Here’s the second timeline of August containing the main cyber attacks that have characterized the end of this troubled Summer (the first timeline is available here). This list is probably the longer I have pulled together so far, containing 108 events (including 10 occurred before August 16th), and confirming the growing trend of ransomware attacks, fueled primarily by a breach suffered by Blackbaud in mid-July, a breach whose real extent is getting more and more clear as new notifications by the impacted customer organizations continue to to come out (and are not over apparently).
Similarly to the previous timelines, ransomware attacks characterized the majority of events (31 out of 108, corresponding to 28.7%). Of these events, 11 (roughly 35%) are a direct consequence of the above-mentioned breach. The ransomware landscape continues to be crowded, new actors (like the SunCrypt gang) are eager to take the lead, and new high-profile targets continue to join the list of the victims.
Iran (primarily), China, and North Korea characterized the Cyber Espionage scene with multiple operations. In particular the North Korean group Hidden Cobra (AKA Lazarus Group and APT38) confirmed its attitude to be involved in both cyber espionage and cyber crime operations (the latter primarily focused in stealing cryptocurrency).
In any case this timeline is really too long to be summarized in few words, so take your time to browse it all to get the details of each event. Once again, thanks for sharing it and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
08/02/2020
Maze
Ventura Orthopedics
The Maze ransomware operators add Ventura Orthopedics to their leak site
Malware
Q Human health and social work activities
CC
US
Ventura Orthopedics, Maze, Ransomware
2
08/03/2020
Maze
United Memorial Medical Center (UMMC)
The Maze ransomware team adds the United Memorial Medical Center (UMMC) to their leak site.
Malware
Q Human health and social work activities
CC
US
Maze, ransomware, United Memorial Medical Center, UMMC
3
08/03/2020
?
Kent State University
Kent State University is among the victims of the Blackbaud ransomware attack.
Malware
P Education
CC
US
Kent State University, Blackbaud, ransomware
4
08/05/2020
?
Isetan Mitsukoshi Co.
Isetan Mitsukoshi Co. announces that that, along with its subsidiary MI Card Co., it suffered a data breach affecting approximately 19,000 customers as a result of unauthorized access
Unknown
G Wholesale and retail trade
CC
JP
Isetan Mitsukoshi Co., MI Card Co.
5
08/06/2020
?
Cuyahoga Community College Foundation
The Cuyahoga Community College Foundation notifies to be among the organizations affected by the Blackbaud ransomware attack.
Malware
P Education
CC
US
Cuyahoga Community College Foundation, Blackbaud, ransomware
6
08/10/2020
DarkSide
Multiple targets
A new ransomware operation named DarkSide begins to attack organizations with customized attacks that have already earned them million-dollar payouts.
Malware
Y Multiple Industries
CC
>1
DarkSide, Ransomware
7
08/10/2020
?
Bletchley Park
Bletchley Park joins the list of the victims of the Blackbaud ransomware attack.
Malware
R Arts entertainment and recreation
CC
UK
Bletchley Park, Blackbaud ransomware
8
08/12/2020
?
Luminate Education Group (LEG)
Luminate Education Group (LEG) is hit by a cyber attack, affecting Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College and University Centre Leeds.
Unknown
P Education
CC
UK
Luminate Education Group, LEG, Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College, University Centre Leeds
9
08/12/2020
?
RailYatri
An unsecured server of the Indian ticket platform RailYatri exposes the personal information of over 700,000 passengers and is wiped out by a Meow attack.
Misconfiguration
H Transportation and storage
CC
IN
RailYatri, Meow
10
01/01/1970
?
Ponca City Schools
Ponca City Schools is the target of ransomware attack.
Malware
P Education
CC
US
Ponca City Schools, ransomware
11
01/01/1970
?
600+ organizations worldwide
Vairav Technology uncovers a Microsoft Office 365 phishing campaign targeting more than 600 organizations worldwide.
Account Hijacking
Y Multiple Industries
CC
>1
Vairav Technology, Microsoft Office 365
12
01/01/1970
?
Momentum Metropolitan
Financial services group Momentum Metropolitan warns that a third party unlawfully accessed a limited portion of data of a subsidiary of the group.
Unknown
K Financial and insurance activities
CC
ZA
Momentum Metropolitan
13
01/01/1970
?
Financial Service Providers
Researchers from Akamai discover a group, using the names Fancy Bear and Armada Collective, launching DDoS attacks against some of the world's biggest financial service providers, including Moneygram and Braintree.
DDoS
K Financial and insurance activities
CC
>1
Akamai, Fancy Bear, Armada Collective, Moneygram, Braintree
14
01/01/1970
?
Single individuals
The Criminal Investigation Department (CID) of the West Bengal police warns citizens of fake oximeter apps on mobile phones, leading to phishing attacks and theft of personal data
Account Hijacking
X Individual
CC
IN
Criminal Investigation Department, CID, West Bengal, COVID-19
15
01/01/1970
?
East Anglia's Children's Hospices (EACH)
East Anglia's Children's Hospices (EACH) joins the victims of the Blackbaud ransomware cyber attack.
Malware
Q Human health and social work activities
CC
UK
East Anglia's Children's Hospices, EACH, Blackbaud, Ransomware
16
01/01/1970
?
Baugo Community Schools
Baugo Community Schools is hit by an unspecified cyber attack via its ISP.
Unknown
P Education
CC
US
Baugo Community Schools
17
01/01/1970
TeamTNT
Multiple targets
Researchers from Cado Security discover a cybercrime group known as TeamTNT, using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.
Malware
Y Multiple Industries
CC
>1
Cado Security, TeamTNT, AWS, Docker, Kubernetes
18
01/01/1970
HIDDEN COBRA AKA The Lazarus Group AKA APT38
Unnamed organization in the cryptocurrency vertical
Researchers from F-Secure Labs discover a targeted attack against an organization in the cryptocurrency vertical, attributed to the Lazarus Group.
Targeted Attack
V Fintech
CC
N/A
HIDDEN COBRA, The Lazarus Group, F-Secure
19
01/01/1970
?
Cleveland Museum of Natural History
Even the Cleveland Museum of Natural History is affected by the Blackbaud ransomware breach.
Malware
R Arts entertainment and recreation
CC
US
Cleveland Museum of Natural History, Blackbaud, ransomware
20
01/01/1970
?
Multiple targets
Researchers from Netscout discover a new version of the Lucifer cryptomining DDoS malware, targeting Linux systems.
Malware
Y Multiple Industries
CC
>1
Netscout, Lucifer, Linux
21
01/01/1970
HIDDEN COBRA AKA The Lazarus Group AKA APT38
US government contractors
The FBI and CISA issue a joint advisory exposing information on BLINDINGCAN, a RAT malware used by North Korean hackers in attacks targeting government contractors.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
FBI, CISA, BLINDINGCAN, HIDDEN COBRA, The Lazarus Group, APT38
22
01/01/1970
?
Multiple targets
Researchers from Guardicore reveal the details of FritzFrog, a sophisticated botnet campaign attacking SSH servers around the world, since at least January 2020.
Brute-force
Y Multiple Industries
CC
>1
Guardicore, FritzFrog, SSH
23
01/01/1970
?
TFI International
The four Canadian courier divisions of TFI International (Canpar Express, ICS Courier, Loomis Express and TForce Integrated Solutions) are hit with a ransomware attack.
The Taiwan Investigation Bureau’s Cyber Security Investigation Office reveals that Chinese hackers have hacked 6000 Taiwan Government email accounts belonging at least 10 Taiwan agencies.
Targeted Attack
O Public administration and defence, compulsory social security
CE
TW
The Taiwan Investigation Bureau’s Cyber Security Investigation Office, Blacktech, Taidoor
25
01/01/1970
?
Samaritan Medical Center
After three weeks the Samaritan Medical Center restores from a malware attack.
Malware
Q Human health and social work activities
CC
US
Samaritan Medical Center
26
01/01/1970
?
The Donkey Sanctuary
Hackers may have seized childrens' personal details after targeting the Donkey Sanctuary, as a consequence of the Blackbaud breach.
Malware
Q Human health and social work activities
CC
UK
The Donkey Sanctuary, Blackbaud, ransomware
27
01/01/1970
?
Lee County High School
Students who logged on to a virtual Spanish class via Google Meet are shown racist, violent and pornographic content by an unknown person who gained access to the lesson.
Account Hijacking
P Education
CC
US
Lee County High School
28
01/01/1970
?
Multiple targets
A group of cyber criminals targets organizations via a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.
Account Hijacking
Y Multiple Industries
CC
US
VPN, vishing, COVID-19
29
01/01/1970
CCP Unmasked
Knowlesys
Yunrun Big Data Service
OneSight
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies.
Unknown
M Professional scientific and technical activities
H
CN
Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked
30
01/01/1970
?
University of Utah
The University of Utah reveals to have paid a $457,000 ransomware to prevent threat actors from releasing files stolen during a ransomware attack.
Malware
P Education
CC
US
University of Utah, Ransomware
31
01/01/1970
APT from South Korea?
Unnamed architecture firm
Researchers from Bitdefender reveal that an advanced hackers-for-hire group has compromised computers of an architecture firm via a malicious plugin for the Autodesk 3ds Max software.
Malicous Autodesk plugin
M Professional scientific and technical activities
CE
N/A
Bitdefender, Autodesk 3ds Max
32
01/01/1970
?
Multiple targets
The FBI and CISA issue a joint advisory warning teleworkers of an ongoing vishing campaign targeting entities from multiple US industry sectors.
Account Hijacking
Y Multiple Industries
CC
US
FBI, CISA, vishing
33
01/01/1970
Transparent Tribe
Multiple countries, mainly India and Afghanistan
Researchers from Kaspersky reveal a new operation by the Transparent Tribe APT.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, Transparent Tribe, India, Afghanistan
34
01/01/1970
?
SnapFulfil
A UK warehouse management software company, SnapFulfil, is hit by ransomware
Malware
M Professional scientific and technical activities
CC
UK
SnapFulfil, ransomware
35
01/01/1970
Maze
SK hynix
South Korean semiconductor manufacturer SK hynix is hit with a Maze ransomware attack.
Malware
C Manufacturing
CC
KR
SK hynix, Maze, ransomware
36
01/01/1970
?
Freepik
Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website.
SQLi
S Other service activities
CC
ES
Freepik, Flaticon
37
01/01/1970
?
U.S. Financial Industry Regulatory Authority (FINRA) members
The U.S. Financial Industry Regulatory Authority (FINRA) issues a new regulatory notice warning members of threat actors using registered brokers' info to create phishing websites.
Account Hijacking
K Financial and insurance activities
CC
US
U.S. Financial Industry Regulatory Authority, FINRA
38
01/01/1970
Maze
Hoa Sen Group
The Maze ransomware operators claim to have breached the steel sheet giant Hoa Sen Group.
Malware
C Manufacturing
CC
VN
Maze, ransomware, Hoa Sen Group
39
01/01/1970
?
Spanish users
Researchers from ESET reveal that the operators behind the Grandoreiro banking trojan, have been using emails posing as the Agencia Tributaria to trick Spanish victims into installing the malware.
Malware
X Individual
CC
ES
ESET, Grandoreiro, Agencia Tributaria
40
01/01/1970
?
Food Bank of Central & Eastern North Carolina
The Food Bank of Central & Eastern North Carolina reveals it was a victim in the Blackbaud data breach.
Malware
Q Human health and social work activities
CC
US
Food Bank of Central & Eastern North Carolina, Ransomware, Blackbaud
41
01/01/1970
?
Planned Parenthood
Even Planned Parenthood is hit with the Blackbaud breach.
Malware
Q Human health and social work activities
CC
US
Planned Parenthood, Blackbaud, Ransomware
42
01/01/1970
?
Myerscough College
Myerscough College is hit with a cyber attack.
Unknown
P Education
CC
UK
Myerscough College
43
01/01/1970
?
Millbrook Magnet High School
The virtual lessons via Google Meet on Millbrook Magnet High School are disrupted by an intruder.
Account Hijacking
P Education
CC
US
Millbrook Magnet High School, Google Meet
44
01/01/1970
?
Oberlin Magnet Middle School
Even the virtual lessons via Google Meet on Oberlin Magnet Middle School are disrupted by an intruder.
Account Hijacking
P Education
CC
US
Oberlin Magnet Middle School, Google Meet
45
01/01/1970
?
Multiple targets
Researchers from Mitiga discover a Community Amazon Machine Image infected with malware.
Malware
Y Multiple Industries
CC
>1
Amazon Machine Image, Mitiga
46
01/01/1970
?
Multiple MSPs
Researchers from Huntress Labs discover a malware campaign targeting MSPs and using multiple strategies to go undetected.
Malware
M Professional scientific and technical activities
CC
>1
Huntress Labs
47
01/01/1970
?
Mental Health Partners
Mental Health Partners notified clients and employees about an employee email account compromise discovered in late March.
Account Hijacking
Q Human health and social work activities
CC
US
Mental Health Partners
48
01/01/1970
?
Multiple targets
Researchers from Sophos discover a new phishing campaign pretending to delivery a mail issue notification and delivering the malicious payload from Azure.
Account Hijacking
Y Multiple Industries
CC
>1
Sophos, Azure
49
01/01/1970
?
Tempo.co
Tempo.co, a news site that criticized the local government for the strategy adopted against the pandemic is defaced.
Defacement
J Information and communication
CC
ID
Tempo.co
50
01/01/1970
?
Center for Indonesia’s Strategic Development Initiatives (CISDI)
The Center for Indonesia’s Strategic Development Initiatives (CISDI), also known to be critical of the Indonesian government’s coronavirus policies, is defaced.
Defacement
Q Human health and social work activities
CC
ID
Center for Indonesia’s Strategic Development Initiatives, CISDI
51
01/01/1970
?
Twitter account of Pandu Riono
The Twitter account of Pandu Riono, an epidemiologist at the University of Indonesia (UI), also critical against the Indonesian government, is hijacked.
Account Hijacking
X Individual
CC
ID
Twitter, Pandu Riono
52
01/01/1970
?
Gosnell School District
The Gosnell School District is hit with a ransomware attack.
Malware
P Education
CC
US
Gosnell School District, ransomware
53
01/01/1970
?
Rialto Unified School District
Even the Rialto Unified School District is hit with a ransomware attack.
Malware
P Education
CC
US
Rialto Unified School District, ransomware
54
01/01/1970
Iranian hackers
Multiple targets
Researchers from Group-IB expose a low-skilled group of Iranian hackers exploiting exposed RDP servers to deploy the Dharma ransomware.
Malware
Y Multiple Industries
CC
>1
Group-IB, Iran, RDP, Dharma, Ransomware
55
01/01/1970
SunCrypt
Haywood County School district
The SunCrypt Ransomware shuts down the Haywood County School district.
Malware
P Education
CC
US
SunCrypt, Ransomware, Haywood County School district.
56
01/01/1970
?
Empire Market
The dark web site Empire Market is hit by a prolonged DDoS attack, before its admins decide to abruptly leave the business.
DDoS
S Other service activities
CC
N/A
Empire Market
57
01/01/1970
?
Vulnerable WordPress servers
Researchers from WebARX reveal that hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated XSS vulnerabilities in the Discount Rules for WooCommerce WordPress, a plugin with more than 30,000 installations.
Vulnerable WordPress plugin
Y Multiple Industries
CC
>1
WebARX, Discount Rules for WooCommerce, WordPress
58
01/01/1970
?
iOS users
Security firm Snyk claims to have found malicious code inside SourMint, a Chinese iOS SDK by Mintegral, used by more than 1,200 iOS applications, all collectively downloaded more than 300 million times per month.
Malware
X Individual
CC
>1
Snyk, Mintegral, iOS, SourMint
59
01/01/1970
DeathStalker
Organizations in the financial sector
Researchers from Kaspersky reveal the details of a hack-for-hire group, tracked as DeathStalker, targeting organizations in the financial sector since 2012.
Targeted Attack
K Financial and insurance activities
CC
>1
Kaspersky, DeathStalker
60
01/01/1970
?
Multiple targets
Researchers from KnowBe4 discover a wave of phishing campaigns exploiting AWS to deliver the Malicous payload.
Account Hijacking
Y Multiple Industries
CC
>1
KnowBe4, AWS
61
01/01/1970
?
Transsion Tecno W2 handsets mainly in Egypt, Ethiopia, South Africa, Cameroon, Ghana
Researchers from Secure-D Lab discover a new Chinese handset with pre-installed Triada malware.
Rialto Unified School District is affected by malware
Malware
P Education
CC
US
Rialto Unified School District
63
01/01/1970
?
Holden Forests and Gardens
Holden Forests and Gardens reveals to have been affected by the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
Holden Forests and Gardens, Blackbaud, ransomware
64
01/01/1970
?
New Zealand’s stock exchange (NZX)
New Zealand’s stock exchange (NZX) is hit by DDoS attacks in the last two days.
DDoS
K Financial and insurance activities
CC
NZ
New Zealand’s stock exchange, NZX
65
01/01/1970
?
38 Japanese companies including Sumitomo Forestry Co. and Hitachi Chemical Co.
38 Japanese companies have authentication information to access their virtual private networks stolen and leaked.
CVE-2019-11510 Vulnerability
Y Multiple Industries
CC
JP
Sumitomo Forestry Co.. Hitachi Chemical Co., CVE-2019-11510
66
01/01/1970
DarkSide
Brookfield Residential
Brookfield Residential is one of the first victims of the new DarkSide Ransomware.
Malware
L Real estate activities
CC
CA
Brookfield Residential, DarkSide, Ransomware
67
01/01/1970
?
Multiple targets
Researchers from Sophos discover a new version of the Lemon_Duck cryptominer updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances.
Researchers from Armorblox detect a phishing campaign delivering the phishing page from Box.
Account Hijacking
Y Multiple Industries
CC
>1
Armorblox, Box
69
01/01/1970
?
Crypto currency traders
Researchers from Abnormal Security reveal that Cyber-criminals have been impersonating the well-known Bitcoin BTC ERA trading platform in order to infect users of the online currency with malware.
Malware
V Fintech
CC
>1
Abnormal Security, Bitcoin BTC ERA
70
01/01/1970
?
North Okanagan Pediatric Clinic
The North Okanagan Pediatric Clinic reveals to have been hacked in late May 2020.
Unknown
Q Human health and social work activities
CC
US
North Okanagan Pediatric Clinic
71
01/01/1970
BeagleBoyz
Several international banks
A joint advisory issued by several U.S. Government agencies reveals that North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks. The campaign is called "Fast Cash"
Malware
K Financial and insurance activities
CC
>1
BeagleBoyz, North Korea, Fast Cash
72
01/01/1970
China
Twitter users
Social media research group Graphika identifies Dracula, a Twitter botnet of around 3,000 bots that pushed pro-Chinese political spam, echoing official messaging released through state propaganda accounts.
Fake Social Network Accounts/Pages
X Individual
CW
>1
Graphika, Dracula, Twitter, China
73
01/01/1970
?
Multiple targets
Microsoft warns of a recently uncovered piece of malware, tracked as Anubis, designed to steal information from infected systems.
Malware
Y Multiple Industries
CC
>1
Microsoft, Anubis
74
01/01/1970
China?
US organizations doing business in China
The FBI and CISA issue another warning to organizations doing business in China after reports of a potentially widespread attempt to remotely target them with powerful malware hidden in tax software.
Malware
Y Multiple Industries
CE
US
FBI, CISA, China, GoldenHelper
75
01/01/1970
?
MetroHealth Foundation
The MetroHealth Foundation is among the victims of the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
MetroHealth Foundation, Blackbaud, ransomware
76
01/01/1970
Netwalker
Argentina's official immigration agency, Dirección Nacional de Migraciones,
Argentina's official immigration agency, Dirección Nacional de Migraciones, suffers a Netwalker ransomware attack that temporarily halts border crossing into and out of the country.
Malware
O Public administration and defence, compulsory social security
CC
AR
Dirección Nacional de Migraciones, Ransomware, Netwalker
77
01/01/1970
Charming Kitten, AKA APT35, NewsBeef, Newscaster, or Ajax
Academia experts, human rights activists, and journalists specialized in Iranian affairs
Researchers from ClearSky reveal that Iranian government hackers have impersonated journalists to reach out to targets via LinkedIn, and set up WhatsApp calls to win their trust, before sharing links to phishing pages and malware-infected files.
Researchers from Check Point discover a new Qbot campaign, stealing full email threads to use in reply-chain.
Malware
Y Multiple Industries
CC
>1
Check Point, Qbot
79
01/01/1970
?
Data#3
Australian IT vendor Data#3 notifies to have experienced what it dubbed as a "cyber incident".
Unknown
J Information and communication
CC
AU
Data#3
80
01/01/1970
REvil AKA Sodinokibi
Valley Health Systems
REvil ransomware operators claim to have breached Valley Health Systems.
Malware
Q Human health and social work activities
CC
US
REvil, Sodinokibi, Ransomware, Valley Health Systems
81
01/01/1970
?
Misconfigured Docker containers
Researchers from Palo Alto Networks reveal the details of Cetus, a new Docker cryptojacking worm mining for Monero.
Cloud Misconfiguration
Y Multiple Industries
CC
>1
Palo Alto Networks, Cetus
82
01/01/1970
?
NCR Corporation
NCR Corporation confirms that it found malware-infected computers in an isolated non-production lab environment outside of the U.S., but claims its clients were never at risk of a secondary infection.
Malware
C Manufacturing
CC
US
NCR Corporation
83
01/01/1970
DoppelPaymer
Amphastar Pharmaceuticals
Amphastar Pharmaceuticals reveals to have been hit with a DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21.
Malware
C Manufacturing
CC
US
Amphastar Pharmaceuticals, DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21.
84
01/01/1970
?
Clark County School District
The Clark County School District notifies parents after a "data security incident".
Unknown
P Education
CC
US
Clark County School District
85
01/01/1970
?
Single individuals
Researchers at Area 1 Security discover a global phishing campaign that purports to offer information about surgical masks and other protective equipment for the COVID-19 pandemic, infecting victims' devices with the AgentTesla RAT.
Account Hijacking
X Individual
CC
>1
Area 1 Security, COVID-19, AgentTesla
86
01/01/1970
UltraRank
700 websites and more than a dozen third-party service providers
Security researchers from Group-IB reveal the details of UltraRank, a cybercriminal group specialized in infecting online shops to steal payment card data, responsible for compromising almost 700 websites and more than a dozen third-party service providers.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Group-IB, UltraRank
87
01/01/1970
?
"Fall Guys: Ultimate Knockout" players
The npm security team removes a malicious JavaScript library, named "fallguys", from the npm portal, designed to steal sensitive files from an infected users' browser and Discord application.
Malware
X Individual
CC
>1
JavaScript, npm, fallguys, Discord
88
01/01/1970
?
Several ISPs across Europe
More than a dozen ISPs across Europe report DDoS attacks targeting their DNS infrastructure. The list includes Belgium's EDP, France's Bouygues Télécom, FDN, K-net, SFR, and the Netherlands' Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl.
The Irish Department of Social Protection warns against “sophisticated” phishing scams.
Account Hijacking
X Individual
CC
IE
Department of Social Protection
90
01/01/1970
?
Multiple targets
Email service provider Sendgrid suffers an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.
Account Hijacking
Y Multiple Industries
CC
>1
Sendgrid
91
01/01/1970
?
Turkish Instagram users
Researchers from Trend Micro reveal that Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials.
Account Hijacking
X Individual
CC
TR
Trend Micro, Instagram
92
01/01/1970
?
PULAU Corporation
Defense supplier PULAU Corporation notifies their employees about an intrusion and unauthorized access into parts of their network between June 11 and June 29.
Unknown
C Manufacturing
CC
US
PULAU Corporation
93
01/01/1970
?
Rocky Mount
Rocky Mount is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Rocky Mount, Ransomware
94
01/01/1970
?
Selma Unified School District
Selma Unified School District is hit with a ransomware attack.
Malware
P Education
CC
US
Selma Unified School District, ransomware
95
01/01/1970
?
Utah Pathology Services
Utah Pathology Services notifying more than 110,000 patients of a data breach when the personal information of certain individuals was accessible to an unauthorized party:
Unknown
Q Human health and social work activities
CC
US
Utah Pathology Services
96
01/01/1970
John Wick?
PayTM Group
PayTM Group suffers a breach after hackers from John Wick access its internal database.
Vulnerability
K Financial and insurance activities
CC
>1
PayTM Group, John Wick
97
01/01/1970
?
Android users
Google removes 56 Android applications from the official Google Play Store that the company says were part of Terracotta, an ad fraud botnet discovered by White Ops.
Malware
X Individual
CC
>1
Android, Google Play Store, Terracotta, White Ops
98
01/01/1970
?
Unknown Bitcoin user
A user loses 1400 Bitcoin ($16 million worth) via a fake bitcoin wallet.
Malware
K Financial and insurance activities
CC
N/A
Bitcoin
99
01/01/1970
?
Greenville Technical College
Greenville Technical College acknowledges to have been hit with a ransomware attack, while the threat actors claim to have successfully exfiltrated personal information of staff and students.
Malware
P Education
CC
US
Greenville Technical College
100
01/01/1970
Pioneer Kitten
Multiple targets
Researchers from Crowdstrike reveal that a group of Iranian hackers tracked as Pioneer Kitten is selling corporate-network credentials on hacker forums. The credentials have been obtained from vulnerable VPN devices.
Cisco warns that threat actors are trying to exploit two high severity memory exhaustion denial-of-service (DoS) vulnerabilities in the company's Cisco IOS XR software that runs on carrier-grade routers.
CVE-2020-3566 CVE-2020-3569
Y Multiple Industries
CC
>1
Cisco, CVE-2020-3566, CVE-2020-3569
102
01/01/1970
?
American Payroll Association (APA)
The American Payroll Association (APA) discloses a data breach affecting members and customers after attackers successfully planted a web skimmer on the organization's website login and online store checkout pages.
Malicious Script Injection
S Other service activities
CC
US
American Payroll Association, APA, Magecart
103
01/01/1970
?
Multiple e-commerce targets
Visa issues a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Visa, JavaScript, Baka
104
01/01/1970
?
MacOS users
Security researchers discover that the authors of the Shlayer malware have been able to bypass the Apple's automated notarizing process.
Malware
X Individual
CC
>1
Shlayer, Apple, MacOS
105
01/01/1970
?
Vulnerable QNAP devices
Researchers from Qihoo 360 reveal that hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a RCE vulnerability to implant backdoor.
QNAP vulnerability
Y Multiple Industries
CC
>1
Qihoo 360, QNAP, RCE
106
01/01/1970
?
Android users
Researchers at Pradeo discover six new Android apps infected with Joker malware,
Malware
X Individual
CC
>1
Pradeo, Android, Joker
107
01/01/1970
?
Multiple targets
Researchers from KnowBe4 discover a wave of phishing campaigns exploiting Slack to deliver phishing pages.
Account Hijacking
Y Multiple Industries
CC
>1
KnowBe4, Slack
108
01/01/1970
?
Atrium Health
Atrium Health joins the list of the victims of the Blackbaud ransomware attack.
