Here’s the first timeline of July! This fortnight I have collected 89 events (including 6 that occurred in the previous month), a number in line with the previous timeline (84 events) that confirms a certain stabilization of the trend after the peaks of the first quarter, likely due to the impact of COVID-themed attack. An impact that is now decreasing as the world faces the “new normal”.
Apparently, only 2 events out of the 83 collected in July are somehow related to the pandemic. In contrast, ransomware continues to characterize the cyber threat landscape, capitalizing 17 events out of 83 (more than 20%). Interestingly, threat actors are developing other forms of ransoms, such the one seen in this period where an attacker left a ransom note on nearly 23,000 MongoDB databases left exposed without a password.
And even the season of the mega breaches is not over yet: 45 million travelers to Thailand and Malaysia had their personal details leaked in the dark web, the same fate that occurred to the customers of an undisclosed UK ticketing provider. And of course these are not the only entities that suffered mega breaches. Scroll down the timeline and you will discover more.
As usual, the Cyber Espionage front has some interesting campaigns, such as the ones carried out by Mustang Panda, RATicate, BadPatch, and a Chinese entity targeting the Uyghur ethnic minority.
There are also two interesting events related to Cyber Warfare: an alleged cyber attack against the Iranian nuclear site at Natanz carried out by a group of dissidents calling themselves the Homeland Cheetahs, and also the revelations that the CIA conducted a series of covert cyber operations against Iran and other targets, including Russia, China, and North Korea.
Last but not least, even the hacktivists are back, with particular focus on the aviation sector in Italy and the European Space Agency (ESA).
But let’s stop talking: the details of each event are in the timeline, feel free to share it to support my work and spread the risk awareness across the community. And don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
06/12/2020
?
Managed Service Providers in the US
The US Secret Service (GIOC -- Global Investigations Operations Center) sends out a security alert to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs).
>1
M Professional scientific and technical activities
CC
US
US Secret Service, GIOC, Global Investigations Operations Center, MSP
2
01/01/1970
?
Benefit Recovery Specialists, Inc. (BRSI)
Benefit Recovery Specialists, Inc. (BRSI) discovers a data breach after detecting malware on its systems. The malware, discovered on April 2020, may have allowed unauthorized individuals to obtain the information of 274,837 people.
Malware
M Professional scientific and technical activities
CC
US
Benefit Recovery Specialists, Inc., BRSI
3
01/01/1970
Kerala Cyber Hackers
Delhi State Health Mission
Hackers from the Kerala Cyber Hackers Group obtain COVID-19 patient database in protest at treatment of Indian health workers.
Unknown
O Public administration and defence, compulsory social security
H
IN
Delhi State Health Mission, Kerala Cyber Hackers, COVID-19
4
01/01/1970
Homeland Cheetahs
Nuclear site at Natanz
A group of dissidents within Iran's military and security forces takes credit for a cyber attack causing an incident at the Natanz nuclear facility.
Unknown
D Electricity gas steam and air conditioning supply
CW
IR
Homeland Cheetahs, Natanz
5
01/01/1970
?
City of Palm Bay
The City of Palm Bay leadership reveals a possible security breach involving the Click2Gov online payment platform.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
City of Palm Bay, Click2Gov
6
01/01/1970
?
Central California Alliance for Health
The Central California Alliance for Health announces that a recent cybersecurity breach may have compromised the personal health information of a limited number of its members.
Account Hijacking
Q Human health and social work activities
CC
US
Central California Alliance for Health
7
07/01/2020
?
22,900 MongoDB databases
A hacker uploads ransom notes on 22,900 MongoDB databases left exposed online without a password, wiping their content, asking for a 0.015 bitcoin (~$140) payment. and threatening to leak their data and then contact the victim's local GDPR enforcement authority.
MongoDB misconfiguration
Y Multiple Industries
CC
EU
MongoDB, GDPR
8
07/01/2020
Roaming Mantis
Android users in China, Taiwan, France, Switzerland, Germany, UK, US and other
Researchers from Cybereason discover a campaign distributing the FakeSpy Android malware via a phishing message for a missed package from a local postal or delivery service.
Malware
X Individual
CC
>1
Cybereason, FakeSpy, Android
9
07/01/2020
?
Multiple organizations
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn enterprises of cyberattacks launched from the Tor network.
N/A
Y Multiple Industries
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, Tor
10
07/01/2020
NetWalker
Trinity Metro
The cybercriminals behind NetWalker publish online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs.
Malware
H Transportation and storage
CC
US
NetWalker, Trinity Metro
11
07/01/2020
China
Uyghur ethnic minority
Researchers from Lookout discover four Android surveillance tools, named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle, elements of campaigns originating in China, and primarily targeting the Uyghur ethnic minority.
Researchers from CenturyLink discover a comeback of the point-of-sale (POS) malware called Alina, using a new trick for stealing credit- and debit-card data: Domain Name System (DNS) tunneling.
PoS Malware
Y Multiple Industries
CC
>1
CenturyLink, Alina, DNS tunneling
13
07/01/2020
?
Financial, Manufacturing, Healthcare and Insurance Firms
Researchers from Cisco Talos discover a new campaign carried out by the group behind the Valak malware, targeting Financial, Manufacturing, Healthcare and Insurance Firms.
Malware
Y Multiple Industries
CC
>1
Cisco Talos, Valak
14
07/02/2020
?
Undisclosed company
Researchers from Abnormal Security discover a new campaign impersonating a Twitter security notification email, to lure the victims towards a phishing page.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, Twitter
15
07/02/2020
?
Russia’s Ministry of Foreign Affairs
Unknown hackers hijack the Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data.
Account Hijacking
O Public administration and defence, compulsory social security
CC
RU
Russia’s Ministry of Foreign Affairs, Twitter
16
07/02/2020
KelvinSecurity Team
BMW car owners in the U.K.
A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum.
Unknown
C Manufacturing
CC
UK
BMW, KelvinSecurity Team
17
07/02/2020
?
Heartland Farm Mutual
A phishing attack at Heartland Farm Mutual, a Canadian insurance firm, may have exposed the personal data of clients, the company warns.
Account Hijacking
K Financial and insurance activities
CC
CA
Heartland Farm Mutual
18
07/02/2020
?
CNY Works
The names and Social Security numbers of 56,000 people who used CNY Works employment services are exposed in a ransomware discovered in December 2019.
Malware
S Other service activities
CC
US
CNY Works, ransomware
19
07/03/2020
Avaddon
Organizations in Italy
Researchers from Microsoft discover a new Avaddon ransomware campaign focused primarily against organizations in Italy.
Malware
Y Multiple Industries
CC
IT
Microsoft, Avaddon, ransomware
20
07/03/2020
Try2Cry
Multiple targets
Researchers from G DATA discover Try2Cry, a new ransomware with a worm-like behavior to infect other systems.
Malware
Y Multiple Industries
CC
>1
G DATA, Try2Cry
21
07/03/2020
?
Kingston’s Royal Military College
Kingston’s Royal Military College is one of four military training schools in Canada targeted in a ransomware attack.
Ransomware
P Education
CC
CA
Kingston’s Royal Military College, ransomware
22
07/03/2020
?
Swvl
Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, becomes aware of “unauthorized access to its IT infrastructure”.
Unknown
H Transportation and storage
CC
EG
Swvl
23
07/03/2020
?
MyGov accounts
Logins for more than 3600 MyGov accounts are for sale on the dark web.
Unknown
X Individual
CC
AU
MyGov
24
07/04/2020
Nefilim
Orange
Orange is hit with a ransomware attack through the "Orange Business Solutions" division.
Malware
J Information and communication
CC
FR
Orange, Orange Business Solutions, ransomware, Nefilim
25
07/04/2020
?
Multiple organizations
Researchers from NCC Group reveal that hackers have started launching attacks against F5 BIG-IP networking devices.
CVE-2020-5902 vulnerability
Y Multiple Industries
CC
>1
NCC Group, F5, BIG-IP, CVE-2020-5902
26
07/04/2020
Sodinokibi (AKA REvil)
Sheriff's Office for Cooke County, Texas
The Sheriff's Office for Cooke County is hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Sodinokibi, REvil, Sheriff's Office for Cooke County
27
07/05/2020
?
Xchanging
Global IT services and solutions provider DXC Technology announces over the weekend a ransomware attack on systems from its Xchanging subsidiary.
Malware
M Professional scientific and technical activities
CC
US
DXC Technology, Xchanging
28
07/05/2020
?
Atadan Egemen Koyuncu
The personal information of 10,000 patients is compromised after a medical study in Turkey suffers a cyber attack.
Unknown
Q Human health and social work activities
CC
TR
Atadan Egemen Koyuncu
29
07/05/2020
?
Multiple targets
Researchers from ProofPoint reveal that the criminals behind the Purple Fox fileless downloader malware recently upgraded their operation, targeting two new vulnerabilities (CVE-2020-0674 and CVE-2019-1458).
Researchers from Sansec reveal that North Korea's state-sponsored hacking crews are breaking into online stores for Magecart attacks.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sansec, Magecart, Lazarus Group, Hidden Cobra
31
07/06/2020
Sheriff
eToro
Using the alias “Sheriff,” a threat actor advertises an auction for 62,000 accounts belonging to users of the eToro social trading platform.
Unknown
K Financial and insurance activities
CC
IL
eToro, Sheriff
32
07/06/2020
?
Multiple cryptocurrency exchanges and online trading platforms
Another threat actor puts on sale a list of accounts belonging to payment/money transfer systems, cryptocurrency exchange and online trading platforms, including Advcash, Azimo, Binance, Bitcan, Coinmama, Coinsbank, Neteller, OKPAY, Payoneer, Paypal, Skrill, Yandex Money, Webmoney, Qiwi, along with many others.
A new release of the Lampion trojan banker targets uses in Portugal.
Malware
K Financial and insurance activities
CC
PT
Lampion
34
07/06/2020
?
Multiple online stores
Researchers from Malwarebytes identify a new card skimmer campaign targeting ASP.NET sites and exploiting CVE-2017-9248.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebytes, ASP.NET, CVE-2017-9248, Magecart
35
07/06/2020
?
Hapvida
Brazilian health insurer Hapvida reveals to have suffered a cyber attack potentially involving access to the personal information of its customers.
Unknown
K Financial and insurance activities
CC
BR
Hapvida
36
07/06/2020
?
Bcycle
BCycle, a bicycle sharing service, suffered a malware attack in April and launches an investigation, according to a company letter. The stolen information may have included names, credit card numbers and addresses.
Malware
H Transportation and storage
CC
US
Bcycle
37
07/07/2020
Keeper
More than 570 e-commerce sites
Researchers from Gemini Advisory reveal the details of Keeper, a group responsible for compromising more than 570 e-commerce websites with Magecart Attacks.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Gemini Advisory. Keeper, Magecart
38
07/07/2020
Cosmic Lynx
Multiple organizations worldwide
Researchers from Agari reveal the details of Cosmic Lynx, a BEC campaign targeting individuals in 200 companies across 46 countries.
Business Email Compromise
Y Multiple Industries
CC
>1
Agari, Cosmic Lynx
39
07/07/2020
C-Data?
Users of C-Data devices
Two security researchers discover severe vulnerabilities and what appears to be intentional backdoors in the firmware of devices from popular Chinese vendor C-Data.
Backdoor
Y Multiple Industries
CE
>1
C-Data
40
07/07/2020
?
Multiple targets
Mozilla temporarily suspends the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators.
Malware
Y Multiple Industries
CC
>1
Mozilla, Firefox Send
41
07/07/2020
?
Spanish-speaking Android users
Security researchers from Avast discover the Cerberus banking Trojan disguised as a legitimate currency app on Google Play.
Malware
X Individual
CC
>1
Avast, Cerberus, Google Play, Android
42
07/07/2020
?
Undisclosed company
Researchers at Abnormal Security uncover a campaign aiming to steal Office 365 user credentials using SurveyMonkey as cover.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, Office 365, SurveyMonkey
43
07/07/2020
?
Chilton County
Chilton County shuts down after being targeted by a suspected ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Chilton County, ransomware
44
07/07/2020
?
Single individuals
More than 240 website subdomains belonging to organizations large and small, including household names, are hijacked to redirect users to malware, X-rated material, online gambling, and other unexpected content.
Misconfiguration
Y Multiple Industries
CC
>1
Azure
45
07/08/2020
?
Android users
Researchers from Malwarebytes discover pre-installed malware on a budget Android phone ANS (American Network Solutions) UL40 handset connected to Assurance Wireless by Virgin Mobile.
Malware
X Individual
CC
US
Malwarebytes, Android, ANS, American Network Solutions, UL40, Assurance Wireless, Virgin Mobile
46
07/08/2020
?
Multiple targets
Researchers from Carbon Black discover Conti, a ransomware strain using up to 32 simultaneous CPU threads to encrypt files on infected computers for blazing-fast encryption speeds.
Malware
X Individual
CC
>1
Carbon Black, Conti, ransomware
47
07/08/2020
?
Undisclosed company
Researchers from Abnormal Security discover a new phishing campaign using fake Zoom notifications to steal Office 365 logins.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, Zoom, Office 365
48
07/08/2020
?
Office 365 Users
Microsoft issues a warning for Office 365 phishing attacks carried out via malicious OAuth apps.
Account Hijacking
Y Multiple Industries
CC
>1
Office 365, Oauth
49
07/08/2020
?
Comtrend routers
Researchers at Trend Micro discover a new version of the Mirai IoT botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.
CVE-2020-10173 vulnerability
Y Multiple Industries
CC
>1
Trend Micro, Mirai, CVE-2020-10173, Comtrend
50
07/08/2020
?
Impact Guru
Researchers from Cyble identify a threat actor claiming to be in possession of more than 500,000 confidential data records of Impact Guru, a crowdfunding platform.
Misconfiguration
S Other service activities
CC
IN
Cyble, Impact Guru
51
07/08/2020
?
Multiple targets
Researchers from Wordfence reveal that a vulnerability on the Adning Advertising plugin for WordPress is currently under attack.
Wordpress plugin vulnerability
Y Multiple Industries
CC
>1
Wordfence, Adning Advertising, WordPress
52
07/09/2020
?
Android users
Researchers from Check Point discover a new version of the Joker malware in Google Play
Malware
X Individual
CC
US
Check Point, Joker. Google Play
53
07/09/2020
?
Vulnerable Citrix Systems
Researchers from the SANS Institute reveal that threat actor are scanning the internet for two recently-discovered Citrix vulnerabilities (CVE-2020-8195, CVE-2020-8196)
CVE-2020-8195 and CVE-2020-8196 vulnerabilities
Y Multiple Industries
CC
>1
SANS, Citrix, CVE-2020-8195, CVE-2020-8196
54
07/09/2020
?
Religare Health Insurance
Researchers from Cyble discover 5 M records from Religare Health Insurance up for sale in the dark web.
Unknown
Q Human health and social work activities
CC
IN
Cyble, Religare Health Insurance
55
07/09/2020
?
Cloudflare
Cloudflare reveals that on June 21 it detected and mitigated a packet-based volumetric DDoS attack that peaked at 754 million packets-per-second.
DDoS
M Professional scientific and technical activities
CC
US
Cloudflare
56
07/09/2020
?
HSBC customers in the U.K.
People in the UK are targeted by a new phishing scam designed to trick victims into handing over details of their HSBC bank account.
Account Hijacking
K Financial and insurance activities
CC
UK
HSBC
57
07/09/2020
?
Indian Users
A fake TikTok app targets Indian users.
Malware
X Individual
CC
IN
TikTok
58
07/09/2020
?
Single individuals
Researchers from Kaspersky discover over 1000 inactive websites compromised to redirect visitors to unwanted URLs, many of which are malicious and distribute the Shlayer trojan.
Malvertising
X Individual
CC
>1
Kaspersky, Shlayer
59
07/10/2020
Magadimarus
LiveAuctioneers
LiveAuctioneers discloses a data breach after a well-known data breach broker begins selling 3.4 million stolen user records on a hacker forum.
Unknown
S Other service activities
CC
US
LiveAuctioneers, Magadimarus
60
07/10/2020
LulzSecurityITA
ENAC (Ente Nazionale Aviazione Civile), Italian Agency for the Civil Aviation
The Italian Agency for the Civil Aviation is hit with a cyber attack.
Unknown
O Public administration and defence, compulsory social security
H
IT
ENAC, LulzSecurityITA
61
07/10/2020
Netwalker
Alfanar
Researchers from Cyble discover internal data from Alfanar leaked from the Netwalker ransomware operators.
Malware
C Manufacturing
CC
SA
Alfanar, Cyble, Netwalker, ransomware
62
07/10/2020
?
Temple Sinai
A malicious hacker disrupts a Jewish congregation's virtual prayer service to display symbols synonymous with anti-Semitism.
Zoom bombing
S Other service activities
CC
US
Temple Sinai, Zoom
63
07/10/2020
?
Vancouver Coastal Health
Vancouver Coastal Health reveals to have suffered a ransomware attack on May 21.
Malware
Q Human health and social work activities
CC
CA
Vancouver Coastal Health, ransomware
64
07/10/2020
?
SEC registrants and service providers to SEC registrants.
The SEC’s Office of Compliance Inspections and Examinations (OCIE) issues a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants.
Malware
K Financial and insurance activities
CC
US
SEC, Office of Compliance Inspections and Examinations, OCIE, ransomware
65
07/11/2020
?
Cashaa
U.K.-based cryptocurrency exchange Cashaa reports that hackers stole more than 336 Bitcoin (BTC) and ceases all the crypto-related transactions.
Unknown
V Fintech
CC
UK
Cashaa
66
07/11/2020
?
Dunzo
Indian delivery service Dunzo said it suffers a data breach that left customer data including email IDs and phone numbers exposed, after attackers accessed one of its databases.
Unknown
I Accommodation and food service activities
CC
IN
Dunzo
67
07/12/2020
AgeLocker
Multiple organizations
A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files.
Malware
Y Multiple Industries
CC
>1
AgeLocker, Google, ransomware
68
07/12/2020
?
Multiple organizations
A new password-stealing trojan spam campaign adds an anti-sandbox evasion check.
Malware
Y Multiple Industries
CC
>1
Any.Run
69
07/12/2020
?
45 million travelers to Thailand and Malaysia from multiple countries
Researchers from Cyble discover the availability on the dark web of records of over 45 million travelers to Thailand and Malaysia from multiple countries.
Unknown
Z Unknown
CC
>1
Cyble, Thailand, Malaysia
70
07/12/2020
?
40,000 US citizens
Security researchers at Cyble discover the availability on the dark web of personal details of approximately 40,000 US citizens along with their social security numbers (SSNs).
Unknown
Z Unknown
CC
US
Cyble
71
01/01/1970
?
Argenta
Antwerp-based savings bank Argenta shuts down 143 ATM machines after falling victim to what is believed to be Belgium’s first jackpotting attacks.
Jackpotting
K Financial and insurance activities
CC
BE
Argenta
72
01/01/1970
NightLion
DataViper
A hacker going by the handle of NightLion claims to have breached the backend servers belonging to DataViper, a cyber security firm, and dumps 8,225 databases.
Unknown
M Professional scientific and technical activities
CC
US
NightLion, DataViper,
73
01/01/1970
Shiny Hunters
Wattpad
An allegedly stolen Wattpad database containing 270 million records is being sold in private sales for over $100,000 and offered for free on hacker forums.
Unknown
J Information and communication
CC
CA
Wattpad, Shiny Hunters
74
01/01/1970
BadPatch?
Users in Palestine
Researchers from ESET discover Welcome Chat, a chat application for Android with spying capabilities.
Targeted Attack
X Individual
CE
PS
ESET, Welcome Chat, Android, BadPatch
75
01/01/1970
Maze
Collabera
Collabera discloses a ransomware attack occurred on June, 8.
Malware
M Professional scientific and technical activities
CC
US
Collabera, ransomware, Maze
76
01/01/1970
LulzSecurityITA
Milan Linate and Malpensa Airports
Hackers from the LulzSecurityITA collective dump the list of 23 databases from the Airports of Milan Linate and Milan Malpensa, allegedly accessed.
Unknown
H Transportation and storage
H
IT
Milan, Linate, Malpensa, LulzSecurityITA
77
01/01/1970
?
Senior Catalonian Politicians
Roger Torrent, the speaker of Catalan parliament, and at least two other pro-independence supporters, have reportedly been told their phones were targeted last year using the ‘Pegasus’ spyware.
Targeted Attack
X Individual
CE
ES
Roger Torrent, Catalan parliament, Pegasus
78
01/01/1970
Jamescarter
UK ticketing provider
Security researchers from KELA discover a database containing millions of emails and usernames up for sale on the dark web, linked to a well-known UK ticketing provider.
Unknown
R Arts entertainment and recreation
CC
UK
Jamescarter, KELA
79
01/01/1970
?
Banking customers worldwide
Researchers from Kaspersky reveal that the "Tetrade", a set of four Brazilian banking trojans (Guildma, Javali, Melcoz, Grandoreiro) is now spreading globally.
Researchers from Sophos discover another campaign carried out by the RATIcate group, using the CloudEye tool
Targeted Attack
Y Multiple Industries
CE
>1
RATIcate. CloudEye
81
01/01/1970
CIA
Targets in Iran, Russia, China, and North Korea
A new report reveals that the Central Intelligence Agency conducted a series of covert cyber operations against Iran and other targets, including Russia, China, and North Korea.
Targeted Attack
O Public administration and defence, compulsory social security
CW
>1
CIA, Central Intelligence Agency, Russia, China, North Korea
82
01/01/1970
?
Citrix third-party
An actor sells what they claim to be a database with information on 2,000,000 Citrix customers on the dark web. An official statement by the company reveals that the database has ben obtained from a third-party.
Unknown
Z Unknown
CC
N/A
Citrix
83
01/01/1970
Graham Ivan Clark
Twitter
A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, are hijacked to promote a bitcoin scam. The author of the hack is arrested by the FBI two weeks later.
Account Hijacking
S Other service activities
CC
US
Twitter, Bill Gates, Elon Musk, Apple, bitcoin, Graham Ivan Clark
84
01/01/1970
?
Banks across Europe
ATM maker Diebold Nixdorf warns banks of a new type of ATM "black box" attack that was recently spotted used across Europe.
ATM "Black Box"
K Financial and insurance activities
CC
EU
Diebold Nixdorf, ATM, Black Box
85
01/01/1970
Mustang Panda
Hong Kong Catholic Church
China's government hackers have targeted members of the Hong Kong Catholic Church in a series of spear-phishing operations traced back to May this year.
Targeted Attack
S Other service activities
CE
HK
Mustang Panda, China, Catholic Church, Hong Kong
86
01/01/1970
Ghost Squad
European Space Agency (ESA)
Hackers from the Ghost Squad deface a domain of the European Space Agency (ESA): business.esa.int.
Defacement
U Activities of extraterritorial organizations and bodies
H
EU
Ghost Squad, European Space Agency, ESA, business.esa.int.
87
01/01/1970
?
Blackbaud
Blackbaud, a cloud software provider specializing in fundraising suites for charities and educational institutions, discloses a ransomware attack occurred on May, 2020.
Malware
M Professional scientific and technical activities
CC
US
Blackbaud, ransomware
88
01/01/1970
?
Single individuals in the UK
The Cofense Phishing Defense Center observes a new email-based phishing scam that aims to harvest Her Majesties Revenue and Customs (HMRC) credentials and sensitive personal information by preying on UK workers who are expecting COVID-19 tax relief grants.
Account Hijacking
X Individual
CC
US
Cofense, PDC, Her Majesties Revenue and Customs, HMRC, COVID-19
89
01/01/1970
?
Misconfigured Docker servers
Researchers from Aqua Security discover a new campaign exploits misconfigured Docker API ports in order to infect victims with a resource-hijacking cryptominer.
Pingback: Veille Cyber N301 – 21 septembre 2020 |