Finally I can summarize all the events and statistics collected in 2018, quite a complicated year from an infosec perspective. For those of you that keep asking, every two weeks (more or less) I publish a timeline with the main cyber attacks occurred in that period. Every timeline contains the link with the details of the events, and finally, every month (more or less), the timelines are aggregated to provide a statistical overview of the period. Moreover, the taxonomy of the categories is inherited from the International Standard Industrial Classification
So during 2018, I have collected a total of 1337 events that you can find in the following table (and after the table you will find the statistics):
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
01/01/2018
?
Faye Brookes
2018 begins with a new round of Fappening leaks. This time the victim is Faye Brookes, whose explicit video is leaked on several video sharing websites.
Unknown
X Individual
Cyber Crime
UK
Faye Brookes, The Fappening
2
01/01/2018
?
Rockingham County Schools
Rockingham County Schools servers are compromised by the Emotet malware after an employee opens a phishing email.
Malware/PoS Malware
P Education
Cyber Crime
US
Rockingham County Schools, Emotet
3
01/02/2018
Andariel
Unnamed South Korean Company
Bloomberg reveals that a hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins, worth about $25,000 as of Dec. 29.
Unknown
Z Unknown
Cyber Crime
KR
Andariel, North Korea, South Korea, Crypto
4
01/02/2018
@0x55Taylor
thefly.com
A hacker using the twitter handle @0x55Taylor posts some screenshots of a breach affecting all users who registered at thefly.com a leading digital publisher of real-time financial news between 2006 and 2015. The leak contains the data of 100,000 individuals, and the credit card details of 27,000 among them.
SQLi?
J Information and communication
Cyber Crime
US
thefly.com, @0x55Taylor
5
01/03/2018
?
Uber Users
Symantec researchers discover a new malware strain, dubbed Android.Fakeapp, that sneakily spoofs Uber’s Android app and harvests users’ passwords, allowing attackers to take over users’ accounts.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Uber, Android, Symantec, Android.Fakeapp
6
01/03/2018
?
Android Users
Researchers from Trend Micro discover 36 apps on Google Play in disguise of security tools, but in reality able to secretly harvesting user data, tracking user location, and aggressively pushing advertisements.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, Android, Google Play
7
01/03/2018
?
City of Farmington
The city of Farmington is hit by a variant of the SamSam ransomware.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
City of Farmington, SamSam
8
01/03/2018
?
Linux Servers
Researchers at F5 discover a new Linux crypto-miner botnet dubbed PyCryptoMiner spreading over SSH. The Monero miner botnet is based on Python and leverages Pastebin as command and control server when the original C&C isn’t available.
Malware/PoS Malware
X Individual
Cyber Crime
>1
F5, PyCryptoMiner, Crypto, Monero
9
01/03/2018
?
Bank customers globally
Researchers from security company Quick Heal reveal the detail of Android.banker.A9480, an Android banking trojan targeting more than 232 banking apps of financial institutions globally.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Quick Heal, Android.banker.A9480
10
01/03/2018
?
Big Line Holiday
Big Line Holiday, a Hong Kong travel agency, reveals that hackers might have broken into its database a day before and gained possession of some of its customers’ personal information.
Malware/PoS Malware
R Arts entertainment and recreation
Cyber Crime
HK
Big Line Holiday, ransomware
11
01/04/2018
?
Ukrainian users
Researchers from Cisco Talos reveal that unknown attackers have compromised the official website of Ukrainian accounting software developer Crystal Finance Millennium to distribute a new variant of the malicious Zeus banking trojan. The compromised website hosts the payload retrieved by a dropper distributed via a spam campaign.
Malware/PoS Malware
X Individual
Cyber Crime
UA
Cisco Talos, Crystal Finance Millennium, Zeus
12
01/04/2018
?
City of Belle Fourche
The city of Belle Fourche is hit by a ransomware attack.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Belle Fourche, ransomware
13
01/04/2018
?
Goldjoy
Goldjoy, another travel agency in Hong Kong, reveals that unauthorised parties accessed its customer database containing personal information such as names and ID card numbers, passport details and phone numbers, asking for a ransom.
Malware/PoS Malware
R Arts entertainment and recreation
Cyber Crime
HK
Goldjoy, ransomware
14
01/05/2018
?
Android Users
Security researchers from Check Point uncover LightsOut, a new mobile adware program hidden in 22 fake applications on the Google Play Store. According to the researchers, the apps were downloaded between 1.5 million and 7.5 million times.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Google Play, Android, Check Point, LightsOut
15
01/05/2018
?
Reddit
Reddit confirms that one of its email providers, Mailgun, has been breached, resulting in the hacks of user profiles and their linked cryptocurrency accounts.
Account Hijacking
J Information and communication
Cyber Crime
US
Reddit, Mailgun
16
01/05/2018
?
Beautyblender
Beautyblender notifies 3,673 individuals that their information might have been compromised after the discovery of a malware on its online shop.
Malware/PoS Malware
G Wholesale and retail trade
Cyber Crime
US
Beautyblender
17
01/05/2018
?
Oklahoma State University Center for Health Sciences (OSUCHS)
Oklahoma State University Center for Health Sciences notifies an undisclosed number of affected patients of an unauthorized third party occurred on November 2017.
Unknown
Q Human health and social work activities
Cyber Crime
US
Oklahoma State University Center for Health Sciences. OSUCHS
18
01/05/2018
@0x55Taylor
Creditseva
After defacing it, @0x55Taylor manages to gain access to creditseva main website server and a copy of the s3 bucket credentials.
Unknown
K Financial and insurance activities
Cyber Crime
IN
Creditseva, @0x55Taylor
19
01/05/2018
The Dark Overlord
Columbia Falls School District Number 6
The Columbia Falls School District Number 6 in Montana, sends out letters to notify the breach occurred after the attack carried on by The Dark Overlord begun on September 1st, 2017.
Unknown
P Education
Cyber Crime
US
The Dark Overlord, Columbia Falls School District Number 6
20
01/06/2018
?
Olympic Games in South Korea
Researchers from McAfee uncover a campaign, dubbed Operation PowerShell Olympics, targeting organizations involved with next month's Games in South Korea, with the aim of controlling infected machines.
Targeted Attack
U Activities of extraterritorial organizations and bodies
Cyber Espionage
KR
McAfee, Operation PowerShell Olympics, Olympic Games
21
01/06/2018
?
BlackBerry Mobile Site
The Blackberry Mobile site is hacked exploiting a vulnerability of Magento. The attackers install a Monero miner using the Coinhive library.
Magento Vulnerability
J Information and communication
Cyber Crime
CA
Blackberry, Magento, Monero, Coinhive, Crypto
22
01/06/2018
?
Florida's Agency for Health Care Administration (FAHCA)
A phishing attack on an employee at Florida's Agency for Health Care Administration (discovered in November 20, 2017) results in the exposure of sensitive information on 30,000 Medicaid patients.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Florida's Agency for Health Care Administration, FAHCA
23
01/07/2018
?
CVE 2017-10271 Vulnerable Machines
A report published by the SANS Technology Institute reveals that attackers are exploiting a critical Oracle WebLogic flaw (CVE 2017-10271) to inject Monero cryptocurrency miners on victim’s machines.
Health South-East RHF, a healthcare organization that manages hospitals in Norway's southeast region, announces a security breach. A hacker or hacker group might have stolen healthcare data for more than half of Norway's population. (over 2.9 million individuals)
Unknown
Q Human health and social work activities
Cyber Crime
NO
Health South-East RHF
25
01/08/2018
?
Single Individuals
Alien Vault reveals to have found malware that appears to install code for mining Monero cryptocurrency, sending any mined coins to a server at a North Korean university.
Malware/PoS Malware
X Individual
Cyber Crime
>1
AlienVault, Monero, North Korea, Crypto
26
01/08/2018
?
Onco360
Onco360 notifies a phishing incident involving an employee’s email account and affecting potentially 53,000 users.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Onco360
27
01/08/2018
?
Caremed Specialty Pharmacy
Caremed Specially Pharmacy is victim of the same event affecting Onco360
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Caremed Specialty Pharmacy
28
01/09/2018
Turla
Embassies and consulates in East Europe
Researchers from ESET unveil the details of a new operation carried on by the Turla cyber espionage group, targeting embassies and consulates in East Europe using a fake Adobe Flash updater.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
>1
Turla, Adobe
29
01/09/2018
?
Android Users
Researchers at Trend Micro find in the Google Play Store the first Android malware designed to steal information, carry out click ad fraud, and sign users up to premium SMS services without their permission, written using the Kotlin programming language.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, Android, Kotlin, Google Play
30
01/09/2018
?
Single Individuals
Malwarebytes reveal the details of a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising, exploiting the RIG Exploit Kit.
Malvertising
X Individual
Cyber Crime
>1
Malvertising, RIG Exploit Kit, Malwarebytes
31
01/10/2018
Pawn Storm AKA Fancy Bear AKA APT28
International Olympic Committee
APT28 AKA Pawn Storm AKA Fancy Bear publish a set of apparently stolen emails purportedly belong to officials from the International Olympic Committee, the United States Olympic Committee, and third-party groups associated with the organizations.
Unknown
U Activities of extraterritorial organizations and bodies
Cyber Crime
N/A
Pawn Storm, Fancy Bear, APT28, ICO, International Olympic Committee
32
01/10/2018
?
Android Users
Researchers from Symantec discover a fake Telegram (Teligram) app on the Google Play Store that claims to be a new, updated version of the popular encrypted messenger app, but whose real purpose is to distribute malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Symantec, Android, Teligram, Telegram
33
01/10/2018
?
Russian Bank Customers
Researchers at Trend Micro discover a new mobile malware that primarily targets Russian banking customers, taking over victims' SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, The malware is dubbed FakeBank.
Malware/PoS Malware
X Individual
Cyber Crime
CC
Trend Micro, FakeBank
34
01/10/2018
?
Netflix Users
Netflix users are warned to avoid clicking on any suspicious email links after a phishing scam is uncovered by security firm Mailguard, which security experts say is designed to steal credit card details.
Account Hijacking
X Individual
Cyber Crime
>1
Mailguard, Netflix
35
01/11/2018
?
Unpatched Windows and Linux servers
Researchers from Check Point and Certego reveals the details of a new campaign distributing a malware dubbed RubyMiner, turning outdated web servers into Monero miners.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Check Point, Certego, RubyMiner, Monero, Crypto
36
01/11/2018
?
German Users
German authorities warn about phishing emails trying to take advantage of the Spectre and Meltdown vulnerabilities, promising fake patches and distributing the Smoke Loader malware.
Malware/PoS Malware
X Individual
Cyber Crime
DE
Spectre, Meltdown, Smoke Loader
37
01/11/2018
?
Apple Mac users
Patrick Wardle, a security researcher, discovers OSX MaMi, a new, undetectable strain of malware affecting Apple Macs that can hijack a device's DNS settings and steal victims' personal data.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Patrick Wardle, OSX MaMi
38
01/11/2018
?
North Korean defectors
Researchers at McAfee unveil the details of operation Sun Team, a campaign targeting North Korean defectors, along with those who help them, which aims to infect their devices with trojan malware for the purposes of spying on them.
Malware/PoS Malware
X Individual
Cyber Espionage
KP
McAfee, Sun Team, North Korea
39
01/11/2018
?
Adams Health Network
Adams Health Network, which runs Adams Memorial Hospital, confirms that a ransomware attack targeted some of its computer servers.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Adams Health Network, Ransomware, SAMSAM
40
01/12/2018
Pawn Storm AKA Fancy Bear AKA APT28
US Senate
Researchers from Trend Micro reveal that the state sponsored hackers behind APT28 (AKA Pawn Storm AKA Fancy Bear) targeted the US Senate in mid-2017).
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
US
Pawn Storm, Fancy Bear, APT28, US Senate
41
01/12/2018
?
Hancock Regional Hospital
The Hancock Regional Hospital, in the state of Indiana, confirms to be running on pen and paper following a SAMSAM ransomware attack, which hit the day prior. The hospital eventually pays up hackers $55,000 to restore control.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Hancock Regional Hospital, SAMSAM, ransomware
42
01/12/2018
?
Android Users
Researchers from Check Point reveals the details of 'AdultSwine', a malware displays pornographic advertising on Android applications, found in 60 gaming apps on Google Play and downloaded between three and seven million times.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Check Point, AdultSwine, Android, Google Play
43
01/01/1970
?
New Zealand Football
New Zealand Football says it is investigating a potential hack of its official website after a fake news article popped up "announcing" the resignation of its CEO Andy Martin.
Defacement
R Arts entertainment and recreation
Cyber Crime
NZ
New Zealand Football, Andy Martin
44
01/01/1970
?
BlackWallet
An unidentified thief reportedly steals more than $400,000 in Stellar lumens after hacking the digital wallet provider BlackWallet.
DNS Hijacking
V Fintech
Cyber Crime
DE
BlackWallet, Stellar Lumens, Crypto
45
01/01/1970
?
Devices powered by ARC CPUs
Researchers from infosec group Malware Must Die discover a new variant of the Mirai botnet capable of infecting devices powered by ARC CPUs. The botnet is dubbed "Okiru", which means "wake up" in Japanese.
The same hackers also manage to hijack the verified account of Borge Brende, the president of the World Economic Forum and former minister of foreign affairs for Norway.
Account Hijacking
X Individual
Hacktivism
NO
Borge Brende, Twitter, @borgebrende, Ayyıldız Tim
48
01/01/1970
?
OnePlus
Chinese smartphone manufacturer OnePlus launches an investigation after a number of customers who used its website to purchase products complain of attempted fraud. Few days after (January 19) the company confirms to have been hacked via a malicious script injected into its website, potentially compromising the payment card details of up to 40,000 customers.
Malicious Script
C Manufacturing
Cyber Crime
CN
OnePlus
49
01/01/1970
?
Chrome Users
Security researchers from ICEBRG find four malicious Chrome extensions available in the Chrome store, laced with suspicious code, and infecting more than 500,000 users across the globe, including workstations within major organizations.
Malicious Browser Extension
X Individual
Cyber Crime
>1
ICEBRG, Chrome,
50
01/01/1970
?
Financial Organizations in Latin America
Researchers from Trend Micro spot a new variant of the KillDisk disk-wiping malware targeting companies in the financial sector in Latin America.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Latin America, Trend Micro, KillDisk
51
01/12/2018
?
Monticello Central Strict District
Monticello Central School District warns of a sophisticated e-mail phishing attack occurred on November 1st, 2017. Potentially 2,598 individuals are affected.
Account Hijacking
P Education
Cyber Crime
US
Monticello Central Strict District
52
01/01/1970
Group 123
Multiple targets mainly in South Korea
Researchers from Cisco Talos reveal the details of the malicious activities of Group 123, a malicious actor linked to North Korea, author of at least six malicious campaigns focused on South Korean targets.
Targeted Attack
Y Multiple Industries
Cyber Espionage
KR
Group 123
53
01/01/1970
?
Several Italian Individuals
Researchers from Kaspersky Lab reveal the details of Skygofree, an Android malware, reminiscent of the Hacking Team surveillance malware, targeting some Italian individuals.
Malware/PoS Malware
X Individual
Cyber Espionage
IT
Kaspersky Lab, Skygofree, Hacking Team, Android
54
01/01/1970
Ayyıldız Tim
Eric Bolling (@ericbollingTR) and Greta Van Susteren (@greta) Twitter accounts
Former Fox News hosts Eric Bolling and Greta Van Susteren appear to have their Twitter accounts hijacked by a group of suspected Turkish hackers dubbed Ayyıldız Tim.
Account Hijacking
X Individual
Cyber Crime
US
Fox News, Eric Bolling, Greta Van Susteren, Twitter, Ayyıldız Tim, @ericbollingTR, @greta
55
01/01/1970
?
Several cryptocurrency exchanges such as Coinlink.
According to the security firm Recorded Future, the notorious North Korean hacking outfit Lazarus Group is behind cyberattacks that targeted South Korean cryptocurrency exchanges and users towards the end of 2017, security researchers have found. However Coinlink denies the claims.
Account Hijacking
V Fintech
Cyber Crime
>1
Coinlink, Recorded Future, Lazarus Group
56
01/01/1970
?
Singing River Health System
Unknown attackers try to break into the Singing River Health System’s network.
Unknown
Q Human health and social work activities
Cyber Crime
US
Singing River Health System
57
01/01/1970
?
Bank Customers in the UK, France and Australia
Security researchers at Forcepoint reveal a new improved version of the financial malware Dridex, targeting victims in the UK, France and Australia and using compromised FTP websites in phishing campaigns.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Forcepoint, Dridex
58
01/01/1970
?
Several telecommunications, insurance and financial service firms.
Researchers from security firm FireEye reveal a new spam campaign delivering the Zyklon HTTP malware, and exploiting three relatively new Microsoft Office vulnerabilities. The attackers are targeting telecommunications, insurance and financial service firms. The malware comes with a variety of features, like password stealing, keylogging, DDoS and crypto mining.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
FireEye, Zyklon
59
01/01/1970
?
Claymore mining rigs
A new variant of the Satori botnet springs back to life, targeting Claymore mining rigs, and replacing the device owner's mining credentials with the attacker's own.
Malware/PoS Malware
V Fintech
Cyber Crime
>1
Satori, Claymore, Crypto
60
01/01/1970
?
Single Individuals
Necurs, the world's largest spam botnet, is back on track, sending millions of spam emails that push an obscure cryptocurrency named Swisscoin, used for Multi-Level-Marketing (MLM) Ponzi scheme.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Necurs, Swisscoin, Crypto
61
01/01/1970
Dark Caracal
Victims inside governments, militaries, utility companies, financial institutions, manufacturing companies and defense contractors in 21 different countries
Security researchers from digital rights organization Electronic Frontier Foundation and security firm Lookout reveal a long lasting campaign allegedly carried on by attackers tied to the Lebanese government, able to steal hundreds of gigabytes from thousands of victims all over the world. The group is dubbed Dark Caracal.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Dark Caracal, Lebanon, Electronic Frontier Foundation, Lookout
62
01/01/1970
?
Android Users
Google removes 53 apps from the official Play Store because they were spreading a new breed of Android malware named GhostTeam, active since April 2017, that could steal Facebook credentials and push ads to infected phones.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Android, GhostTeam, Facebook
63
01/01/1970
?
Allscripts
A ransomware attack takes down some of the applications used by Allscripts.
Malware/PoS Malware
J Information and communication
Cyber Crime
US
Allscripts, ransomware
64
01/01/1970
?
Questar Assessment
A data breach at the company that develops New York State’s third-through-eighth grade reading and math tests allows an unauthorized user to access information about 52 students. Also students in another state are affected, but the company does not provide further details.
Unknown
J Information and communication
Cyber Crime
US
Questar Assessment
65
01/01/1970
?
IOTA
Malicious websites used to generate password details for the fintech network IOTA (online seed generators) are reportedly to blame for the theft of nearly $4m (£2.9m) from users' digital wallets.
Account Hijacking
V Fintech
Cyber Crime
>1
IOTA, Crypto
66
01/01/1970
?
Electronic Gas Stations
Russian authorities identify a distributed malware campaign targeting electronic gas stations using software programs at the pumps. Dozens of gas stations have been attacked with customers paying more for fuel (around 3 to 7% increment per gallon).
Malware/PoS Malware
D Electricity gas steam and air conditioning supply
Cyber Crime
RU
Gas Stations
67
01/01/1970
?
Westminster Ingleside King Farm Presbyterian Retirement Communities
Westminster Ingleside King Farm Presbyterian Retirement Communities notifies 5,228 Residents of a malware attack occurred on November 21, 2017
Malware/PoS Malware
P Education
Cyber Crime
US
Westminster Ingleside King Farm Presbyterian Retirement Communities
68
01/01/1970
?
Charlotte Housing Authority
341 employees of the Charlotte Housing Authority have their W-2 forms compromised after scammers sent CHA staffers an e-mail pretending to be from CEO.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Charlotte Housing Authority, W-2
70
01/01/1970
?
Android Users
Security researchers at Russian cybersecurity company Dr.Web discover a dangerous Android malware hidden in several gaming apps on Play store stealing personal data from users by conducting phishing attacks. The malware is dubbed Android.RemoteCode.127.origin and has been downloaded more than 4,000,000 times.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Dr.Web, Android, Play Store, Android.RemoteCode.127.origin
71
01/01/1970
?
Fire and Fury Readers
Researchers spot a copy of Michael Wolff’s book Fire and Fury infected with malware.
Malware/PoS Malware
X Individual
Cyber Crime
US
Fire and Fury, Michael Wolff, Trump
72
01/01/1970
Ayyıldız Tim
David Clarke Jr. Twitter Account
The Turkish Cyber Army hacking group strikes again and hijacks the Twitter account of vocal Donald Trump supporter and ex-Milwaukee County Sheriff David Clarke Jr.
Account Hijacking
X Individual
Cyber Crime
US
Ayyıldız Tim, David Clarke Jr, Twitter Account
73
01/01/1970
?
Charissa Thompson
Fox Sports host Charissa Thompson is the latest celebrity whose nude photos are stolen by hackers and then published online as part of The Fappening scandal.
Account Hijacking
X Individual
Cyber Crime
US
Charissa Thompson, The Fappening
74
01/01/1970
?
Apache Servers
Researchers from Trend Micro report a significant increase in the use of Apache Struts (CVE-2017-5638) and DotNetNuke (CVE-2017-9822) vulnerabilities to implant Monero miners.
Police are investigating a new data breach at Bell Canada (the second in eight months), which says hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses of up to 100,000 users.
Unknown
J Information and communication
Cyber Crime
CA
Bell Canada
76
01/01/1970
?
Metrolinx
Ontario transit agency Metrolinx says it was the target of a cyberattack that originated in North Korea, but no personal information was compromised.
Unknown
H Transportation and storage
Cyber Espionage
CA
Metrolinx
77
01/01/1970
?
220,000 Malaysian organ donors.
Another data breach in Malaysia. A technology forum publishes details of a trove of data which includes the personal information of more than 220,000 organ donors.
Unknown
Q Human health and social work activities
Cyber Crime
MY
Malaysia
78
01/01/1970
Nexus Zeta
IoT Devices Worldwide
According to a new report by Newsky Security, the author of the infamous Satori IoT botnet has created two new variants of the predecessor Mirai, called Masuta and PureMasuta.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Newsky Security, Mirai, Masuta, PureMasuta.
79
01/01/1970
?
Turkish Defense Contractors
According to RiskIQ, an unknown actor purporting to be from the tax collection arm of the Turkish government is carrying out spear-phishing campaigns against Turkish defense contractors, using a RAT called Remcos.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
TR
RiskIQ, Remcos
80
01/01/1970
?
Twitter Users
Researchers from Malwarebytes reveal a fresh malware campaign spreading via a spamming Twitter accounts.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Malwarebytes, Twitter
81
01/01/1970
?
National Stores, Inc.
National Stores, Inc. announces that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. It appears that payment cards used by customers at some National Stores locations between July 16 and December 11, 2017 may be involved.
Malware/PoS Malware
G Wholesale and retail trade
Cyber Crime
US
National Stores, Inc.
82
01/01/1970
?
Unnamed company in Greenbay
Unknown hackers use a known vulnerability to get into a company’s computer system, stealing personal information from human resources files, and then using that to steal what police call “significant amounts” of money from several people.
Undisclosed vulnerability
Z Unknown
Cyber Crime
US
Greenbay
83
01/01/1970
?
Single Individuals
Researchers from Sucuri reveal a new campaign targeting more than 2,000 compromised websites and aimed to both mine Monero and stealing the users credentials.
Malicious Script Injection
X Individual
Cyber Crime
>1
Sucuri, Monero, Wordpress
84
01/01/1970
?
Harris County
Harrys County lose almost $900K in a phishing scam. The attack dates back to September 2017.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Harris County
85
01/01/1970
?
Victims based primarily in Thailand, Vietnam and Egypt
Researchers from Palo Alto Networks discover A newly discover a malicious URL redirection campaign that infects users with the XMRig Monero cryptocurrency miner. The campaign has already victimized users between 15 and 30 million times.
Malvertising
X Individual
Cyber Crime
>1
Palo Alto Networks, XMRig, Monero, Crypto
86
01/01/1970
?
IoT Devices Worldwide
Bitdefender researchers uncover an emerging IoT botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot is dubbed Hide 'N Seek (HNS)
Malware/PoS Malware
X Individual
Cyber Crime
>1
Bitdefender, Hide 'N Seek, HNS
87
01/01/1970
?
5 universities, 23 private companies and several government organizations.
Security researchers from Comodo spot a new strain of sophisticated malware, dubbed Lebal, targeting a number of high-profile entities, including five universities, 23 private companies and several government organizations.
Targeted Attack
Y Multiple Industries
Cyber Crime
>1
Comodo, Lebal
88
01/01/1970
?
Single Individuals
Researchers from Crowdstrike discover a new strain of malware that uses the National Security Agency's EternalBlue exploit to hijack computers and secretly mine cryptocurrency. The malware is dubbed WannaMine.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Crowdstrike, WannaMine, Crypto
89
01/01/1970
?
Single Individuals
A new ransomware called MoneroPay is discovered that tries to take advantage of the cryptocurrency craze by spreading itself as a wallet for a fake coin called SpriteCoin.
Malware/PoS Malware
X Individual
Cyber Crime
>1
MoneroPay, SpriteCoin
90
01/01/1970
OilRig
8 Middle Eastern government organizations, as well as one financial and one educational institution.
Researchers from Palo Alto Networks reveal a new operation of the Iran-linked cyber-espionage group tracked as OilRig, carried on using a backdoor dubbed RGDoor to target Internet Information Services (IIS) Web servers.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
OilRig, RGDoor, Palo Alto Networks
91
01/01/1970
?
Financial Organizations in Latin America
NCR sends an advisory to its customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the United States. Sources say the malware behind the attack is Ploutus.D.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
US
NCR, Ploutus.D
92
01/01/1970
?
YouTube Users
YouTube is caught displaying ads that covertly use visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers.
Malicious Script Injection
X Individual
Cyber Crime
>1
YouTube, Crypto
93
01/01/1970
?
Coincheck
Japanese cryptocurrency exchange Coincheck confirms that some $524 million worth of digital coins (a cryptocurrency called NEM) has been stolen—likely making it the largest single hack on an exchange.
Unknown
V Fintech
Cyber Crime
JP
Coincheck, NEM, Crypto
94
01/01/1970
?
Users in the Middle East
Security researchers from Palo Alto Networks detect a fresh wave of attacks targeting users in the Middle East. Attackers use Arabic language documents related to current political events to download and run malicious malware. The campaign is called 'TopHat' and makes use of a malware dubbed 'Scote'.
Targeted Attack
X Individual
Cyber Espionage
>1
Palo Alto Networks, TopHat, Scote
95
01/01/1970
?
Chrome Users
Trend Micro publishes a list of malicious Chrome extensions making use of a recently discovered technique called "Session Replay" attack.
Malicious Extension
X Individual
Cyber Crime
>1
Chrome, Trend Micro, Session Replay
96
01/01/1970
?
phpBB
An unknown attacker compromises download links for the phpBB forum software, according to a statement released today by the phpBB development team.
Unknown
J Information and communication
Cyber Crime
N/A
phpBB
97
01/01/1970
?
ABN Ambro
ABN Ambro is the victim of a sustained DDoS attack. The wave of cyberattacks comes just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.
DDoS
K Financial and insurance activities
Cyber Warfare
NL
ABN Ambro, AIVD, Cozy Bear, APT29
98
01/01/1970
?
ING
During the same weekend, also ING is targeted.
DDoS
K Financial and insurance activities
Cyber Warfare
NL
ING
99
01/01/1970
?
Experty
A hacker tricks Experty ICO participants into sending Ethereum funds to the wrong wallet address. He is able to do this by sending emails with a fake pre-ICO sale announcement to Experty users who signed up for notifications. The bounty amounts to $150,000 worth of Ethereum.
Account Hijacking
V Fintech
Cyber Crime
CH
Experty, Ethereum, Crypto
100
01/01/1970
?
Ontario Progressive Conservative Party
The Ontario Progressive Conservative Party’s internal database is locked up by a ransomware attack in early November. The incident is first being acknowledged now.
Rabobank is the third of the big Dutch banks to be targeted by a DDoS attack.
DDoS
K Financial and insurance activities
Cyber Warfare
NL
Rabobank
102
01/01/1970
?
Dutch tax authority
The Dutch Tax Authority is also taken down by a DDoS attack.
DDoS
O Public administration, defence, compulsory social security
Cyber Warfare
NL
Dutch tax authority
103
01/01/1970
?
DigID
The Dutch official online signature system DigID is also reportedly hit by the same wave of DDoS attacks.
DDoS
O Public administration, defence, compulsory social security
Cyber Warfare
NL
DigID
104
01/01/1970
Suspected malicious actor tied to Pakistan
Android Users in India
Security researchers from Trend Micro unveil the details o a cyber espionage campaign targeting Android users in India, using the PoriewSpy and Droid.jack malware.
Malware/PoS Malware
X Individual
Cyber Espionage
IN
Trend Micro, Android, India, PoriewSpy, Droid.jack, Pakistan
105
01/01/1970
?
Ransomware victims
The operators of at least one Tor proxy service are caught replacing Bitcoin addresses on ransomware payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators. In this way the victims are damaged twice.
Tor Traffic Hijacking
X Individual
Cyber Crime
>1
Tor, Ransomware
106
01/01/1970
?
Chester County School District
Chester County School District posts on its Facebook page that ransomware hit the district’s servers over the weekend.
Malware/PoS Malware
P Education
Cyber Crime
US
Chester County School District
107
01/01/1970
?
Ukrainian Individuals
Researchers from Palo Alto Networks uncovered a two-year-old cyber espionage campaign that's been infecting Ukrainians with either a newly discovered remote access tool called Vermin or the more established Quasar RAT.
Targeted Attack
X Individual
Cyber Espionage
UA
Palo Alto Networks, Vermin, Quasar RAT
108
01/01/1970
?
ABN Ambro
ABN Ambro is targeted by a new DDoS attack. Now the fingers are pointed to Russia.
DDoS
K Financial and insurance activities
Cyber Crime
RU
ABN Ambro
109
01/01/1970
?
ING
And during the same wave of DDoS attacks, also ING is targeted (once again).
DDoS
K Financial and insurance activities
Cyber Crime
RU
ING
110
01/01/1970
?
Single Individuals
Security researchers from Malwarebytes uncover a new strain of ransomware called GandCrab that is being distributed through two separate exploit kits: the RIG EK and GrandSoft EK.
The Spartanburg Public Library system is shut down after it is hit with a ransomware attack.
Malware/PoS Malware
P Education
Cyber Crime
RU
Spartanburg Public Library, Ransomware
112
01/01/1970
?
More than 526,000 infected Windows hosts
Researchers from Proofpoint reveal the details of the Smominru botnet. A Monero miner, active since May 2017, exploiting the Eternal Blue (CVE-2017-0144) and EsteemAudit (CVE-2017-0176) vulnerabilities to spread.
Users participating to the ICO of the Bee Token Crypto Currency
Users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) are tricked into sending the money to scammers instead. The attackers steal nearly $1M worth of cryptocurrency.
Account Hijacking
V Fintech
Cyber Crime
US
Bee Token
114
01/01/1970
?
GoGet
Car-sharing company GoGet discloses a major data breach seven months after it was first detected in June 2017 as the alleged hacker is arrested by Australian police this week. In an email sent to customers, the firm says its IT team identified "unauthorised activity" on its system on 27 June last year and immediately launched a full internal investigation.
Unknown
H Transportation and storage
Cyber Crime
AU
GoGet
115
01/01/1970
?
Firefox Users
A Firefox extension called Image Previewer is discovered, injecting a Monero in-browser miner into Firefox. While we have seen numerous Chrome.
Malicious Extension
X Individual
Cyber Crime
>1
Firefox, Monero, Crypto
116
01/01/1970
North Korea
South Korea
South Korea’s Internet & Security Agency (KISA) warns of a Flash zero-day vulnerability (CVE-2018-4878) reportedly exploited in attacks by North Korea’s hackers.
Targeted Attack
X Individual
Cyber Espionage
KR
CVE-2018-4878, Adobe, North Korea, South Korea
117
02/01/2018
?
Single Individuals
The FBI warns hackers have been impersonating a federal online crime complaint portal to trick victims into divulging their personal and sensitive information in a new phishing scam.
Account Hijacking
X Individual
Cyber Crime
>1
FBI, Internet Crime Complaint Center
118
02/01/2018
Iron Tiger
Institutions in the government, technology, education and telecommunications sector in Asia and the US.
Security researchers from BitDefender discover a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group - Iron Tiger. The campaign is called Operation PZChao, and has been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
BitDefender, Iron Tiger, Operation PZChao
119
02/01/2018
?
Google Chrome Users
Security researchers from Trend Micro uncover 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. According to researchers, this collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub."
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, Google Chrome, Droidclub
120
02/01/2018
?
IoT Devices
Researchers from cyber-security firm Radware discover a new IoT DDoS botnet, built by San Calvicie, an operator of a gaming server rental business. The botnet is called JenX. The botnets borrows parts of different other IoT botnets (for instance CVE-2014-8361 and CVE-2017–17215).
Vulnerability
X Individual
Cyber Crime
>1
Radware, IoT, DDoS, JenX, San Calvicie, CVE-2014-8361 , CVE-2017–17215
121
02/01/2018
?
City of Pittsburg in Kansas
The City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Pittsburg, Kansas
122
02/01/2018
?
HORNE LLP
HORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails.
Account Hijacking
K Financial and insurance activities
Cyber Crime
US
HORNE LLP, Forrest General Hospital
123
02/01/2018
?
City of Batavia
The city of Batavia reports employees’ personal and financial information was compromised through an email phishing of W-2 tax forms. The information includes names, social security numbers, addresses and earnings.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Batavia
124
02/01/2018
?
Kinetics Systems
Kinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised.
Account Hijacking
C Manufacturing
Cyber Crime
US
Kinetics Systems
125
02/01/2018
?
Purchase Line School District
The Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee.
Account Hijacking
P Education
Cyber Crime
US
Purchase Line School District
126
02/01/2018
?
Coastal Cape Fear Eye Associates
Coastal Cape Fear Eye Associates notifies HHS of a ransomware incident that impacted 925 patients.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Coastal Cape Fear Eye Associates, ransomware
127
02/01/2018
?
Aperio
Aperio informs of a data breach that occurred when two employees’ email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts.
Account Hijacking
K Financial and insurance activities
Cyber Crime
US
Aperio
128
02/02/2018
?
Redis and OrientDB servers
Researchers from Qihoo 360 discover a new Monero-mining botnet targeting Redis and OrientDB servers, infecting nearly 4,400 servers and able to mine over $925,000 worth of Monero since March 2017. The botnet, called DDG, targets Redis servers via a credentials dictionary brute-force attack; and OrientDB databases by exploiting the CVE-2017-11467 remote code execution.
Researchers from Malwarebytes reveal that the MacUpdate site has been hacked to distribute the OSX.CreativeUpdate Monero miner via maliciously-modified copies of the Firefox, OnyX, and Deeper applications.
Ron’s Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron’s Pharmacy internal account numbers, and payment adjustment information, after an employee email account was compromised in October 2017.
Account Hijacking
G Wholesale and retail trade
Cyber Crime
US
Ron’s Pharmacy Services
131
02/03/2018
?
Android Users
Researchers from Qihoo 360 discover an additional botnet, targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. The botnet targets port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB). The malware is dubbed ADB.Miner.
The City of Keokuk says a data breach resulted in the release of personal information of current and former city employees and elected leaders. An unauthorized party was able to obtain 2017 W-2 tax forms through the use of a “criminal phishing email.”
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Keokuk
134
02/05/2018
?
Waldo County
A phishing attack compromised the information of 100 Waldo County employees
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Waldo County
135
02/05/2018
?
City of Keokuk
The city of Keokuk has disclosed that a cybercriminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Keokuk
136
02/05/2018
?
Partners HealthCare System
Partners HealthCare System reveals to have discovered a malware attack, occurred in May, 2017 that may have exposed 2,600 patients’ information.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Partners HealthCare System
137
02/05/2018
?
University of Northern Colorado
The private information of 12 University of Northern Colorado employees is compromised lafter an “unknown person or group” accessed their profiles on Ursa, UNC’s online portal.
Unknown
P Education
Cyber Crime
US
University of Northern Colorado
138
02/06/2018
Hidden Cobra, aka Lazarus Group
Multiple Targets
The Department of Homeland Security (DHS) and FBI jointly release two new reports analyzing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government. The two malware packages, referred to as HARDRAIN and BADCALL, can install a remote access tool (RAT) payload on Android devices, and force infected Windows systems to act as a proxy server.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Department of Homeland Security, DHS, Federal Bureau of Investigation, FBI, Hidden Cobra, Lazarus Group, North Korea, HARDRAIN, BADCALL, RAT, Android
139
02/06/2018
AnonPlus
Italian Democratic Party (PD)
The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online.
Unknown
U Activities of extraterritorial organizations and bodies
Hacktivism
IT
Italian Democratic Party, Florence, PD, Matteo Renzi, AnonPlus
140
02/06/2018
AnonPlus
Province of Milan
The same hackers also claim to have hacked the website of Provincia di Milano (Province of Milan) in Italy.
SQLi
O Public administration, defence, compulsory social security
Hacktivism
IT
Province of Milan, AnonPlus
141
02/07/2018
?
Swisscom
Swisscom, the biggest telecom company in Switzerland, suffers a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. The breach dates back to Autumn 2017 and the data accessed includes the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers.
Account Hijacking
J Information and communication
Cyber Crime
CH
Swisscom
142
02/07/2018
?
The Sacramento Bee
The Sacramento Bee deletes two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and 53,000 current and former subscribers to the newspaper.
Malware/PoS Malware
J Information and communication
Cyber Crime
US
The Sacramento Bee, Ransomware
143
02/07/2018
?
Nova Poshta
Personal data of 500,000 Nova Poshta clients, the largest private delivery company in Ukraine, is allegedly leaked to dark web.
Unknown
S Other service activities
Cyber Crime
UA
Nova Poshta
144
02/07/2018
?
City of Enumclaw
The city of Enumclaw accidentally sends an email to an "individual pretending to be a member of City administration" and compromises the W-2s of hundreds of employees.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Enumclaw
145
02/07/2018
?
Twitter Users
Online scammers have made over $5,000 worth of Ethereum in one night alone, creating fake Twitter profiles for real-world celebrities and spamming the social network with messages tricking users to participate in "giveaways."
Fake Twitter Accounts
X Individual
Cyber Crime
>1
Twitter, Ethereum, Crypto
146
02/07/2018
?
Targets in Middle East
Researchers from Cisco Talos reveal the details of a campaign targeted against entities with an interest in the geopolitical context of the region.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Cisco Talos
147
02/07/2018
?
Business Wire
Press release network Business Wire admits suffering an ongoing Distributed Denial of Service (DDoS) attack lasting a week.
DDoS
J Information and communication
Cyber Crime
US
Business Wire
148
02/07/2018
?
Smith Dental
Smith Dental notifies of a ransomware attack affecting 1,500 patients.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Smith Dental
149
02/08/2018
?
Undisclosed Water Utility Company
Researchers from Radiflow discover the first example of a malware attacking the operational network of a water utility company in order to mine the Monero cryptocurrency,
Malware/PoS Malware
E Water supply, sewerage waste management, and remediation activities
Cyber Crime
N/A
SCADA, Radiflow, Monero, Crypto
150
02/08/2018
?
Decatur County General Hospital
Decatur County General Hospital in Parsons, Tenn., publicly discloses that an unauthorized party accessed the server for its electronic medical record system and secretly implanted cryptomining malware.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Decatur County General Hospital, Crypto
151
02/08/2018
?
Single Individuals
Researchers from Trend Micro reveal the details of a malicious spam campaign aimed to distribute the Loki malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, Loki, Ransomware
152
02/08/2018
?
Mikaela Hoover
The Fappening scandal continues even in 2018, and Guardians of the Galaxy actress Mikaela Hoover appears to be the most recent victim.
Account Hijacking
X Individual
Cyber Crime
US
Mikaela Hoover, The Fappening
153
02/08/2018
?
Multiple Targets
Researchers from ForcePoint discover a new strain of point-of-sale (PoS) malware that disguises itself as a LogMeIn service pack and steals payment card information through a DNS server.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
ForcePoint, PoS Malware, LogMeIn, DNS
154
02/08/2018
?
Cisco ASA Users
Five days after details about a vulnerability in Cisco ASA software (CVE-2018-0101) becomes public, Cisco reveals to be "aware of attempted malicious use of the vulnerability."
Cisco ASA Vulnerability
Y Multiple Industries
Cyber Crime
>1
Cisco ASA, CVE-2018-0101
155
02/08/2018
?
Single Individuals
A new malspam campaign is underway, installing the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.
Malware/PoS Malware
X Individual
Cyber Crime
>1
GandCrab, Powershell, Ransomware
156
02/09/2018
?
Single Individuals
A new ransomware is discovered called Black Ruby. The ransomware encrypts the files on a computer, scrambles the file name, and then appends the BlackRuby extension. To make matters worse, Black Ruby also installs a Monero miner. The malware only encrypts computer not from Iran.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Ransomware,BlackRuby, Black Ruby, Monero, Iran
157
02/10/2018
Vietnamese Hacker
Newtek Business Services Corp.,
Newtek Business Services Corp., a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, has several of its core domain names stolen over the weekend.
DNS Hijacking
J Information and communication
Cyber Crime
US
Newtek Business Services Corp.,
158
02/10/2018
?
BitGrail
Italian cryptocurrency exchange BitGrail reports a loss of 17 million Nano, valued at over $170 million at the time of the hack. However, conflicting reports surface with some believing the exchange to be insolvent for a number of months.
Unknown
V Fintech
Cyber Crime
IT
BitGrail, Nano, Crypto
159
02/11/2018
?
Pyeongchang Winter Olympics
Pyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyber attack during Friday’s opening ceremony, but they refused to reveal the source. Researchers from Cisco Talos call the malware Olympic Destroyer and confirm that the only purpose is to disrupt systems.
Targeted Attack
U Activities of extraterritorial organizations and bodies
4,275 sites are injected with an in-browser Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, is compromised. The list of the affected sites includes government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk.
Two malicious plug-ins are recently discovered by Sucuri, injecting obfuscated JavaScript into WordPress websites, in order to generate advertisements that appear if a visitor clicks anywhere on the page.
Wordpress Malicious Plugins
X Individual
Cyber Crime
>1
Wordpress, Sucuri
162
02/12/2018
?
Android Users
Malwarebytes researchers detect a series of attacks that began around November 2017 in which millions of Android devices were targeted redirecting to a specifically designed page performing in-browser cryptomining of Monero virtual currency.
Drive-By
X Individual
Cyber Crime
>1
Malwarebytes, Android, Monero, Crypto
163
02/12/2018
Hidden Cobra, aka Lazarus Group
Bitcoin users and global financial organizations.
Researchers from McAfee discover an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. The campaign is dubbed HaoBao and targets Bitcoin users and global financial organizations.
Targeted Attack
K Financial and insurance activities
Cyber Crime
>1
Hidden Cobra, Lazarus Group, McAfee, Crypto
164
02/12/2018
?
Single Individuals
A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Rapid, ransomware, IRS, Internal Revenue Service
165
02/12/2018
?
Single Individuals
Researchers from IBM's X-Force reveal the details of a new campaign leveraging the Necurs botnet to send Valentine’s Day-themed spam emails. The campaign reaches over 230 million spam messages within a matter of two weeks.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Necurs, Valentine's Day
166
02/12/2018
?
Idaho Transportation Department (ITD)
A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposes the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. About 114 individuals are notified.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Idaho Transportation Department, ITD
167
02/12/2018
?
Entergy
Entergy notifies employees of a W-2 breach involving the TALX portal (a wholly-owned subsidiary of Equifax). The breach involves 2016 W-2 data.
Unknown
D Electricity gas steam and air conditioning supply
Cyber Crime
US
Entergy, W-2, TALX, Equifax
168
01/01/1970
?
Telegram Users
Researchers from Kaspersky reveal that malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware (Monero, Zcash, and Fantomcoin primarily).
Researchers from Trend Micro detect a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits. The AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, AndroRAT, Android, ANDROIDOS_ANDRORAT.HRXC, CVE-2015-1805, Google
170
01/01/1970
?
Military personnel and businessmen, among others, in various South Asian countries
Valentine's Day is approaching, and researchers from Trend Micro reveal that criminals from the Confucius gang are targeting military personnel and businessmen, among others, in various South Asian countries, persuading them into downloading malware hidden in chat apps.
Targeted Attack
X Individual
Cyber Espionage
>1
Trend Micro, Confucius, Valentine's Day
171
01/01/1970
?
Vulnerable Firewalls
Researchers from NewSky Security discover a new IoT botnet, dubbed DoubleDoor, exploiting CVE-2015–7755 and CVE-2016–10401 to bypass respectively Juniper and Zyxel firewalls.
And the last victim of the cryptocurrency frenzy is an advertisement screen in London that is infected by a miner.
Malware/PoS Malware
Z Unknown
Cyber Crime
UK
Crypto, NiceHash
173
01/01/1970
?
Staybridge Suites Lexington Hotel
The Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware.
Malware/PoS Malware
R Arts entertainment and recreation
Cyber Crime
US
Staybridge Suites Lexington
174
01/01/1970
?
Single Individuals
Researchers from Trustwave reveal a new multi-stage email word attack, exploiting CVE-2017-11882, but not making use of any macro.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trustwave, CVE-2017-11882
175
01/01/1970
?
Single Individuals
A Ukrainian cybercrime operation has made an estimated $50 million by using Google AdWords to lure users on Bitcoin phishing sites. The operation is temporarily disrupted by the Ukrainian cyber police, acting on information received from Cisco's Talos security division. The campaign is dubbed Coinhoarder.
SEO Poisoning
X Individual
Cyber Crime
>1
Google AdWords, Cisco Talos, Coinhoarder, Bitcoin, Crypto
176
01/01/1970
?
Bitmessage users
Maintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers.
Zero-Day Vulnerability in Bitmessage
X Individual
Cyber Crime
>1
Bitmessage, Bitcoin, Crypto
177
01/01/1970
?
Atos
Reports emerge that the Olympic Destroyer malware might be used months before to target Atos, the IT provider of Winter Olympics.
Targeted Attack
J Information and communication
Cyber Espionage
FR
Atos, Olympic Destroyer
178
01/01/1970
?
Western Union
Western Union warns that some customers' information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storage
Unknown
K Financial and insurance activities
Cyber Crime
US
Western Union
179
01/01/1970
?
Jenkins CI Servers
Researchers from Check Point reveal the details of Jenkins Miner, a massive operation targeting Jenkins CI servers, via CVE-2017-1000353, aimed to mine Monero cryptocurrency. The Criminals are able
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Check Point, Jenkins Miner, Jenkins CI, CVE-2017-1000353, Monero, Crypto
180
01/01/1970
?
Retina-X Studios
A vigilante hacker claims to have wiped 1 Terabyte of data from Retina-X Studios, a company that sells spyware products.
Unknown
J Information and communication
Cyber Crime
US
Retina-X Studios
181
01/01/1970
GOLD LOWELL
Multiple Targets
Researchers from SecureWorks reveal the detail of a threat actor dubbed GOLD LOWELL using the SAMSAM ransomware for opportunistic attacks.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
US
SecureWorks, GOLD LOWELL, SAMSAM
182
01/01/1970
?
Single Individuals
Researchers from IBM's X-Force discover a new variant of the infamous TrickBot malware repurposed to steal bitcoins.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trickbot, Bitcoin, IBM, X-Force, Crypto
183
01/01/1970
?
US Taxpayers
The Internal Revenue Service warns taxpayers of a quickly growing scam involving erroneous tax refunds being deposited into their bank accounts.
Account Hijacking
X Individual
Cyber Crime
US
Internal Revenue Service, IRS
184
01/01/1970
?
City of Allentown
The city of Allentown is hit by the Emotet Trojan. The City believes that the cost of remediation is close to $1 million.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Allentown, Emotet
185
01/01/1970
?
City of Savannah
The city of Savannah is in recovery mode after being hit by a malware attack when a city worker most likely opened a malicious email.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Savannah
186
01/01/1970
?
poorly secured Linux servers
According to researchers from GoSecure, attacks are launching SSH brute-force attacks on poorly secured Linux servers to deploy a backdoor dubbed Chaos backdoor
Brute-Force
Y Multiple Industries
Cyber Crime
>1
GoSecure, SSH brute-force, Chaos backdoor
187
01/01/1970
?
Unnamed Russian Bank
The Russian Central Bank reveals that unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT international payments messaging system.
Unknown
K Financial and insurance activities
Cyber Crime
RU
SWIFT, Russian Central Bank
188
01/01/1970
?
Snapchat Users
Details emerge on a phishing attack occurred on July 2017 able to score credentials for 50,000 Snapchat users.
Account Hijacking
X Individual
Cyber Crime
>1
Snapchat
189
01/01/1970
rmsrf
Roomsurf
Roomsurf notifies his users of a data breach in which the attacker has been able to obtain usernames, phone numbers, and email addresses.
Unknown
I Accommodation and food service activities
Cyber Crime
US
rmsrf, Roomsurf
190
01/01/1970
?
Davidson County
The Davidson County computers are hit by an unspecified ransomware.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Davidson County, Ransomware
191
01/01/1970
?
Jemison Internal Medicine
Jemison Internal Medicine notifies 6,550 patients of a ransomware attack. However the investigation reveals that the systems had already been compromised.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Jemison Internal Medicine
192
01/01/1970
?
Laufer Group International
Laufer Group International is the victim of a W-2 scam.
Account Hijacking
N Administrative and support service activities
Cyber Crime
US
Laufer Group International
193
01/01/1970
?
White and Bright Family Dental
White and Bright Family Dental notifies patients of a hack occurred on January 30 2018.
Unknown
Q Human health and social work activities
Cyber Crime
US
White and Bright Family Dental
194
01/01/1970
?
Mac Users
Researchers from Digita Security warn users about the Coldroot remote access Trojan that is going undetected by AV engines since more than one year and targets MacOS computers.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Digita Security, Coldroot, MacOS
195
01/01/1970
?
India’s City Union Bank
India’s City Union Bank reveals that cyber criminals have been able to hack its systems and transfer nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
Unknown
K Financial and insurance activities
Cyber Crime
IN
City Union Bank, SWIFT
196
01/01/1970
Flight Sim Labs (FSLabs)
Microsoft Flight Simulator Players
Mod developer Flight Sim Labs (FSLabs) has been accused of embedding malware in its flight simulation add-ons to steal pirates' Chrome passwords.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Flight Sim Labs, FSLabs, Microsoft Flight Simulator
197
01/01/1970
?
Blac Chyna
American model and entrepreneur Blac Chyna falls victim of The Fappening, having intimate content posted online.
Account Hijacking
X Individual
Cyber Crime
US
Blac Chyna, The Fappening
198
01/01/1970
?
Tesla
Researchers at security firm RedLock say hackers accessed one of Tesla's Amazon cloud accounts and used it to run currency-mining software. The breach started with a Kubernetes console left exposed.
Account Hijacking
C Manufacturing
Cyber Crime
US
Redlock, Tesla, Kubernetes, Amazon
199
01/01/1970
APT37 AKA Reaper
Multiple Targets
Security Firm FireEye reveals the details of a lesser-known North Korean cyberespionage group targeting Korean Peninsula, Japan, Vietnam and the Middle East in 2017.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
FireEye, APT37, Reaper
200
01/01/1970
?
The Colorado Department of Transportation (CDOT)
CDOT is hit with a ransomware attack, attributed to SamSam, which forces the organization to shut down 2,000 computers.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Colorado Department of Transportation, CDOT, Ransomware, SamSam
201
01/01/1970
?
Los Angeles Times
Troy Mursch, a security researcher at Bad Packets Report, finds cryptojacking code hidden (based on Coinhive) on the Los Angeles Times’ interactive Homicide Report webpage.
Malicious Script Injection
J Information and communication
Cyber Crime
US
Troy Mursch, Bad Packets Report, Coinhive, Los Angeles Times, Monero, Crypto
202
01/01/1970
?
HardwareZone (HWZ) Forum website
The HardwareZone (HWZ) Forum website is hacked and approximately 685,000 user profiles are affected. A senior moderator’s account has been compromised by an unidentified hacker, and used to access the user profiles since September 2017.
Account Hijacking
J Information and communication
Cyber Crime
SG
HardwareZone Forum, HWZ
203
01/01/1970
APT28 AKA Fancy Bear
Multiple Targets in Middle East and Asia
Researchers from Kaspersky Lab publish a new report highlighting a shift in the activities of the infamous APT28 from Nato and Ukraine to Middle East and Central Asia.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
APT28, Fancy Bear, Kaspersky Lab
204
01/01/1970
?
Facebook Users
Researchers at Avast report a sophisticated campaign in which attackers use Facebook and Facebook messenger to trick users into installing a highly sophisticated Android spyware. The operation is dubbed Tempting Cedar.
IT security researchers at Comodo Labs discover a new phishing scam targeting SWIFT financial messaging service. The scam does not only aim at stealing banking credentials but also infects victims computers with the Adwind RAT.
Account Hijacking
K Financial and insurance activities
Cyber Crime
>1
Comodo Labs, SWIFT, Adwind RAT
206
01/01/1970
Attackers of likely Nigerian origin
Multiple Fortune 500 companies
Researchers from IBM X-Force uncover an active Business Email Compromise campaign targeting multiple Fortune 500 companies.
Account Hijacking
Y Multiple Industries
Cyber Crime
>1
IBM X-Force, Nigeria
207
01/01/1970
?
IoT and networking equipment
Security researchers from Fortinet spot a new variant of the Mirai malware (dubbed Mirai OMG) that focuses on infecting IoT and networking equipment with the main purpose of turning these devices into a network of proxy servers used to relay malicious traffic.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Fortinet, Mirai, Mirai OMG
208
01/01/1970
?
University of Virginia Health System (uvahealth.com)
The University of Virginia Health System notifies almost 2,000 patients that their health records may have been exposed when an unauthorized third party implanted malware on a staffer's computer active between May 2015 and December 2016.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
University of Virginia Health System, uvahealth.com
209
01/01/1970
?
ASCD
ASCD is the victim of a W-2 scam.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
ASCD
210
01/01/1970
?
The Los Angeles Philharmonic
The Los Angeles Philharmonic falls victim to a cyberattack that results in the theft of W-2 information for everyone that worked there in 2017. The security beach happened as the result of a "spear phishing" attack.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
US
The Los Angeles Philharmonic
211
01/01/1970
LulzSecITA
Matteo Salvini Blog
The Italian elections are approaching, so Hacktivists from the collective LulzSecITA hack the blog of Matteo Salvini, the leader of right-wind Italian party "La Lega" and dump 70,000 emails.
Unknown
S Other service activities
Hacktivism
IT
LulzSecITA, Matteo Salvini, La Lega
212
01/01/1970
?
University of Alaska
Dozens of current and former employees and students of the University of Alaska are unable to access their Alaska.edu accounts. According to the investigation, user passwords have been changed by a third party.
Account Hijacking
P Education
Cyber Crime
US
University of Alaska
213
01/01/1970
?
Mobistealth
A hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.
Unknown
J Information and communication
Cyber Crime
US
Mobistealth
214
01/01/1970
?
Spy Master Pro
A hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.
Unknown
J Information and communication
Cyber Crime
US
Spy Master Pro
215
01/01/1970
?
Curtis Lumber
Curtis Lumber is the victim of a spear phishing attack
Account Hijacking
G Wholesale and retail trade
Cyber Crime
US
Curtis Lumber
216
01/01/1970
?
Punjab National Bank (PNB)
10,000 Credit Cards details from Punjab National Bank are leaked in the dark web.
Unknown
K Financial and insurance activities
Cyber Crime
IN
Punjab National Bank, PNB
217
01/01/1970
?
Harper’s Magazine
Harper’s Magazine, the monthly longform journalism and essay publication, warns subscribers that their passwords may have been stolen by hackers.
Unknown
J Information and communication
Cyber Crime
US
Harper’s Magazine
218
01/01/1970
?
About one dozen Connecticut government agencies
About one dozen Connecticut government agencies are hit with what one published report says is a WannaCry attack that knocks about 160 computers offline.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
WannaCry, Connecticut
219
01/01/1970
OilRig APT
An insurance agency and a financial institution in the Middle East
Researchers from Palo Alto Networks reveal that the Iran-linked OilRig APT group is now using a new Trojan called OopsIE in recent attacks against an insurance agency and a financial institution in the Middle East.
Targeted Attack
K Financial and insurance activities
Cyber Espionage
N/A
Palo Alto Networks, OilRig, OopsIE
220
01/01/1970
?
Chinese Websites
Researchers from Malwarebytes unveil the details of a drive-by attack targeting Chinese websites, and dropping an updated version of the Avzhan DDoS bot.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
CN
Malwarebytes, Avzhan, DDoS, Drive-by
221
01/01/1970
?
Children’s Aid Society of Oxford County
Family and Children’s Services of Lanark, Leeds and Grenville
Two Ontario children’s aid societies are hit by Ransomware.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
CA
Children’s Aid Society of Oxford County, Family and Children’s Services of Lanark, Leeds and Grenville, Ransomware, Ontario
222
01/01/1970
Anonymous
Matteo Salvini Facebook Page
And after the personal blog, hacktivists from Anonymous also deface Matteo Salvini's blog page.
Defacement
S Other service activities
Hacktivism
IT
Matteo Salvini, Facebook, Anonymous
223
01/01/1970
?
Teesside University
Students at Teesside University are warned about a possible email security breach and urged to reset their university password.
Unknown
P Education
Cyber Crime
US
Teesside University
224
01/01/1970
?
Wallace Community College Selma
Personal and financial information of current and former employees of Wallace Community College Selma is leaked through a phishing scam.
Account Hijacking
P Education
Cyber Crime
US
Wallace Community College Selma
225
01/01/1970
?
Single Individuals
According to security researchers from Qihoo 360 Netlab, an advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves since December 2017.
Malicious Script Injection
X Individual
Cyber Crime
>1
Qihoo 360 Netlab
226
01/01/1970
?
Jorgie Porter
English actress and model Jorgie Porter is the latest victim of The Fappening hackers, who manage to steal her intimate pictures and videos and post them online.
Account Hijacking
X Individual
Cyber Crime
UK
Jorgie Porter, The Fappening
227
01/01/1970
Anonymous
Some Ohio State Websites
In name of #opUSA, hacktivists from the Anonymous collective take down some Ohio State websites.
DDoS
O Public administration, defence, compulsory social security
Hacktivism
US
Anonymous, #opUSA
228
01/01/1970
?
Inland Revenue Department
Thousands of Inland Revenue files are locked up after New Zealand’s tax department becomes the target of a Cryptolocker attack in November.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
NZ
Inland Revenue Department
229
01/01/1970
Deep Panda
Some UK think tanks
Crowdstrike reveals that some UK think tanks specializing in international security were hacked by China-based group 'Deep Panda' beginning in April 2017.
Targeted Attack
M Professional scientific and technical activities
Cyber Espionage
UK
Deep Panda, Crowdstrike
230
01/01/1970
?
Four British Schools
Hackers break into CCTV systems of at least four British schools and stream footage of pupils live on the internet.
Unknown
P Education
Cyber Crime
UK
British Schools
231
01/01/1970
?
Porsche Japan
The Japanese arm of Porsche says more than 28,000 email addresses have been leaked via a hack.
Unknown
C Manufacturing
Cyber Crime
JP
Porsche Japan
232
01/01/1970
?
Vulnerable Oracle WebLogic Servers
Security researchers from Trend Micro uncover a new campaign, which involves hackers exploiting an Oracle server vulnerability (an Oracle WebLogic WLS-WSAT flaw CVE-2017-10271) to deliver two cryptominers: a 64-bit variant and a 32-bit variant of the XMRig Monero miner.
Australian universities have been targeted by hackers with connections to Iran in recent months, and "a number of investigations" are in progress, according to cybersecurity firm Crowdstrike.
Targeted Attack
P Education
Cyber Espionage
AU
Crowdstrike, Iran
234
01/01/1970
?
Travel Corporation
Travel Corporation falls victim of a W-2 Scam.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
US
Travel Corporation
235
01/01/1970
?
U.S. Residents in 20 states
According to federal court documents, russian hackers operating in Colorado and 15 other states used data-mining viruses to steal thousands of credit card numbers from U.S. residents in 20 states and sold them on the darknet for more than $3.6 million.
Malware/PoS Malware
X Individual
Cyber Crime
US
Russia, Colorado
236
01/01/1970
?
Android Users
Security Firm Wandera reveals the details of RedDrop, a sophisticated strain of mobile malware targeting Android devices can extract sensitive data and audio recordings, run up premium SMS charges and then tries to extort money from victims.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Wandera, RedDrop, Android
237
01/01/1970
?
Single Individuals
Researcher from cybersecurity firm Morphisec reveal the details of a new campaign carried on via spam messages delivering a malicious Word document. The document attempts to exploit an Adobe Flash Player bug (CVE-2018-4878) to let the attackers take control of the infected machines.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Morphisec, Adobe Flash Player , CVE-2018-4878
238
01/01/1970
?
Wordpress, Joomla and CodeIgniter websites
Security researchers from SiteLock warn WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware creates backdoors on vulnerable websites. The malware has been found on over 800 sites.
A computer virus is suspected of crashing cash registers at over 1,000 Tim Hortons coffee and donuts fast food restaurants.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
CA
Tim Hortons
240
01/01/1970
?
FastHealth
FastHealth reveals that in mid-August 2017, an unauthorized party gained access to their web server and obtained patient data.
Unknown
Q Human health and social work activities
Cyber Crime
US
FastHealth
241
01/01/1970
?
Financial Services Information Sharing and Analysis Center (FS-ISAC)
The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.
Account Hijacking
U Activities of extraterritorial organizations and bodies
Cyber Crime
US
Financial Services Information Sharing and Analysis Center, FS-ISAC
242
01/01/1970
APT28 AKA Fancy Bear
Various German government agencies
According to a report issued by the German news agency dpa, malicious actors from APT28 AKA Fancy Bear infiltrated several German government agencies for more than a year.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
DE
APT28, Fancy Bear, dpa
243
01/01/1970
APT28 AKA Fancy Bear
Undisclosed North American and European foreign ministry agency
And nearly in contemporary, researchers from Palo Alto Networks reveal that the same attackers from APT28 targeted a North American and European foreign ministry agency.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
N/A
APT28, Fancy Bear, Palo Alto Networks
244
01/01/1970
?
GitHub
GitHub suvives the largest DDoS attack recorded (so far), reching a stunning 1.35 terabits/sec. leveraging memcached servers.
DDoS
J Information and communication
Cyber Crime
US
GitHub, memcached
245
01/01/1970
?
Undiclosed Brazilian public sector management school.
Researchers from Cisco Talos identify two different versions of a RAT, dubbed CannibalRAT, written entirely in Python, impacting users of a Brazilian public sector management school.
Targeted Attack
P Education
Cyber Crime
BR
Cisco Talos, CannibalRAT
246
01/01/1970
Chafer
Entities across the Middle East
Researchers from Symantec reveal the detalils of an Iranian hacking outfit, dubbed Chafer, previously focused on domestic surveillance, expanding its scope and cyber arsenal to target entities across the Middle East.
Targeted Attack
Y Multiple Industries
Cyber Crime
>1
Symantec, Chafer
247
01/01/1970
?
Single Individuals
Researchers from Malwarebytes reveal the details of a malvertising campaign using decoy websites pushing cryptocurrencies and to redirect users to the RIG exploit kit.
Malvertising
X Individual
Cyber Crime
>1
RIG Exploit Kit, Malwarebytes
248
01/01/1970
?
rTorrent Client users
Researchers from F5 detect an attack actively exploiting the rTorrent client through a previously undisclosed misconfiguration vulnerability on XML-RPC for deploying a Monero (XMR) crypto-miner operation.
Malware/PoS Malware
X Individual
Cyber Crime
>1
F5, rTorrent, Monero, XMR, Crypto, XML-RPC
249
01/01/1970
?
Single Individuals
A bulk breach dump is discovered totaling over 3.4 billion credentials.
Unknown
X Individual
Cyber Crime
>1
250
03/01/2018
?
NIS America
Japanese gaming developer Nippon Ichi Software reveals that its American arm, NIS America, has suffered a major data breach compromising the personal and financial data of online customers. The breach, due to malware implanted in the checkout page, took place sometime between 23 January and 26 February.
Malware/PoS Malware
R Arts entertainment and recreation
Cyber Crime
US
Nippon Ichi Software, NIS America
251
03/01/2018
?
FS-ISAC
The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.
Account Hijacking
S Other service activities
Cyber Crime
US
Financial Services Information Sharing and Analysis Center, FS-ISAC
252
03/01/2018
?
Hope Hicks
Hope Hicks tells the House Intelligence Committee that one of her email accounts was hacked, according to people who were present for her testimony in the panel's Russia probe.
Account Hijacking
X Individual
Cyber Espionage
US
Hope Hicks
253
03/01/2018
?
ASI Constructors, Inc.
ASI Constructors, Inc. reveals to have suffered a phishing attack targeting employees' 2017 W-2 forms. The attack occurred on January 31, 2018.
Account Hijacking
C Manufacturing
Cyber Crime
US
ASI Constructors, Inc.
254
03/01/2018
?
Greyhealth Group
Greyhealth Group reveals to have suffered a phishing attack compromising the personal information of 683 individuals.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Greyhealth Group
255
03/01/2018
?
Scottsboro City Board of Education
The Payroll Department of the Scottsboro City Board of Education falls victim of a phishing scam. The attackers requested W-2 information from all employees.
Account Hijacking
P Education
Cyber Crime
US
Scottsboro City Board of Education
256
03/01/2018
?
Rockdale Independent School District
An email phishing scheme causes several Rockdale ISD employees' taxes to be falsely filed and compromises confidential tax information for all employees.
Account Hijacking
P Education
Cyber Crime
US
Rockdale Independent School District
257
03/01/2018
?
b-tor[.]ru Users
Researchers from Palo Alto Networks discover a Russian BitTorrent Site distributing a Monero Miner.
Malware/PoS Malware
X Individual
Cyber Crime
RU
Palo Alto Networks, Crypto
258
03/01/2018
?
Colorado Department of Transportation (CDOT)
For the second time in two weeks, the computers at the Colorado Department of Transportation Agency shut down 2,000 computers after a ransomware infection.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Colorado Department of Transportation, CDOT, Ransomware
259
03/01/2018
?
Primary Health Care
Primary Health Care notifies patients after discovering hack of employee email accounts.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Primary Health Care
260
03/02/2018
?
Android Phone Buyers
Security Firm Dr.Web publishes a list of 42 Android phones sold already infected with the Triada banking trojan.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Dr.Web, Android
261
03/02/2018
?
160 Applebee’s Restaurants
RMH Franchise Holdings reveals that PoS systems at the Applebee’s network of restaurants were infected with a PoS malware. 160 restaurants are affected. The breach was discovered on February 13, and took place between November 23, 2017, and January 2, 2018.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
US
RMH Franchise Holdings, Applebee’s
262
03/02/2018
?
Humanitarian Aid Groups
McAfee uncovers Operation Honeybee, a malicious document campaign targeting Humanitarian Aid Groups, using North Korean political topics as bait.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
McAfee, Operation Honeybee
263
03/02/2018
?
St. Peter's Surgery & Endoscopy Center
St. Peter's Surgery & Endoscopy Center reveal that hackers potentially compromised medical records of about 135,000 patients earlier this year.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
St. Peter's Surgery & Endoscopy Center
264
03/04/2018
Peter Andre and wife Emily MacDonagh
The intimate photos of singer Peter Andre and wife Emily MacDonagh have reportedly been stolen and published online as part of a new episode from the Fappening saga.
Account Hijacking
X Individual
Cyber Crime
UK
Peter Andre, Emily MacDonagh, The Fappening
265
03/05/2018
?
Unidentified US Service Provider
Few days after GitHub suffered a massive 1.3 Tbps DDoS attack, Arbor Networks unveil the details of a new record DDoS attack that clocked at 1.7 Tbps. The attack was aimed at a yet-to-be-identified "US service provider."
DDoS
J Information and communication
Cyber Crime
US
Arbor Networks
266
03/05/2018
?
Single Individuals
Researchers from Palo Alto Networks and Proofpoint discover a new malware, dubbed Combojack, that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Palo Alto Networks, Proofpoint, Crypto
267
03/05/2018
?
Single Individuals
A new report from Kaspersky Lab reveals that one cryptomining gang tracked by researchers over the past six months minted $7 million with the help of 10,000 computers infected with mining malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Kaspersky Lab, Crypto
268
03/05/2018
?
ABC Bus Companies, Inc.
An employee falls victim of a phising email and delivers to the attacker the personal information of ABC employees.
Account Hijacking
H Transportation and storage
Cyber Crime
US
ABC Bus Companies, Inc.
269
03/06/2018
?
Single Individuals
Researchers from Cisco Talos reveal a surge of campaigns distributing the Gozi ISFB financial malware.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Cisco Talos, Gozi ISFB
270
03/06/2018
?
Flexible Benefit Service Corporation
Flexible Benefit Service Corporation notifies 5,123 of a phishing incident occurred on February 16.
Account Hijacking
K Financial and insurance activities
Cyber Crime
US
Flexible Benefit Service Corporation
271
03/07/2018
?
Binance
A large scale phishing campaign causes a massive unauthorized cryptocurrency sell-off activity for the users of Binance, a Chinese cryptocurrency trader.
Account Hijacking
V Fintech
Cyber Crime
CN
Binance, crypto
272
03/07/2018
?
Individuals in Russia, Turkey and Ukraine
Microsoft says to have discovered and stopped a large attack that attempted to use variants of the Dofoil, or Smoke Loader, trojan to spread a cryptocurrency miner. In total more than 400,000 instances were recorded: 73 percent, hitting Russians with Turkey,18 percent, and the Ukraine 4 percent being the other main targets. The attack was carried on via an update server that replaced a BitTorrent client called MediaGet with a near-identical but back-doored binary.
The Pinelands Regional School District is hit by the Emotet malware.
Malware/PoS Malware
P Education
Cyber Crime
US
Pinelands Regional School District, Emotet
274
03/08/2018
?
Italian Ministry of Education
The Italian branch of the Anonymous collective leaks from the Italian Ministry of Education, 26,000 emails of teachers belonging to all level of schools. They also leak 200 administrative staff addresses.
Unknown
O Public administration, defence, compulsory social security
Hacktivism
IT
Anonymous, Italian Ministry of Education
275
03/08/2018
Hidden Cobra
Several Financial Turkish Institutions
Researchers from McAfee reveal that the reputed state-sponsored North Korean hacking group Hidden Cobra has once again been fingered in a malware attack against financial organizations, this time apparently targeting Turkish institutions in a spear phishing campaign in early March, leveraging CVE-2018-4878.
Targeted Attack
K Financial and insurance activities
Cyber Espionage
TR
McAfee, Hidden Cobra, CVE-2018-4878, North Korea
276
03/08/2018
?
Misconfigured Redis servers, and Windows servers vulnerable to the EternalBlue NSA exploit.
Researchers from Imperva reveal a new unusually sophisticated cryptojacking attack attempting to install cryptominers on both database and application servers by targeting misconfigured Redis servers, as well as Windows servers that are susceptible to the EternalBlue NSA exploit. The Campaign is dubbed RedisWannaMine.
According to local reports in the Netherlands, hackers manage to breach the surveillance camera system in a dressing room of a sauna hosting the women handball team, and post the recordings on adult websites last December.
Unknown
X Individual
Cyber Crime
NL
Dutch women's handball team
278
03/08/2018
?
Former Tennessee Gov. Phil Bredesen's Senate campaign
Former Tennessee Gov. Phil Bredesen's Senate campaign tells the FBI in a letter that it fears it was hacked.
Unknown
X Individual
Cyber Crime
US
Phil Bredesen
279
03/09/2018
Slingshot APT
Targets in the Middle East and Africa
Kaspersky Lab reveal the details of Slingshot, an extremely sophisticated cyber espionage campaign, leveraging malware to spy on international targets for six years. The APT group exploited zero-day vulnerabilities (CVE-2007-5633; CVE-2010-1592, CVE-2009-0824) in routers used by the Latvian network hardware provider Mikrotik.
Security researchers from Citizen Lab publish a report where they reveal how deep packet inspection middleboxes are being used either to expose Turkish nationals to nation-state spyware or to redirect Egyptian Internet users to ads and browser cryptocurrency.
Malware/PoS Malware
X Individual
Cyber Espionage
TR
Turkey, Citizen Lab
281
03/09/2018
?
14 unnamed countries
ESET researchers reveal to have discovered a new version of the infamous Hacking Team surveillance tool, dubbed RCS (Remote Control System), active in 14 countries.
Malware/PoS Malware
X Individual
Cyber Espionage
>1
Hacking Team, RCS, ESET, Remote Control System
282
03/09/2018
?
Multiple Industries
Researchers at Kroll Cyber Security reveal the details of a new family of point-of-sale malware, dubbed PinkKite, very tiny in size, potentially devastating for POS endpoints.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Kroll Cyber Security, PinkKite
283
03/09/2018
APT15
UK government contractor
Researchers at NCC Group reveal to have discovered multiple backdoors on a UK government contractor’s computer designed to steal sensitive government and military data. The hack is tied to China-linked cyber espionage group APT15. According to researchers, the attackers were able to deploy three backdoors – identified as RoyalCli, RoyalDNS and BS2005. The networks were compromised from May 2016 until late 2017 and infected over 30 contractor controlled hosts.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
UK
NCC Group, APT15, RoyalCli, RoyalDNS, BS2005
284
03/09/2018
APT28 AKA Fancy Bear AKA Sofacy
Far East Targets
Researchers at Kaspersky Lab reveal a new analysis on the infamous APT28 indicating that the group is shifting its interest to Far East Targets
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Kaspersky Lab, APT28, Fancy Bear, Sofacy
285
03/09/2018
?
Single Individuals
Researchers from Proofpoint reveal the details of a remote access tool dubbed FlawedAmmyy, developed using the leaked source code of Ammyy Admin, a legitimate remote desktop software.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Proofpoint, FlawedAmmyy, Ammyy Admin
286
03/09/2018
?
Unpatched Apache Solr Servers
Researchers from the ISC SANS discover a campaign targeting Apache Solr servers that hadn't received patches for the CVE-2017-12629 vulnerability. The campaign is aimed to install miners.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Apache Solr, CVE-2017-12629, Crypto
287
03/09/2018
$2a$45
Florida Virtual Learning School (FVLS)
Florida Virtual Learning School notifies 368,000 current and former students, after an individual with the moniker $2a$45 uploads information of 35,000 students on a forum. Leon County Schools is among the affected organizations.
Unknown
P Education
Cyber Crime
US
Florida Virtual Learning School, $2a$45, Leon County Schools
288
03/09/2018
herbapproach@protonmail.com
JJ Meds
JJ Meds, a medical marijuana delivery service in Canada, goes offline after having received an extortion demand.
Unknown
G Wholesale and retail trade
Cyber Crime
CA
JJ Meds, herbapproach@protonmail.com
289
03/10/2018
?
National Rifle Association (NRA)
According to a report released by Netlab, three different National Rifle Association (NRA) websites experienced Distributed Denial of Service (DDoS) attacks.
DDoS
S Other service activities
Cyber Crime
US
National Rifle Association, NRA
290
03/10/2018
?
Mississippi Valley State University
Mississippi Valley State University’s campus was temporary without internet service this week after university officials said the school was hit by a SamSam ransomware attack.
Malware/PoS Malware
P Education
Cyber Crime
US
Mississippi Valley State University, SamSam
291
03/12/2018
MuddyWater AKA TEMP.Zagros
Targets in Turkey, Pakistan and Tajikistan
Researchers from Palo Alto Networks and FireEye reveal that the Iran-Linked MuddyWater campaign (AKA TEMP.Zagros) appears to be still active against targets in Turkey, Pakistan and Tajikistan.
ATI Physical Therapy notifies patients of a security incident that appears to have targeted employees’ email accounts.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
ATI Physical Therapy
293
03/12/2018
?
Okaloosa Water and Sewer
Okaloosa Water and Sewer warns its users of a security breach involving external vendors which process electronic credit/debit card payments for water and sewer bills.
Unknown
E Water supply, sewerage waste management, and remediation activities
Cyber Crime
US
Okaloosa Water and Sewer
294
01/01/1970
OceanLotus APT aka APT32 aka APT-C-00
Targets in East Asian countries such as Vietnam, the Philippines, Laos and Cambodia
Researchers from ESET reveal that the suspected Vietnamese APT group OceanLotus has added a new backdoor to its repertoire of malicious tools – one that includes capabilities for enabling file, registry and process manipulation, and also downloading more malicious files.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
OceanLotus APT, APT32, APT-C-00
295
01/01/1970
?
Uyghurs
Researchers from Palo Alto Networks reveal the details of a new Android malware family dubbed “HenBox”, targeting the Uyghurs, a minority Turkic ethnic group living in China.
Malware/PoS Malware
X Individual
Cyber Espionage
CN
Paolo Alto Networks, HenBox, Uyghurs
296
01/01/1970
?
Multiple Targets
Researchers from Imperva identify a new but unusually distributed Monero cryptominer scam campaign hidden in a picture of Scarlett Johansson.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Monero, Scarlett Johansson, Imperva
297
01/01/1970
?
Single Individuals
Researchers from AVAST reveal the details of a campaign where Criminals hosted their cryptominers in forked projects on GitHub.
Malware/PoS Malware
X Individual
Cyber Crime
>1
GitHub, AVAST, Crypto
298
01/01/1970
?
Port of Longview
The Port of Longview is hit by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors.
Unknown
H Transportation and storage
Cyber Crime
US
Port of Longview
299
01/01/1970
?
Gwent Police
Gwent Police is being investigated after failing to inform up to 450 people that hackers may have accessed their confidential reports to the force.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
UK
Gwent Police
300
01/01/1970
?
Fortnite
Several news reports surface of the suspected hacking of player accounts of popular video game Fortnite, with some gamers apparently faced with large credit card charges from fraudulent purchases.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
US
Fortnite, Epic Games
301
01/01/1970
?
Visitors of download.cnet.com
ESET researchers discover three trojanized applications (bitcoin stealing malware) hosted on download.cnet.com, the163th most visited site in the world according to Alexa rankings. The researchers estimate that as of March 13, the attacker managed to steal the equivalent of $80,000 USD. The malware had been hosted since May 2, 2016 and had been downloaded more than 4,500 times in total.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Crypto, download.cnet.com, ESET
302
01/01/1970
?
Android Users
Researchers from Check Point reveal the details of RottenSys, a massive botnet composed of 5 million Android smartphones, active primarily in China.
Malware/PoS Malware
X Individual
Cyber Crime
CN
Check Point, RottenSys
303
01/01/1970
?
Multiple Targets
Researchers from Forcepoint publish a detailed analysis of the Qrypter Remote Access Tool. The analysis reveals that 243 organizations worldwide have been hit by the RAT.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Forcepoint, Qrypter
304
01/01/1970
?
Queensland Transport Department
ABC News reveals that overseas hackers breached the Queensland Transport Department's security network last year, before attempting to steal information from staff members from other sections of government.
Unknown
O Public administration, defence, compulsory social security
Cyber Espionage
AU
Queensland Transport Department'
305
01/01/1970
Dragonfly
West's energy utilities and other critical infrastructures
The US Department of Homeland Security and the Federal Bureau of Investigation issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructures by individuals acting on behalf of the Russian government. The report points the finger at the Dragonfly group.
Targeted Attack
D Electricity gas steam and air conditioning supply
Cyber Crime
>1
US Department of Homeland Security, DHS, Federal Bureau of Investigation, FBI, Dragonfly
306
01/01/1970
APT28 AKA Fancy Bear AKA Sofacy
Unnamed European Government
Researchers from Palo Alto Networks reveal a new campaign carried on by the infamous APT28 (AKA Fancy Bear AKA Sofacy) targeting an unnamed European Government, exploiting an updated version of DealersChoice, a platform that exploits a Flash vulnerability to stealthily deliver a malicious payload of trojan malware.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
N/A
Palo Alto Networks, APT28, Fancy Bear, Sofacy
307
01/01/1970
?
Meghan Markle
The Fappening saga continues with new photo leaks published online. The most recent victim is none other than Meghan Markle, the soon-to-be Mrs. Prince Harry. Some believe ISIS could be involved in the hack, even if no official claim is made.
Account Hijacking
X Individual
Cyber Crime
UK
Meghan Markle, ISIS, The Fappening
308
01/01/1970
?
Single Individuals in South Korea
Researchers from Symantec reveal the details of a new version of the infamous FakeBank trojan distributed via malicious Android apps in South Korea.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
KR
Symantec, South Korea
309
01/01/1970
?
Unnamed Petrochemical Company in Saudi Arabia
The New York Times reveals that back in August, a petrochemical company with a plant in Saudi Arabia was hit by a cyberattack aimed to sabotage the firm’s operations and trigger an explosion.
Targeted Attack
D Electricity gas steam and air conditioning supply
Cyber Warfare
SA
New York Times
310
01/01/1970
?
Single Individuals
Security researchers from Kaspersky reveal that the PoS Malware Prilex has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Kaspersky Lab, Prilex
311
01/01/1970
?
Nampa School District
The Nampa School District informed its employees of a potential security issue involving personally identifiable information of about 3,983 of its current and past employees.
Unknown
P Education
Cyber Crime
US
Nampa School District
312
01/01/1970
?
Svitzer
The shipping company Svitzer suffers a significant data breach affecting almost half its Australian employees when three employees have had emails auto-forwarded in the past 11 months.
Account Hijacking
H Transportation and storage
Cyber Crime
AU
Svitzer
313
01/01/1970
TEMP.Periscope AKA Leviathan
U.S. Maritime Entities
Security firm FireEye reveals the details of TEMP.Periscope, a Chinese group focused on U.S. maritime entities that were either linked to -- or have clients operating in -- the South China Sea.
Targeted Attack
H Transportation and storage
Cyber Espionage
US
TEMP.Periscope, FireEye, Leviathan
314
01/01/1970
?
UK National Lottery
The UK National Lottery advises all 10.5million people with online accounts to change their passwords following an attempt by hackers to access accounts using credential stuffing.
Brute Force (Credential Stuffing)
R Arts entertainment and recreation
Cyber Crime
UK
UK National Lottery
315
01/01/1970
?
Atrium Hospitality
Atrium Hospitality notifies 376 hotel guests of a ransomware attack occurred on December 2017.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
US
Atrium Hospitality, ransomware
316
01/01/1970
?
Frost Bank
Frost Bank investigates a breach after the company discovered unauthorized access to digital images stored in those customers’ commercial image archives.
Unknown
K Financial and insurance activities
Cyber Crime
US
Frost Bank
317
01/01/1970
?
TheDarkOverlord
TheDarkOverlord claims to have breached H-E Parts Morgan. The breach seems to have occurred in November.
Unknown
G Wholesale and retail trade
Cyber Crime
US
TheDarkOverlord, H-E Parts Morgan
318
01/01/1970
?
Russian Central Election Commission
The Russian Central Election Commission is hit by a DDoS attack.
DDoS
O Public administration, defence, compulsory social security
Cyber Warfare
RU
Svitzer
319
01/01/1970
?
Orbitz
Orbitz, a subsidiary of online travel agency Expedia Inc reveals that hackers may have accessed personal information from about 880,000 payment cards. The breach may have occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016 and June 22, 2016 for its consumer platform.
Unknown
J Information and communication
Cyber Crime
US
Orbitz, Expedia
320
01/01/1970
?
David Nott
David Nott, a British surgeon who helped carry out operations in Aleppo, reveals that the hacking of his computer could have led to a hospital being bombed by suspected Russian warplanes.
Targeted Attack
X Individual
Cyber Espionage
SY
David Nott, Aleppo, Russia
321
01/01/1970
?
Puerto Rico’s Power Utility, PREPA
Puerto Rico’s Power Utility, PREPA reveals to have been hacked over the weekend, but customer information was not compromised.
Unknown
D Electricity gas steam and air conditioning supply
Cyber Crime
PR
Puerto Rico’s Power Uttility, PREPA
322
01/01/1970
?
Trusted Quid
Trusted Quid reports a theft of data from unauthorised access to its website. The incident relates to data directly entered by people applying for a loan only on the Trusted Quid website between 1 July 2016 and 17 February 2018. Up to 65,925 people may have been affected.
Unknown
K Financial and insurance activities
Cyber Crime
UK
Trusted Quid
323
01/01/1970
?
Finger Lakes Health
Finger Lakes Health is functioning the old-fashioned way while its computer system remains locked up by an unspecified type of ransomware.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Finger Lakes Health, ransomware
324
01/01/1970
?
Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL)
Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL), a power distribution company suffers a cyber attack on its Automatic Meter Reading System (AMR) in which billing data of about 4,000 industrial consumers are encrypted. The attackers demand a ransomware equivalent to $150,000.
Malware/PoS Malware
D Electricity gas steam and air conditioning supply
Researchers from Trend Micro reveal that a hacker group has made nearly $75,000 by installing a Monero miner on Linux servers after exploiting a five-year-old vulnerability in the Cacti "Network Weathermap" plugin (CVE-2013-2618). The researchers believe this is the same group that recently exploited CVE-2017-1000353 to inject Monero miners into vulnerable Jenikins installations.
Researchers from security firm Webroot reveal the details of a new variant of the well-known Trickbot financial trojan.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Trickbot, Webroot
327
01/01/1970
OilRig APT
A number of organizations across the Middle East
According to a new analysis by security firm Nyotron, the Iran-linked OilRig APT is back with a new more advanced malware toolkit.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
iran, OilRig, Nyotron
328
01/01/1970
?
Russian Defense Ministry
The Russian Defense Ministry reveals that a total of 7 DDoS attacks are carried out against its website during the final vote of the general elections.
DDoS
O Public administration, defence, compulsory social security
Cyber Warfare
RU
Russian Defense Ministry
329
01/01/1970
?
City of Atlanta
IT systems used by the City of Atlanta, are hit by a SamSam ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Atlanta, ransomware, SamSam
330
01/01/1970
?
Android Users
Researchers from SophosLabs reveal the details of Andr/HiddnAd-AJ, a malicious app in disguise of an Ad blocker, downloaded more than 500,000 times before being pulled off the Google Play Store.
Malware/PoS Malware
X Individual
Cyber Crime
>1
SophosLabs, Android, Andr/HiddnAd-AJ, Google Play Store
331
01/01/1970
?
Some Government Agencies
Researchers from FireEye discover a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
>1
FireEye, Sanny
332
01/01/1970
?
Baltimore's Automated Dispatch System.
Unknown actors temporarily cause a shutdown of Baltimore's automated dispatch system, impacting the messaging functions within the Computer Aided Dispatch (CAD) system used by both of the city's 911 and 311 services.
Unknown
Q Human health and social work activities
Cyber Crime
US
Baltimore's Automated Dispatch System.
333
01/01/1970
APT28 AKA Fancy Bear
UK Anti-Doping Agency
The UK Anti-Doping Agency revels to have foiled an attempted cyberattack during the weekend that tried to access confidential medical and drug‑testing data.
Targeted Attack
S Other service activities
Cyber Espionage
UK
APT28, Fancy Bear, UK Anti-Doping Agency
334
01/01/1970
?
Vulnerable Linux-based systems
Researchers from Cisco Talos reveal the details of GoScanSSH, a new strain of malware that targets vulnerable Linux-based systems, avoiding government and military networks.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
GoScanSSH, Cisco Talos
335
01/01/1970
Alleged Nigerian Hackers
Naukri.com
Nigerian hackers hack into Naukri.com’s servers, stealing 100,000 resumes and contacting 10,000 job seekers for fake interviews.
Unknown
M Professional scientific and technical activities
Cyber Crime
IN
Naukri.com
336
01/01/1970
?
Stormont (Northern Ireland Parliament)
Stormont (the Northern Irish Parliament)issues a warning to all staff, including political parties, after discovering its email service was hit by a cyber attack.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
IE
Stormont
337
01/01/1970
?
YouTube Users
Researchers at Russian anti-virus vendor Dr. Web discover a dangerous malware campaign spread by cybercriminals from comments posted on YouTube. The malware is dubbed Trojan.PWS.Stealer.23012.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Dr.Web, YouTube, Trojan.PWS.Stealer.23012.
338
01/01/1970
?
Android Users
Researchers from Trend Micro discover HiddenMiner, a new type of Android malware that infects devices and untetheredly mines Monero in the phone's background until the battery is exhausted or the device gives out.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, HiddenMiner, Monero, Crypto
339
01/01/1970
?
Boeing
A Boeing facility in South Carolina is hit by the Wannacry ransomware.
Malware/PoS Malware
C Manufacturing
Cyber Crime
US
Boeing, Wannacry, Ransomware
340
01/01/1970
?
Vulnerable MicroTik devices
Another IoT Botnet: a new Hajime variant infects MicroTik devices vulnerable to an exploit known as "Chimay Red".
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Hajime, MicroTik, Chimay Red
341
01/01/1970
?
Single Individuals
Researchers from security company Cybereason reveal the details of "Fauxpersky", a simple and efficient keylogger impersonating the Russian antivirus software Kaspersky.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Cybereason, Fauxpersky, Kaspersky
342
01/01/1970
?
S.S. Lazio
Italian newspaper "Il Tempo" reports that Italian football team Lazio have fallen for an email scam and paid £1.75m (€2m) of the final instalment for defender Stefan de Vrij's transfer from Dutch club Feyenoord to fraudsters.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
IT
S.S. Lazio, Feyenoord, Stefan de Vrij
343
01/01/1970
?
Indian Bank Customers
A complaint reveals that 1,020 bank accounts in different banks were used by fraudsters to receive money from victim's bank accounts through phishing.
Account Hijacking
K Financial and insurance activities
Cyber Crime
IN
India
344
01/01/1970
?
Under Armour
Under Armour, Inc. announces that it is notifying users of MyFitnessPal - the company's food and nutrition application and website, about a data security issue. On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. The company investigation reveals that approximately 150 million user accounts were affected by this issue.
Unknown
C Manufacturing
Cyber Crime
US
Under Armour, MyFitnessPal
345
01/01/1970
?
Bank Negara Malaysia
Bank Negara Malaysia reveals to have foiled cyberattack in which fraudulent messages to transfer funds were sent on the SWIFT transactions platform.
Unknown
K Financial and insurance activities
Cyber Crime
MY
Bank Negara Malaysia, SWIFT
346
01/01/1970
?
Unnamed Bestiality Website
Thousands of user account details—many related to a bestiality website—are circulating on public image boards, according to data obtained by Motherboard.
Unknown
S Other service activities
Cyber Crime
N/A
Motherboard, Bestiality
347
01/01/1970
?
CareFirst BlueCross BlueShield
A phishing email attack on Baltimore-based CareFirst BlueCross BlueShield may have comprised nearly 6,800 members’ personal data. The insurer learned on March 12 that one of its employees fell victim to a phishing email that compromised his or her email account. The hacker used the email account to send spam messages to an email list of individuals not associated with CareFirst.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
CareFirst BlueCross BlueShield
348
04/01/2018
?
Guardian Pharmacy of Jacksonville
Guardian Pharmacy of Jacksonville notifies 11,521 patients of email compromise of protected health information.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Guardian Pharmacy of Jacksonville
349
04/01/2018
JokerStash AKA Fin7 AKA Carbanak
Hudson's Bay Company
Retailer Hudson's Bay Company discloses that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America. Millions of cards may have been compromised (5 millions are already offered for sale).
Unknown
G Wholesale and retail trade
Cyber Crime
CA
Hudson's Bay Company, Saks, Lord & Taylor, JokerStash, Fin7, Carbanak
350
04/02/2018
?
Four U.S. pipeline companies (Oneok Inc, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, Eastern Shore Natural Gas)
At least four U.S. pipeline companies have seen their electronic systems for communicating with customers shut down, with three confirming it resulted from a cyberattack to Latitude Technology, a third-party provider. It is not clear is the outage is the result of a ransomware or DDoS attack.
Unknown
D Electricity gas steam and air conditioning supply
Cyber Crime
US
Latitude Technology, Oneok Inc, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, Eastern Shore Natural Gas
351
04/02/2018
?
1,000 Magento Sites
Security researchers from FlashPoint say they've identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details, perform cryptojacking, or redirect the visitors to malware distribution sites.
Brute-Force/Credential Stuffing
Y Multiple Industries
Cyber Crime
>1
Flashpoint, Magento, Crypto
352
04/02/2018
?
Android Users
Researchers from Trustlook reveal the details of a new strain of Android malware specifically aimed at stealing private conversations on IM applications like Facebook Messenger, Skype, Telegram, Twitter, Viber, and others.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trustlook
353
04/02/2018
?
Government of Sint Maarten
The entire government of Sint Maarten, an independent country within the Kingdom of the Netherlands, is taken down for a week by a cyber attack.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
SX
Sint Maarten
354
04/03/2018
?
Vadim Lavrusik Twitter and Flipboard accounts
Less than an hour after tweeting about being safe during the active shooting at YouTube's headquarters, the Twitter and Flipboard accounts of Vadim Lavrusik, a product manager at Youtube, are hit by hackers.
Account Hijacking
X Individual
Cyber Crime
US
YouTube, Twitter, Flipboard, Vadim Lavrusik
355
04/03/2018
Dark-Coder or Th3Falcon.
More than a dozen major Israeli websites
In name of OpIsrael, more than a dozen major Israeli websites, belonging to hospitals, local authorities, the Israeli Opera, Israel Teachers Union and the IDF Widows and Orphans Organization are defaced apparently in response to clashes between the IDF and Gazan protesters the previous weekend.
Defacement
Y Multiple Industries
Hacktivism
IL
OpIsrael, Dark-Coder, Th3Falcon
356
04/03/2018
Lazarus AKA Hidden Cobra
Online Casino in Central America
Researchers from ESET reveal that the infamous Lazarus Group, a malicious actor linked to North Korea, has used a new toolset, including the destructive KillDisk, to target the network of an online Casino in Central America.
Targeted Attack
R Arts entertainment and recreation
Cyber Espionage
N/A
Lazarus, Hidden Cobra, KillDisk, ESET
357
04/04/2018
APT32 AKA OceanLotus
Multiple Targets
Researchers from Trend Micro reveal the details of a new backdoor affecting MacOS linked to the OceanLotus threat group. The backdoor is called OSX_OCEANLOTUS.D.
Researchers from Trend Micro discover a campaign aimed to inject the widely-used Coinhive code into an ad supplied by the AOL advertising network, in order to mine crypto currency.
Malicious Code Injection
X Individual
Cyber Crime
>1
Trend Micro, Coinhive, AOL, crypto
359
04/04/2018
?
Verge Cryptocurrency
An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace
Unknown
V Fintech
Cyber Crime
N/A
Verge
360
04/04/2018
?
Facebook Users
Facebook reveals that "malicious actors" took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.
Vulnerability
X Individual
Cyber Crime
US
Facebook
361
04/04/2018
?
Japan Ministry Employees
The Japanese government’s cybersecurity center reveals that the email addresses and passwords of thousands of ministry employees have been leaked and are being sold on the Internet.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
JP
Japan
362
04/04/2018
?
Oakton High School
A police investigation reveals that hackers attempted to change grades at Oakton High School, using an attack carried on via a malicious email.
Account Hijacking
P Education
Cyber Crime
US
Oakton High School
363
04/05/2018
?
[24]7.ai
[24]7.ai, a firm providing online customer support services based on artificial intelligence and machine learning, is breached. As consequence other companies using its services suffer a theft of customer payment information. The breach occurred between September 26, 2017 and October 12, 2017. The list of the victims include Sears, Kmart, and Delta Airlines. Even Best Buy is involved.
Unknown
J Information and communication
Cyber Crime
US
[24]7.ai, Sears, Kmart, Delta Airlines, Best Buy
364
04/05/2018
?
Several Financial Firms
Researchers from Recorded Future reveal the details of the IoTroop botnet, a botnet made up of hijacked internet-connected televisions and web cameras used to target financial firms with DDoS attacks.
DDoS
K Financial and insurance activities
Cyber Crime
>1
Recorded Future, IoTroop, DDoS
365
04/05/2018
?
Multiple Financial Targets
Researchers from Netskope discover a new ATM jackpotting malware dubbed ATMJackpot. The malware seems to have originated from Hong Kong and to be still in development.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Netskope, ATMJackpot
366
04/05/2018
?
Multiple Targets
Researchers from Fortinet discover a new variant of the Agent Tesla spyware, spreading via weaponized Microsoft Word Documents.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Tesla, Fortinet
367
04/06/2018
Suspected Chinese Hackers
India's Ministry of Defence
The website of India's Ministry of Defence is defaced by suspected Chinese attackers.
Defacement
O Public administration, defence, compulsory social security
Cyber Crime
IN
India's Ministry of Defence, China
369
04/08/2018
?
Drake Bell
Drake Bell appears to be the most recent victim of hackers as part of another episode of the Fappening saga.
Account Hijacking
X Individual
Cyber Crime
US
Drake Bell, The Fappening
370
04/08/2018
?
Natalie Cassidy
EastEnders star Natalie Cassidy is the latest celebrity to have her intimate pictures leaked online in yet another evolution of the Fappening 2018 scandal.
Account Hijacking
X Individual
Cyber Crime
UK
Natalie Cassidy, The Fappening, 2018
371
04/09/2018
JHT
Cisco switches around the world
The Iranian IT Ministry reveals that Hackers have attacked networks in a number of countries including data centers in Iran where they left the image of a U.S. flag on screens along with a warning: “Don’t mess with our elections”. The attack, exploiting CVE-2018-0171, affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in Iran.
Vulnerability
Y Multiple Industries
Hacktivism
>1
JHT, CVE-2018-0171, Cisco
372
04/09/2018
?
Armed Forces Recreation Center Edelweiss Lodge and Resort
The Armed Forces Recreation Center Edelweiss Lodge and Resort investigates a data breach that left some guests open to identity theft. At least 18 guests — primarily soldiers and retirees — who stayed at the resort between November 2017 and February 2018 reported that their credit cards were misused after their stays.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
DE
Armed Forces Recreation Center Edelweiss Lodge and Resort
373
04/09/2018
?
Sodexo Filmology
Sodexo food services and facilities management company notifies a number of customers that it was the victim of a targeted attack on its cinema vouchers platform Sodexo Filmology.
Targeted Attack
R Arts entertainment and recreation
Cyber Crime
UK
Sodexo Filmology
374
04/09/2018
?
Telco companies in Brazil, Columbia and other Latin American countries
Researchers from Flashpoint observe a spike of activity in Telegram messaging channels being used to exchange HTTP injectors. HTTP injectors can be used to obtain free mobile internet access.
HTTP Injectors
J Information and communication
Cyber Crime
>1
Flashpoint
375
04/10/2018
?
Vulnerable CMS Systems.
Security researchers at Malwarebytes report to have uncovered evidence of a sophisticated campaign of thousands of compromised websites running vulnerable CMS' and abused to distribute malware to visiting users via fake updates. The campaign is called FakeUpdates and is used to distribute the ZeusVM variant Chtonic banking malware or a NetSupport Remote Access Tool
Malicious Code Injection
X Individual
Cyber Crime
>1
Malwarebytes, FakeUpdates, CMS, ZeusVM, Chtonic, NetSupport, RAT
376
04/10/2018
Kuroi’SH and Prosox
Vevo Youtube Account
Two hackers manage to deface several popular YouTube music videos, changing titles and thumbnail images. The list of the victims include the most-viewed YouTube video of all time, “Despacito”. The two claim to have done it for Palestine.
Defacement
R Arts entertainment and recreation
Hacktivism
US
Kuroi’SH, Prosox, YouTube, Despacito, Vevo
377
04/10/2018
?
Single Individuals
Researchers from Barracuda reveal the details of a recent spate of attacks using phishing, social engineering, exploits, and obfuscation to spread a Quant Loader trojan capable of distributing ransomware and password stealers. The attack uses a “.url” file extension claiming to be billing documents but actually lead to remote script files using a variation of CVE-2016-3353
Victoria independent School District notifies employees that some email accounts were inappropriately accessed between July and October 2017. Some of the emails in those accounts contained employees’ personal information.
Account Hijacking
P Education
Cyber Crime
US
Victoria Independent School District
379
04/11/2018
?
Great Western Railway
Great Western Railway reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them. According to the operator, about 1,000 of its passengers' details have been exposed.
Brute-Force/Credential Stuffing
X Individual
Cyber Crime
UK
Great Western Railway
380
04/12/2018
UK
Islamic State
The director of the intelligence agency GCHQ, Jeremy Fleming reveals that the UK has conducted a "major offensive cyber-campaign" against the Islamic State group.
DDoS
S Other service activities
Cyber Warfare
N/A
GCHQ, Jeremy Fleming, UK, Islamic State
381
04/12/2018
?
Governments and high-level officials in the Middle East and North Africa (MENA)
Kaspersky Labs details a large-scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions and more specifically Palestine.
Targeted Attack
O Public administration, defence, compulsory social security
Researchers from Menlo Security reveal the details of a new multi-stage campaign using malicious attachments to infect the endpoint with content hosted on a remote host (and exploiting CVE-2017-8570 to drop the executable in the endpoint), The campaign is used to deliver the Formbook malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Menlo Security, CVE-2017-8570,Formbook
383
04/12/2018
?
Sucuri
The California based website security provider Sucuri suffers a series of massive DDoS attacks causing service outage in West Europe, South America and parts of Eastern United States.
DDoS
M Professional scientific and technical activities
Cyber Crime
US
Sucuri
384
04/12/2018
?
Coinsecure
Cryptocurrency exchange Coinsecure, India’s second exchange, announces that it has suffered a severe issue, 438 bitcoin, $3,3 million worth, have been transferred from the main wallet to an account that is not under their control.
Vulnerability
V Fintech
Cyber Crime
IN
Coinsecure, Bitcoin, Crypto
385
01/01/1970
?
Diagnostic Radiology & Imaging
Diagnostic Radiology & Imaging notifies 800 patients of phishing incident occurred in November 2017.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Diagnostic Radiology & Imaging
386
01/01/1970
?
Vulnerable Drupal CMS Systems
After the publication of PoC code, attackers start to exploit the Drupalgeddon2 vulnerability (CVE-2018-7600).
Vulnerability
Y Multiple Industries
Cyber Crime
>1
Drupalgeddon2, Drupal, CVE-2018-7600
387
01/01/1970
?
Vulnerable routers
Security researchers at Akamai discover a proxy botnet composed of more than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
Akamai, UPnP
388
01/01/1970
?
Inogen
Inogen, a California-based medical device manufacturer, reports that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised sometime between Jan. 2, 2018, and Mar. 14, 2018.
Account Hijacking
C Manufacturing
Cyber Crime
US
Inogen
389
01/01/1970
?
Mise En Place Restaurant Services
Mise En Place Restaurant Services announces that it was subject to a ransomware attack, which may have potentially exposed some information of clients and individuals.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
US
Mise En Place Restaurant Services, ransomware
390
01/01/1970
?
Texas Health Resources
Texas Health Resources reveals that an unauthorized party may have gained access to patient information back in October 2017 by compromising some of the organization's email accounts. The breach was discovered in January 4,000 and might impact 4,000 users.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Texas Health Resources
391
01/01/1970
?
UnityPoint Health
UnityPoint Health notifies patients of a phishing attack occurred between November 1, 2017 and February 7, 2018
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
UnityPoint Health
392
04/04/2018
?
Single Individuals
Researchers from Palo Alto Networks reveal the details of Rarog, a previously unseen cryptomining trojan.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Rarog, crypto
393
04/12/2018
?
IIS 6.0 Vulnerable servers
Researchers from F5 discover a massive campaign exploiting an old IIS 6.0 vulnerability (CVE-2017-7269) to mine Electroneum.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
F5, CVE-2017-7269
394
01/01/1970
Russian state-sponsored actors (Grizzly Steppe)
Government and private-sector organizations, critical infrastructure providers, and the internet service providers (ISPs)
The UK NCSC (National Cyber Security Centre), FBI (Federal Bureau of Investigation) and DHS (Department of Homeland Security) issue a joint Technical Alert about malicious cyber activity carried out by the Russian Government. The attackers use compromised routers to conduct man-in-the-middle attacks.
Man-in-the-Middle
O Public administration, defence, compulsory social security
Cyber Espionage
>1
NCSC, National Cyber Security Centre, FBI, Federal Bureau of Investigation, DHS, Department of Homeland Security, Russia, Grizzly Steppe
395
01/01/1970
APT-C-32
Middle Eastern Individuals
Researchers from Lookout reveal the details of an espionage campaign using two malware strains called Desert Scorpion and FrozenCell, to spy on targets in Palestine. The attackers are thought to be linked to Hamas.
Targeted Attack
O Public administration, defence, compulsory social security
Researchers from Lookout reveal a new campaign using a modified version of the infamous ViperRAT hosted in Google Play.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Lookout, ViperRAT, Google Play
397
01/01/1970
?
TaskRabbit
TaskRabbit, a web-based service owned by IKEA that connects freelance handymen with clients in various local US markets, emails customers admitting it suffered a security breach. The company takes down its app and website while investigating the incident and later admits that some personal information might have been compromised.
Unknown
N Administrative and support service activities
Cyber Crime
US
TaskRabbit, IKEA
398
01/01/1970
?
Android Users
Researchers from Kaspersky Lab reveal the detail of Roaming Mantis, an operation where malware authors have hijacked DNS settings on vulnerable routers to redirect users to sites hosting Android malware on clone apps of Google Chrome and Facebook.
DNS Hijacking
X Individual
Cyber Crime
>1
Kaspersky Lab, Roaming Mantis
399
01/01/1970
?
Multiple Targets
According to multiple sources, hackers have started to actively exploit the Drupalgeddon 2 Drupal CMS vulnerability CVE-2018-7600 to inject cryptominers.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
Drupalgeddon 2, CVE-2018-7600, Crypto
400
01/01/1970
?
African Embassy in Dublin
Researchers from Lastline reveal that an African ambassador in Dublin was compromised by cyber criminals with hackers gaining access to entire nation’s digital data.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
N/A
Lastline
401
01/01/1970
?
Hong Kong Broadband Network
Hong Kong Broadband Network, the city’s second largest fixed-line residential broadband provider, discovers that an inactive customer database has been accessed without authorization. The personal data of some 380,000 customers, including details for more than 40,000 credit cards, are compromised.
Unknown
J Information and communication
Cyber Crime
HK
Hong Kong Broadband Network
402
01/01/1970
?
Irvington School District
Partial social security numbers of more than 1,200 employees at Irvington schools are distributed via email to an unknown number of recipients by an unidentified attacker.
Unknown
P Education
Cyber Crime
US
Irvington School District
403
01/01/1970
?
Chrome Users
Researchers from AdGuard uncover five malicious ad-blocker extensions on the Chrome Web Store that were installed by 20 million Chrome users before Google removed them.
Malware/PoS Malware
X Individual
Cyber Crime
>1
AdGuard, Chrome
404
01/01/1970
?
TheBottle
Researchers from Palo Alto Networks reveal the details of SquirtDanger, a new strain of malware that allows hackers to take action screenshots, steal passwords, download files and even steal the contents of cryptocurrency wallets.
Malware/PoS Malware
X Individual
Cyber Crime
>1
TheBottle, SquirtDanger, Crypto
405
01/01/1970
?
Minecraft users
According to Avast’s Threat Labs, nearly 50,000 Minecraft users have been infected with a malware aiming at reformatting hard drives, wiping out backup data from the targeted system along with deleting other important files.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Avast, Minecraft
406
01/01/1970
AnoaGhost
insights.london.nhs.uk
An NHS website is defaced
Defacement
O Public administration, defence, compulsory social security
Cyber Crime
UK
insights.london.nhs.uk, AnoaGhost
407
01/01/1970
Gold Galleon
Multiple Maritime Shipping Firms
Researchers from Secureworks discover a previously unidentified "Gold Galleon" threat group, specialized in business email compromise (BEC) and business email spoofing (BES) fraud against maritime shipping firms in order to try and steal millions of dollars on an annual basis.
Account Hijacking
H Transportation and storage
Cyber Crime
>1
Gold Galleon, business email compromise, BEC, business email spoofing, BES
408
01/01/1970
?
Single Individuals
Security researchers from Radware spot a new information stealer that collects Chrome login data from infected victims, along with session cookies, and appears to be looking for Facebook and Amazon details in particular. The malware is called Stresspaint and has infected so far more than 40,000 users.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Stresspaint, Radware, Facebook, Chrome, Amazon
409
01/01/1970
?
California's Center for Orthopaedic Specialists (COS)
California's Center for Orthopaedic Specialists (COS) discloses to have been hit by a ransomware attack. The incident impacts the records of approximately 85,000 patients across three facilities in West Hills, Simi Valley and Westlake Village.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
California's Center for Orthopaedic Specialists, COS
410
01/01/1970
?
Ian Balina
Ian Balina, a well-known sponsored YouTube blogger is hacked, while streaming, loosing roughly $2 million in tokens.
Account Hijacking
X Individual
Cyber Crime
US
Ian Balina, Crypto
411
01/01/1970
?
Sangamo Therapeutics
Sangamo Therapeutics announces a data security incident involving compromise of a senior executive’s company email account.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Sangamo Therapeutics
412
01/01/1970
?
Minecraft and Counter-Strike: Global Offensive players
Researchers discover two strains of a fake ransomware targeting players of Minecraft and Counter-Strike: Global Offensive (CS:GO)
Malware/PoS Malware
X Individual
Cyber Crime
>1
Minecraft, Counter-Strike: Global Offensive, CS:GO, ransomware
413
01/01/1970
?
Questar
Annual tests in several states are delayed by what appears to be a suspected hack to Questar, a K12 assessment solutions provider.
Unknown
P Education
Cyber Crime
US
Questar
414
01/01/1970
HighTech Brazil Hackteam
Supreme Court of India
The website of Supreme Court of India is defaced.
Defacement
O Public administration, defence, compulsory social security
Cyber Crime
IN
Supreme Court of India, HighTech Brazil Hackteam
415
01/01/1970
?
Single Individuals
Researchers from Trend Micro discover a spam campaign delivering the Adwind RAT bundled with the XTRAT and DUNIHI Backdoors.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, Adwind, XTRAT, DUNIHI
416
01/01/1970
?
Single Individuals
Researchers at MalwareHunterTeam discover a new strain of ransomware, targeting Brazilian users, called RansSIRIA, which encrypts victim’s files and then states it will donate the ransom to Syrian refugees. The malware target Brazilian victims.
Malware/PoS Malware
X Individual
Cyber Crime
BR
MalwareHunterTeam, RansSIRIA
417
01/01/1970
?
Multiple Targets
Security researchers from antivirus maker Qihoo 360 Core discover a new Internet Explorer 0-day exploited by a state-sponsored threat actor. The vulnerability is called "double kill".
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Qihoo 360 Core, Internet Explorer
418
01/01/1970
?
Multiple Targets
Researchers from Qihoo 360 Netlab and GreyNoise Intelligence discover a botnet made up of servers and smart devices exploiting the severe Drupal CMS vulnerability CVE-2018-7600 also known as Drupalgeddon 2. The botnet is dubbed Muhstik.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Drupalgeddon 2, CVE-2018-7600, Qihoo 360 Netlab and GreyNoise Intelligence, Muhstik
419
01/01/1970
?
Equihash mining pools
Security researchers at 360 Core Security detect a new type of attack which targets some Equihash mining pools.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
360 Core Security, equihash
420
01/01/1970
?
City of Hamilton
The emails of about 1,100 Hamilton residents have been compromised following a data breach of two waste collection apps, according to the city of Hamilton.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
CA
Hamilton
421
01/01/1970
AnonPlus
ilgiornale.it
Hackers from AnonPlus deface ilgiornale.it, one of the main newspapers in Italy, with a fake news about Mr. Silvio Berlusconi in jail.
Defacement
J Information and communication
Hacktivism
IT
AnonPlus, ilgiornale.it, Silvio Berlusconi
422
01/01/1970
Prosox
Shade
Red Bull Website
The Red Bull website is defaced twice in few hours, probably exploiting the Drupalgeddon 2 vulnerability.
Defacement
I Accommodation and food service activities
Cyber Crime
AT
Red Bull, Prosox, Shade
423
01/01/1970
?
Prince Edward Island (PEI) Government Website
A ransomware attack takes down the Prince Edward Island Government website.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
CA
Prince Edward Island, PEI, ransomware
424
01/01/1970
Orangeworm
Healthcare organizations in the United States, Europe and Asia
Researchers from Symantec reveal the details of Orangeworm, a threat group targeting healthcare organizations in the United States, Europe and Asia via a custom backdoor dubbed Kwampirs.
Targeted Attack
Q Human health and social work activities
Cyber Espionage
>1
Symantec, Orangeworm
425
01/01/1970
?
Careem
Careem, Uber’s main ride-hailing app rival in the Middle East, is hit by a cyber attack that compromises the data of 14 million users. The breach was discovered on January 14.
Unknown
H Transportation and storage
Cyber Crime
AE
Careem, Uber
426
01/01/1970
APT10
Japanese defense companies
According to FireEye, the Chinese group APT10 has targeted Japanese defense companies, possibly to get information on Tokyo’s policy toward resolving the North Korean nuclear impasse.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
JP
APT10, China, Japan, FireEye
427
01/01/1970
Hunter butt
Thai Airways Website
The official website of Thai Airways is hacked by a Pakistani with the moniker “Hunter butt”. The hacker uploads a deface page on 23 subdomains.
Defacement
H Transportation and storage
Cyber Crime
TH
Hunter butt, Thai Airways
428
01/01/1970
?
MyEtherWallet.com
A hacker (or group of hackers) hijacks the Amazon DNS servers of MyEtherWallet.com, a web-based Ether wallet service. Users accessing the site are redirected to a fake version of the website. Those who logged in had their wallet private keys stolen, which the attacker used to empty accounts. The total bounty is $152,000.
DNS Hijacking
V Fintech
Cyber Crime
US
MyEtherWallet.com, Crypto, Amazon
429
01/01/1970
?
Ukraine's Energy Ministry Website
Unknown hackers use ransomware to take the website of Ukraine's energy ministry offline and encrypt its files.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
UA
Ukraine's Energy Ministry, ransomware
430
01/01/1970
?
Single Individuals
Researchers from FortiGuard Labs uncover a new python-based Monero cryptocurrency mining malware, dubbed "PyRoMine" that uses the ETERNALROMANCE exploit to spread.
Malware/PoS Malware
X Individual
Cyber Crime
>1
FortiGuard Labs, Monero, PyRoMine, ETERNALROMANCE
431
01/01/1970
?
Brazilian companies
Researchers from FireEye identify a widespread spam campaign, dubbed Metamorfo, targeting Brazilian companies with the goal of delivering banking Trojans.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
BR
FireEye, Metamorfo
432
01/01/1970
?
Americas Cardroom
Poker tournaments are disrupted after a spite of DDoS attacks on Americas Cardroom.
DDoS
R Arts entertainment and recreation
Cyber Crime
US
Americas Cardroom
433
01/01/1970
?
Multiple industries including critical infrastructure, entertainment, finance, health care, and telecommunications
Researchers from McAfee uncover a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. The campaign is dubbed Operation GhostSecret.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
McAfee, Operation GhostSecret
434
01/01/1970
?
WebLogic Servers
Attackers start to exploit Oracle WebLogic servers for CVE-2018-2628.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
Oracle WebLogic, CVE-2018-2628.
435
01/01/1970
?
HPE Users
Threat actors target internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware.
Researchers from Vade Secure reveal the details of a massive phishing campaign targeting more than 550 million email users globally since the first quarter of 2018.
Account Hijacking
X Individual
Cyber Crime
>1
Vade Secure
437
01/01/1970
?
Single Individuals
Researchers from Trend Micro discover a new variant of the infamous Necurs botnet using .url files (internet shortcuts) to bypass conventional detection methods.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, Necurs
438
01/01/1970
The Invincible
The Martian
Several targets in India
Researchers from Cisco Talos unveil the details of GravityRAT, a tool being used in targeted attacks, allegedly coming from Pakistan, against India with sophisticated anti-evasion techniques.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Warfare
IN
Cisco Talos, GravityRAT, India, Pakistan
439
01/01/1970
Team Kerala Cyber Warriors
Pakistan
Team Kerala Cyber Warriors, a hacking group based out of India, begin to install ransomware on web sites based out of Pakistan. The ransomware is called KCW Ransomware.
Malware/PoS Malware
Y Multiple Industries
Cyber Warfare
PK
Team Kerala Cyber Warriors, KCW, Ransomware
440
01/01/1970
?
Sen. Richard Pan, D-Sacramento
Sen. Richard Pan, D-Sacramento, claims that thieves hacked his email account and stole $46,000 from his re-election campaign in a "sophisticated" scheme earlier this year.
Account Hijacking
X Individual
Cyber Crime
US
Sen. Richard Pan, D-Sacramento
441
01/01/1970
?
Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext)
Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext) are targeted by a cyber attack aimed to penetrate Mexico’s electronic payment systems (SPEI).
Unknown
K Financial and insurance activities
Cyber Crime
MX
Grupo Financiero Banorte, Banco del Bajio SA, Bancomext, SPEI
442
01/01/1970
?
Zippy's Restaurants
The Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
US
Zippy's Restaurants
443
01/01/1970
?
Highway Sign in Arizona
Someone hacks a highway sign in Arizona and defaces it with 'Hail Hitler' text.
Unknown
H Transportation and storage
Cyber Crime
US
Arizona
444
01/01/1970
?
Leominster Schools District
Leominster Schools District pays $10,000 worth of Bitcoins ransom following a cyberattack on their system.
Malware/PoS Malware
P Education
Cyber Crime
US
Leominster Schools District, ransomware
445
01/01/1970
AnonPlus
City of Bologna
The website of the City of Bologna is defaced by AnonPlus
Defacement
O Public administration, defence, compulsory social security
Hacktivism
IT
Bologna, AnonPlus
446
01/01/1970
?
Scenic Bluffs Community Health Centers
Scenic Bluffs Community Health Centers notifies 2,889 patients of a potential breach of personal patient information after discovering March 1, 2018, that one staff email account had been hacked on Feb. 28, 2018, by an unauthorized party.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Scenic Bluffs Community Health Centers
447
01/01/1970
?
Billings Clinic
Billings Clinic notifies 949 patients of a breach affecting its email security system causing an unknown individual to access patients' information back in February.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Billings Clinic
450
01/01/1970
?
Single Individuals
Researchers from Trend Micro reveal the details of FacexWorm, a malicious Chrome extension, targeting cryptocurrency trading platforms via Facebook Messenger in order to steal account credentials for Google MyMonero and Coinhive.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, FacexWorm
451
05/01/2018
?
Rail Europe North America
Rail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018.
Malware/PoS Malware
R Arts entertainment and recreation
Cyber Crime
US
Rail Europe North America
452
05/01/2018
APT28 AKA Fancy Bear
Lojack Users
Security researchers from Arbor Networks reveal that malware with suspected links to Russian cyber-espionage group Fancy Bear is turning up in installations of Lojack, an anti-computer theft program used by many corporations to guard their assets.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
APT28, Fancy Bear, Lojack, Arbor Networks
453
05/01/2018
?
Vulnerable servers
Researchers from AlienVault reveal the details of MassMiner, a new wave of cryptocurrency-mining malware using exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017-5638 (Apache Struts).
City of Augusta
Calvary Baptist Church
Georgia Southern University,
Two Augusta restaurants: Blue Sky Kitchen and Soy Noodle House
A group of vigilante hackers going by SB315 deface some Georgia sites and threaten retaliation if the bill becomes law. The list of the targets include: the City of Augusta (that denies the hack), the website of Calvary Baptist Church, Georgia Southern University, the sites for two Augusta restaurants, Blue Sky Kitchen and Soy Noodle House.
Defacement
Y Multiple Industries
Hacktivism
US
City of Augusta,
Calvary Baptist Church,
Georgia Southern University, Blue Sky Kitchen, Soy Noodle House, SB315
455
05/01/2018
?
Knox County's website
The Tennessee county's website is taken down by a DDoS attack on election night.
DDoS
O Public administration, defence, compulsory social security
Cyber Crime
US
Knox County
456
05/02/2018
?
Drupal Servers
Researchers from Imperva/Incapsula discover another strain of malware, dubbed Kitty, aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600) to mine cryptocurrency
Business and ICS networks at electric utilities in the US and UK.
Researchers from Dragos unveil the details of a threat actor dubbed Allanite, active at least since May 2017 and still targeting both business and ICS networks at electric utilities in the US and UK.
Targeted Attack
D Electricity gas steam and air conditioning supply
Cyber Espionage
US
UK
Dragos, Allanite
458
05/02/2018
?
Fredericksburg School System
A Fredericksburg school system employee falls for phishing attack
The Turkish hacker group Akincilar ("Invaders") starts its offensive against Greece and defaces four websites (Greek Foreign Ministry, Athens-Macedonia News Agency - ANA -, the Greek Handball Federation, and Suzuki-Greece) in response to Athens' refusal to hand over the Turkish officers who fled to Greece in July 2016.
Defacement
O Public administration, defence, compulsory social security
Researchers from Kaspersky reveal the details of ZooPark, a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Kaspersky, ZooPark
464
05/03/2018
?
World Rugby Training and Education Website
World Rugby is forced to suspend its training and education website after the governing body is the target of a cyber attack that sees hackers obtain personal data from thousands of subscribers.
Unknown
R Arts entertainment and recreation
Cyber Crime
N/A
World Rugby
465
05/03/2018
?
JavaScript users
The Node Package Manager (npm) team discovers and blocks the distribution of a backdoor inside getcookies, a popular, albeit deprecated, JavaScript package.
Malware/PoS Malware
X Individual
Cyber Crime
>1
JavaScript, NPM, Node Package Manager
466
05/03/2018
?
Airbnb users
Researchers from Redscan discover a GDPR-related phishing scam with emails claiming to be from Airbnb.
Account Hijacking
X Individual
Cyber Crime
>1
Redscan, Airbnb, GDPR
467
05/03/2018
?
Several Florida Hospital Websites
Several Florida Hospital Websites are taken offline after being affected by a malware that could have compromised patient information. The list of the affected hospitals include: FloridaBariatric.com, FHOrthoInstitute.com and FHExecutiveHealth.com.
As a retaliation for the attacks of the Turkish collective Akincilar, Greek hackers from Anonymous paralyze the 24TV Live website for several hours. They also claim to have hacked 12,987 routers of Turk Telekom.
DDoS
J Information and communication
Cyber Warfare
TR
Anonymous, Akincilar, Turk Telekom, 24TV
469
05/03/2018
?
Meituan Dianping
Meituan Dianping, the internet giant backed by Tencent, China’s most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users. This happens after tens of thousands of data snippets -- everything from names and mobile numbers to home addresses -- on food-delivery customers went on sale online.
Unknown
G Wholesale and retail trade
Cyber Crime
CN
Meituan Dianping, Tencent
470
05/03/2018
?
Fleetcor Technologies
Fleetcor Technologies, a company specializing in fuel cards and workforce payment products and services, publicly discloses that its gift card systems were accessed last month by an unauthorized party. A "significant number" of gift cards that are at least six months old, as well as PIN numbers, were accessed.
Unknown
R Arts entertainment and recreation
Cyber Crime
US
Fleetcor Technologies
471
05/04/2018
?
Copenhagen city’s bicycle sharing system “Bycyklen"
Unknown hackers disrupt the Copenhagen city’s bicycle sharing system “Bycyklen”, erasing the data of 1,860 bicycles.
Unknown
H Transportation and storage
Cyber Crime
DK
Copenhagen, Bycyklen
472
05/04/2018
AnonPlus
K9 Web Protection
Hackers from the collective AnonPlus, a splinter cell of Anonymous, deface the website of K9 Web Protection (belonging to Symantec).
Defacement
J Information and communication
Hacktivism
US
AnonPlus, Anonymous, K9 Web Protection, Symantec
473
05/04/2018
?
Riverside Fire and Police department
Ransomware infects the servers of the Riverside Fire and Police department for the second time in a month.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Riverside Fire and Police department, ransomware
474
05/04/2018
?
W.S. Neal High School
While finalizing end-year school rankings, W.S. Neal High School realizes that someone has been changing grades since 2016.
Unknown
P Education
Cyber Crime
US
W.S. Neal High School
475
05/04/2018
?
City of Tulsa
The City of Tulsa confirms that computer hackers broke into several City controlled accounts but says it appears there have been no effects on city systems.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Tulsa
476
05/04/2018
?
Northwest University
The email account of the Northwest University’s CFO is hacked. As a consequence $60,000 are stolen.
Account Hijacking
P Education
Cyber Crime
US
Northwest University
477
05/04/2018
?
Banco Inter
Shares in Banco Inter fall as much as 11 percent after reports that a hacking attack had obtained sensitive data pertaining to clients. Banco Inter reveals it was “the victim of attempted extortion.”
Unknown
K Financial and insurance activities
Cyber Crime
BR
Banco Inter
478
05/05/2018
?
Vulnerable Drupal Servers
Researcher Troy Mursch discovers another campaign aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600 and CVE-2018-7602). In this campaign more than 350 servers are compromised to inject cryptominers.
Mason Law Office discovers evidence of unauthorized access to their mycase.com instance by an unknown individual or group of individuals. Client data is potentially accessed.
Unknown
M Professional scientific and technical activities
Cyber Crime
US
Mason Law Office, mycase.com
480
05/06/2018
?
Canon Security Cameras
“I’m Hacked. bye2”— That’s the message left behind on most of the 60 hacked Canon security cameras in Japan with many more hacked in the previous weeks.
Unknown
Y Multiple Industries
Cyber Crime
JP
Canon
481
05/06/2018
?
Android and Windows Users
Researchers from Trend Micro identify a new spyware distributed via adult games. Dubbed as Maikspy spyware (from a famous adult film actress). The main target of this malicious new campaign are Android and Windows users, and the primary objective is to steal sensitive personal data. The malware is dubbed AndroidOS_MaikSpy.HRX.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro, Maikspy, AndroidOS_MaikSpy.HRX
482
05/07/2018
?
SSH Decorator (Python Module) users
SSH Decorator, a Python module, is compromised by unknown attacker who inject a backdoor.
Malware/PoS Malware
X Individual
Cyber Crime
>1
SSH Decorator
483
05/07/2018
?
Roseburg Public Schools
A ransomware attack targets Roseburg Public Schools, blocking access to the district’s email, website and software.
Malware/PoS Malware
P Education
Cyber Crime
US
Roseburg Public Schools, ransomware
484
05/07/2018
Akincilar
Honda Greece
Turkish hackers from Akincilar launch a new cyber attack against Honda Greece. The automaker’s website in Greece is infiltrated with a message condemning the country for “partnering” with terrorists.
Defacement
C Manufacturing
Cyber Warfare
GR
Honda Greece, Akincilar
485
05/08/2018
?
Marketing/Advertising/Public Relations and Retail/Manufacturing industries
Proofpoint observes a campaign targeting Marketing/Advertising/Public Relations and Retail/Manufacturing industries with a new malware called Vega Stealer. The malware contains stealing functionality targeting saved credentials and credit cards in the Chrome and Firefox browsers, as well as stealing sensitive documents from infected computers.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
ProofPoint, Vega Stealer
486
05/08/2018
?
Sheffield Credit Union
Sheffield Credit Union is the victim of a Cyber attack, which is believed to have taken place on 14 February 2018 but only recently comes to light after a blackmailing attempt by the attackers. The personal data of about 15,000 members is compromised.
Unknown
K Financial and insurance activities
Cyber Crime
UK
Sheffield Credit Union
487
05/08/2018
SilverTerrier
Multiple Targets Around the World
Researchers from Palo Alto Networks reveal the details of a ring of Nigerian criminals dubbed SilverTerrier, conducting hacking campaigns against targets around the world. The researchers have attributed 181,000 attacks, using 15 families of malware, to the group in the last year, with expected losses estimated more than $3B.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Palo Alto Networks, SilverTerrier
488
05/08/2018
?
City of Goodyear
The City of Goodyear announces that its bill pay system may have been compromised. The possible breach could expose 30,000 utility customers.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Goodyear
489
05/09/2018
?
Several financial targets in the US
Researchers from F5 reveal a new campaign carried on via the infamous Panda malware targeting US financials targets.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
US
F5, Panda
490
05/09/2018
?
The Sun
The Sun calls in the UK's cybersecurity authorities after detecting Russian hackers trying to access the tabloid newspaper's internal computer systems.
Targeted Attack
J Information and communication
Cyber Espionage
UK
The Sun
491
05/09/2018
?
Morinaga Milk Industry Co.
After receiving a report from a credit card issuer, Morinaga Milk Industry Co. says that credit card or other personal information of up to 120,000 online customers may have leaked.
Unknown
I Accommodation and food service activities
Cyber Crime
JP
Morinaga Milk Industry Co.
492
05/09/2018
?
The Oregon Clinic
The Oregon Clinic announces that a data security incident may have affected protected health information (PHI) after an unauthorized third party accessed an internal email account.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
The Oregon Clinic
493
05/10/2018
Anonymous
Official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo)
The Anonymous deface several subdomains of the official website of Russia’s Federal Agency for International Cooperation (Rossotrudnichestvo) against the ongoing censorship in the country especially the recent ban on Telegram.
Defacement
O Public administration, defence, compulsory social security
Hacktivism
RU
Anonymous, Rossotrudnichestvo
494
05/10/2018
?
Multiple Targets
Researchers from Radware reveal the details of Nigelthorn, a crypto-mining malware abusing Chrome extensions, and using Facebook to spread. The analysis reveals that the group has been active since at least March of 2018 and has already infected more than 100,000 users in over 100 countries.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Radware, Chrome, Nigelthorn, Chrome, Facebook
495
05/10/2018
?
Vulnerable Dasan GPON routers
Researchers from Qihoo 360 Netlab reveal that at least five IoT botnets are targeting Dasan GPON routers, exploiting the two recently discovered vulnerabilities CVE-2018-10561 and CVE-2018-10562. The five botnets are known under codenames such as Hajime, Mettle, Mirai, Muhstik, and Satori.
Wasaga Beach pays the ransom to hackers who took over its computer system earlier this month.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
CA
Wasaga Beach, Ransomware
497
05/10/2018
?
Malley’s Chocolates
Malley’s Chocolates reveals that its website has been hacked, and the card information of 3,400 online customers has been breached.
Unknown
I Accommodation and food service activities
Cyber Crime
US
Malley’s Chocolates
498
05/11/2018
?
Android Users
Researchers from Symantec discover a new wave of 45 malicious on the Android store known under the definition of Android.Reputation.1. Of these apps, 7 are rebranded versions of previously removed apps, whereas 38 are completely new,
Malware/PoS Malware
X Individual
Cyber Crime
>1
Android, Symantec, Android.Reputation.1
499
05/11/2018
?
Chili's Restaurant
Chili's Restaurant reveals that some restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data between March and April 2018.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
US
Chili's Restaurant
500
05/11/2018
?
Ubuntu Users
A user has spots a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store. The app's name is 2048buntu, a clone of the popular 2024 game.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Ubuntu, Crypto
501
05/11/2018
?
DSB
The Danish state rail operator DSB is hit by a massive DDoS attack, paralyzing some operations, including ticketing systems and the communication infrastructure.
DDoS
H Transportation and storage
Cyber Crime
DK
DSB
502
05/11/2018
?
Bemus Point School District
Bemus Point School District Superintendent reveals that some students in the district might have been compromised amid the breach of Maia Learning by a competitor.
Unknown
P Education
Cyber Crime
US
Bemus Point School District, Maia Learning
503
05/12/2018
?
Capitol Administrators
Capitol Administrators notifies individuals of a phishing attack.
Account Hijacking
N Administrative and support service activities
Cyber Crime
US
Capitol Administrators
504
05/12/2018
?
Five Mexican Banks including No. 2 Banorte
Thieves siphon 300 million pesos ($15.4 million) out of five Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money.
Account Hijacking
K Financial and insurance activities
Cyber Crime
MX
Banorte
506
01/01/1970
Hackers linked to the Turkish Government
Turkish Dissident and Protesters
According to a new report by digital rights organization Access Now, hackers, apparently working for the Turkish government, attempted to infect a large number of Turkish dissidents and protesters by spreading the infamous FinFisher spyware on Twitter.
Malware/PoS Malware
X Individual
Cyber Crime
TR
FinFisher
507
01/01/1970
?
Family Planning NSW
Family Planning NSW tells customers their personal information may have been compromised after the not-for-profit fell victim to a ransomware attack. Around 8,000 users might be affected.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
AU
Family Planning NSW, Ransomware
508
01/01/1970
Stealth Mango
Government officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq and the United Arab Emirates
Researchers from Lookout discover a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. The campaign is called Stealth Mango, and has been used to collect over 30 gigabytes of compromised data on attacker infrastructure
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Espionage
>1
Lookout, Stealth Mango
509
05/10/2018
?
Nuance
Speech recognition software firm Nuance announces the breach of thousands of patient records after a former employee breached its servers and accessed the personal information of 45,000 individuals from several contracted clients between November 20 and December 9 of 2017.
Account Hijacking
M Professional scientific and technical activities
Cyber Crime
US
Nuance
510
05/11/2018
?
Multiple Users
Researchers from Qihoo 360 discover a miner campaign hidden behind a potentially unwanted program dubbed One System Care.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Qihoo 360, One System Care
511
05/11/2018
Satori Botnet
Exposed Ethereum Mining Rigs
The operators of the Satori botnet are mass-scanning the Internet for exposed Ethereum mining rigs, according to three sources in the infosec community who've observed the malicious behavior —SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence.
Brute-Force
V Fintech
Cyber Crime
>1
Satori, Ethereum, SANS ISC, Qihoo 360 Netlab, GreyNoise Intelligence, Crypto
512
01/01/1970
?
Multiple Users
Researchers from Qihoo 360 discover a particular miner dubbed IdleBuddyMiner, which asks nicely for permission to mine via a popup.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Qihoo 360, IdleBuddyMiner
513
01/01/1970
?
Securus
A hacker provides Motherboard with 2,800 login details for Securus, a company that buys phone location data from major telecom companies and then sells it to law enforcement. The company confirms the breach few days later.
Unknown
X Individual
Cyber Crime
US
Securus, Motherboard
514
01/01/1970
?
Windows Users
Researchers from Qihoo 360 discover a massive malware campaign spreading a new coinminer, which appears to have made roughly 500,000 victims in three days alone. The miner is called WinstarNssmMiner.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Qihoo 360 Total Security, WinstarNssmMiner, Crypto
515
01/01/1970
?
Ethereum Wallets
Researchers from RiskIQ unveil the details of MEWKit, a sophisticated phishing campaign aimed at stealing credentials of Ethereum wallets, and in the same time, perform and automated transfer with the stolen details.
Account Hijacking
X Individual
Cyber Crime
>1
Ethereum, RiskIQ, MEWKit
516
01/01/1970
?
ZooPark APT Group
A vigilante hacker claims to have hacked the alleged Iran-linked group behind the ZooPark campaign discovered by Kaspersky earlier this month, and dumps the files purportedly stolen from a server controlled by the attackers.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
IR
ZooPark, Iran
517
01/01/1970
?
LifeBridge Health and LifeBridge Potomac Professionals
LifeBridge Health and LifeBridge Potomac Professionals notify patients about a malware incident occurred back in March 18, 2018. The number of affected patients could be 500,000.
A report from security firm Wordfence reveals that hackers have come up with a never-before-seen method of installing backdoored plugins on websites running the open-source WordPress CMS, and this new technique relies on using weakly protected WordPress.com accounts and the Jetpack plugin.
Account Hijacking
Y Multiple Industries
Cyber Crime
>1
Wordfence, Wordpress
519
01/01/1970
Racoon Hacker
Russian-speaking Telegram users
Researchers from Cisco Talos reveal the details of TeleGrab, a malware harvesting cache and key files from Telegram.
Malware/PoS Malware
X Individual
Cyber Crime
RU
Racoon Hacker, Telegram, TeleGrab
520
01/01/1970
?
Android Users
Researchers from security company Avast discover 26 apps on the Google Play Store that include adware forcing ads on compromised systems.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Avast, Android, Google Play
521
01/01/1970
?
blackphoenixalchemylab.com
blackphoenixalchemylab.com discovers malware inserted into the portion of the checkout page between May 1 and May 16.
Malware/PoS Malware
R Arts entertainment and recreation
Cyber Crime
US
blackphoenixalchemylab.com
522
01/01/1970
?
Corporation Service Company (CSC)
Hackers steal the personally identifiable information of 5,678 customers of the Corporation Service Company (CSC), according to a notice the company sent to the California attorney general's office.
Unknown
N Administrative and support service activities
Cyber Crime
US
Corporation Service Company, CSC
523
01/01/1970
?
Fortnite Players
Researchers at Zscaler’s ThreatLabZ discover malicious apps on Google Play, in disguise of a mobile version of the popular game Fortnite.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Zscaler, Fortnite
524
01/01/1970
?
Vulnerable IoT devices
Researchers from Fortinet discover a new variant of the Mirai botnet dubbed ‘Wicked Mirai’
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Fortinet, Wicked Mirai
525
01/01/1970
?
Independent Like the North State Group Forum
An online forum designated for California’s First Congressional District debate was hacked by unknown hackers, who take over the live stream to broadcast gay pornography.
Unknown
S Other service activities
Cyber Crime
US
Independent Like the North State Group Forum
526
01/01/1970
Sun Team
North Korean defectors and journalists
Researchers from McAfee discover RedDawn, a new campaign on Google Play targeting North Korean defectors and journalists.
Targeted Attack
X Individual
Cyber Espionage
KR
McAfee, North Korea, Sun Team
527
01/01/1970
?
DrayTek routers
DrayTek, a Taiwan-based manufacturer of broadband CPE devices, announces that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.
Vulnerability
X Individual
Cyber Crime
>1
DrayTek
528
01/01/1970
?
University of Buffalo
University of Buffalo confirms to be investigating and responding to a breach of 2,690 UBITName accounts.
Account Hijacking
P Education
Cyber Crime
US
University of Buffalo
529
01/01/1970
?
Tidal
Jay-Z’s Tidal streaming platform announces to have enlisted an “independent, third party cyber-security firm” to investigate a possible data breach, after reports of inflated subscriber and streaming numbers.
Unknown
R Arts entertainment and recreation
Cyber Crime
US
Tidal, Jay Z
530
01/01/1970
?
Mobile Users
Researchers from Kaspersky reveal a new campaign carried on using the Roaming Mantis mobile trojan, targeting Europe and Middle East, and adding new features, like a phishing option for iOS devices, and crypto-mining capabilities for the PC.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Kaspersky, Roaming Mantis
531
01/01/1970
?
Shona McGarty
Actress Shona McGarty, who plays Whitney Carter in EastEnders, is the latest celebrity to have intimate pictures leaked on the internet. Apparently her photos were stolen from the iCloud account.
Account Hijacking
X Individual
Cyber Crime
UK
Shona McGarty, The Fappening
532
01/01/1970
?
Bitcoin Gold
An unidentified hacker performs several "double spend" attacks on the infrastructure of the Bitcoin Gold cryptocurrency and manages to amass over $18 million worth of BTG (Bitcoin Gold) coins in the process.
51% attack
V Fintech
Cyber Crime
N/A
Bitcoin Gold, BTG
533
01/01/1970
Two unidentified students
Bloomfield Hills High School
Two students from Bloomfield Hills High School are the main suspects of a recent hack discovered at the school. The two broke into the school's MISTAR Student Information System portal where they changed grades, attendance records, and attempted to refund lunch purchases.
Vulnerability
P Education
Cyber Crime
US
Bloomfield Hills High School
534
01/01/1970
?
200 million Japanese
A hacker suspected to be operating out of China has put on sale the data of around 200 million Japanese users on an underground cybercrime forum, according to a FireEye iSIGHT Intelligence report. The data appears to have been assembled by hacking up to 50 smaller Japanese sites.
Unknown
Y Multiple Industries
Cyber Crime
JP
FireEye, iSIGHT
535
01/01/1970
?
Allied Physicians
Allied Physicians reports it was hit with a SamSam ransomware attack earlier this month (May 17).
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Allied Physicians, SamSam, ransomware
536
01/01/1970
?
Manuel Delia's Blog
Manuel Delia's blog (a Maltese journalist and blogger) is the target of a DDoS attack. Apparently the attack comes from Ukraine.
DDoS
J Information and communication
Cyber Crime
MT
Manuel Delia, Ukraine
537
01/01/1970
?
Gigabit Passive Optical Network (GPON) routers
Security researchers from Qihoo 360 Netlab discover that the operators behind the TheMoon botnet are now leveraging a zero-day exploit to target GPON routers.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Qihoo 360 Netlab, TheMoon, GPON.
538
01/01/1970
?
Gigabit Passive Optical Network (GPON) routers
Trend Micro researchers detect a new attack mimicking the Mirai botnet modus operandi, originating from Mexico and targeting Gigabit Passive Optical Network (GPON)-based home routers via two vulnerabilities (CVE-2018-10561 and CVE-2018-10562).
The Twitter account of Charlie Lee, the creator of Litecoin is hacked.
Account Hijacking
X Individual
Cyber Crime
US
Twitter, Charlie Lee, Litecoin
540
01/01/1970
?
Bombas
Bombas notifies consumers of breach going back to 2015 when malware in the code of the e-commerce platform was identified and removed on February 9, 2015.
Malware/PoS Malware
G Wholesale and retail trade
Cyber Crime
US
Bombas
541
01/01/1970
?
Verge Cryptocurrency
A hacker finds a way around a previous patch in the Verge cryptocurrency source code and takes advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace. He is able to mine over 35 million XVG coins in just a few hours for a profit of $1.65 million.
51% attack
V Fintech
Cyber Crime
N/A
Verge
542
01/01/1970
?
Mac Users
According to researchers at Malwarebytes, many Mac users in the past weeks have been infected with a new strain of Monero miner. The owners of the infected Mac systems noticed the presence of a process named “mshelper” had been consuming a lot of CPU power and draining their batteries.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Malwarebytes, Monero, Mshelper
543
01/01/1970
?
Monacoin
Monacoin suffers a 51% attack.
51% attack
V Fintech
Cyber Crime
JP
Monacoin
544
01/01/1970
State sponsored attackers (Russia?)
500,000 organizations worldwide
Researchers from Cisco Talos unveil the details of VPNFilter, a massive campaign lasting since 2016 and carried on by nation-state hackers, infecting at least 500,000 victims in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well as QNAP NAS devices. An update of June 6 reveals new capabilities, such as the possibility to perform MITM attacks, and other vulnerable devices (ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE).
University of Vermont officials say they have no reason to believe the personal information of 37,000 current and former faculty, staff and students fell into the wrong hands following an intrusion of the school’s computer systems.
Unknown
P Education
Cyber Crime
US
University of Vermont
546
01/01/1970
Trisis, AKA Xenotime, AKA HatMan
Multiple Targets
Security researchers from CyberX reveal that the threat actor behind the Triton malware (aka Trisis, Xenotime, and HatMan) is now targeting organizations worldwide and safety systems.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
CyberX, Triton, Trisis, Xenotime, HatMan.
547
01/01/1970
?
Android Users
Avast reveals a list of 140 Android devices whose firmware is infected with a malware called Cosiloon.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Avast, Android, Cosiloon
548
01/01/1970
?
Screens at the Mashhad airport in Iran
Hackers deface the screens at the Mashhad airport in Iran to protest against the Government and the military’s activities in the Middle East.
Defacement
H Transportation and storage
Hacktivism
IR
Mashhad
549
01/01/1970
?
Associates in Psychiatry and Psychology
Associates in Psychiatry and Psychology notifies 6,546 patients and the U.S. Department of Health and Human Services (HHS) of a ransomware incident that occurred in March.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Associates in Psychiatry and Psychology, ransomware
550
01/01/1970
?
Oxnard City
Oxnard city officials are contacted by a bank representative about fraudulent purchases being made with the cards people used to pay their utility bills
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Oxnard City
551
01/01/1970
?
American Family Life Assurance Company of Columbus (Aflac)
American Family Life Assurance Company of Columbus (Aflac) issues a press release concerning the breach of independent contractor sales agents’ email accounts. The breach occurred between Jan. 17 and April 2 and has reportedly affected some clients’ personal information.
Unknown
K Financial and insurance activities
Cyber Crime
US
American Family Life Assurance Company of Columbus, Aflac
552
01/01/1970
?
Aultman Health Foundation
About 42,600 patients tied to AultWorks Occupational Medicine, Aultman Hospital, and some Aultman physician offices may have had personal health and identification information stolen in a data breach after unknown and unauthorized individuals gained access to certain email accounts in February and March.
Unknown
Q Human health and social work activities
Cyber Crime
US
Aultman Health Foundation, AultWorks Occupational Medicine, Aultman Hospital, Aultman
553
01/01/1970
?
Afghan diplomats in Pakistan
Afghan diplomats in Pakistan are warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
AF
Afghanistan, Pakistan
554
01/01/1970
?
Arlo
Arlo advises its customers to change their passwords after credential-stuffing attempts detected.
Brute-Force
C Manufacturing
Cyber Crime
US
555
01/01/1970
?
Goliath and Goliath
Comedy and entertainment agency Goliath and Goliath suffered a loss of more than 300,000 ZAR (22,000 USD worth) in what appears to be a phishing scam.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
ZA
Goliath and Goliath
556
01/01/1970
?
Bank of Montreal
Bank of Montreal, the country's fourth bank, announces to have been contacted by fraudsters claiming to have stolen personal and financial information of a limited number of the bank's customers. According to the bank, less than 50,000 c customers are affected by the incident.
Unknown
K Financial and insurance activities
Cyber Crime
CA
Bank of Montreal
557
01/01/1970
?
Canadian Imperial Bank of Commerce (CIBC)
Also the Canadian Imperial Bank of Commerce (CIBC), the country's fifth largest bank is affected by the same incident, and they believe that 40,000 users could be possibly affected from its subsidiary Simplii Financial.
Unknown
K Financial and insurance activities
Cyber Crime
CA
Canadian Imperial Bank of Commerce, CIBC, Simplii Financial
558
01/01/1970
?
Taylor Cryptocurrency
The creators of the Taylor cryptocurrency trading app claim that an unidentified hacker has stolen around $1.35 million worth of Ether from the company's wallets.
Account Hijacking
V Fintech
Cyber Crime
EE
Taylor, Crypto
559
01/01/1970
Cobalt AKA Carbanak
Several Russian Banks
Group-IB reveals that, despite the alleged arrest of its leader, the Cobalt (AKA Carbanak) hacker group that's specialized in stealing money from banks and financial institutions is still active, even launching a new campaign.
Targeted Attack
K Financial and insurance activities
Cyber Crime
US
Group-IB, Cobalt, Carabanak
560
01/01/1970
?
Harare Institute of Technology
A database from the Harare Institute of Technology is leaked, containing 3,500 users.
Unknown
P Education
Cyber Crime
ZW
Harare Institute of Technology
561
01/01/1970
Hidden Cobra
Multiple Targets
The FBI and Department of Homeland Security jointly release two technical alerts via the US-CERT, warning of two malware families dating back to at least 2009 that they say are tied to the suspected North Korea-sponsored APT group Hidden Cobra. The two malware families are the remote access tool (RAT) Joanap and the Server Message Block-based (SMB) worm Brambul.
Targeted Attack
Y Multiple Industries
Cyber Espionage
US
FBI, Department of Homeland Security, US-CERT, Hidden Cobra, Joanap, Brambul, North Korea
562
01/01/1970
?
Brazilian Individuals
Researchers from IBM X-Force uncover a new Brazilian, Delphi-based banking malware, dubbed MnuBot. The malware uses Microsoft SQL Server as ITS command and control server.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
BR
IBM, X-Force, MnuBot, Microsoft SQL Server
563
01/01/1970
?
EOS Blockchain nodes
Threat Intelligence firm GreyNoise discovers that a mysterious attacker is scanning the Internet for EOS blockchain nodes that are accidentally exposing private keys through an API misconfiguration.
Brute-Force
V Fintech
Cyber Crime
N/A
GreyNoise, EOS, Blockchain, Crypto
564
01/01/1970
IsHaKdZ
Ticketfly
The Ticketfly website is defaced with an image of V from the film V for Vendetta. Unfortunately, after refusing to pay a 1 BTC ransom, Ticketfly reveals that the personal information of 27 million accounts, including ticket buyers and venue operators, was accessed by the attacker.
Vulnerability
R Arts entertainment and recreation
Cyber Crime
US
Ticketfly, IsHaKdZ
565
01/01/1970
?
Purdue University Pharmacy and the Family Health Clinic of Carroll County
Patients of the Purdue University Pharmacy and the Family Health Clinic of Carroll County receive notices that their information might be compromised because of a security breach. A malicious file was installed on some computers on September 1st.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Purdue University Pharmacy, Family Health Clinic, Carroll County
566
01/01/1970
North Korean APT actor Group123?
South Koreans
Researchers from Cisco Talos discover NavRAT, a remote access trojan that apparently went undiscovered for at least two years, targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure. The tool leverages the email platform from South Korea-based Naver Corporation to communicate with the attackers.
Targeted Attack
X Individual
Cyber Espionage
KR
Talos, NavRAT, Group 123
567
01/01/1970
Andariel Group
South Koreans
Local media in South Korea reveal that a North Korean cyber-espionage group has exploited at least nine ActiveX zero-day vulnerabilities, including a new 0-day, to infect South Korean targets with malware or steal data from compromised systems.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
KR
Andariel Group, Active X
568
01/01/1970
?
Sooke School District
The Sooke School District warns parents about a privacy invasion after an employee’s email was hacked.
A hacker manages to take control of the official Twitter account of Buffalo Wild Wings (@BWWings) and posts a number of crude and racist tweets, including one that claims to give out the “secret recipe” for the company’s wings.
Account Hijacking
I Accommodation and food service activities
Cyber Crime
US
Buffalo Wild Wings, @BWWings
570
06/01/2018
?
Several Rhode Island State Agencies
Rhode Island officials say several state agencies are targeted by malware. The list of victims include: the Department of Children, Youth and Families, the Department of Human Services, and the Department of Behavioral Healthcare.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Rhode Island, Department of Children, Youth and Families, Department of Human Services, Department of Behavioral Healthcare
571
06/02/2018
?
Several Australian citizens
Several Australian citizens are the victims of a tech support scam, through which the attackers are able to take over their webcams and upload videos to YouTube.
Account Hijacking
X Individual
Cyber Crime
AU
Australia
572
06/02/2018
Todd Davis aka Lifelock
Holland Eye Surgery & Laser Center
Holland Eye Surgery & Laser Center notifies 42,200 patients about a hack occurred in 2016.
Unknown
Q Human health and social work activities
Cyber Crime
US
Holland Eye Surgery & Laser Center, Todd Davis, Lifelock
573
06/02/2018
?
Shiawassee County
The Shiawassee County financial administrator resigns after being caught in a phishing scam and mistakenly wiring $50,000 to an overseas bank account.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Shiawassee County
574
06/03/2018
?
ZenCash
ZenCash, an upcoming privacy coin, is the victim of a 51% attack.
51% attack
V Fintech
Cyber Crime
US
ZenCash, Crypto
575
06/03/2018
?
Booking.com users
According to multiple reports, unknown cybercriminals launch a phishing campaign targeting Booking.com customers whose information was illegally obtained, possibly by breaching certain partner hotels.
Account Hijacking
X Individual
Cyber Crime
>1
booking.com
576
06/04/2018
?
MyHeritage
MyHeritage, the genealogy website and DNA testing service, warns that the email addresses and hashed passwords of its customer database, approximately 92 million user accounts, have been found on a private server.
Unknown
Q Human health and social work activities
Cyber Crime
US
MyHeritage
577
06/04/2018
?
New York Giants defensive end Avery Moss
Explicit videos and pictures of New York Giants defensive end Avery Moss are posted on his Twitter timeline after his account is hacked.
Account Hijacking
X Individual
Cyber Crime
US
New York Giants, Avery Moss
578
06/04/2018
?
Morinaga Milk Industry Co.
Morinaga Milk Industry Co. says that personal data on up to 92,822 customers may have been stolen as its health food shopping website was hacked. Credit card information belonging to up to 29,773 of the affected customers was leaked and that around 300 cases of illicit use of the information, involving some ¥20 million ($180,000), have been confirmed so far.
Unknown
I Accommodation and food service activities
Cyber Crime
JP
Morinaga Milk Industry Co.
579
06/05/2018
?
Undisclosed Japanese Syndicate Wallet
Shopin, a universal shopper profile using blockchain and Artificial Intelligence, releases an official statement indicating that a significant token distributor was hacked on June 1st, resulting in a loss of more than $10 million USD of a variety of tokens, including Ethereum, Level Up, Orbs, and Shopin Tokens.
Account Hijacking
V Fintech
Cyber Crime
JP
Shopin, Level Up, Orbs, Crypto
580
06/05/2018
?
WordPress Sites
Security researchers from Wordfence reveal the details of BabaYaga, a malware targeting WordPress sites characterized by sophisticated self-preserving mechanisms.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Wordfence, BabaYaga
581
06/06/2018
?
PageUp
Australia-based human resources firm PageUp confirms it found "unusual" activity on its IT infrastructure on May 23, which has resulted in the potential compromise of client data.
Malware/PoS Malware
S Other service activities
Cyber Crime
AU
PageUp
582
06/06/2018
?
Multiple Targets
Researchers from the GuardiCore security team reveal the details of Operation Prowli, a gigantic botnet of over 40,000 infected web servers, modems, and other IoT devices, used for cryptocurrency mining, and for redirecting users to malicious sites.
>1
Y Multiple Industries
Cyber Crime
>1
GuardiCore, Operation Prowli, Crypto, Monero
583
06/06/2018
Sofacy
Government organizations dealing with foreign affair
Researchers from Palo Alto Networks Unit 42 reveal the details of Zebrocy, a new campaign carried on by the Sofacy group via phishing attacks that contain malicious Microsoft Office documents with macros as well as simple executable file attachments.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
>1
Palo Alto Networks, Unit 42, Sofacy, Zebrocy
584
06/06/2018
?
Litecoin Cash
Litecoin Cash is the latest crypto currency to suffer a 51% attack.
51% attack
V Fintech
Cyber Crime
N/A
Litecoin Cash
585
06/06/2018
?
Brazilian users of online banking services.
Researchers from Kaspersky Lab discover a malicious Chrome Extension available in the Chrome Web Store, targeting Brazilian users of online banking services.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
BR
Kaspersky Lab
586
06/07/2018
?
High-profile targets in Russia and Ukraine
Researchers from ESET reveal the details of Invisimole, a campaign active since 2013 targeting entities in Russia and Ukraine.
Targeted Attack
Y Multiple Industries
Cyber Espionage
RU
UA
ESET, Invisimole
587
06/07/2018
?
Targets in Middle East
Researchers from ICEBRG and 360 Core Security reveal a wave of attacks leveraging the unpatched CVE-2018-5002 Adobe vulnerability.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
360 Core Security, CVE-2018-500, Adobe, ICEBRG
588
06/07/2018
?
Russian service centers offering maintenance and support for various electronic goods.
Security researchers from Fortinet spot a series of attacks targeting Russian service centers offering maintenance and support for various electronic goods.
Vulnerability
N Administrative and support service activities
Cyber Crime
RU
Fortinet, CVE-2017-11882
589
06/07/2018
?
City of Wellington
Wellington officials reveal to have been recently notified by Superion, their software vendor, about potential unauthorized charges on credit cards used by customers to pay their utility bills.
Vulnerability
X Individual
Cyber Crime
US
Wellington, Superion
590
06/07/2018
?
RISE Wisconsin
RISE Wisconsin formerly Community Partnerships and Center for Families) notifies its participants of a ransomware attack occurred on April 8, 2018.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
RISE Wisconsin, ransomware
591
06/08/2018
Alleged State-sponsored Chinese hackers
US Navy Contractor
Chinese government hackers have compromised the computers of a Navy contractor, stealing 600+ Gb of highly sensitive data related to undersea warfare, including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The attack occurred in January and February.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
US
China
592
06/08/2018
?
Elmcroft Senior Living
The personal information of Elmcroft Senior Living residents and their family members, employees and others could have been stolen in a data breach that occurred in mid-May.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Elmcroft Senior Living
593
06/08/2018
?
Terros Health
Terros Health warns that 1,600 patient records were exposed in a data breach earlier this spring. The breach, due to a phishing attack, was discovered on April 12 and happened November 16, 2017.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Terros Health
594
06/08/2018
?
Multiple Targets
Researchers from Barkly reveal a malicious spam campaign distributing .IQY files, simple text files that open by default in Excel and are used to download data from the Internet. These files are highly evasive for AVs.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Barkly, IQY
595
06/08/2018
?
Undisclosed Italian Companies
Researchers from Yoroi reveal the details of DMOSK, a malware targeting specifically Italian firms.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
IT
Yoroi, DMOSK
598
06/11/2018
?
Bank of Chile
Shares in the Bank of Chile are down after it confirms hackers siphon off $10 million of its funds, mainly to Hong Kong. However the bank says no client accounts have been impacted. Apparently a wiper malware was used to conceal the real purpose of the attack.
Fraudulent SWIFT Transactions
K Financial and insurance activities
Cyber Crime
CL
Bank of Chile, SWIFT
599
06/11/2018
?
Coinrail
Coinrail, a South Korean cryptocurrency exchange, says that its systems have been hacked. It is believed that hackers stole about 40 billion won (US$37.2 million) worth of cryptocurrency from Coinrail, including 21 billion won worth of Pundi X and 14.9 billion won worth of Aston.
Unknown
V Fintech
Cyber Crime
KR
Coinrail, Pundi X, Aston, Crypto
600
06/11/2018
Lazarus Group
South Korean Think Tank
North Korea-linked Lazarus APT Group planted an ActiveX zero-day exploit on the website of a South Korean think tank focused on national security.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
KR
Lazarus Group, ActiveX
601
06/12/2018
?
Misconfigured Ethereum Mining Rigs and applications
According to Chinese internet security firm Qihoo 360 Netlab, hackers have stolen $20 million in ether from poorly configured Ethereum mining rigs and third-party applications.
Misconfigured Ethereum Rigs
V Fintech
Cyber Crime
>1
Qihoo 360 Netlab, Ethereum, Crypto
602
06/12/2018
One or more people in Russia?
Clarifai
A lawsuit filed by a former employee alleges that AI startup Clarifai’s computer systems were compromised by one or more people in Russia, potentially exposing technology used by the US military. The lawsuit says Clarifai learned of the breach last November, but did not promptly report it to the Pentagon.
Targeted Attack
M Professional scientific and technical activities
Cyber Espionage
US
Clarifai, Pentagon, Russia
603
06/12/2018
?
Mexican National Action Party (PAN)
The website of the Mexican National Action Party is hit by a cyber attack during the final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate.
DDoS
S Other service activities
Cyber Crime
MX
Mexican National Action Party, PAN
604
06/12/2018
?
Single Individuals
Researchers from Fortinet discover PyRoMineIoT, a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance exploit to spread.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Fortinet. PyRoMineIoT, EternalRomance
605
06/12/2018
?
Multiple Targets
Researchers from Kromtech reveal that over a dozen malicious docker images have been available on Docker Hub for 30 days, allowing hackers to earn $90,000 in cryptojacking profits.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Kromtech, Docker, Monero, Crypto
606
06/12/2018
?
Massachusetts Clean Energy Center
An audit reveals that a scammer stole nearly $94,000 in public funds from the Massachusetts Clean Energy Center last year.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Massachusetts Clean Energy Center
607
06/12/2018
?
National Network and Electronic Services Agency (NASES)
Slovak Hydro-meteorological Institute (SHMÚ)
slovensko.sk
Several Slovakian websites are hit by a wave of DDoS attacks.
DDoS
O Public administration, defence, compulsory social security
Cyber Crime
SK
National Network and Electronic Services Agency, NASES, Slovak Hydro-meteorological Institute, SHMÚ, slovensko.sk
608
01/01/1970
?
Dixons Carphone
Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. The breach began in July last year and 105,000 cards without chip-and-pin protection have been leaked.
Unknown
G Wholesale and retail trade
Cyber Crime
UK
Dixons Carphone
609
01/01/1970
LuckyMouse AKA EmissaryPanda AKA APT27
Mongolia
Researchers from Kaspersky reveal that the Chinese hacking group LuckyMouse broke into a national data center in Mongolia late last year and planted the HyperBro malware into government websites.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
MN
LuckyMouse, EmissaryPanda, APT27
610
01/01/1970
?
Syscoin
Malicious actors replace the legitimate Windows installer for Syscoin's cryptocurrency with a version containing malware, which was available on the company's Github page for several days.
Malware/PoS Malware
V Fintech
Cyber Crime
CA
Syscoin, Github
611
01/01/1970
?
Single Individuals
Researchers from Qihoo 360 Total Security reveal the details of ClipboardWalletHijacker, a malware campaign infecting over 300,000 computers. The malware's purpose is to intercept content recorded in the Windows clipboard, look for strings resembling Bitcoin and Ethereum addresses, and replace them with ones owned by the malware's authors.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Qihoo 360 Total Security, ClipboardWalletHijacker, Crypto
612
01/01/1970
?
AcFun
According to a statement by the company, millions of user accounts of the Chinese video sharing platform AcFun are hacked. According to the same statement, the accessed data includes the user IDs, nicknames and passwords of nearly 10 million users. The company urges them to change their password.
Unknown
R Arts entertainment and recreation
Cyber Crime
CN
AcFun
613
01/01/1970
Hidden Cobra
Multiple Targets
The US Department of Home Security issues a new warning over a new type of malware coming from the Hidden Cobra group. The new variant is known as “TYPEFRAME".
Targeted Attack
Y Multiple Industries
Cyber Espionage
US
Hidden Cobra, TYPEFRAME
614
01/01/1970
?
HealthEquity
About 23,000 accounts are compromised by a data breach that took place at HealthEquity in April when an employee fell for a phishing scam.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
HealthEquity
615
01/01/1970
?
Multiple Targets
Researchers from Trend Micro reveal another version of the MuddyWater campaign using a Powershell-based PRB-Backdoor. The malware is dubbed W2KM_DLOADR.UHAOEEN.
Targeted Attack
O Public administration, defence, compulsory social security
Researchers from ThreatFabric discover a new malware strain still under development, dubbed MysteryBot, which blends the features of a banking trojan, keylogger, and mobile ransomware.
Med Associates, notifies of a security incident that may have compromised its patients protected information.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Med Associates
618
01/01/1970
?
Vulnerable IoT devices
Researchers from Qihoo 360 Total Security discover a spike in traffic, coming from the infamous Satori botnet, and directed to port TCP 8000, attempting to exploit CVE-2018-10088.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
Qihoo 360 Total Security, TCP 8000, CVE-2018-10088.
619
01/01/1970
?
Multiple Targets in Singapore
Researchers at F5 Labs and Loryka observe a spike in the number of cyber-attacks targeting Singapore from June 11 to June 12, in the wake of the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un.
>1
Y Multiple Industries
Cyber Warfare
>1
F5 Labs, Loryka, Donald Trump, Kim Jong-un
620
06/06/2018
?
Danielle Lloyd
Danielle Lloyd, English model and former Miss England and Miss Great Britain, has her iCloud account hacked, with attackers stealing intimate images that were eventually posted online.
Account Hijacking
X Individual
Cyber Crime
UK
Danielle Lloyd
621
01/01/1970
?
Black River Medical Center
Black River Medical Center in Missouri notifies an unspecified number of patients potentially affected by a phishing incident discovered on April 23.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Black River Medical Center
622
01/01/1970
?
Liberty Life
Liberty Life's IT system are attacked by unknown hackers, who reportedly obtain sensitive data about some of the insurer's top clients and ask for a ransom.
Unknown
K Financial and insurance activities
Cyber Crime
ZA
Liberty Life
623
01/01/1970
?
Andy Android Emulator users
A GPU Miner Trojan is installed along with the popular Andy Android emulator.
Malware/PoS Malware
X Individual
Cyber Crime
US
Andy Android
624
01/01/1970
?
Carepartners
CarePartners' computer system is breached and as a result patient and employee information including personal health and financial information, are inappropriately accessed.
Unknown
Q Human health and social work activities
Cyber Crime
CA
CarePartners
625
01/01/1970
Thrip
Satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia
Researchers from Symantec reveal the details of Thrip, a sophisticated hacking campaign launched from computers in China targeting satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, active from 2013.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Symantec, Thrip, China
626
01/01/1970
?
Flightradar24
Users of the popular flight-tracking site flightradar24 are told to change their passwords after the site warns of a data breach. The breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).
Unknown
S Other service activities
Cyber Crime
SE
Flightradar24
627
01/01/1970
?
Individuals in the US
Researchers at Bitdefender discover Zacinlo, a newly uncovered form of stealthy and persistent malware distributing adware to victims across the world while also allowing attackers to take screenshots of infected machines' desktops. The vast majority of Zacinlo victims are in the US, with 90 percent of those infected running Microsoft Windows 10.
Malware/PoS Malware
X Individual
Cyber Crime
US
Bitdefender, Zacinlo
628
01/01/1970
?
Med Associates
Med Associates notifies its patients that the facility suffered a data breach on March 22, when unusual activity was detected, potentially exposing PII, including medical diagnosis and payment card information of about 270,000 patients.
Unknown
Q Human health and social work activities
Cyber Crime
US
Med Associates
629
01/01/1970
?
Financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.
Researchers from Kaspersky Lab reveal to have detected Olympic Destroyer infections across Europe in May and June 2018. New victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Olympic Destroyer, Kaspersky Lab
630
01/01/1970
?
Android Users
Malware researchers from ESET discover a new strain of Android RAT, tracked as HeroRat, that leverages Telegram protocol for command and control, and data exfiltration.
Malware/PoS Malware
X Individual
Cyber Crime
>1
ESET, Android, HeroRat, Telegram
631
01/01/1970
?
Fortnite players
Malwarebytes reveal the details of a campaign carried on via a fake installer for the famous video game Fortnite.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Fortnite, Malwarebytes
632
01/01/1970
?
Bithumb
South Korean cryptocurrency exchange Bithumb says that 35 billion won ($31.5 million) worth of virtual coins have been stolen by hackers.
Unknown
V Fintech
Cyber Crime
KR
Bithumb
633
01/01/1970
?
Multiple Targets
Researchers from Deep Instinct reveal the details of Mylobot, a complex botnet that uses a never before seen combination of evasion techniques,
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Mylobot, Deep Instinct
634
01/01/1970
?
Unknown target (probably an embassy)
Researchers from AlienVault uncover a new Afghanistan-based attack disguised as a recent article from a Middle Eastern news, leveraging a Metasploit backdoor.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
N/A
AlienVault, Afghanistan
635
01/01/1970
?
Road Sign close to ICE (U.S. Immigration and Customs Enforcement)
Someone hacks a road sign close to the ICE headquarter in Portland and defaces it with the “Abolish ICE” message.
Unknown
O Public administration, defence, compulsory social security
Hacktivism
US
ICE, U.S. Immigration and Customs Enforcement
636
01/01/1970
?
Android Users
RiskIQ reveals the details of a new malicious Android app that has infected at least 60,000 devices, gaining the ability to extract some important information from each device along with installing some ad click malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Android, RiskIQ
637
01/01/1970
?
Vulnerable Drupal servers
Researchers from Trend Micro observe a series of network attacks exploiting the Drupal vulnerability CVE-2018-7602 to turn affected systems into Monero-mining bots.
Researchers at Sucuri discover a very simple evasion technique to infect again Magento websites after their malicious code has been removed.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Sucuri, Magento
639
01/01/1970
?
Humana
Health insurer Humana notifies an unspecified number of health plan members after detecting and blocking a credential stuffing attack against Humana.com and Go365.com. The attacks took place on June 3 and June 4 from overseas IP addresses.
Credential Stuffing
Q Human health and social work activities
Cyber Crime
US
Humana
640
01/01/1970
?
Indian Businessman
The email of a city-based businessman is hacked and INR12.5 lakh (USD 18,230) stolen and transferred to two bank accounts in China.
Account Hijacking
X Individual
Cyber Crime
IN
641
01/01/1970
?
PDQ
PDQ, a fast-casual dining restaurant warns customers about a cyber attack on its computer systems in which hackers were able to access or acquire personal information from the chain’s customers who paid with credit cards. The breach lasted nearly a year, from May 19, 2017 to April 20, 2018.
Remote access
I Accommodation and food service activities
Cyber Crime
US
PDQ
642
01/01/1970
?
Entities in South East Asia
Security researchers at Palo Alto Networks uncover a new cyber espionage group tracked as RANCOR that has been targeting entities in South East Asia, using two previously unknown strains of malware dubbed DDKONG and PLAINTEE.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Palo Alto Networks, RANCOR, DDKONG, PLAINTEE
643
01/01/1970
?
cryptocurrency exchanges
Security researchers at AlienVault uncover a series of cyber attacks on cryptocurrency exchanges, carried on by the infamous Lazarus Group, and leveraging weaponized HWP documents (Hangul Word Processor documents). The researchers suspect the same actors are behind the attack to Bithumb,
Targeted Attack
V Fintech
Cyber Crime
>1
AlienVault, Lazarus Group, Hangul Word Processor, HWP, Bithumb
644
01/01/1970
Tick APT
South Korean defense company
Researchers from Palo Alto Networks uncover a new operation conducted by the cyber espionage group known as Tick APT. The campaign targets a secure USB drive built by a South Korean defense company.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
KR
Tick APT, South Korea
646
01/01/1970
?
Midwest City
Midwest City, Oklahoma, reports that about 2,300 customers are potentially affected by a breach involving Superion's software Click2Gov.
Vulnerability
O Public administration, defence, compulsory social security
Cyber Crime
US
Midwest City, Superion, Click2Gov
648
01/01/1970
?
FastBooking
The personal details and payment card data of guests from hundreds of hotels, are stolen by an unknown attacker from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries. The breach occurred on June 14.
Vulnerability
J Information and communication
Cyber Crime
FR
FastBooking
649
01/01/1970
?
Single Individuals
Security researchers at Kaspersky discover an adware written in Python targeting Windows-based computers. The adware is dubbed PBot (PythonBot) and is also able to install cryptocurrency miner and ad extensions in the browser.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Kaspersky, Pbot, Crypto
650
01/01/1970
?
Ticketmaster
Ticketing service Ticketmaster announces a data breach affecting roughly 5% of its entire customer base, resulting in the theft of customer data, Ticketmaster login information, and payment details. The breach didn't occur at Ticketmaster itself, but at Inbenta, a provider of AI-powered live chat widgets, which Ticketmaster was deploying on some of its localized sites across the world.
Unknown
R Arts entertainment and recreation
Cyber Crime
US
Ticketmaster, Inbenta
651
01/01/1970
?
Red Hen Restaurant
Researchers from Malwarebytes discover that the Red Hen restaurant that refused to serve Sarah Sanders is hit by a SEO Spam cyberattack
SEO Spam
I Accommodation and food service activities
Cyber Crime
US
Red Hen, Malwarebytes, Sarah Sanders
652
01/01/1970
Apophis Squad
ProtonMail
ProtonMail is hit by a DDoS attack
DDoS
J Information and communication
Cyber Crime
CH
ProtonMail, Apophis Squad
653
01/01/1970
?
Connecticut Higher Education Trust (CHET)
Unauthorized individuals gain access to 21 accounts of the Connecticut Higher Education Trust (CHET) and make 44 withdrawals, for a total of $1,416,635, of which, $442,540 is recovered or stopped.
Account Hijacking
P Education
Cyber Crime
US
Connecticut Higher Education Trust, CHET
654
01/01/1970
?
Z Energy Ltd
New Zealand-based fuel supplier Z Energy Ltd says it has been presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017.
Unknown
S Other service activities
Cyber Crime
NZ
Z Energy Ltd
655
01/01/1970
?
Cyanweb Solutions
Digital marketing and web provider Cyanweb Solutions looses nearly all customer data and backups after a “criminal hacking incident” that compromises one of its servers.
Unknown
M Professional scientific and technical activities
Cyber Crime
AU
Cyanweb Solutions
656
01/01/1970
?
Adidas
Adidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers. A preliminary investigation found the leaked data includes contact information, usernames and encrypted passwords.
Unknown
G Wholesale and retail trade
Cyber Crime
US
Adidas
657
01/01/1970
?
Official website of Ernakulam Siva Temple
The official website of Ernakulam Siva Temple is defaced with anti-national slogans and offensive language besides a Pakistan flag.
Defacement
S Other service activities
Hacktivism
IN
Ernakulam Siva Temple
658
01/01/1970
?
GitHub account of the Gentoo Linux distribution
An unknown hacker temporarily takes control over the GitHub account of the Gentoo Linux organization and embed malicious code inside the operating system's distributions that would delete user files. The malicious code fails to trigger properly and users' files remain safe.
>1
S Other service activities
Cyber Crime
US
GitHub, Gentoo Linux
659
01/01/1970
?
Single Individuals
Researchers from FireEye discover for the first time one malware campaign using the innovative PROPagate technique to inject malware into legitimate processes.
Malware/PoS Malware
X Individual
Cyber Crime
>1
FireEye, PROPagate
660
01/01/1970
?
Multiple Targets
After observing attacks on customers, Cisco tells users to install the fix for CVE-2018-0296, a denial-of-service flaw, discovered on June 6, affecting a number of its security appliances.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
CVE-2018-0296, Cisco
661
01/01/1970
?
City of Midland
City of Midland is the latest municipality being breached because of a vulnerability in the Superion’s Click2Gov application.
Vulnerability
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Midland. Superion, Click2Gov
662
01/01/1970
?
Middletown school district
The Middletown School District is hit by a ransomware.
Malware/PoS Malware
P Education
Cyber Crime
US
Middletown school district, ransomware
663
01/01/1970
?
South Eastern Regional College (SERC)
Personal information of hundreds of staff at the South Eastern Regional College is compromised after detecting suspicious email activity as the consequence of a hack.
Account Hijacking
P Education
Cyber Crime
IE
South Eastern Regional College, SERC
664
01/01/1970
?
Typeform
Barcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.
Unknown
S Other service activities
Cyber Crime
ES
Typeform
665
01/01/1970
?
Algonquin College
The Algonquin College publishes a note indicating that the education community is still not sure how many current and former students and employees could be affected by a cyber attack that happened weeks earlier. However the note suggests that the impacted people could be thousands.
Unknown
P Education
Cyber Crime
CA
Algonquin College
666
01/01/1970
?
Single Individuals
Researchers from Bleeping Computers discover a new Clipboard Hijacker Malware able to monitor 2.3 Million bitcoin addresses.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Bleeping Computer, crypto
667
01/01/1970
?
Single Individuals
Security researchers spot a new Mac malware family, dubbed OSX.Dummy, advertised on cryptocurrency-focused Slack and Discord channels.
Malware/PoS Malware
X Individual
Cyber Crime
>1
OSX.Dummy, Crypto
668
01/01/1970
?
Notre Dame de Namur University
Notre Dame de Namur University notifies some financial aid applicants that their information may have been compromised when an employee fell prey to a phishing attack on April 23, 2018.
Account Hijacking
P Education
Cyber Crime
US
Notre Dame de Namur University
669
01/01/1970
?
Manitowoc County
Manitowoc County officials release more information about a data breach of a Manitowoc County email account in January, when an employee falls victim of a phishing attack.
Account Hijacking
P Education
Cyber Crime
US
Manitowoc County
670
01/01/1970
?
Linux-Based servers
Researchers from Trend Micro uncover a malware bot that infects Linux-based servers and connected devices with a cryptominer that appears to transfer funds to the operators of a Chinese money-making scam website.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Trend Micro
671
01/01/1970
?
Klook Travel
Klook Travel informs its users about a data breach incident it suffered. The attackers exploited a malicious JS code associated with SOCIAPlus, a third-party tool integrated on the site.
Malicious JS
I Accommodation and food service activities
Cyber Crime
HK
Klook Travel, SOCIAPlus
672
01/01/1970
?
Hunt Regional Medical Center
Hunt Regional Medical Center notifies patients of a possible breach due to the hack of an employee email occurred on May 1st, 2018.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Hunt Regional Medical Center
673
07/01/2018
?
Trezor
The team behind the Trezor multi-cryptocurrency wallet service discovers a phishing attack against some of its users that took place over the weekend, carried on via DNS poisoning or BGP hijacking.
BGP Poisoning or DNS Hijacking
V Fintech
Cyber Crime
CZ
Trezor, Crypto
674
07/02/2018
?
Fortnum & Mason
Luxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.
Unknown
G Wholesale and retail trade
Cyber Crime
UK
Fortnum & Mason
675
07/02/2018
?
Whitbread
Whitbread’s online recruitment system has suffered a data breach, affecting a number of the company’s brands including Premier Inn, and the UK outlets of Costa Coffee. The breach is a consequence of the attack to PageUp.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
UK
Whitbread, Premier Inn, Costa Coffee, PageUp.
676
07/02/2018
?
Fortnite players
Tens of thousands of Fortnite users are infected by malware after downloading a fake cheating app.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Fortnite
677
07/03/2018
?
Taiwan Democratic Progressive Party's (DPP)
The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading "Chinese netizens are supporting Tsai Ing-wen to run for re-election" in simplified Chinese characters.
Defacement
S Other service activities
Hacktivism
TW
Taiwan, Democratic Progressive Party, DPP
678
07/03/2018
?
Israeli Military
The Israeli military say it had uncovered a plot by Hamas militants to spy on soldiers by befriending them on social media and then luring them into downloading fake dating applications that gave Hamas access to their smartphones.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Espionage
IL
Israel, Hamas
679
07/03/2018
?
Domain Factory
German hosting provider Domain Factory experiences a data breach which has exposed customer data. After an unknown threat actor posts claims that suggest they had managed to compromise the firm's systems and access information, the company launches an investigation and finds the claims to be true and says that customer data "was accessed by an outside party without authorization" on 28 January 2018.
Vulnerability
J Information and communication
Cyber Crime
DE
Domain Factory
680
07/03/2018
Charming Kitten, Newscaster, or Newsbeef.
Single Individuals
ClearSky Security reveals that the malicious actor Charming Kitten, which the company previously exposed, built a phishing website impersonating the company and attempting to spear-phish people interested in reading reports.
Researchers from Cisco Talos discover a new version of Smoke Loader, a malicious application that can be used to load other malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Cisco, Talos, Smoke Loader
682
07/03/2018
?
Single Individuals
Researchers at Malwarebytes reveal the details of an operation leveraging shortlinks and traffic distribution system to infect users and mine Monero using the CPN Miner.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Malwarebytes, Monero, CPN Miner, Crypto
683
07/03/2018
?
Single Individuals
Researchers from Trend Micro uncover an unusual malicious macro-based malware campaign that modifies infected users' shortcut files so that they secretly download a backdoor program.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Trend Micro
685
07/05/2018
?
Yatra.com
Online travel booking website Yatra.com is compromised and attackers steal 5 Million user records that include email address & physical addresses, phone numbers & plain text passwords & PINs.
The breach happened back in 2013, and it came to light now.
Unknown
I Accommodation and food service activities
Cyber Crime
IN
Yatra.com
686
07/05/2018
?
MSK Group
MSK Group notifies patients of a data security incident that they discovered on May 7, due to an unauthorized access to certain parts of the network at times over several month.
Unknown
Q Human health and social work activities
Cyber Crime
US
MSK Group
687
07/06/2018
Chinese Government
Australian National University
China-based hackers have successfully infiltrated the IT systems at the Australian National University, potentially compromising the home of Australia's leading national security college and key defence research projects.
Targeted Attack
P Education
Cyber Espionage
AU
Australian National University
688
07/06/2018
?
CVE-2018-7600 Vulnerable servers
Researchers from Akamai reveal the details of DrupalGangster, yet another Monero-mining campaign based on XMRig and lukMiner exploiting the Drupalgeddon 2 vulnerability CVE-2018-7600.
B&B Hospitality Group (B&BHG) announces that it has identified and addressed a payment card security incident that affected nine restaurants in the New York metropolitan area.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
US
B&B Hospitality Group, B&BHG
690
07/06/2018
?
VSDC
Research from Qihoo 360 Total Security reveal that hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software. Three different incidents have been recorded during which hackers changed the download links on the VSDC website with links that initiated downloads from servers operated by the attackers.
Malware/PoS Malware
J Information and communication
Cyber Crime
NZ
Qihoo 360 Total Security, VSDC
691
07/06/2018
?
Lake Oswego School District
Lake Oswego School District warns students about a phishing email after the District Twitter account and an employee email accounts are hacked.
Account Hijacking
P Education
Cyber Crime
US
Lake Oswego School District
692
07/07/2018
?
Blizzard Entertainment
Blizzard Entertainment is hit by a DDoS attack. Players of Overwatch, Heroes of the Storm, and World of Warcraft are affected.
DDoS
R Arts entertainment and recreation
Cyber Crime
US
Blizzard Entertainment, Overwatch, Heroes of the Storm, World of Warcraft
693
07/08/2018
?
Timehop
Timehop discloses a security breach that has compromised the personal data of 21 million users (essentially its entire user base). Around a fifth of the affected users have also had a phone number that was attached to their account breached in the attack. The breach was discovered on July 4, while the attack was in progress.
Account Hijacking
J Information and communication
Cyber Crime
US
Timehop
694
07/08/2018
Gaza Cybergang APT
Institutions across the Middle East, specifically the Palestinian Authority.
Researchers from Check Point reveal the details of Big Bang, an operation carried on by the Gaza Cybergang APT against institutions across the Middle East, specifically the Palestinian Authority.
Targeted Attack
Y Multiple Industries
Cyber Espionage
PS
Check Point, Big Bang, Palestine, Gaza Cybergang APT
695
07/09/2018
?
Bancor
Token creation platform Bancor goes offline following a "security breach" that sees the platform lose millions of dollars worth of cryptocurrency. The company lost roughly $13.5 million in the hack and the value of the coin loses quickly 20%. The breach was carried on via the compromise of the free VPN service Hola.
Account Hijacking
V Fintech
Cyber Crime
CH
Bancor, Crypto, Hola
696
07/09/2018
?
Gas Station in Detroit
Police in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. Authorities believe the thieves used some sort of remote device to take control of the pump. At least 10 cars filled up for free during that time.
Remote Device?
H Transportation and storage
Cyber Crime
US
Detroit
697
07/09/2018
?
Macy's Inc.
Macy's Inc. warns customers that hackers compromised the login information of some users of the retailer's websites. The suspicious activity took place from April 26 to June 12. A third party obtained valid usernames and passwords through websites not related to macys.com or bloomingdales.com and used those to gain access to customers' accounts.
Account Hijacking
G Wholesale and retail trade
Cyber Crime
US
Macy's Inc.
698
07/09/2018
BlackTech
Multiple Targets
Researchers from ESET discover a new malware campaign misusing stolen digital certificates from D-Link Corporation and Changing Information Technology. Two different malware families that were misusing the stolen certificate – the Plead malware, a remotely controlled backdoor, and a related password stealer component, allegedly used by the cyberespionage group BlackTech.
Malware/PoS Malware
Y Multiple Industries
Cyber Espionage
>1
ESET, D-Link Corporation, Changing Information Technology, BlackTech.
699
07/09/2018
Magecart APT
Inbenta Technologies
Researchers from RiskIQ reveal the real extension of the third-party breach that compromised the data of several Ticketmaster UK customers. More than 800 e-commerce sites were compromised.
Malicious code injection
N Administrative and support service activities
Cyber Crime
ES
Inbenta Technologies, RiskIQ, TicketMaster
700
07/10/2018
?
Arch Linux
Yet another Linux distribution compromised. This time it's up to Arch Linux, which has three downloadable software packages in the AUR, short for Arch User Repository, rebuilt to contain malware.
Malware/PoS Malware
J Information and communication
Cyber Crime
N/A
Arch Linux
701
07/10/2018
TEMP.Periscope
Cambodia
Researchers from FireEye reveal a large scale operation from TEMP.Periscope, a Chinese cyber espionage group seeking to monitor the country’s upcoming and contentious July 29 national elections.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
KH
TEMP.Periscope, FireEye
702
07/10/2018
?
U.S. Air Force
Security Firm Recorded Future identifies an attempted sale of what is believed to be highly sensitive U.S. Air Force documents pertaining to the MQ-9 Reaper drone. The attack was carried on via the default FTP authentication credentials in Netgear routers.
Vulnerability
O Public administration, defence, compulsory social security
Cyber Crime
US
Recorded Future, MQ-9 Reaper, Netgear
703
07/10/2018
?
Turkish Android users
Researchers from IBM X-Force discover a campaign distributing the Marcher (aka Marcher ExoBot) and BankBot Anubis mobile banking Trojans via malicious apps in Google Play. It’s believed that at least 10,000 people have downloaded the malware.
Malware/PoS Malware
X Individual
Cyber Crime
TR
IBM X-Force, Marcher ExoBot, BankBot Anubis, Google Play
704
07/10/2018
?
Career and Technology Education Centers (C-TEC)
Career and Technology Education Centers (C-TEC) reveals it suffered a possible data breach earlier this year that could have exposed individuals' names and Social Security numbers. The breach happened on May 25 when an unauthorized person had access to a private file for several minutes.
Unknown
P Education
Cyber Crime
US
Career and Technology Education Centers, C-TEC
705
07/10/2018
?
Cass Regional Medical Center
Cass Regional Medical Center, a Missouri health care center, announces that they have been affected by an undisclosed ransomware. This incident affected their internal communications system and their electronic health record (EHR) system.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Cass Regional Medical Center, ransomware
706
07/11/2018
?
BP
BP emails about 60,000 people who applied for jobs in its retail stores since 2008 to notify them they could have had their personal information accessed by hackers. The company originally thought about 10,000 applicants' data had been breached. The breach is a consequence of the attack to PageUp.
Malware/PoS Malware
D Electricity gas steam and air conditioning supply
Cyber Crime
UK
BP, PageUp
707
07/11/2018
?
Chlorine distillation plant in Ukraine
The Ukrainian Secret Service (SBU) reveals it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region. The SBU accuses Russia of operating the malware and launching the attack.
Malware/PoS Malware
D Electricity gas steam and air conditioning supply
Cyber Warfare
UA
VPNFilter, Russia, Aulska
708
07/11/2018
?
Ammyy
Researchers from ESET reveal that on June 13 or 14, the Ammyy website was compromised to serve a malware-tainted version of this otherwise legitimate software bundling the Kasidet trojan. To add an interesting twist to the incident, the attackers tried to hide their malicious activity behind the brand of the ongoing FIFA World Cup.
Malware/PoS Malware
J Information and communication
Cyber Crime
US
ESET, Ammyy, Kasidet, FIFA World Cup
709
07/11/2018
?
Major International Airport
While researching underground hacker marketplaces, researchers from McAfee discover that access linked to security and building automation systems of a major international airport could be bought for only US$10.
Account Hijacking
H Transportation and storage
Cyber Crime
US
McAfee, RDP
710
07/11/2018
?
Aviation ID Australia
Aviation ID Australia, the company that issues Aviation Security Identity Cards (ASICs) is hacked and notifies hundreds of people that their ASIC application information may have been stolen.
Unknown
N Administrative and support service activities
Cyber Crime
AU
Aviation ID Australia, Aviation Security Identity Cards, ASICs
711
07/12/2018
?
Single Individuals
A hacker gains access to a developer's npm account and injects malicious code into eslint-scope, a popular JavaScript library, sub-module of the more famous ESLint, a JavaScript code analysis toolkit.
>1
X Individual
Cyber Crime
>1
eslint-scope
712
07/12/2018
?
13 iPhones in India
Researchers from Cisco Talos identify an unprecedented highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices.
Malicious MDM
X Individual
Cyber Crime
IN
Cisco, Talos
713
07/12/2018
?
Samsung service centers in Italy
Security researchers from TG Soft discover an ongoing malware campaign targeting Samsung service centers in Italy leveraging the CVE-2017-11882 Office Equation Editor vulnerability. The campaign appears to be the counterparts of attacks that have previously targeted similar electronics service centers in Russia this year.
Targeted Attack
N Administrative and support service activities
Cyber Espionage
IT
TG Soft, CVE-2017-11882, Samsung
714
07/12/2018
?
Single Individuals
Researchers from Imperva pick up on a spike in SPAM activity directed at sites powered by WordPress, launched by a botnet, with linked sites offered betting services on 2018 FIFA World Cup matches.
Spambot
X Individual
Cyber Crime
>1
Imperva
715
07/12/2018
?
UMC Physicians (UMCP)
UMC Physicians (UMCP) notifies patients who may have been affected by a recent data breach. On May 18, the UMCP IT team discovered an employee’s email account was hacked on March 15, potentially compromising the personal health information of more than 18,000 patients.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
UMC Physicians, UMCP
716
01/01/1970
?
Alive Hospice
Alive Hospice notifies patients whose personal and protected health information were in employee emails that were accessed by an unknown person or persons beginning on December 20, 2017 and again on April 5, 2018 after two employees fell prey to phishing attacks. The attacks were discovered on May 15, 2018.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Alive Hospice
717
01/01/1970
?
Billings Clinic
Billings Clinic discloses a breach exposing details of 8,400 patients. The organization detected anomalous activity on one of the employees’ email accounts on May 14, 2018. The investigation revealed the account was compromised while the employee was traveling overseas.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Billings Clinic
718
01/01/1970
?
Pennsylvania Department of Health
A government spokesman reveal that the Pennsylvania Department of Health’s birth certificate system was shut down for nearly a week last month after someone hacked into an internal website but did not take or alter citizens records.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
US
Pennsylvania Department of Health
719
01/01/1970
?
LabCorp
LabCorp, one of the US largest medical diagnostics companies, investigates a security breach that could have put health records of millions of patients at risk. The company, in a filing with the Securities and Exchange Commission, says it detected “suspicious activities” on its network over the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.”
Unknown
Q Human health and social work activities
Cyber Crime
US
LabCorp
720
01/01/1970
Anonymous
Sant' Andrea Hospital
Hackers from the Anonymous leak the usernames and passwords from 12,000 employees, patients, contractors from the Sant' Andrea Hospital in italy.
SQLi
Q Human health and social work activities
Hacktivism
IT
Anonymous, Sant' Andrea
721
01/01/1970
?
League of Legends Philippines'
League of Legends Philippines' confirms an unauthorized modification in their client lobby code resulting in the injection of the Coinhive Monero miner.
Malware/PoS Malware
X Individual
Cyber Crime
PH
League of Legends Philippines, Monero, Crypto
722
01/01/1970
APT28 AKA Fancy Bear
Italian Military
Security researchers from the Z-Lab at CSE Cybersec reveal the details of Operation "Roman Holiday" an operation carried on by APT28 (AKA Fancy Bear) and targeting the Italian Military.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
IT
Z-Lab, CSE Cybersec, Roman Holiday, APT28, Fancy Bear, Italian Military
723
07/12/2018
Joel Ortiz
Around 40 victims
California authorities arrest Joel Ortiz, a 20-year-old college student, who hijacked more than 40 phone numbers and stole $5 million in bitcoins and other crypto currencies.
SIM Hijacking
X Individual
Cyber Crime
US
Joel Ortiz, Crypto
724
01/01/1970
?
Mahatma Gandhi Mission Hospital
The Mahatma Gandhi Mission Hospital in Mumbai is hit by a ransomware attack.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
IN
Mahatma Gandhi Mission Hospital
725
01/01/1970
?
Mega
Thousands of credentials for accounts associated with New Zealand-based file storage service Mega are published online. The text file contains over 15,500 usernames, passwords, and files names.
Credential Stuffing
J Information and communication
Cyber Crime
NZ
Mega
726
01/01/1970
?
LabCorp
LabCorp, the US' biggest blood testing laboratories network, announces that hackers breached its IT network over the weekend.
Unknown
Q Human health and social work activities
Cyber Crime
US
LabCorp
727
01/01/1970
Andariel Group
South Korean targets
Researchers from Trend Micro discover a new campaign from the Andariel Group carried out via the injection of a malicious script into four compromised South Korean websites for reconnaissance purposes.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
KR
Trend Micro, Andariel Group
728
01/01/1970
?
Sunspire Health
Sunspire Health notifies an undisclosed number of individuals after several employee email accounts were accessed in a phishing attack between March 1, 2018 and May 4, 2018.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Sunspire Health
729
01/01/1970
?
University of Pittsburgh Medical Center - Cole
UPMC Cole has notified 790 patients treated at UPMC Cole that their personal information may have been inappropriately accessed after two phishing attacks on June 7 and June 14.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
UPMC
730
01/01/1970
?
City of Bozeman
The city of Bozeman says some customers that used its Click2Gov utility payment system in 2017 may have had their credit information stolen.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Bozeman, Click2Gov
731
01/01/1970
?
Single Individuals
Researchers from Kromtech discover an automated operation aimed to launder money from stolen credit cards, buying and selling goods for three popular games: Clash of Clans, Clash Royale, Marvel Contest of Champions.
Account Hijacking
X Individual
Cyber Crime
>1
Kromtech, Clash of Clans, Clash Royale, Marvel Contest of Champions
732
01/01/1970
?
Southern College of Optometry
The Southern College of Optometry notifies an undisclosed number of students whose student loan information and Social Security numbers were in an employee email account that was hacked
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Southern College of Optometry
733
01/01/1970
?
Ukrainian government institutions
Researchers from ESET reveal the details of a prolonged cyber espionage campaign active against the Ukrainian Government since 2015. and carried out via three different RATs: Quasar, Sobaken and Vermin.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
UA
ESET, Quasar, Sobaken, Vermin
734
01/01/1970
Blackgear AKA Topgear and Comnie)
Organizations in Japan, South Korea, and Taiwan
Researchers from Trend Micro reveal a new activity of the Blackgear cyber espionage campaign (also known as Topgear and Comnie), targeting public sector agencies and telecommunications and other high-technology industries in Japan, South Korea, and Taiwan.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Trend Micro, Blackgear, Topgear, Comnie, Japan, South Korea, Taiwan
735
01/01/1970
?
UK and European supply companies
Action Fraud warns that malicious actors are impersonating UK universities to defraud out of vast sums of money UK and European supply companies.
Account Hijacking
Y Multiple Industries
Cyber Crime
>1
Action Fraud
736
01/01/1970
?
Ubisoft
Video game publisher Ubisoft suffers a series of massive DDoS attacks. As a result, several Ubisoft gaming servers face connectivity issues.
DDoS
R Arts entertainment and recreation
Cyber Crime
FR
Ubisoft
737
01/01/1970
Anarchy
Vulnerable Huawei devices
Security researchers from NewSky Security reveal the detail of a botnet comprised of over 18,000 Huawei devices in one day, built exploiting the CVE-2017-17215 vulnerability.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
NewSky Security. Huawei. CVE-2017-17215, Anarchy
738
01/01/1970
?
Single Individuals
Denis Sinegubko, a security researcher from Sucuri unveils a malware distribution campaign where the GoogleUserContent CDN is used a malicious image hiding malware code in Exchangeable Image File Format (EXIF) data. The malicious code is used to steal PayPal security tokens.
Cloud-based human resources company ComplyRight reveals that a security breach of its Web site may have compromised sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s thousands of clients on behalf of employees. The breach happened between April 20, 2018 and May 22, 2018.
Unknown
M Professional scientific and technical activities
Cyber Crime
US
ComplyRight
740
01/01/1970
?
Finland
Researchers from F5 Networks reveal a spike of attacks against IoT devices in Finland in the days leading up to the July 16 Helsinki summit between President Donald Trump and Russian President Vladimir Putin.
>1
Y Multiple Industries
Cyber Espionage
FI
F5 Networks, Donald Trump, Vladimir Putin
741
01/01/1970
?
Dasan and D-Link routers
Security researchers from eSentire observe an increase in exploitation attempts targeting Small-Office/Home Office (SOHO) network devices manufactured by Dasan and D-Link. The attacks are carried out via a botnet composed of more than 3,000 source IPs.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
eSentire, Dasan, D-Link
742
01/01/1970
?
Roblox
Roblox, a hugely popular online game for kids, is hacked by an individual who subverts the game’s protection systems in order to have customized animations appear. This allows two male avatars to gang rape a young girl’s avatar on a playground in one of the Roblox games.
Malicious code injection
R Arts entertainment and recreation
Cyber Crime
US
Roblox
743
01/01/1970
?
Liverpool FC
Liverpool FC's fan database is hacked resulting in a serious data breach for around 150 supporters. The club confirms that season ticket holder information - including home addresses and bank details - were stolen from a club email account.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
UK
Liverpool FC
744
01/01/1970
TA505
Single Individuals
Researchers from ProofPoint discover a malicious spam campaign carried out abusing the SettingContent-ms file format.
Malware/PoS Malware
X Individual
Cyber Crime
>1
TA505, ProofPoint, SettingContent-ms
745
01/01/1970
?
SingHealth
Singapore's largest health care group, SingHealth, reveals to have suffered a cyber attack to a company database in which attackers copied information belonging to roughly 1.5 million patients, including the country's prime minster, Lee Hsien Loong. The attack was discovered on July 4 and all patients who visited the clinics from May 1, 2015 through July 4, 2018 were affected.
Targeted Attack
Q Human health and social work activities
Cyber Espionage
SG
SingHealth, Lee Hsien Loong
746
01/01/1970
?
Golden Heart Administrative Professionals
Golden Heart Administrative Professionals, a billing company and business associate of several healthcare providers in Alaska, notifies 44,600 individuals that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a recent ransomware attack. Golden Heart Administrative Professionals.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Golden Heart Administrative Professionals
747
01/01/1970
?
Three U.S. congressional candidates
Microsoft reveals to have helped the U.S. government to fend off attempts by Russia to hack into the campaigns of three congressional candidates earlier this year.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
US
Microsoft, Russia
748
01/01/1970
MoneyTaker
PIR Bank of Russia
Cybercriminals part of the notorious hacking group MoneyTaker attack the PIR Bank of Russia and steal $1M. The hacking is carried out after infiltrating the bank’s systems by compromising an old, outdated router. The router was installed at one of the regional branches of the bank. The attack took place on July 3.
Vulnerability
K Financial and insurance activities
Cyber Crime
RU
PIR Bank of Russia, MoneyTaker
749
01/01/1970
?
MacOS Users
Researchers from Kaspersky Lab uncover Calisto, what appears to be an early developmental prototype of the Proton backdoor malware that typically infects macOS.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Kaspersky Lab, Calisto, Proton, macOS
750
01/01/1970
?
Boys Town National Research Hospital
Boys Town National Research Hospital discloses data breach that may have exposed PHI on 105,309 individuals. The hospital, on May 23, discovered unusual activity relating to an employee’s email account.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Boys Town National Research Hospital
751
01/01/1970
?
Single Individuals
Researchers from Fortinet reveal that the notorious Jigsaw ransomware has been repurposed to steal Bitcoin by altering the addresses of wallets and redirecting payments into accounts owned by the attacker.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Fortinet, Jigsaw, Crypto
752
01/01/1970
?
Vulnerable IoT devices
Researchers from Palo Alto Networks Unit 42 find three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploits affecting Internet of Things (IoT) devices.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Palo Alto Networks, Unit 42, Mirai, Gafgyt
753
01/01/1970
?
NorthStar Anesthesia
NorthStar Anesthesia notifies patients after some employee email accounts are compromised between April 3 and May 24, 2018.
Targeted Attack
Q Human health and social work activities
Cyber Crime
US
NorthStar Anesthesia
754
01/01/1970
?
Clark University
Clark University in Massachusetts notifies some students whose personal information, including Social Security Numbers, were in an employee’s email account that had been accessed between March 19 and March 23rd, amid a phishing attack.
Account Hijacking
P Education
Cyber Crime
US
Clark University
755
01/01/1970
?
Ochre Health Wollongong
An unspecified cyber incident at Ochre Health Wollongong medical centre leaves patients without the possibility to access their patient data.
Unknown
Q Human health and social work activities
Cyber Crime
AU
Ochre Health Wollongong
758
01/01/1970
Dragonfly AKA Energetic Bear
U.S. Utility Control Rooms
Homeland Security Officials reveal that attackers from the malicious actor Dragonfly AKA Energetic Bear might have accessed the control rooms of U.S. Energetic Utilities.
Targeted Attack
D Electricity gas steam and air conditioning supply
Cyber Warfare
US
Dragonfly, Energetic Bear
759
01/01/1970
?
Etherscan.io
Visitors of the popular Ethereum blockchain explorer Etherscan.io are shown a pop-up message showing "1337" indicating the website has been compromised.
Malicious code injection
V Fintech
Cyber Crime
N/A
Ethereum, Etherscan.io, 1337
760
01/01/1970
APT-C-27 AKA Golden Rat
Targets in Syria
Researchers at CSE Cybsec ZLab discover a malicious code revealing that a long-term espionage campaign in Syria attributed to a APT-C-27 group, is still active.
Targeted Attack
Y Multiple Industries
Cyber Espionage
SY
APT-C-27, Golden Rat, CSE Cybsec Zlab
761
01/01/1970
?
Department of Corrections, DOC
A “security incident” occurred on April 3 at a third-party vendor (Accreditation, Audit & Risk Management Security, LLC) may have compromised the personal information of employees, inmates and others involved with the state Department of Corrections.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
US
"Accreditation, Audit & Risk Management Security, LLC", Department of Corrections, DOC
762
01/01/1970
?
The National Bank of Blacksburg
Brian Krebs reveals that hackers used phishing emails to break into a The National Bank of Blacksburg in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. The breaches happened in May 2016 and June 2017.
Account Hijacking
K Financial and insurance activities
Cyber Crime
US
The National Bank of Blacksburg, Brian Krebs
763
01/01/1970
?
Southern Baptist Convention's International Mission Board
The Southern Baptist Convention's (SBC) International Mission Board announces to have suffered a data breach earlier this year (on April 11) exposing the personally identifiable information on its current and former employees, volunteers and applicants.
Unknown
U Activities of extraterritorial organizations and bodies
Cyber Crime
INT
Southern Baptist Convention's International Mission Board
764
01/01/1970
?
Users in Germany, Poland and Japan
Researchers from Proofpoint discover an upgraded version of the Kronos banking trojan, targeting users in Germany, Poland, and Japan.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Proofpoint, Kronos, Germany, Poland, Japan
765
01/01/1970
?
Vulnerable Oracle WebLogic Servers
Security researchers from ISC SANS and Qihoo 360 Netlab reveal to be currently tracking two separate groups who appear to have automated the exploitation of Oracle WebLogic CVE-2018-2893 vulnerability at a large scale.
Ankit Anubhav, a security researcher at NewSky Security discovers a botnet named "Death" composed of vulnerable AVTech devices.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
Ankit Anubhav, NewSky Security, Death, AVTech
767
01/01/1970
?
Verified @AlmostHumanFOX Twitter Account
An apparent hacker is able to hack a discontinued TV show's verified Twitter account (@AlmostHumanFOX) to impersonate Justin Sun, the founder of the decentralized Tron currency and promote a cryptocurrency scam.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
US
Tron, @AlmostHumanFOX, Justin Sun
768
01/01/1970
?
COSCO
A ransomware attack severely disables the U.S. network of COSCO (China Ocean Shipping Company), one of the world's largest shipping companies.
Malware/PoS Malware
H Transportation and storage
Cyber Crime
CN
COSCO, China Ocean Shipping Company, Ransomware
769
01/01/1970
?
Securities Investors Association Singapore (SIAS)
The Securities Investors Association Singapore (SIAS) announces to have suffered a breach. The breach occurred in 2013 and that the NRIC numbers, home addresses, email addresses, mobile and landline numbers of 70,000 people were compromised in the incident.
Unknown
M Professional scientific and technical activities
Cyber Crime
SG
Securities Investors Association Singapore, SIAS
770
01/01/1970
Leafminer
Government organizations and business verticals in various regions in the Middle East
Researchers from Symantec uncover the operations of a threat actor named Leafminer targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Leafminer, Symantec
771
01/01/1970
OilRig group (AKA APT34, Helix Kitten)
Unnamed technology services provider and government entity
Researchers from Palo Alto Networks Unit 42 reveal to have detected multiple attacks by the OilRig group appearing to originate from a government agency in the Middle East. The attacks delivered a PowerShell backdoor called QUADAGENT.
Targeted Attack
Y Multiple Industries
Cyber Espionage
N/A
OilRig, APT34, Helix Kitten, Palo Alto Networks, Unit 42, QUADAGENT
772
01/01/1970
?
Vulnerable SAP and Oracle ERP software
A joint report from Onapsis and Digital Shadows forces the Department of Homeland Security's US-CERT to issue a security advisory warning organizations that attackers are increasingly exploiting vulnerabilities in Enterprise Resource Planning (ERP) software from companies like SAP and Oracle.
Vulnerability
Y Multiple Industries
Cyber Crime
US
Onapsis, Digital Shadows, Department of Homeland Security, US-CERT, ERP, SAP, Oracle
773
01/01/1970
?
Targets in the information technology, healthcare, and retail industries.
Researchers from ProofPoint discover a new remote access Trojan (RAT), dubbed Parasite HTTP.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Proofpoint, Parasite HTTP
774
01/01/1970
?
Kasikornbank (Kbank) and Krungthai Bank (KTB)
Computer systems of Kasikornbank (Kbank) and Krungthai Bank (KTB) are compromised, affecting the security of the personal and corporate data of more than 120,000 customers.
Unknown
K Financial and insurance activities
Cyber Crime
TH
Kasikornbank, Kbank, Krungthai Bank, KTB
775
01/01/1970
?
City of Medford
1,842 Medford residents are impacted by a City of Medford data breach after the city’s online utility billing service is infected with malware. The breaches happened between February 18th through March 14th and March 29th through April 16th.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Medford
776
01/01/1970
Shadow Brokers
Some Banks in Chile
Hackers from the Shadow Brokers gain access to some 14,000 credit card numbers in Chile and publish them on social media.
Unknown
K Financial and insurance activities
Cyber Crime
CL
Shadow Brokers
777
01/01/1970
APT28 AKA Fancy Bear
Sen. Claire McCaskill
Sen. Claire McCaskill is the target of a spear phishing campaign allegedly orchestrated by the infamous Fancy Bear AKA APT28.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
US
Claire McCaskill, Fancy Bear, APT28
778
01/01/1970
?
KICKICO
KICKICO, an Initial Coin Offering (ICO) project suffers a security breach. Attackers access the private key of the smart contract and as a result, steal more than 70 million KickCoins which is around $7.7 million.
Vulnerability
V Fintech
Cyber Crime
RU
KICKICO, Crypto
779
01/01/1970
?
Yale University
Yale University notifies members of breach that took place between 2008 and 2009, when a threat actor managed to access a database and exfiltrate names, Social Security numbers, and dates of birth. The breach was discovered on June 16 this year.
Unknown
P Education
Cyber Crime
US
Yale University
780
01/01/1970
?
Blue Springs Family Care
Healthcare provider Blue Springs Family Care discloses a ransomware attack resulting from an authorized access that may have also compromised 44,979 patients records.
Malware/PoS Malware
Q Human health and social work activities
Cyber Crime
US
Blue Springs Family Care, ransomware
781
01/01/1970
?
Vulnerable client and servers
Researchers from Kaspersky Lab reveal the details of PowerGhost, a mining campaign based on a PowerShell script able to spread using the EternalBlue exploit.
Researchers from FireEye reveal the details of a new wave of attacks related to the FELIXROOT campaign, targeting individuals in Ukraine, and carried out via a malicious email containing a weaponized document leveraging the CVE-2017-0199 and CVE-2017-11882 exploits.
Targeted Attack
X Individual
Cyber Espionage
UA
FireEye. FELIXROOT, CVE-2017-0199, CVE-2017-11882
783
01/01/1970
?
Single Individuals
Security researchers from Trend Micro reveal the details of Underminer, a new exploit kit, currently active mainly in Asian countries, used to spread rootkits and cryptocurrency-mining (coinminer) malware. The campaign exploits three vulnerabilities: CVE-2015-5119, CVE-2016-0189, CVE-2018-4878.
Microsoft reveals that hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users' computers, tampering the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners.
Unknown
J Information and communication
Cyber Crime
N/A
Microsoft
785
01/01/1970
?
Prison-issued tablets
Idaho prison officials announce in a press release that they've identified 364 inmates who have exploited a vulnerability in their prison-issued tablets and have used it to assign nearly $225,000 worth of digital credits to their tablet accounts.
Vulnerability
S Other service activities
Cyber Crime
US
Idaho
786
01/01/1970
?
Several U.S. state and local government agencies
Several U.S. state and local government agencies report receiving strange letters via conventional mail that include malware-laden compact discs (CDs) apparently sent from China.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
China
787
01/01/1970
?
Single Individuals
Ivan Kwiatkowski, a French security researcher, discovers an adware delivery scheme that involves clone websites that use legitimately-looking domain names to trick victims into downloading famous apps, but which are actually laced with adware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Ivan Kwiatkowski
788
01/01/1970
DarkHydrus
Government agency in the Middle East
Researchers from Palo Alto Networks Unit 42 unveils a targeted attack against a government agency in the Middle East carried out by a threat actor dubbed DarkHydrus.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
N/A
Palo Alto Networks, Unit 42, DarkHydrus
789
01/01/1970
Coaches for the football team at Braden River
Hudl football team
Coaches for the football team at Braden River (Bradenton, Fla.), are caught using a college Hudl account to access opponents’ game and practice videos.
Account Hijacking
P Education
Cyber Crime
US
Braden River, Hudl
790
01/01/1970
Dohaeragon
Kaiser Permanente’s Health Innovations
Kaiser Permanente’s Health Innovations website is defaced by
Defacement
Q Human health and social work activities
Cyber Crime
US
Kaiser Permanente’s Health Innovations, Dohaeragon
791
01/01/1970
@fs0c131y
Telecom Regulatory Authority of India (TRAI) chairman R S Sharma
Alleged personal details of the Telecom Regulatory Authority of India (TRAI) chairman R S Sharma are leaked after he tweeted his 12-digit Unique Identification Authority of India or UIDAI number and challenged hackers.
Account Hijacking
X Individual
Cyber Crime
IN
Telecom Regulatory Authority of India, TRAI, R S Sharma, Unique Identification Authority of India, UIDAI
792
01/01/1970
?
Confluence Health
Confluence Health discloses a patient data breach after an employee email account is hacked on March 30 and May 28, 2018.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Confluence Health
793
01/01/1970
?
Some Banks in Chile
Additional 55,106 cards are leaked in Chile.
Unknown
K Financial and insurance activities
Cyber Crime
CL
Chile
795
01/01/1970
?
UnityPoint Health
UnityPoint Health warns 1.4 million patients their information might have been breached by email hackers after a phishing attack.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
UnityPoint Health
796
01/01/1970
?
Vulnerable MikroTik Routers
Security researchers discover a massive cryptojacking campaign that targets MikroTik routers and changes their configuration to inject a copy of the Coinhive in-browser cryptocurrency mining script in some parts of users' web traffic.
Vulnerability
Y Multiple Industries
Cyber Crime
>1
MikroTik, Crypto
797
01/01/1970
Sandsworm
Spiez Laboratory
The state-run Spiez laboratory near Bern, which analyzed the nerve agent samples from Salisbury, reveals to have been targeted by hackers believed to be linked to the Russian government ahead of a conference of chemical and biological warfare.
Targeted Attack
M Professional scientific and technical activities
Cyber Warfare
CH
Spiez laboratory, Russia, Sandsworm, Salisbury
798
01/01/1970
?
Single Individuals
Researchers from Palo Alto Networks Unit 42 discover 145 Google Play apps infected with Windows malware and available since October 2017. The apps are removed by Google.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Palo Alto Networks, Unit 42, Google Play, Google, Android, Windows
799
01/01/1970
?
Single Individuals
Researchers from Check Point reveal the details of a massive malvertising campaign dubbed Master134 attempting 40,000 infections per week and distributing crypto miners.
Malvertising
X Individual
Cyber Crime
>1
Check Point, Master134, Crypto
800
01/01/1970
?
Single Individuals
Researchers from Proofpoint discover a large email campaign distributing an enhanced version of the AZORult information stealer and downloader.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Proofpoint, AZORult
801
01/01/1970
?
Hāwera High School
An anonymous computer hacker demands US$5000 from a provincial high school to return course work they are holding for ransom.
Malware/PoS Malware
P Education
Cyber Crime
NZ
Hāwera High School
802
01/01/1970
?
Single Individuals
Valve Corporation, the company behind the gaming website Steam, suddenly pulls a game called Abstractism from its store. Customer complaints and the game’s performance metrics point to another instance of crypto jacking.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Valve Corporation, Steam, Abstractism
803
01/01/1970
?
Borough of Matanuska-Susitna
The Borough of Matanuska-Susitna is hit by CryptoLocker. The attack took place on July 24 but was maybe dormant since May. The IT systems are not operation with some users starting to use typewriters.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Borough of Matanuska-Susitna, malware, ransomware, CryptoLocker
804
01/01/1970
?
City of Valdez
Also the City of Valdez is hit by CryptoLocker.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
City of Valdez
805
01/01/1970
?
Single Individuals
Researchers from Sucuri discover a new crypto mining campaign using the Crypto-Loot cryptominer and abusing RawGit, a CDN for GitHub files.
Malicious code injection
X Individual
Cyber Crime
>1
Sucuri, Crypto-Loot, RawGit, GitHub, Crypto
806
01/01/1970
?
Jersey Mike’s Subs
Jersey Mike’s Subs warns some of their customers to change their account passwords to ensure account security. According to the email, the firm suspected a possible data breach at some third party.
Unknown
G Wholesale and retail trade
Cyber Crime
US
Jersey Mike’s Subs
807
01/01/1970
?
MedSpring Urgent Care
MedSpring Urgent Care notifies 13,000 patients after a phishing attack occurred on May 8.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
MedSpring Urgent Care
808
01/01/1970
?
Altex Exchange
Altex Exchange acknowledges that a double-counting bug in Monero (XMR) cryptocurrency did result in a major undisclosed financial loss.
Monero Vulnerability
V Fintech
Cyber Crime
N/A
Altex Exchange, Monero, XMR, Crypto
809
08/01/2018
?
Reddit
Reddit discloses a breach of its systems that compromised user data including some current email addresses and salted and hashed passwords from a 2007 database backup. The attacker gained access to several employee accounts via SMS intercept between June 14 and June 18.
Account Hijacking
J Information and communication
Cyber Crime
US
Reddit
810
08/01/2018
?
Companies and organizations associated with industrial production
Kaspersky Lab ICS CERT identifies a new wave of phishing emails with malicious attachments targeting primarily companies and organizations associated with industrial production. The malware used in these attacks installs legitimate remote administration software – TeamViewer or Remote Manipulator System/Remote Utilities (RMS). Around 800 computers in more than 400 countries are targeted.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Kaspersky Lab, Teamviewer, RMS
811
08/01/2018
?
Amnesty International
Amnesty International reveals to have been targeted by a campaign carried out via the surveillance malware developed by the Israel surveillance vendor, NSO Group.
Targeted Attack
U Activities of extraterritorial organizations and bodies
Cyber Espionage
N/A
Amnesty International, NSO Group
812
08/01/2018
booloop
recruitmilitary.com
A user called booloop a publishes a database containing over 850,000 US military officers personal information.
Unknown
S Other service activities
Cyber Crime
US
booloop, recruitmilitary.com
813
08/01/2018
?
Hong Kong’s Department of Health
Three Hong Kong’s Department of Health computers are hit by ransomware.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
HK
Hong Kong’s Department of Health
814
08/02/2018
Gorgon
Governmental organizations in the United Kingdom, Spain, Russia, and the United States.
Researchers from Palo Alto Networks Unit 42 uncover Gorgon, a threat actor allegedly operating from Pakistan and targeting governmental organizations in the United Kingdom, Spain, Russia, and the United States leveraging spear phishing emails with Microsoft Word documents exploiting CVE-2017-0199.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
>1
Gorgon, Palo Alto Networks, Unit 42, CVE-2017-0199.
815
08/02/2018
RASPITE
Entities in the US, Middle East, Europe, and East Asia
Researchers from Dragos identify a new activity group targeting access operations in the electric utility sector, called RASPITE.
Targeted Attack
D Electricity gas steam and air conditioning supply
Cyber Espionage
>1
RASPITE, Dragos
816
08/02/2018
DarkCoder AKA @Th3Falcon
Elbit Systems
DarkCoder AKA @Th3Falcon leaks 10,000 credentials for users and administrators from Elbit Systems.
SQLi
C Manufacturing
Cyber Crime
IL
DarkCoder, @Th3Falcon, Elbit Systems
817
08/03/2018
?
TSMC (Taiwan Semiconductor Manufacturing Co.)
A computer virus, later reported to be a variant of WannaCry, halts several Taiwan Semiconductor Manufacturing Co. factories, the sole maker of the iPhone’s main processor.
Malware/PoS Malware
C Manufacturing
Cyber Crime
TH
TSMC, Taiwan Semiconductor Manufacturing Co.
818
08/03/2018
?
Mention
Mention CEO Matthieu Vaxelaire informs users of the occurrence of a data security breach involving a third-party provider. The breach occurred in July and Mention promptly reported details to the French data protection authorities.
Unknown
M Professional scientific and technical activities
Cyber Crime
FR
Mention, Matthieu Vaxelaire,
819
08/03/2018
?
Datawire, Vantiv, Mercury Payment Systems
Researchers from Oracle publish the details of three DNS Hijacks against three payment processors.
DNS hijacking
K Financial and insurance activities
Cyber Crime
US
Oracle, Datawire, Vantiv, Mercury Payment Systems
820
08/04/2018
?
RAF Airwoman
An RAF airwoman has her Tinder profile hacked. The attackers use the hacked profile to steal secrets of Britain’s new F-35 Lightning II stealth fighter.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Espionage
UK
RAF, Tinder, F-35 Lightning
821
08/04/2018
?
Livecoin
Livecoin crypto exchange announces that it met considerable losses because crucial bug in Monero code, allowing to manipulate transaction amounts. The total amount of the funds lost is 15108 XMR (more than $1,8 million).
Vulnerability in Monero Code
V Fintech
Cyber Crime
US
Livecoin, Monero, Crypto
823
08/06/2018
?
Single Individuals
Security from Duo Security release a report detailing the operations of a Twitter bot composed of 15.000 fake accounts promoting cryptocurrency giveaway scams.
Twitter Bot
X Individual
Cyber Crime
>1
Duo, Twitter, Crypto
824
08/07/2018
?
PGA of America
PGA of America’s computers are locked by a ransomware.
Malware/PoS Malware
R Arts entertainment and recreation
Cyber Crime
US
PGA of America, ransomware
825
08/07/2018
DarkHydrus
Government entities and educational institutions in the Middle East.
Researchers from Palo Alto Networks Unit 42 reveal the detail of a new credential harvesting attack carried out by the DarkHydrus Threat Actor.
Account Hijacking
Y Multiple Industries
Cyber Espionage
N/A
Palo Alto Networks, Unit 42, DarkHydrus
826
08/08/2018
?
US Political Organizations
LinkedIn reveals to have uncovered and restricted a group of less than 40 fake accounts that appeared to be engaged in efforts to connect with members in political organizations.
Linkedin Bot
O Public administration, defence, compulsory social security
Cyber Espionage
US
Linkedin
827
08/08/2018
?
Multiple Organizations
Researchers from Check Point discover a massive proxy botnet, called Black, infecting 100,000 machines in two months, and used as a relay to the infamous Ramnit malware.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Check Point, Black, Ramnit
828
08/09/2018
Hidden Cobra
US Organizations
The US-CERT issues an alert for the KeyMarble Trojan, a new threat attributed to the infamous North Korean Hidden Cobra Actor.
Targeted Attack
Y Multiple Industries
Cyber Espionage
US
US-CERT, KeyMarble, Hidden Cobra
829
08/09/2018
?
Hennepin County
Officials reveal that cyber attackers have infiltrated e-mail accounts for about 20 Hennepin County employees since late June, and may have accessed the private information of people who rely on the county’s services.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Crime
US
Hennepin County
830
08/10/2018
?
Butlin's
Butlin's has confirmed that the records of up to 34,000 guests have been accessed by hackers. The stolen data does not include payment details, but customers' names, holiday dates, postal and email addresses and telephone numbers.
Account Hijacking
R Arts entertainment and recreation
Cyber Crime
UK
Butlin's
831
08/10/2018
?
Brazilian Bank Customers
The Radware Threat Research Center identifies a hijacking campaign aimed at Brazilian bank customers via their IoT devices, attempting to gain their bank credentials via DNS hjiacking against D-Link routers.
DNS hjiacking
K Financial and insurance activities
Cyber Crime
BR
Radware, Brazil, D-Link
832
08/10/2018
?
Adams County
Adams County officials release a media statement and a detailed notification regarding a security breach affecting 258,120 individuals in the Adams County. The investigations revealed that the breach, due to an unauthorized access, lasted for around six years: from January 2013 to March 2018.
Unknown
O Public administration, defence, compulsory social security
Cyber Crime
US
Adams County
833
08/11/2018
?
Cosmos Bank
Cyber criminals hack the systems of India’s Cosmos Bank and siphon off nearly 944 million rupees ($13.5 million) through simultaneous withdrawals across 28 countries. Unidentified hackers stole customer information through a malware attack on its ATM server.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
IN
Cosmos Bank
834
08/11/2018
?
Hundreds of Instagram accounts
Hundreds of Instagram accounts are hijacked in a coordinated attack.
Account Hijacking
X Individual
Cyber Crime
>1
Instagram
836
01/01/1970
?
Single Individuals in developing countries
Multiple researchers identify a dangerous new variant of the KeyPass ransomware, featuring a manual-control functionality, and according, targeting developing countries.
Malware/PoS Malware
X Individual
Cyber Crime
>1
KeyPass
837
01/01/1970
?
Office 365 Users
Researchers from Avanan discover a new phishing campaign, dubbed PhishPoint, targeting the 10% of Office 365 users globally.
Account Hijacking
Y Multiple Industries
Cyber Crime
>1
Avanan, PhishPoint, Office 365
838
01/01/1970
?
Michael Terpin
Michael Terpin, a bitcoin investor is suing AT&T for $240m after it allegedly ported his phone number to a hacker, allowing the criminal to steal $24m in cryptocurrency.
SIM Swapping
X Individual
Cyber Crime
US
Michael Terpin, AT&T, Crypto
839
01/01/1970
?
Customers of large banks
Researchers at Cyberbit announce they have discovered a new variant of Trickbot, a modular malware and well-known financial Trojan that targets customers of large banks and steals their credentials.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Cyberbit, Trickbot
840
01/01/1970
?
Hans Keirstead
Rolling Stone reveals that the U.S. Federal Bureau of Investigation is investigating a series of cyberattacks over the past year that targeted Dr. Hans Keirstead, a Democratic candidate in California.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
US
Hans Keirstead, Rolling Stone
841
01/01/1970
Malicious Actors from China
Alaska Communications Systems Group Inc
Ensco Plc’s
Atwood Oceanics,
The Alaska Department of Natural Resources
The Alaska governor’s office
Regional internet service provider TelAlaska
Cybersecurity firm Recorded Future said the Hackers operating from China’s Tsinghua University targeted U.S. energy and communications companies, as well as the Alaskan state government, in the weeks before and after Alaska’s trade mission to China.
Account Hijacking
Y Multiple Industries
Cyber Espionage
US
Recorded Future, China, Alaska Communications Systems Group Inc,Ensco Plc’s, Atwood Oceanics,The Alaska Department of Natural Resources, The Alaska governor’s office, Regional internet service provider TelAlaska
842
01/01/1970
?
Augusta University Health
Augusta University Health discloses a breach affecting 417,000 patients as a consequence of two phishing attacks occurred on September 11, 2017 and July 31, 2018.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Augusta University Health
843
01/01/1970
?
Several Financial Institutions
Proofpoint researchers discover a new downloader malware in a fairly large campaign (millions of messages) primarily targeting financial institutions. The malware, dubbed “Marap” (“param” backwards), is notable for its focused functionality that includes the ability to download other modules and payloads.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Proofpoint, Marap
844
01/01/1970
?
Eastern Maine Community College
Eastern Maine Community College in Bangor warns of a possible data breach that could have exposed the personal information of current and former staff and students. School officials notify 42,000 current and former students and employees that certain computers were recently infected with malware and may have been hacked. Officials said the problem could apply to students dating back to 1998, and faculty dating to 2008.
Malware/PoS Malware
P Education
Cyber Crime
US
Eastern Maine Community College
845
01/01/1970
?
Individual Users
Researchers from Trustwave Spiderlabs and Cofense reveal the details of a malicious spam campaign, targeting the banking industry, and using unusual Microsoft Publisher documents, originating from the Necurs botnet.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
>1
Trustwave, Micorosoft Publisher, Necurs
846
01/01/1970
?
Compromised Wordpress Sites
Researchers from Sucuri uncover a malicious campaign targeting up to 3,000 infected Wordpress sites, carried out via a URL shortener, a fake plug-in and a malicious popuplink.js.
Malicious Script Injection
X Individual
Cyber Crime
>1
Sucuri, Wordpress, popuplink.js
847
01/01/1970
?
David Min
Reuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of David Min, a Democratic candidate in California.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
US
David Min, Reuters, FBI
848
01/01/1970
?
Bossier City
Some Bossier City water customers may have had their information compromised due to a possible breach of an online billing payment system.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Bossier City
850
01/01/1970
?
Legacy Health
Legacy Health notifies 38,000 patients that a phishing attack may have breached their data. Officials discovered unauthorized access to some employee email accounts on June 21. However, the access began several weeks before in May 2018.
Account Hijacking
Q Human health and social work activities
Cyber Crime
US
Legacy Health
851
01/01/1970
?
Superdrug
Superdrug confirms that hackers claim to have obtained the personal details of almost 20,000 individuals who shopped online at Superdrug.
Credential Stuffing
G Wholesale and retail trade
Cyber Crime
UK
Superdrug
852
01/01/1970
?
Single Individuals
A new malicious spam campaign is underway that pretends to be an invoice for an outstanding payment. When these invoices are opened they install the AZORult information stealing Trojan and the Hermes 2.1 Ransomware onto the recipient's computer.
Malware/PoS Malware
X Individual
Cyber Crime
>1
AZORult, Hermes 2.1, Ransomware
853
01/01/1970
?
South Korean users
Researchers from Trend Micro discover a malicious spam campaign targeting South Korean users, carried out distributing the GrandCrab ransomware through files with .egg extension.
Malware/PoS Malware
X Individual
Cyber Crime
KR
GrandCrab, Trend Micro, Ransomware
854
01/01/1970
?
Animoto
Animoto, a cloud-based video maker service for social media sites, reveals a data breach. The breach occurred on July 10 but was confirmed by the company in early August, and later reported to the California attorney general. Names, dates of birth and user email addresses were accessed by hackers
Unknown
J Information and communication
Cyber Crime
US
Animoto
855
01/01/1970
APT28 AKA Fancy Bear
U.S. Senate, two conservative think tanks and Microsoft’s OneDrive cloud storage
Microsoft claims it thwarted a Russian-backed phishing attack by seizing control of fake copies of right-leaning American think tanks' websites – including one led by a prominent Donald Trump critic.
Account Hijacking
O Public administration, defence, compulsory social security
Cyber Espionage
US
APT28, Microsoft, Fancy Bear
856
01/01/1970
Malicious actors from Iran
US, UK, Middle East and Latin America
FireEye identifies a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East. This operation leverages a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests.
Fake News Sites and Social Network Bots
O Public administration, defence, compulsory social security
Cyber Warfare
>1
FireEye, Iran, US, UK, Middle East, Latin America
857
01/01/1970
?
Organizations in South Korea
Researchers from Trend Micro and IssueMakersLab uncover the details of Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT.
Targeted Attack
Y Multiple Industries
Cyber Espionage
KR
Trend Micro, IssueMakersLab , Operation Red Signature, 9002 RAT.
858
01/01/1970
?
Several Organizations Worldwide
Researchers from Check Point reveal the details of Ryuk, a new ransomware strain able to net over $640,000 worth of Bitcoin in a recent activity surge.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Ryuk, Check Point
859
01/01/1970
?
Mexican Individuals
Researchers from Kaspersky Lab reveal the details of Dark Tequila, a complex malicious campaign targeting Mexican users, with the primary purpose of stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts and domain registrars.
Malware/PoS Malware
X Individual
Cyber Crime
MX
Kaspersky Lab, Dark Tequila
860
01/01/1970
Lazarus Group
Undisclosed cryptocurrency Exchange
Kaspersky Lab reveals the details of Operation AppleJeus, an attack against cryptocurrency exchanges carried out via a trojanized cryptocurrency trading application distributing the Fallchill malware.
Restaurants in 23 states belonging to Cheddar Scratch Kitchen are affected by a cyberattack that exposed payment card information. The amount of impacted card details is estimated to be 567,000 and were stolen between November 3, 2017, and January 2, 2018, the cybercriminals accessed the Cheddar Scratch Kitchen network.
Malware/PoS Malware
I Accommodation and food service activities
Cyber Crime
US
Cheddar Scratch Kitchen
862
01/01/1970
Turla AKA Snake AKA Uroburos
Foreign offices of two European countries
Network of a major defense contractor
Researchers from ESET reveal that three more entities have been hit by the infamous Turla APT.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
>1
Turla, Snake, Uroburos, ESET
863
01/01/1970
?
Six Banks in Spain
Researchers from IBM X-Force reveal that the relatively new trojan BackSwap is now targeting six banks in Spain.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
ES
IBM X-Force, BackSwap
864
01/01/1970
?
Vulnerable Wordpress Sites
Researchers from Sucuri uncover what they describe as a massive WordPress redirecting campaign targeting vulnerable tagDiv themes and Ultimate Member plugins.
Malicious Script Injection
X Individual
Cyber Crime
>1
Sucuri, WordPress, tagDiv, Ultimate Member
865
01/01/1970
?
T-Mobile
T-Mobile reveals that hackers stole some of the personal data of 2 million people in a new data breach. The intrusion took place on August 20 when hackers part of “an international group” accessed company servers through an API that “didn’t contain any financial data or other very sensitive data.
Illegitimate API Access
J Information and communication
Cyber Crime
DE
T-Mobile
866
01/01/1970
?
Vulnerable IoT devices
Researchers from Symantec discover another Mirai variant leveraging the Aboriginal Linux open source project to infect multiple devices.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Mirai, Aboriginal Linux
867
01/01/1970
?
Android Users
Security researchers from Bitdefender discover a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Android, Bitdefender, Triout
868
01/01/1970
TA555
Single Individuals
Researchers from Proofpoint discover a new malicious spam campaign carried on via a previously undocumented downloader called AdvisorsBot.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Proofpoint, AdvisorsBot
869
01/01/1970
COBALT DICKENS
76 universities located in 14 countries
Secureworks Counter Threat Unit (CTU) researchers discover a URL spoofing campaign carried out by Iranian actors. The campaign involves Sixteen domains contained over 300 spoofed websites and login pages for 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.
Account Hijacking
P Education
Cyber Crime
>1
COBALT DICKENS, Secureworks Counter Threat Unit, Iran
870
01/01/1970
?
Vulnerable Apache Struts Servers
Greynoise Intelligence and Volexity, say they've detected threat actors scanning for Struts servers vulnerability CVE-2018-11776.
Vulnerability (CVE-2018-11776)
Y Multiple Industries
Cyber Crime
>1
Greynoise Intelligence, Volexity,CVE-2018-11776.
872
01/01/1970
Anonymous Catalonia
Banco de España
Hacktivists from Anonymous Catalonia claim to have taken down the website of Banco de España.
DDoS
K Financial and insurance activities
Hacktivism
ES
Banco de España, Anonymous Catalonia
873
01/01/1970
?
Atlas
Atlas, a popular Brazilian cryptocurrency investment platform is hacked. The personal information of over 264,000 of its customers is leaked, including 4,500 records that detail users’ balances on the platform.
Unknown
V Fintech
Cyber Crime
BR
Atlas
874
01/01/1970
Huazhu Group Ltd.
Shanghai police launches an investigation into the alleged massive data breach of Huazhu Group Ltd., one of China's largest hotel operators. An online post emerges, containing nearly 500 million pieces of information related to the hotel group's customers, including registration information, personal data and booking records of the group's wide range of hotel brands.
Unknown
R Arts entertainment and recreation
Cyber Crime
CN
Huazhu Group Ltd.
875
01/01/1970
L.M.
TheTruthSpy
A hacker breaks into the servers of TheTruthSpy, one of the most notorious stalkerware companies out there, and stole logins, audio recordings, pictures, and text messages, among other data. The breach occurred on February 2018.
App Vulnerability
M Professional scientific and technical activities
Cyber Crime
US
L.M.,TheTruthSpy,
876
01/01/1970
?
Single Individuals
A new malicious spam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan
Malware/PoS Malware
X Individual
Cyber Crime
>1
DarkComet
877
01/01/1970
?
Multiple Targets
Security researchers from Booz Allen Hamilton discover RtPOS, a previously unseen and undocumented malware strain that targets point-of-sale (POS) systems.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Booz Allen Hamilton, RtPOS
878
01/01/1970
?
Air Canada
Air Canada says the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app, so the company has locked down all 1.7 million accounts as a precaution until customers change their passwords. The airline detected unusual log‑in behavior with Air Canada's mobile App between Aug. 22‑24, 2018.
Unknown
H Transportation and storage
Cyber Crime
CA
Air Canada
879
01/01/1970
?
Android Users
Researchers from Doctor Web find dozens of malicious applications on Google Play designed to generate illegal revenue. Authors of these applications spread them under the guise of well-known and useful software and use them in different fraudulent schemes.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Android, Doctor Web, Google Play
880
01/01/1970
?
Android Users
Researchers from Kaspersky Lab reveal the detail of BusyGasper, a new, unsophisticated Android Spyware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Android, Kaspersky Lab, BusyGasper
881
01/01/1970
?
University of Missouri
The University of Missouri suspends email delivery after a Missouri State Democratic Party email seeking interns helps jumpstart a phishing attempt.
Account Hijacking
P Education
Cyber Crime
US
University of Missouri
882
01/01/1970
?
University of Oregon
University of Oregon is target of a phishing campaign.
Account Hijacking
P Education
Cyber Crime
US
University of Oregon
883
01/01/1970
?
West Vancouver
West Vancouver warns thousands of its residents after discovering hackers installed malicious software on the district server used to store personal information collected through its website. The attack was discovered on July 31.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
CA
West Vancouver
884
01/01/1970
?
Cloquet School District
Cloquet school district is hit by a ransomware attack second time in the past three years.
Malware/PoS Malware
P Education
Cyber Crime
US
Cloquet School District
885
01/01/1970
?
Sweden
The Swedish Security Service reveals that there has been a proliferation of new “bots” on Twitter supporting the nationalist, anti-immigration Sweden Democrats and attacking the ruling Social Democrats.
Twitter Bots
O Public administration, defence, compulsory social security
Cyber Warfare
SE
Twitter, Bot
886
01/01/1970
Cobalt AKA TEMP.Metastrike
NS Bank
Patria Bank
Researchers from NetScout Arbor reveal the details of a new campaign carried out by the Cobalt Group via spear phishing.
Targeted Attack
K Financial and insurance activities
Cyber Crime
RU
RO
NS Bank, Patria Bank, Netscout, Cobalt, TEMP.Metastrike
887
01/01/1970
?
Family Orbit
An anonymous hacker is able to find the key to the cloud servers of Family Orbit and leaks 281 Gb of pictures and videos.
Account Hijacking
J Information and communication
Cyber Crime
US
Family Orbit
888
01/01/1970
?
Vulnerable Magento Servers
The MagentoCore Skimmer campaign reveals all its extent. A single group is responsible for planting skimmers on 7339 individual stores in the last 6 months.
Malware/PoS Malware
G Wholesale and retail trade
Cyber Crime
>1
Magento, MagentoCore
889
01/01/1970
?
Individuals in China
Researchers from Check Point uncover a new ongoing campaign aimed to distribute the CEIDPageLock browser hijacker, distributed via the RIG Exploit Kit. The victims are located primarily in China.
Malware/PoS Malware
X Individual
Cyber Crime
CN
Check Point, CEIDPageLock, RIG Exploit Kit
890
01/01/1970
?
Single Individuals
Researchers from Symantec uncover a new attack chain which exploits the Windows Management Instrumentation Command-line (WMIC) utility and eXtensible Stylesheet Language (XSL) files to be undetected and steal data.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Symantec, Windows Management Instrumentation Command-line, WMIC, eXtensible Stylesheet Language, XSL
891
01/01/1970
?
Single Individuals
Researchers from Cisco Talos warn of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Cisco Talos, Monero,Git
892
01/01/1970
?
Americans with access to government and commercial secrets
William Evanina, the U.S. counter-intelligence chief reveals that Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets.
LinkedIn Bot
X Individual
Cyber Espionage
US
US, China, LinkedIn
893
01/01/1970
?
Dallas County Community College
Dallas County Community College discloses a breach after some employees' emails credentials are compromised by a phishing attack from September 14, 2017 to December 18, 2017.
Account Hijacking
P Education
Cyber Crime
US
Dallas County Community College
894
01/01/1970
?
Schneider Electric
Schneider Electric finds a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products.
Malware/PoS Malware
C Manufacturing
Cyber Crime
FR
Schneider Electric
895
01/01/1970
?
Coweta County
Coweta County restores most of its computer servers, nearly two weeks after hackers demanded $341,000 in bitcoins.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
US
Coweta Country, Ransomware
896
01/01/1970
GOBLIN PANDA
Vietnam
Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group, targeting Vietnam via a spear phishing campaign using weaponized documents.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
VN
GOBLIN PANDA, Vietnam, Crowdstrike
897
01/01/1970
"@joshua" from group Fatal Error Crew
C&A
The Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.
Unknown
G Wholesale and retail trade
Cyber Crime
BR
C&A, @joshua, Fatal Error Crew, Pastebin
898
09/01/2018
?
Town of Midland
The small Canadian town of Midland, Ontario plans to pay off a $35,000 ransom to the malicious actors who shut down the municipalities compute system with a ransomware attack.
Malware/PoS Malware
O Public administration, defence, compulsory social security
Cyber Crime
CA
Midland, ransomware
899
09/02/2018
?
Single Individuals
Researchers discover a new ransomware that only encrypts .EXE files on a computer. It then displays a screen with a picture of President Obama that asks for a "tip" to decrypt the files.
Malware/PoS Malware
X Individual
Cyber Crime
>1
Barak Obama, ransomware
900
09/03/2018
?
South African Department of Labour
The South African Department of Labour confirms a DDoS attack which disrupted the government agency's website.
DDoS
O Public administration, defence, compulsory social security
Cyber Crime
ZA
South African Department of Labour
901
09/03/2018
?
Vulnerable IoT devices
A new IoT botnet called Hakai comes out online.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
Hakai
902
09/03/2018
?
Hoopeston Area School District
The Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families.
Unknown
P Education
Cyber Crime
US
Hoopeston Area School District
903
09/03/2018
?
Hoopeston Area School District
The Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families.
Unknown
P Education
Cyber Crime
US
Hoopeston Area School District
904
09/04/2018
?
Vulnerable Apache Struts 2 servers
Researchers from F5 detected threat actors exploiting the CVE-2018-11776 Apache Struts 2 namespace vulnerability in a new Monero crypto-mining campaign.
The official Chrome extension for the MEGA.nz file sharing service is compromised with malicious code that steals usernames and passwords, but also private keys for cryptocurrency accounts
Malware/PoS Malware
S Other service activities
Cyber Crime
NZ
Mega, Chrome, Monero, Crypto
906
09/04/2018
?
Major Brazilian banks
IBM X-Force researchers discover a new financial malware that targets major Brazilian banks through their customers. The malware is dubbed CamuBot because it attempts to camouflage itself as a security module required by the banks it targets.
Malware/PoS Malware
K Financial and insurance activities
Cyber Crime
BR
X-Force, Camubot
907
09/04/2018
Iran-Linked OilRig APT
Undisclosed government in the Middle East
Researchers from Palo Alto Networks Unit 42 report on a wave of OilRig attacks delivering the OopsIE trojan involving a Middle Eastern government agency.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
N/A
Palo Alto Networks, Unit 42, OilRig, OopsIE
908
09/04/2018
Fatal Error
Boa Vista SCPC
Brazilian credit bureau Boa Vista SCPC investigates a possible hack, after a group of hackers called Fatal Error claimed it accessed the database of the company which has more than 350M personal data.
Unknown
K Financial and insurance activities
Cyber Crime
BR
Boa Vista SCPC, Fatal Error
909
09/05/2018
Silence
Financial institutions in Russia and Eastern Europe.
Researchers from Group-IB reveal the details of a new Russian-speaking "Silence" group, having spent the last three years mounting silent cyber-attacks on financial institutions in Russia and Eastern Europe, stealing $800,000.
Targeted Attack
K Financial and insurance activities
Cyber Crime
>1
Silence, Group-IB
910
09/05/2018
FIN6
PoS systems across the United States and Europe.
Researchers from IBM X-Force IRIS uncover a new malware campaign targeting point-of-sale (PoS) systems across the United States and Europe. The attacks have been attributed to the FIN6 cybercriminal group.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
IBM X-Force, IRIS, FIN6
911
09/05/2018
rogue0
Rousseau
Rousseau, the online platform of the Italian Five Star Movement is hacked again by rogue0, who leaks private data related to the donors.
Unknown
N Administrative and support service activities
Cyber Crime
IT
Rousseau, rogue0, Five Star Movement
912
09/06/2018
Magecart Group
British Airways
British Airways notifies authorities, after being hacked between August 21 and September 5, with 380,000 payments compromised.
Malicious JavaScript Injection
H Transportation and storage
Cyber Crime
UK
British Airways, Magecart
913
09/06/2018
PowerPool
Targets in Chile, Germany, India, Philippines, Poland, Russia, United Kingdom, United States, and Ukraine.
Researchers from ESET identify a group dubbed PowerPool exploiting the recently discovered Windows ALPC LPE 0-day vulnerability.
Malware/PoS Malware
Y Multiple Industries
Cyber Crime
>1
ESET, PowerPool, Windows ALPC LPE
914
09/06/2018
?
Cork City Park by Phone
A data breach at Cork City Park by Phone service in Ireland affects more than 5,000 people. The unauthorized access started in May.
Unknown
H Transportation and storage
Cyber Crime
IE
Cork City Park by Phone
915
09/06/2018
?
Victims in the Middle East, Asia Pacific, and Southern Europe
Researchers from FireEye report a new Exploit Kit, dubbed Fallout, used to deliver GandCrab to victims in the Middle East, while also targeting the Asia Pacific region and Southern Europe with additional malware.
Malware/PoS Malware
X Individual
Cyber Crime
>1
FireEye, Fallout, GandCrab, ransomware
916
09/07/2018
Domestic Kitten
240 individuals from Iran including Kurdish and Turkish natives and ISIS supporters
Researchers from Check Point uncover a mobile-based attack targeting Iranian citizens that operates under the radar of detection since 2016.
Targeted Attack
X Individual
Cyber Espionage
IR
Check Point, Iran, Domestic Kitten, ISIS
917
09/07/2018
?
U.S. State Department
The State Department suffers a breach of its unclassified email system, and the compromise exposes the personal information of a small number of employees.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
US
U.S. State Department
918
09/07/2018
Big Bang
Palestinian Authority and other targets in the Middle East.
Researchers from Check Point detect a new surveillance attack carried out by the Big Bang gang against the Palestinian Authority and other targets in the Middle East.
Targeted Attack
O Public administration, defence, compulsory social security
Cyber Espionage
>1
Big Bang, Check Point,
920
09/09/2018
?
C-CEX
Cryptocurrency exchange C-CEX is hacked. The attackers are successfully able to withdraw all Litecoin (LTC) and Dogecoin (DOGE) from company servers.
Vulnerability
V Fintech
Cyber Crime
DE
C-CEX, Litecoin, LTC, Dogecoin, DOGE, Crypto
921
09/09/2018
?
Vulnerable Apache Struts 2 servers
Researchers from Palo Alto Networks, for the first time discover a variant of the Mirai Internet of Things botnet that targets Apache Struts CVE-2017-5638 vulnerability.
Vulnerable versions of the Global Management System (GMS) from SonicWall
The same researchers from Palo Alto Networks reveal a new version of the Gafgyt botnet (AKA Bashlite), targeting versions of the Global Management System (GMS) from SonicWall vulnerable to CVE-2018-9866.
Researchers find an additional 3,700 MikroTik routers running injecting CoinHive in secret. The total number of compromised devices detected exceeds 280,000, an increase of 80,000 in just over 30 days.
MikroTik Router Vulnerability (CVE-2018-14847)
Y Multiple Industries
Cyber Crime
>1
MikroTik, CoinHive, Crypto, CVE-2018-14847
924
09/10/2018
runningsnail
DEOSGames
Betting platform DEOSGames is drained of a significant chunk of its operating funds in a heist that netted one ‘lucky’ punter almost $24,000.
EOS Vulnerability
R Arts entertainment and recreation
Cyber Crime
MT
DEOSGames, Crypto, runningsnail
925
09/10/2018
?
European countries particularly France
Researchers from Trend Micro spot a ransomware imitating Locky, dubbed PyLocky, characterize by strong evasion capabilities, and being spread via spam emails targeting European countries particularly France.
Malware/PoS Malware
X Individual
Cyber Crime
>1
PyLocky, Locky, Trend Micro, ransomware
926
09/10/2018
LuckyMouse
Multiple Targets
Kaspersky Lab discovers several infections from a previously unknown Trojan, likely related to the infamous Chinese-speaking threat actor – LuckyMouse. The most peculiar trait of this malware is its driver, signed with a legitimate digital certificate.
Targeted Attack
Y Multiple Industries
Cyber Espionage
>1
Kaspersky, LuckyMouse
927
09/10/2018
?
Vulnerable MikroTik Routers
Security researcher Troy Mursch reveal that the infected MikroTik routers abused for the CoinHive redirection campaign, are now abused for a new cryptojacking operation.
MikroTik Router Vulnerability (CVE-2018-14847)
Y Multiple Industries
Cyber Crime
>1
MikroTik, Crypto, CVE-2018-14847, Troy Mursch
928
09/10/2018
?
FreshMenu
The Indian online food platform FreshMenu admits to have hidden a data breach affecting 110K users for two years. The data breach happened on July 1, 2016
Unknown
I Accommodation and food service activities
Cyber Crime
IN
FreshMenu
929
09/11/2018
Cobalt
Russian and Romanian banking customers
Researchers from ProofPoint reveal that the Cobalt Gang cybercrime group has launched a new round of phishing campaigns targeting primarily Russian and Romanian banking customers with CobInt, a recently discovered malicious backdoor and downloader.