has been targeted by the MuddyWater campaign uncovered by Palo Alto Networks few days before. | Targeted Attack | O Public administration and defence, compulsory social security | CE | SA |
| 841 | 20/11/2017 | The Lazarus Group | South Korea | Researchers from McAfee discover a new campaign by the infamous Lazarus Group, carried on via a malicious Android App in disguise of a Bible reader in Korean. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR |
| 842 | 20/11/2017 | ? | Tether | Tether, a start-up known for offering dollar-backed cryptocurrency, announces that hackers have breached their security and stole a whopping $30 million worth of tokens. The breach took place on 19th November 2017. | Unknown | V Fintech | CC | HK |
| 843 | 21/11/2017 | ? | Uber Technologies | Bloomberg reveals that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year, after paying $100,000 to the attackers. Compromised data from the October 2016 attack includes names, email addresses and phone numbers of 50 million Uber riders around the world. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. | Account Hijacking | H Transportation and storage | CC | US |
| 844 | 21/11/2017 | Russian Criminals | UK Citizens | The Times reveals the details of ongoing campaign carried on by Russian cybercriminals. The criminals steal reward points from UK Citizens and enjoy five-star holidays at knockdown prices | Account Hijacking | X Individual | CC | UK |
| 845 | 22/11/2017 | ? | Bitcoin Gold | More than $3.3 million worth of Cryptocurrency is stolen as part of an elaborate scam that took advantage of bitcoin users seeking to claim their share of the newly created cryptocurrency Bitcoin Gold. | Account Hijacking | V Fintech | CC | PA |
| 846 | 22/11/2017 | ? | Loake Shoes | Loake Shoes warns its customers to have been the victim of a cyber attack. Apparently the email server has been compromised even if no other details are disclosed. | Unknown | G Wholesale and retail trade | CC | UK |
| 847 | 22/11/2017 | ? | CoinPouch | Hackers allegedly steal over $655,000 worth of Verge cryptocurrency from the CoinPouch wallet. | Unknown | V Fintech | CC | US |
| 848 | 22/11/2017 | ? | SIngle Individual's Bitcoin wallet | Austrian police say cyber-thieves transferred bitcoin worth more than €100,000 ($117,000) from a man's account while he was logged in on a restaurant's public WiFi network. | Fake Wi-Fi Network | X Individual | CC | AT |
| 849 | 22/11/2017 | ? | YMCA of Central Florida | The YMCA of Central Florida (YMCA) announces it is notifying individuals related to an isolated security incident involving certain personal information. | Account Hijacking | P Education | CC | US |
| 850 | 23/11/2017 | ? | Imgur | Imgur is notified of a potential security breach that occurred in 2014 and affected the email addresses and passwords of 1.7 million user accounts. | Unknown | J Information and communication | CC | US |
| 851 | 23/11/2017 | ? | Single Individuals | The Necurs botnet starts a massive spam campaign sending 12.5 million emails in 6 hours distributing the Scarab ransomware. | Malware | X Individual | CC | >1 |
| 852 | 23/11/2017 | ? | Single Individuals | Security researcher Troy Mursch discovers a massive cryptojacking campaign carried on injecting Coinhive into one of the JavaScript files used by LiveHelpNow, a live chat and support widget. | Malicious JS injection | X Individual | CC | US |
| 853 | 27/11/2017 | ? | Android users | Researchers from Google unveil the detail of Tizi, and Android spyware with extensive data-stealing capabilities. Although immediately removed from Play Store, the malware is believed to have infected 1,300 devices. | Malware | X Individual | CC | >1 |
| 854 | 27/11/2017 | ? | Russian speakers | Researchers from Fortinet reveal the details of a campaign against Russian speakers, exploiting CVE-2017-11882, a 17-year old vulnerability in Microsoft Office recently patched. | Malware | X Individual | CC | RU |
| 855 | 27/11/2017 | ? | Bulletproof Coffee | Bulletproof Coffee, the company behind the trendy energy-boosting, butter-infused java, says it has suffered a data breach, compromising the personal and financial details of its customers. The company discovered "unauthorised computer code" added to the software that operates the checkout page on its website. | Malware | R Arts entertainment and recreation | CC | US |
| 856 | 28/11/2017 | ? | Australian Bank customers | Researchers from IBM X-Force reveal the details of a new version of the Ursnif banking Trojan with code modifications and new attack techniques that attempt to make it even more effective. | Malware | K Financial and insurance activities | CC | AU |
| 857 | 28/11/2017 | ? | FTSE 100 Companies | Anomali finds thousands logins belonging to FTSE 100 companies in the dark web. | Unknown | Y Multiple targets | CC | >1 |
| 858 | 28/11/2017 | ? | Individuals or organizations linked to South Korea or the video game industry. | Researchers from Palo Alto Networks Unit 42 reveal the details of a new remote access Trojan dubbed UBoatRAT, distributed via Google Drive, and targeting individuals or organizations linked to South Korea or the video game industry. | Targeted Attack | R Arts entertainment and recreation | CE | KR |
| 859 | 29/11/2017 | ? | Clarkson Plc | British shipping services provider Clarkson Plc reveals to have been the victim of a cyber security hack and warns that the person or persons behind the attack may release some data shortly. | Account Hijacking | H Transportation and storage | CC | UK |
| 860 | 30/11/2017 | ? | Several East Texas school districts | Several East Texas school districts are affected by Ransomware, according to a notice from the Texas Department of Agriculture. Affected school districts include New Diana, Ore City, Gilmer, Gladewater, Harleton, Harrison County Juvenile Services, Karnack, Union Grove and Union Hill. | Malware | P Education | CC | US |
| 861 | 01/12/2017 | ? | TIO Networks | PayPal Holdings suspends the operations of TIO Networks, a publicly traded payment processor PayPal acquired in July 2017, after a review of TIO’s network has identified a potential compromise of personally identifiable information for approximately 1.6 million customers. | Unknown | K Financial and insurance activities | CC | US |
| 862 | 01/12/2017 | ? | Tenafly High School | Tenafly High School informs parents that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after. | Unknown | P Education | CC | US |
| 863 | 02/12/2017 | Charming Kittens | Academic researchers, human rights activists, media outlets and political advisors focusing on Iran | Researchers from ClearSky publish a report that reveals a new campaign carried on by the alleged Iran-linked APT Charming Kittens targeting academic researchers, human rights activists, media outlets and political advisors focusing on Iran via fake social network profiles or also a fake news site. | Targeted Attack | X Individual | CE | IL |
| 864 | 02/12/2017 | Anonymous | Brazil | The Anonymous leak some topology data belonging to Brazilian public sector. | Unknown | O Public administration and defence, compulsory social security | H | BR |
| 865 | 04/12/2017 | ? | Mecklenburg County | Mecklenburg County, which includes the city of Charlotte and surrounding areas, is hit with ransomware and struggles to get its systems back online ever since. In the meantime, county officials are forced to revert to paper systems. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 866 | 04/12/2017 | ? | Home and Small-office Routers | Researchers unveil the details of a new variant of the Mirai botnet called Satori. The botnet exploits a recently discovered 0-day vulnerability to infect two widely used lines of home and small-office routers even when they're secured. | 0-day vulnerability | X Individual | CC | >1 |
| 867 | 04/12/2017 | ? | WWE wrestler Maria Kanellis | A new batch of explicit photos of WWE wrestler Maria Kanellis is leaked. | Account Hijacking | X Individual | CC | US |
| 868 | 04/12/2017 | ? | Mad River Township Fire and EMS station | Mad River Township Fire and EMS station has all its data encrypted by ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 869 | 05/12/2017 | Dfrank | Netshoes | Data of 500,000 customers of Brazilian retailer Netshoes is dumped on pastebin. | Unknown | G Wholesale and retail trade | CC | BR |
| 870 | 05/12/2017 | ? | Baptist Health Louisville | Baptist Health Louisville notifies 880 patients of a phishing incident occurred early October. | Account Hijacking | Q Human health and social work activities | CC | US |
| 871 | 05/12/2017 | ? | Warwick Rowers | The website of a naked charity calendar featuring male rowers at Warwick University is taken down by a DDoS attack after having allegedly offended Russia’s “gay propaganda” laws. | DDoS | Q Human health and social work activities | H | UK |
| 872 | 05/12/2017 | ? | Colorado Center for Reproductive Medicine Minneapolis | Colorado Center for Reproductive Medicine Minneapolis warns customers that, in the wake of a ransomware attack occurred in October 2017, unauthorized third-party may have breached the clinic’s computer security and viewed or accessed patient information that was on the server. | Malware | Q Human health and social work activities | CC | US |
| 873 | 06/12/2017 | ? | NiceHash | Bitcoin mining platform and exchange NiceHash is hacked and forced to suspend the operations for 24 hours after cyber criminals make off with $68 million worth in BTC. | Unknown | V Fintech | CC | US |
| 874 | 06/12/2017 | ? | Royal National Institute for the Blind (RNIB) | Police launch an investigation after 817 people report fraud attempts following a breach of the Royal National Institute for the Blind (RNIB) web store occurred on November 16th. | Unknown | Q Human health and social work activities | CC | UK |
| 875 | 06/12/2017 | ? | 5,500 WordPress sites | Sucuri unveils the details of a new attack affecting 5,500 WordPress sites, infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner. | Malicious Script | X Individual | CC | >1 |
| 876 | 06/12/2017 | ? | Henry Ford Health System | Roughly 18,500 patients at Henry Ford Health System have possibly had their personal information stolen in a data breach occurred in early October after the email credentials of a group of employees were stolen. | Account Hijacking | Q Human health and social work activities | CC | US |
| 877 | 07/12/2017 | ? | Sinai Health System | At least two employees at Sinai Health System had their email accounts compromised in a phishing incident, potentially affecting the information of 11,350 people. | Account Hijacking | Q Human health and social work activities | CC | US |
| 878 | 07/12/2017 | ? | Bitcoin Investors | Researchers at Fortinet spot a new phishing campaign targeting bitcoin investors serving an Orcus RAT malware in disguise of a trading app. | Targeted Attack | X Individual | CC | >1 |
| 879 | 07/12/2017 | ? | Village of Nashotah | The Village of Nashotah pays an unidentified hacker a $2,000 ransom to decrypt its computer system after a hack in late November. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 880 | 07/12/2017 | ? | Clarion University | Clarion University employees are notified after two employees fall victim of a phishing attack. | Account Hijacking | P Education | CC | US |
| 881 | 07/12/2017 | APT34 | Government organization in the Middle East | FireEye reveals the details of a new campaign carried on by the suspected Iranian threat group APT34 exploiting the recently patched CVE-2017-11882 exploit. | Targeted Attack | O Public administration and defence, compulsory social security | CE | N/A |
| 882 | 08/12/2017 | ? | Single Individuals | While scanning the deep and dark web for stolen, leaked or lost data, security company 4iQ discovers a single file with a database of 1.4 billion clear text credentials, the largest aggregate database found in the dark web to date. | Unknown | X Individual | CC | >1 |
| 883 | 08/12/2017 | Anonymous | Israel | In name of #OpIsrael and #OpUSA, hacktivists from the Anonymous Collective leak online names, emails, and passwords of Israeli public employees and share a list of US government sites to target, calling on action against them. | Unknown | O Public administration and defence, compulsory social security | H | IL US |
| 884 | 08/12/2017 | ? | Single Individuals | Researchers from ESET reveal that the cybergang behind the now defunct FinFisher man–in-the-middle attacks has switched over to using a new spyware dubbed StrongPity2 distributed via watering hole attacks. | Malware | X Individual | CE | >1 |
| 885 | 08/12/2017 | ? | Road Sign near North Central Expressway in Dallas | A traffic sign near North Central Expressway in Dallas is hacked and defaced with an obscene message against the President of United States Donald Trump and his voters. | Unknown | N Administrative and support service activities | CC | US |
| 886 | 10/12/2017 | Le Duc Hoang Hai | Perth Airport | A Vietnamese man, Le Duc Hoang Hai, is arrested for stealing sensitive security details and building plans from Perth Airport after breaking into its computer systems. The hack happened in March last year, and was carried on using the credentials of a third-party contractor, | Account Hijacking | H Transportation and storage | CC | AU |
| 887 | 10/12/2017 | ? | Jeffree Star | Jeffree Star is the victim of a data hack, after a member of staff at cosmetics store Sephora allegedly hacks into her account and leaks sensitive information about his spending habits. | Account Hijacking | X Individual | CC | US |
| 888 | 11/12/2017 | MoneyTaker | U.S and Russian Banks | Security firm Group-IB reveals the details of a previously unknown ring of Russian-speaking hackers, allegedly able to have stolen as much as $10 million from U.S. and Russian banks in the last 18 months. The gang of criminals is dubbed MoneyTaker. | Malware | K Financial and insurance activities | CC | RU US |
| 889 | 11/12/2017 | ? | Polish Banks | Researchers from ESET discover a malicious banking app hidden in the Google Play store in disguise of a Crypto Monitor. | Malware | K Financial and insurance activities | CC | PL |
| 890 | 11/12/2017 | ? | Jerome School District | Jerome School District falls victim to ransomware. | Malware | P Education | CC | US |
| 891 | 11/12/2017 | ? | National Capital Poison Center | National Capital Poison Center reports a ransomware incident. | Malware | Q Human health and social work activities | CC | US |
| 892 | 11/12/2017 | ? | Rose McGowan | Another round of "The Fappening". Hackers leak alleged nude pics and sex tape of “Charmed” star Rose McGowan. | Unknown | X Individual | CC | US |
| 893 | 12/12/2017 | ? | Bitfinex | Bitfinex is forced to shut down its ongoing operations after suffering a series of non-stop DDoS attacks. | DDoS | V Fintech | CC | VG |
| 894 | 12/12/2017 | ? | Midland Memorial Hospital | Midland Memorial Hospital announces a data security incident involving a limited number of patients’ personal information after an unauthorized third party may have obtained access to an employee’s e-mail account on or about Oct. 10. | Account Hijacking | Q Human health and social work activities | CC | US |
| 895 | 13/12/2017 | ? | Google, Facebook, Apple, and Microsoft users | According to internet monitoring service BGPMon, traffic sent to and from Google, Facebook, Apple, and Microsoft is briefly routed through a previously unknown Russian Internet provider. The hijack lasts a total of six minutes and affects 80 separate address blocks. | BGP Hijacking | X Individual | CC | >1 |
| 896 | 13/12/2017 | ? | Osaka University | Osaka University says that personal data of around 80,000 students, graduates, staff, former workers and others may have been stolen by hackers. | Account Hijacking | P Education | CC | JP |
| 897 | 13/12/2017 | ? | Anderson Cooper's Twitter account (@andersoncooper) | CNN says Anderson Cooper's Twitter account was hacked after a since-removed tweet from his handle called the president a "tool" and a "pathetic loser" following Democrat Doug Jones win in Alabama's Senate election. | Account Hijacking | X Individual | CC | US |
| 898 | 13/12/2017 | ? | Android Users | Google removes more than 80 malicious Android apps from Google's official Play Store, which were designed to hijack credentials for VK, Russia's Facebook-like social network. | Malware | X Individual | CC | RU |
| 899 | 14/12/2017 | ? | Undisclosed Oil Plant in Saudi Arabia | Security firm FireEye and Schneider Electric SE reveal the details of a new operation. targeting Triconex industrial safety technology widely used inside nuclear, oil and gas plants. The first victim is allegedly located in Saudi Arabia. The malware is dubbed Triton. | Targeted Attack | D Electricity gas steam and air conditioning supply | CW | SA |
| 900 | 14/12/2017 | ? | John Kahlbetzer | John Kahlbetzer, one of Australia’s richest men suffers a $1m loss after his assistant is taken in by a classic Business Email Compromise (BEC) scam. | Account Hijacking | X Individual | CC | AU |
| 901 | 14/12/2017 | ? | Fox-IT | Dutch security firm Fox-IT reveals to have fallen victim of a DNS Hijacking attack on September 19th 2017. The attacker modifies a DNS record for one particular server to point to a server in their possession and to intercept and forward the traffic to the original server that belongs to Fox-IT. | DNS Hijacking | J Information and communication | CE | NL |
| 902 | 14/12/2017 | ? | Unnamed Brazilian Bank | Researchers from Trend Micro unveil the details of Prilex, a new ATM malware used for targeted attacks against a Brazilian bank. | Targeted Attack | K Financial and insurance activities | CC | BR |
| 903 | 14/12/2017 | ? | Proctor School District | The Proctor school district is hit by ransomware. | Malware | P Education | CC | US |
| 904 | 15/12/2017 | The Lazarus Group | Bitcoin Insiders in London | Secureworks reveals a new spearphishing campaign circulating across bitcoin industry insiders in London, carried on via a fake job opening, and aimed to steal their online credentials. The fingers are pointed to the North Korean hackers of the Lazarus Group | Targeted Attack | K Financial and insurance activities | CE | UK |
| 905 | 15/12/2017 | ? | Transneft | Transneft reveals that its computers have been used for the unauthorized manufacture, or “mining”, of the cryptocurrency Monero. | Malware | D Electricity gas steam and air conditioning supply | CC | RU |
| 906 | 15/12/2017 | ? | California voters | Researchers at Kromtech discover an unprotected instance of MongoDB database that appear to have contained 19 million California voters data. The database has been deleted by Cyber Criminals and held for ransom with the attackers demanding 0.2 BTC ($ 3,000 at the time of writing). | Unsecure MongoDB database | O Public administration and defence, compulsory social security | CC | US |
| 907 | 15/12/2017 | ? | Stanislaus County's Mental Health Department | 500 computers from Stanislaus County's Mental Health Department are quarantined after ransomware is detected in the network. | Malware | O Public administration and defence, compulsory social security | CC | US |
| 908 | 15/12/2017 | ? | 39 East Texas School Districts | Students from 39 East Texas School Districts have their information compromised by an October hack. | Unknown | P Education | CC | US |
| 909 | 15/12/2017 | ? | OSX Users | Security firm Cybereason discovers an invasive adware variant dubbed OSX.Pirrit. The malware targets macOS users adding spyware capabilities. | Malware | X Individual | CC | >1 |
| 910 | 11/12/2017 | ? | Pinterest | Pinterest notifies users of suspicious activity due to attackers trying to compromise account using 'credential stuffing' (credentials obtained from other breaches). | Credential Stuffing | J Information and communication | CC | US |
| 911 | 15/12/2017 | ? | Linux and Windows Servers | Researchers from F5 Networks discover an aggressive and sophisticated malware campaign, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency. The campaign is dubbed Zealot. | Malware | Y Multiple targets | CC | >1 |
| 912 | 17/12/2017 | ? | Bitfinex | Bitfinex is, once again hit by a massive DDoS attack. | DDoS | V Fintech | CC | US |
| 913 | 18/12/2017 | ? | Android Users | Kaspersky Lab reveals the details of a new Android malware called Trojan.AndroidOS.Loapi. the malware features a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks and much more. | Malware | X Individual | CC | >1 |
| 914 | 18/12/2017 | ? | Wordpress Sites | WordPress sites around the globe are the targets of a massive brute-force campaign where hackers attempt to guess admin account logins in order to install a Monero miner on compromised sites. | Brute Force | X Individual | CC | >1 |
| 915 | 18/12/2017 | ? | iOS Users | A phony iOS version of Cuphead, a very popular retro game, finds its way into Apple's notoriously restrictive iTunes App store. | Malware | X Individual | CC | US |
| 916 | 19/12/2017 | ? | Youbit | The South Korean Bitcoin exchange Youbit, previously known as Yapizon quits its operation and files for bankruptcy due to two cyber attacks in last eight months. The company suffers another data breach in which 17% of total assets have been stolen. However, the total value of stolen assets is not mentioned. | Unknown | V Fintech | CC | KR |
| 917 | 19/12/2017 | APT-C-15? | Arabic Speaking Android Users | Researchers at Trend Micro discover a new Android malware, dubbed AnubisSpy, linked with the Sphinx cyberespionage campaign, which was discovered in 2014-15 and launched by the APT-C-15. | Malware | X Individual | CE | >1 |
| 918 | 19/12/2017 | ? | Wordpress Sites | Captcha, a WordPress plugin installed on over 300,000 sites is recently modified to download and install a hidden backdoor. | Compromised Wordpress Plugins | X Individual | CC | >1 |
| 919 | 19/12/2017 | ? | Multiple Systems Worldwide | Researchers from security firm GuardiCore discover multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers target systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. | Malware | Y Multiple targets | CC | >1 |
| 920 | 19/12/2017 | ? | Medhost | The website of medhost.com is redirected to a page where the attackers post a message claiming to have stolen personal information from the servers. However they do not provide any evidence of the data. | DNS Hijacking | Q Human health and social work activities | CC | US |
| 921 | 20/12/2017 | People’s Republic of China (PRC)-based actors | Four Western think tanks and an additional two non-governmental organizations (NGOs). | Crowdstrike reveals the details of espionage-driven targeted attacks carried on by Chinese actors against four Western think tanks and an additional two non-governmental organizations (NGOs). | Targeted Attack | M Professional scientific and technical activities | CE | >1 |
| 922 | 20/12/2017 | People’s Republic of China (PRC)-based actors | Four Western think tanks and an additional two non-governmental organizations (NGOs). | Crowdstrike reveals the details of espionage-driven targeted attacks carried on by Chinese actors against four Western think tanks and an additional two non-governmental organizations (NGOs). | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | >1 |
| 923 | 20/12/2017 | ? | EtherDelta | Popular cryptocurrency exchange EtherDelta is hacked, with many users unknowingly sending their tokens to the hacker instead of the exchange. At least 308 ETH ($266,789) were stolen, as well as a large number of tokens potentially worth hundreds of thousands of dollars. | DNS Hijacking | V Fintech | CC | US |
| 924 | 20/12/2017 | ? | Single Individuals | Researchers from Trend Micro spot a new campaign exploiting CVE-2017-11882 to distribute the Loki Infostealer. | Malware | X Individual | CC | >1 |
| 925 | 20/12/2017 | ? | Golden Optometric | Goldon Optometric informs some patients whose information was affected by a CrySiS ransomware attack. | Malware | Q Human health and social work activities | CC | US |
| 926 | 21/12/2017 | ? | Nissan Canada Finance | Nissan Canada's vehicle-financing wing has been hacked, putting personal information on as many as 1.13 million customers at risk. The exposed data includes at least customer names, addresses, vehicle makes and models, vehicle identification numbers (VINs), credit scores, loan amounts and monthly payment figures. | Unknown | C Manufacturing | CC | CA |
| 927 | 21/12/2017 | The Lazarus Group | Single Individuals | Proofpoint researchers uncover what it’s calling the first publicly documented instance of a nation-state targeting a POS-related framework for the theft of credit-card data, carried out by the notorious Lazarus Group hacking arm of Pyongyang. | PoS Malware | X Individual | CC | >1 |
| 928 | 21/12/2017 | Cron Cybercrime Group | Single Individuals | Security researchers from AVAST warn of new malware designed to harvest banking and card details, which could be linked to the infamous Cron cybercrime group. The malware is dubbed Catelites Bot. | Malware | X Individual | CC | >1 |
| 929 | 21/12/2017 | ? | Android Users | Security researchers at Lookout find three fake Bitcoin wallet apps on Play Store developed with the intention to steal Bitcoin-related data from users. | Malware | X Individual | CC | >1 |
| 930 | 21/12/2017 | ? | Facebook Messenger Users | Researchers at Trend Micro discover a malicious new cryptocurrency mining malware that specifically targets Facebook Messenger users . The malware has been dubbed as Digmine. | Malware | X Individual | CC | >1 |
| 931 | 21/12/2017 | ? | WWE Diva Paige | Unknown hackers leak new private photo of WWE Diva Paige | Unknown | X Individual | CE | UK |
| 932 | 21/12/2017 | Nexus Zeta | Huawei home router HG532 | Researchers from Check Point discover a zero-day vulnerability in Huawei home router HG532 and a campaign aimed to exploit this vulnerability to inject the SATORI payload. | 0-Day Vulnerability | X Individual | CC | >1 |
| 933 | 21/12/2017 | ? | Globex | Hackers try to steal 55 million rubles ($940,000) from Russian state bank Globex using the SWIFT international payments messaging system. At the end the hackers only withdraw around $100,000. | Malware | K Financial and insurance activities | CC | RU |
| 934 | 21/12/2017 | ? | Multiple Organizations | Researchers from Barracuda spot a new campaign where cybercriminals are spoofing scanners to launch attacks containing malicious attachments that appear to be coming from the network printer. | Malware | Y Multiple targets | CC | >1 |
| 935 | 22/12/2017 | ? | Single Individuals | A new variant of the GlobeImposter ransomware is distributed via a massive malspam campaign. | Malware | X Individual | CC | >1 |
| 936 | 22/12/2017 | ? | Jason's Deli | Jason's Deli notifies its customers that a large quantity of payment card information has appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations. | Unknown | I Accommodation and food service activities | CC | US |
| 937 | 22/12/2017 | ? | Colorado Mental Health Institute | Colorado Mental Health Institute notifies 650 patients after phishing incident. | Account Hijacking | Q Human health and social work activities | CC | US |
| 938 | 23/12/2017 | ? | Veyna & Forschino | Veyna & Forschino disclose a breach involving an unauthorized access to a company email. Compromised information includes individuals’ name, date of birth, telephone numbers, address, Social Security number, W-2 information, 1099 records including account and direct deposit bank account information. | Account Hijacking | K Financial and insurance activities | CC | US |
| 939 | 26/12/2017 | ? | Single Individuals | The Necurs botnet continues its massive campaign aimed to distribute ransomware with as many as 47 million emails per day. | Malware | X Individual | CC | >1 |
| 940 | 26/12/2017 | ? | Offset iCloud account | Migos' Offset iCloud is hacked and nude images of fiancé Cardi B leaked. | Account Hijacking | X Individual | CC | US |
| 941 | 27/12/2017 | ? | Longs Peak Family Practice | Longs Peak Family Practice notifies patients following a ransomware and hacking incident that were first detected on November 5. | Malware | Q Human health and social work activities | CC | US |
| 942 | 27/12/2017 | ? | hounddawg.org | hounddawg.org, a popular torrent tracker is hacked. The attacker claims to have downloaded the entire database and the site source code. | Unknown | J Information and communication | CC | NL |
| 943 | 28/12/2017 | ? | Exmo | A UK-based Bitcoin exchange called Exmo ishit by atargeted DDoS attack. The attack happens just days after one of Exmo's leading analysts, a blockchain expert named Pavel Lerner, is kidnapped in Kiev while leaving his office. A $1M bitcoin ransom is paid to release him. | DDoS | V Fintech | CC | UK |
| 944 | 28/12/2017 | ? | John McAfee Twitter Account (@officialmcafee) | John McAfee has his Twitter account hacked and used to promote lesser-known crypto-currencies. | Account Hijacking | X Individual | CC | UK |
| 945 | 28/12/2017 | ? | Magento Sites | Dutch security researcher Willem de Groot discovers that Hackers are actively targeting Magento sites running a popular helpdesk extension called Mirasvit Helpdesk. | Vulnerable Magento extension | X Individual | CC | >1 |
| 946 | 28/12/2017 | ? | Three Plugins | The Wordpress security team removes three plugins infected with backdoors tied to the same threat actor. | Compromised Wordpress Plugins | X Individual | CC | >1 |
| 947 | 28/12/2017 | ? | Unnamed Organizations | The Italian researcher Marco Ramilli finds a new infostealer campaign in the wild. | Malware | Y Multiple targets | CC | >1 |
| 948 | 28/12/2017 | ? | Jones Memorial Hospital | A cyberattack disrupts computer systems at Jones Memorial Hospital. | Malware | Q Human health and social work activities | CC | US |
| 949 | 29/12/2017 | ? | Chrome Users | Archive Poster, a popular Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks. | Malware | X Individual | CC | >1 |
| 950 | 29/12/2017 | ? | Miracle-Ear | Miracle-Ear Inc. says that 554 patient records have been compromised in a security breach to its e-mail system. The incident occurred Oct. 24, when “an unknown and unauthorized intruder” gained access to the e-mail account of an employee of Miracle-Ear’s parent company, Amplifon. | Account Hijacking | C Manufacturing | CC | US |
| 951 | 31/12/2017 | Anonymous | Correggio Speed Cameras database | The Anonymous hack the speed cameras database of an Italian city (Correggio) and dump the content. | Unknown | O Public administration and defence, compulsory social security | H | IT |