Last Updated on February 19, 2021
As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
As always, be aware that the sample refers exclusively to the attacks included in my timelines, available from public sources such as blogs and news sites. Obviously the sample cannot be complete, but only aims to provide an high level overview of the threat landscape.
And please support my work, sharing the content and following me on Twitter and Linkedin for the latest updates.
| ID | Date | Author | Target | Description | Attack | Target Class | Attack Class | Country | Link | Tags |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 02/01/2020 | Chuckling Squad | Adam Sandler's Twitter account | Adam Sandler's Twitter account is hacked and used to post offensive messages against Mariah Carey, President Obama, and President Trump. | Account Hijacking | R Arts entertainment and recreation | CC | US | Adam Sandler, Twitter, Mariah Carey, President Obama, President Trump, Chuckling Squad | |
| 2 | 02/01/2020 | ? | Klamath County Veterans Service Office | Klamath County Veterans Service Office notifies a phishing attack occurred on September 19, 2019 | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | Klamath County Veterans Service Office | |
| 3 | 03/01/2020 | ? | Alomere Health | The personal and medical information of 49,351 patients is exposed following a security incident involving two employees' email accounts. | Account Hijacking | Q Human health and social work activities | CC | US | Alomere Health | |
| 4 | 03/01/2020 | ? | Contra Costa County Library System | The Contra Costa County Library System is hit by ransomware | Malware | O Public administration and defence, compulsory social security | CC | US | The Contra Costa County Library System, ransomware | |
| 5 | 03/01/2020 | ? | Native American Rehabilitation Association | Native American Rehabilitation Association announces that it experienced an Emotet attack on November 4-5, 2019. | Malware | Q Human health and social work activities | CC | US | Native American Rehabilitation Association, Emotet | |
| 6 | 04/01/2020 | ? | Austria's foreign ministry | Austria's foreign ministry is targeted by a cyber-attack that is suspected to have been conducted by a foreign country. | Targeted attack | O Public administration and defence, compulsory social security | CE | AT | Austria | |
| 7 | 04/01/2020 | Iran cyber security group hackers | U.S. Federal Depository Library Program | The homepage for the U.S. Federal Depository Library Program is briefly altered to show a pro-Iranian message and an image of bloodied Donald Trump being punched in the face. | Defacement | O Public administration and defence, compulsory social security | CW | US | FDLP, U.S. Federal Depository Library Program, Iran, Iran cyber security group hackers | |
| 8 | 04/01/2020 | Shield Iran | Sierra Leone Commercial Bank (slcb.com) | For the same reason, a group of Iranian hackers dubbed "Shield Iran" defaces the Sierra Leone Commercial Bank | Defacement | K Financial and insurance activities | CW | SL | Shield Iran, Sierra Leone Commercial Bank, slcb.com | |
| 9 | 04/01/2020 | ? | Multiple targets | Researchers from Fortinet report that a ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme. | Malware | Y Multiple Industries | CC | >1 | Fortinet, ransomware, DeathRansom | |
| 10 | 04/01/2020 | ? | Saskatchewan’s eHealth | Hackers make through the first level of security for Saskatchewan’s eHealth records system, locking the government out of some systems and asking for a ransom. | Unknown | Q Human health and social work activities | CC | US | Saskatchewan’s eHealth | |
| 11 | 06/01/2020 | Iranian Hacker | Texas Department of Agriculture | The Texas Department of Agriculture is hit with a cyberattack that defaces its website with an image of Gen. Qassem Soleimani, the top Iranian commander who was killed in a U.S. strike the previous week. | Defacement | O Public administration and defence, compulsory social security | CW | US | Texas Department of Agriculture, Qassem Soleimani, Iranian Hacker | |
| 12 | 06/01/2020 | SideWinder APT Group | Military entities | Researchers from Trend Micro discover the first example of a malicious app in the Google Play Market, exploiting the recently patched CVE-2019-2215 zero-day vulnerability. | Targeted attack | O Public administration and defence, compulsory social security | CE | >1 | Trend Micro, Google Play Market, CVE-2019-2215 | |
| 13 | 06/01/2020 | ? | Canyon | Canyon announces it was struck by a "massive cyber attack" over the Christmas break by a "professionally organized group". | Unknown | C Manufacturing | CC | DE | Canyon | |
| 14 | 06/01/2020 | ? | Focus Camera | Researchers from Juniper Threat Labs reveal that the website of popular photography and imaging retailer Focus Camera got hacked late in December 2019 by MageCart attackers to inject malicious code that stole customer payment card details. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Focus Camera, Magecart, Juniper Threat Labs | |
| 15 | 06/01/2020 | ? | Single Individuals | Researchers from Fortinet discover a new campaign of the "Predator the Thief" malware. | Malware | X Individual | CC | >1 | Fortinet, Predator the Thief | |
| 16 | 06/01/2020 | ? | Multiple targets | UK Security Researcher Kevin Beaumont warns that the attackers behind REvil ransomware (AKA Sodinokibi) are now targeting unpatched Pulse Secure VPN servers | Vulnerability | Y Multiple Industries | CC | >1 | Kevin Beaumont, Revil, Sodinokibi, Pulse Secure, CVE-2019-11510 | |
| 17 | 06/01/2020 | ? | Pittsburg Unified School District | Students in the Pittsburg Unified School District of Pennsylvania are left without internet access as the result of a ransomware attack. | Malware | P Education | CC | US | Pittsburg Unified School District | |
| 18 | 06/01/2020 | ? | Hamden Schools | Public schools in Hamden are taken down by a malware attack. | Malware | P Education | CC | US | Hamden Schools | |
| 19 | 06/01/2020 | ? | Wallace State Community College | The Wallace State Community College is hit by a cyber attack. | Malware | P Education | CC | US | Wallace State Community College | |
| 20 | 07/01/2020 | ? | City of Las Vegas | The City of Las Vegas is hit by a cyber attack via a malicious email. | Targeted attack | O Public administration and defence, compulsory social security | N/A | US | City of Las Vegas | |
| 21 | 07/01/2020 | ? | Unpatched routers (D-Link, Netgear, and Linksys) | Researchers from BitDefender reveal the details of LiquorBot, a cryptomining botnet attacking unpatched routers since at least May 2019 | Vulnerability | Y Multiple Industries | CC | >1 | BitDefender, LiquorBot, CVE-2015-2051, CVE-2016-1555, CVE-2016-6277, Crypto | |
| 22 | 07/01/2020 | ? | Single Individuals | A new phishing campaign tries to take advantage of the Iran cyber attack scare. | Account Hijacking | X Individual | CC | >1 | Iran | |
| 23 | 07/01/2020 | Master X | Multiple targets | Researchers from AppRiver reveal that a hacker with the handle “Master X” is leveraging a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” to deliver either the Lokibot info stealer or Azorult remote access trojan. | Malware | Y Multiple Industries | CC | >1 | AppRiver, Master X, Drake, Lokibot, Azorult | |
| 24 | 07/01/2020 | ? | Enloe Medical Center | Enloe Medical Center is hit by a ransomware attack that causes the hospital to reschedule some elective procedures. | Malware | Q Human health and social work activities | CC | US | Enloe Medical Center, ransomware | |
| 25 | 07/01/2020 | ? | City of Bend | The City of Bend is the latest victim of the Click2Gov breach. | Malicious Script Injection | O Public administration and defence, compulsory social security | CC | US | City of Bend | |
| 26 | 08/01/2020 | ? | US financial entity | The FBI says that unidentified threat actors have used the CVE-2019-11510 Pulse Secure VPN flaw "to exploit a notable US financial entity’s research network since August 2019. | Vulnerability | K Financial and insurance activities | CC | US | FBI, CVE-2019-11510, Pulse Secure VPN | |
| 27 | 08/01/2020 | ? | US municipal government | The FBI says that also a US municipal government was breached via the CVE-2019-11510 Pulse Secure VPN flaw. | Vulnerability | O Public administration and defence, compulsory social security | CC | US | FBI, CVE-2019-11510, Pulse Secure VPN | |
| 28 | 08/01/2020 | ? | Well-known personalities in Korea | A recent report from South Korean media claims that Samsung Galaxy smartphones of many well-known personalities in Korea were hacked. According to the report, the hacker extorts cash from its victims. If the victim fails to pay the ransom, the hacker threatens to disclose all data. | Account Hijacking | X Individual | CC | KR | Samsung, South Korea | |
| 29 | 08/01/2020 | ? | Multiple targets | Security researchers observe ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781. | Vulnerability | Y Multiple Industries | CC | >1 | Citrix, NetScaler ADC, Citrix Gateway, CVE-2019-19781 | |
| 30 | 08/01/2020 | ? | Multiple targets | A new ransomware called Snake emerges in the threat landscape. | Malware | Y Multiple Industries | CC | >1 | Snake, Ransomware | |
| 31 | 08/01/2020 | Lazarus Group | Cryptocurrency businesses | Researchers from Kaspersky reveal the details of a new wave of attacks linked to Operation AppleJeus, and targeting cryptocurrency business in multiple countries including UK, Poland, Russia and China. | Targeted attack | V Fintech | CC | >1 | Kaspersky, Operation AppleJeus, Lazarus Group | |
| 32 | 08/01/2020 | ? | Firefox users | Mozilla warns Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users. The vulnerability is indexed as CVE-2019-17026. | Targeted attack | X Individual | CC | >1 | Mozilla, Firefox | |
| 33 | 09/01/2020 | Iranian state-sponsored hackers | Bapco | Multiple sources reveal that Iranian state-sponsored hackers have deployed Dustman, a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company. The attack occurred on December 29, 2019. | Malware | D Electricity gas steam and air conditioning supply | CW | BH | Dustman, Bapco, Iran | |
| 34 | 09/01/2020 | ? | Albany International Airport | Albany International Airport's staff announces that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. | Malware | H Transportation and storage | CC | US | Albany International Airport, Ransomware, Sodinokibi | |
| 35 | 09/01/2020 | Magnallium AKA APT33, Refined Kitten, or Elfin | American Electric Utilities | Researchers from Dragos reveal that a state-sponsored group affiliated to Iran called Magnallium has been probing American electric utilities for the past year. | Password-spraying | D Electricity gas steam and air conditioning supply | CW | US | Dragos, Iran, Magnallium, APT33, Refined Kitten, Elfin | |
| 36 | 09/01/2020 | Xenotyme, Dymalloy, Electrum | American Electric Utilities | The same report details the activities of three additional groups targeting the American Electric Utilities. | Targeted attack | D Electricity gas steam and air conditioning supply | CW | US | Xenotyme, Dymalloy, Electrum, Dragos | |
| 37 | 09/01/2020 | ? | Android users | Google reveals to have removed roughly 1,700 applications infected with the Joker Android malware (also known as Bread) since the company started tracking it in early 2017. | Malware | X Individual | CC | >1 | Android, Bread, Joker, Google | |
| 38 | 09/01/2020 | ? | Multiple targets | A new ransomware dubbed Ako emerges in the threat landscape. | Malware | Y Multiple Industries | CC | >1 | Ako, Ransomware | |
| 39 | 09/01/2020 | ? | Multiple targets | Researchers at Sentinel One reveal that the Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets. | Malware | Y Multiple Industries | CC | >1 | Sentinel One, TrickBot, PowerTrick | |
| 40 | 09/01/2020 | ? | City of Dunwoody | The City of Dunwoody reveals to have been hit by a cyber attack during the Christmas Eve. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Dunwoody | |
| 41 | 09/01/2020 | ? | btyDental | btyDental notifies patients after suffering a ransomware attack discovered on November 2019. | Malware | Q Human health and social work activities | CC | US | btyDental, ransomware | |
| 42 | 09/01/2020 | ? | Bartlett Public Library District | The Bartlett Public Library District’s computer systems recovers from a ransomware attack occurred on Saturday, November 30. | Malware | O Public administration and defence, compulsory social security | CC | US | Bartlett Public Library District, ransomware | |
| 43 | 09/01/2020 | ? | City of Dawson Creek | The City of Dawson Creek says its computer systems were hacked in an apparent ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | CA | Dawson Creek, Ransomware | |
| 44 | 10/01/2020 | ? | Manor Independent School District | Manor Independent School District announces that email scammers had fleeced the District out of $2.3 million. | Business Email Compromise | P Education | CC | US | Manor Independent School District | |
| 45 | 10/01/2020 | ? | European websites for Perricone MD | Researchers from RapidSpike reveal that multiple european websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Perricone MD, RapidSpike, Magecart | |
| 46 | 10/01/2020 | ? | Multiple targets in the US | The US Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit the CVE-2019-11510 remote code execution (RCE) vulnerability. | Vulnerability | Y Multiple Industries | CC | >1 | US Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-11510, RCE | |
| 47 | 10/01/2020 | ? | Website collecting donations for the victims of the Australia bushfires | Researchers from Malwarebytes discover that attackers compromised a website collecting donations for the victims of the Australia bushfires and injected ATMZOW, a malicious script that steals the payment information of the donors. | Malicious Script Injection | Q Human health and social work activities | CC | AU | Magecart, Malwarebytes, ATMZOW | |
| 48 | 10/01/2020 | ? | Single Individuals | A malicious ad campaign is underway in Google Search results that leads users to fake Amazon support sites and tech support scams. | Search Engine Poisoning | X Individual | CC | >1 | Google Search, Amazon | |
| 49 | 10/01/2020 | ? | High-profile Facebook pages | Facebook addresses a security issue that exposed page admin accounts, after the bug was exploited in attacks in the wild against several high-profile pages. | Vulnerability | X Individual | CC | >1 | ||
| 50 | 10/01/2020 | ? | Android users | Researchers from Malwarebytes discover that the UMX U686CL, an Android phone subsidized by the US government for low-income users comes preinstalled with malware (Android/Trojan.HiddenAds.WRACT). | Malware | X Individual | CC | US | Malwarebytes, UMX U686CL, Android, Android/Trojan.HiddenAds.WRACT | |
| 51 | 10/01/2020 | ? | Boing Boing | The popular Boing Boing blog is hacked by an unknown party who plants malicious code into the site’s WordPress theme. Users visiting the site from desktop computers are redirected to a fake download page for an Adobe Flash update. | Account Hijacking | J Information and communication | CC | US | Boing Boing, Adobe Flash | |
| 52 | 10/01/2020 | ? | The Center for Facial Restoration | The Center for Facial Restoration reveals to have been victim of hack back in November 2019, with the attackers threatening to release the patients' data. | Unknown | Q Human health and social work activities | CC | US | The Center for Facial Restoration | |
| 53 | 10/01/2020 | ? | Los Angeles County | Los Angeles County confirms it was the target of a phishing attack last month, which staff detected and contained before it exposed any county resident data. | Account Hijacking | P Education | CC | US | Los Angeles County | |
| 54 | 11/01/2020 | ? | Android users | Researchers from Kaspersky reveal that an Android malware, dubbed Trojan-Dropper.AndroidOS.Shopper.a, camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more. | Malware | X Individual | CC | >1 | Kaspersky, Android, Trojan-Dropper.AndroidOS.Shopper.a, Google Play Protect | |
| 55 | 13/01/2020 | ? | Multiple targets | Researchers from Cofense reveal that after almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns. | Malicious Spam | X Individual | CC | >1 | Cofense, Emotet | |
| 56 | 13/01/2020 | ? | UNIX Systems | The security team at npm takes down a malicious package, discovered by the Microsoft Vulnerability Research team and named 1337qq-js, caught stealing sensitive information from UNIX systems. | Malware | Y Multiple Industries | CC | >1 | npm, Microsoft Vulnerability Research team, 1337qq-js,UNIX | |
| 57 | 13/01/2020 | ? | Android users | An Android banking Trojan dubbed Faketoken has recently been observed by security researchers from Kaspersky while draining its victims' accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world. | Malware | K Financial and insurance activities | CC | >1 | Android, Faketoken, Kaspersky | |
| 58 | 13/01/2020 | ? | Account receivable specialists | Researchers from Agari discover a new group called Ancient Tortoise targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages. | Business Email Compromise | K Financial and insurance activities | CC | >1 | Agari, Ancient Tortoise | |
| 59 | 13/01/2020 | ? | Company in the medical tech sector | Researchers from Guardicore reveal the details of an attack targeting a company in the medical tech sector via a malware hiding its modules in WAV audio files and spreading to vulnerable Windows 7 machines on the network via EternalBlue. | Malware | C Manufacturing | CC | N/A | Guardicore, WAV, EternalBlue, Crypto | |
| 60 | 14/01/2020 | Fancy Bear AKA APT28 | Burisma | Researchers from Area 1 reveal that Russian spies from GRU are suspected of trying to hack into Burisma, the Ukrainian gas company with whom Hunter Biden worked. | Targeted attack | D Electricity gas steam and air conditioning supply | CE | UA | Area 1, Burisma, GRU, Hunter Biden, Russia, APT28, Fancy Bear | |
| 61 | 14/01/2020 | Omnichorus | LimeLeads | 49 million user records extracted from a misconfigured Elasticsearch database by US data broker LimeLeads are put up for sale online. | Misconfiguration | M Professional scientific and technical activities | CC | US | Elasticsearch, LimeLeads, Omnichorus | |
| 62 | 14/01/2020 | ? | Single Individuals | The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new ransomware named 5ss5c. | Malware | X Individual | CC | >1 | Satan, ransomware, 5ss5c | |
| 63 | 14/01/2020 | ? | Single Individuals | Researchers from Bitdefender discover 17 Google Play apps that, once installed, start hiding their presence on the user’s device and constantly display aggressive ads. | Malware | X Individual | CC | >1 | Bitdefender, Google Play | |
| 64 | 14/01/2020 | ? | New Mexico Public Regulation Commission | The New Mexico Public Regulation Commission is "hacked by an outside source" | Unknown | O Public administration and defence, compulsory social security | CC | US | New Mexico Public Regulation Commission | |
| 65 | 15/01/2020 | ? | United Nations | The United Nations is hit by a cyberattack through the malware Emotet. | Malware | U Activities of extraterritorial organizations and bodies | CC | N/A | United Nations,Emotet | |
| 66 | 15/01/2020 | ? | P&N Bank | P&N Bank in Western Australia informs its customers that hackers may have accessed personal information stored on its systems following a cyber attack on December 12, during an upgrade at a third-party hosting company. | Unknown | K Financial and insurance activities | CC | AU | P&N Bank | |
| 67 | 15/01/2020 | ? | PlanetDrugsDirect | Canadian online pharmacy PlanetDrugsDirect emails customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. 400,000 individuals are potentially compromised. | Unknown | Q Human health and social work activities | CC | CA | PlanetDrugsDirect | |
| 68 | 15/01/2020 | ? | Single Individuals | An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more. | Malware | X Individual | CC | >1 | Oski | |
| 69 | 06/01/2020 | ? | Twitter account of former Australian cricket coach Darren Lehmann | The Twitter account of former Australian cricket coach Darren Lehmann is hacked by a Donald Trump supporter. | Account Hijacking | X Individual | H | AU | Twitter, Darren Lehmann, Donald Trump | |
| 70 | 08/01/2020 | ? | Kuwait State News Agency | Kuwait state news agency says its Twitter was hacked to spread misinformation about US withdrawal. | Account Hijacking | J Information and communication | H | KW | Kuwait State News Agency | |
| 71 | 10/01/2020 | ? | PIH Health | PIH Health notifies almost 200,000 patients whose protected health information was in employee email accounts that were compromised. | Account Hijacking | Q Human health and social work activities | CC | US | PIH Health | |
| 72 | 10/01/2020 | ? | Panama-Buena Vista Union School | Panama-Buena Vista Union School District is hit with a ransomware attack. | Malware | P Education | CC | US | Panama-Buena Vista Union School, ransomware | |
| 73 | 10/01/2020 | Anonymous Iran | City of Ozark | Hackers from Anonymous Iran claim to have defaced the website of city of Ozark. | Defacement | O Public administration and defence, compulsory social security | H | US | Anonymous Iran, City of Ozark | |
| 74 | 13/01/2020 | ? | St. Louis Community College | More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing scam. | Account Hijacking | P Education | CC | US | St. Louis Community College | |
| 75 | 15/01/2020 | ? | Town of Colonie | The Albany County town of Colonie is hit by a cyber-attack that takes the town's computer system and email offline. | Unknown | O Public administration and defence, compulsory social security | CC | US | Town of Colonie | |
| 76 | 16/01/2020 | ? | Vulnerable Citrix Systems | Researchers from FireEye discover a malicious actor deploying a previously-unseen payload called NOTROBIN on vulnerable Citrix Systems. The actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts, establishing a backdoor for subsequent campaigns. | Vulnerability | Y Multiple Industries | CC | >1 | FireEye, NOTROBIN, Citrix, CVE-2019-19781 | |
| 77 | 16/01/2020 | TA542 | Pharmaceutical companies in the US, Canada and Mexico | Researchers from Proofpoint discover a new Emotet campaign targeting pharmaceutical companies in the US, Canada and Mexico | Malware | M Professional scientific and technical activities | CC | US CA MX | Proofpoint, Emotet | |
| 78 | 16/01/2020 | ? | Targets in Middle East | Researchers from Cisco Talos discover a new campaign selectively attacking targets in Middle East via a Remote Access Trojan (RAT), dubbed JhoneRAT, and abusing cloud services. | Targeted attack | Y Multiple Industries | CE | >1 | Cisco Talos, RAT, JhoneRAT | |
| 79 | 16/01/2020 | ? | Multiple targets | Researchers from Zscaler discover a new version of the FTCODE ransomware with password-stealing capabilities. | Malware | Y Multiple Industries | CC | >1 | Zscaler, FTCODE, ransomware | |
| 80 | 16/01/2020 | ? | Rudolf and Stephanie Hospital in Benešov | The Rudolf and Stephanie Hospital in Benešov is hit with a Ryuk ransomware attack. | Malware | Q Human health and social work activities | CC | CZ | The Rudolf and Stephanie Hospital, Benešov, Ryuk, Ransomware | |
| 81 | 16/01/2020 | ? | Georgia election server (Center for Election Systems at Kennesaw State University) | Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock. | Vulnerability | O Public administration and defence, compulsory social security | CC | US | Georgia, Shellshock, Center for Election Systems at Kennesaw State University | |
| 82 | 16/01/2020 | ? | US Government and Military | A new research from Cisco Talos discover a new Emotet campaign affecting the United States of America's government and military. | Malware | O Public administration and defence, compulsory social security | CC | US | Talos, Emotet | |
| 83 | 16/01/2020 | ? | City of Detroit | The City of Detroit officials warn data breach exposed city workers and residents after several email accounts were compromised. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | City of Detroit | |
| 84 | 17/01/2020 | ? | Multiple targets | Microsoft publishes a security advisory containing mitigation measures for CVE-2020-0674, an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer. | Targeted attack | Y Multiple Industries | N/A | >1 | Microsoft, CVE-2020-0674 | |
| 85 | 17/01/2020 | Phoenix’s Helmets (Anka Neferler Tim) | Several Greek government websites | Several Greek government websites are taken down by Turkish hackers. Targets include the Greek Parliament, the Foreign Affairs Ministry, the Athens Stock Exchange, the National Intelligence Service (EYP) and the Finance Ministry. | DDoS | O Public administration and defence, compulsory social security | H | GR | Phoenix’s Helmets, Anka Neferler Tim | |
| 86 | 17/01/2020 | ? | ADP Users | In proximity of the tax season, cybercriminals launch a phishing campaign targeting some ADP users. | Account Hijacking | X Individual | CC | US | ADP | |
| 87 | 17/01/2020 | ? | Sunset Cardiology | Sunset Cardiology is hit with a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | Sunset Cardiology, Maze, ransomware | |
| 88 | 18/01/2020 | ? | Temple Har Shalom Synagogue | The Temple Har Shalom Synagogue is hit with a Sodinokibi Ransomware attack. | Malware | U Activities of extraterritorial organizations and bodies | CC | US | Temple Har Shalom Synagogue, Sodinokibi, Ransomware | |
| 89 | 18/01/2020 | Anonymous Greece | Top Channel 24 TV | Anonymous Greece responds to the ongoing attacks of Turkish hackers by attacking the Turkish channel Top Channel 24 TV. | DDoS | J Information and communication | H | TR | Anonymous Greece, Top Channel 24 TV | |
| 90 | 18/01/2020 | ? | New Orleans Ernest N. Morial Convention Center | The New Orleans Ernest N. Morial Convention Center is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | New Orleans, Ernest N. Morial Convention Center, ransomware | |
| 91 | 18/01/2020 | ? | Adventist Health | Adventist Health notifies 2,653 patients after suffering a phishing incident. | Account Hijacking | Q Human health and social work activities | CC | US | Adventist Health | |
| 92 | 19/01/2020 | ? | Single Individuals | A new sextortion scam leverages the insecurity of connected devices to trick the victims. | Malicious Spam | X Individual | CC | >1 | Sextortion | |
| 93 | 19/01/2020 | ? | Multiple targets | A hacker publishes a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. | Misconfiguration | Y Multiple Industries | CC | >1 | Telnet, IoT | |
| 94 | 19/01/2020 | ? | Kamaru Usman Twitter account | UFC champion Kamaru Usman says his Twitter account was hacked, after series of explicit tweets against Conor McGregor | Account Hijacking | X Individual | CC | US | UFC, Kamaru Usman, Twitter, Conor McGregor | |
| 95 | 19/01/2020 | ? | Oman United Insurance | Oman United Insurance, one among the largest insurers in the country discloses a “ransomware attack” on the company’s data centre early this month. | Malware | K Financial and insurance activities | CC | OM | Oman United Insurance, ransomware | |
| 96 | 20/01/2020 | Tick (China) | Mitsubishi Electric | Mitsubishi Electric discloses a security breach that might have caused the leak of personal and confidential corporate information. The breach was detected on June 28, 2019. | Targeted attack | C Manufacturing | CE | JP | Mitsubishi Electric, Tick | |
| 97 | 20/01/2020 | ? | Hanna Andersson | US children's apparel maker and online retailer Hanna Andersson discloses that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Hanna Andersson, Magecart | |
| 98 | 21/01/2020 | Saudi Arabia | Jeff Bezos | An investigation reveals that Jeff Bezos' phone exfiltrated a massive amounts of personal information after receiving a WhatsApp-attached video file sent by the future king of Saudi Arabia, Prince Mohammed bin Salman on May 1, 2018. | Targeted attack | X Individual | CE | US | Jeff Bezos, WhatsApp, Prince Mohammed bin Salman | |
| 99 | 21/01/2020 | ? | Volusia County Public Library (VCPL | 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9 | Unknown | O Public administration and defence, compulsory social security | CC | US | Volusia County Public Library, VCPL | |
| 100 | 21/01/2020 | ? | Vulnerable Wordpress sites | Researchers from Sucuri reveal that over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites. The campaign was possible because of two vulnerable plugins ("CP Contact Form with PayPal" and "Simple Fields"). | Vulnerability | Y Multiple Industries | CC | >1 | Sucuri, Wordpress, "CP Contact Form with PayPal", "Simple Fields" | |
| 101 | 21/01/2020 | ? | 100 UPS Store Locations | Sensitive personal and financial information of UPS Store customers is exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020. | Account Hijacking | G Wholesale and retail trade | CC | US | UPS Store | |
| 102 | 21/01/2020 | Threat Actors from Iran | Multiple targets in the US | The FBI Cyber Division issues a flash security alert related to the recent defacement attacks operated by Iranian threat actors. | Defacement | Y Multiple Industries | CW | US | FBI, Iran | |
| 103 | 21/01/2020 | ? | Single Individuals | Researchers from Malwarebytes reveal the details of a large high-profile malvertising campaign distributing browser lockers. | Malvertising | X Individual | CC | >1 | Malwarebytes | |
| 104 | 21/01/2020 | ? | Citibank customers | Researchers discover q new Citibank phishing scam that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily trick their victims. | Account Hijacking | K Financial and insurance activities | CC | US | Citibank | |
| 105 | 21/01/2020 | ? | Multiple targets | Researchers from Microsoft discover a new version of the sLoad malware downloader, dubbed Starslord. | Malware | Y Multiple Industries | CC | >1 | Microsoft, sLoad, Starslord | |
| 106 | 21/01/2020 | ? | PayPal customers | Researchers from ZeroFOX discover a new version of the 16Shop phishing campaign targeting PayPal customers. | Account Hijacking | G Wholesale and retail trade | CC | >1 | ZeroFOX, 16Shop, PayPal | |
| 107 | 21/01/2020 | ? | Vulnerable internet routers running the Tomato firmware | Researchers from Palo Alto Networks reveal that internet routers running the Tomato alternative firmware are under active attack by the Muhstik botnet, searching for devices using default credentials. | Misconfiguration | Y Multiple Industries | CC | >1 | Palo alto Networks, Muhstik, Tomato | |
| 108 | 21/01/2020 | ? | Multiple targets | Researchers from Cisco Talos discover a new large-scale cryptomining campaign, dubbed Vivin, acting since more than two years. | Malware | Y Multiple Industries | CC | >1 | Cisco Talos, Vivin, Crypto | |
| 109 | 22/01/2020 | ? | Tillamook County | Tillamook County is hit by a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Tillamook County, ransomware | |
| 110 | 22/01/2020 | ? | Greenville Water | Greenville Water is hit by a cyber attack. | Unknown | E Water supply, sewerage waste management, and remediation activities | CC | US | Greenville Water | |
| 111 | 22/01/2020 | ? | FedEx customers | FedEx warns of a new text message phishing scam that at first glance looks to be about a FedEx package delivery. | Account Hijacking | X Individual | CC | US | FedEx | |
| 112 | 22/01/2020 | ? | Android users | Researchers from Dr.Web discover a new campaign targeting Android users via the Android.Xiny mobile trojan. | Malware | X Individual | CC | >1 | Dr.Web, Android, Android.Xiny | |
| 113 | 23/01/2020 | ? | Gedia Automotive Group | Parts manufacturer Gedia Automotive Group shuts down its network after being hit with a Sodinokibi ransomware attack. | Malware | C Manufacturing | CC | DE | Gedia Automotive Group, ransomware, Sodinokibi | |
| 114 | 23/01/2020 | ? | Sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics | The sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics (olympictickets2020[.]com), are the victims of a magecart attack. | Malicious Script Injection | R Arts entertainment and recreation | CC | N/A | Magecart, Euro Cup, Tokyo Summer Olympics, olympictickets2020[.]com | |
| 115 | 23/01/2020 | APT33? | European energy sector organization | Researchers from Recorded Future discover a cyber espionage campaign with suspected ties to Iran, targeting the European energy sector in a reconnaissance campaign via the PupyRAT software. | Targeted attack | D Electricity gas steam and air conditioning supply | CE | EU | APT33, PupyRAT, Recorded Future | |
| 116 | 23/01/2020 | ? | Bitcoin Gold | Bitcoin Gold experiences a 51% attack. A total amount of over $70,000 is double-spent | 51% Attack | V Fintech | CC | N/A | Bitcoin Gold | |
| 117 | 23/01/2020 | ? | Ben Gurion International Airport | As Israel hosted dozens of world leaders last week for the World Holocaust Forum, the country’s cyber defense system fended off hundreds of cyberattacks targeting the country’s international airport and the planes of the world leaders. | >1 | H Transportation and storage | >1 | IL | Ben Gurion International Airport | |
| 118 | 24/01/2020 | ? | City of Potsdam | The City of Potsdam severs the administration servers' Internet connection following a ransomware attack carried out exploiting the CVE-2019-1978 vulnerability. | Malware | O Public administration and defence, compulsory social security | CC | DE | City of Potsdam, ransomware, CVE-2019-1978 | |
| 119 | 24/01/2020 | Konni Group | U.S. government agency | Researchers at Palo Alto Networks' Unit 42 discover a new campaign dubbed "Fractured Statue", carried out via a malware called CARROTBALL, used in targeted attacks, against a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea. | Targeted attack | O Public administration and defence, compulsory social security | CE | US | Palo Alto Networks, Unit 42, CARROTBALL, North Korea, Konni Group, Fractured Statue | |
| 120 | 24/01/2020 | ? | Targets in the government, military, and financial sector | A new version of the Ryuk Stealer malware is discovered. This version allows to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data. | Malware | Y Multiple Industries | CC | >1 | Ryuk, ransomware | |
| 121 | 24/01/2020 | Turkish hackers | Several Government websites in Greece | A new DDoS attack hits the official state websites of the Greek prime minister, the national police and fire service and other ministries. | DDoS | O Public administration and defence, compulsory social security | H | GR | Turkey, Greece | |
| 122 | 24/01/2020 | ? | Tampa Bay Times | The Tampa Bay Times suffers a Ryuk ransomware attack. | Malware | J Information and communication | CC | US | Tampa Bay Times, Malware | |
| 123 | 26/01/2020 | ? | Bird Construction | Bird Construction acknowledges to have been recently hit with a Maze ransomware attack. | Malware | M Professional scientific and technical activities | CC | CA | Bird Construction, Maze, ransomware | |
| 124 | 26/01/2020 | ? | SuperCasino | The online gambling platform SuperCasino experiences a data breach that exposes sensitive information belonging to its customers. | Unknown | R Arts entertainment and recreation | CC | MT | SuperCasino | |
| 125 | 27/01/2020 | State-sponsored Turkish hackers | At least 30 organizations | Turkish hackers allegedly acting in the interest of the Turkish government are believed to have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups | DNS hijacking | Y Multiple Industries | CE | >1 | Turkey | |
| 126 | 27/01/2020 | OurMine | Twitter accounts of over a dozen popular American football teams, the NFL, the UFC, and ESPN. | The OurMine collective hacks hijacks the Twitter accounts of over a dozen popular American football teams, including the San Francisco 49ers and Kansas City Chiefs, who competed in the Super Bowl Final, the NFL, the UFC, and ESPN. | Account Hijacking | R Arts entertainment and recreation | CC | US | OurMine, Twitter, San Francisco 49ers, Kansas City Chiefs, Super Bowl, NFL, UFC, ESPN | |
| 127 | 27/01/2020 | Aggah | Some Italian companies operating in the Retail sector | Researchers from Yoroi-Cybaze ZLab discover a new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign. | Targeted attack | G Wholesale and retail trade | CC | IT | Aggah, Yoroi-Cybaze Zlab | |
| 128 | 27/01/2020 | ? | Royal Yachting Association | The Royal Yachting Association (RYA) forces a password reset for all online users after warning that some that their data may have been compromised by a third party. | Unknown | S Other service activities | CC | US | Royal Yachting Association | |
| 129 | 28/01/2020 | ? | Vulnerable Citrix ADC servers | A new ransomware called Ragnarok is detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit. | Malware | Y Multiple Industries | CC | >1 | Ragnarok, Citrix, CVE-2019-19781, Ransomware | |
| 130 | 28/01/2020 | ? | Red Kite Community Housing | Red Kite Community Housing announces to have fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000. | Domain Spoofing | S Other service activities | CC | UK | Red Kite Community Housing | |
| 131 | 28/01/2020 | ? | Tissue Regenix Group PLC | Tissue Regenix Group PLC says that its computer systems and a third-party IT service provider in the United States were accessed without authorization. | Unknown | C Manufacturing | CC | US | Tissue Regenix Group PLC | |
| 132 | 28/01/2020 | ? | Personal Touch Home Care of Greater Portsmouth. | Personal Touch Home Care of Greater Portsmouth notifies a Maze ransomware attack occurred on December 1, 2019. | Malware | S Other service activities | CC | US | Personal Touch Home Care of Greater Portsmouth, Maze, Ransomware | |
| 133 | 29/01/2020 | ? | United Nations | A leaked report reveals that the European network of the United Nations were compromised during the Summer of 2019 | Targeted attack | U Activities of extraterritorial organizations and bodies | CE | N/A | United Nations | |
| 134 | 29/01/2020 | ? | Electronic Warfare Associates (EWA) | Electronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government contractor, is hit with the Ryuk ransomware. | Malware | C Manufacturing | CC | US | Electronic Warfare Associates, EWA, Ryuk, ransomware | |
| 135 | 29/01/2020 | ? | Users in Japan | A new campaign is discovered distributing the Emotet malware in Japan, and leveraging the scare of Coronavirus. | Malicious Spam | X Individual | CC | JP | Emotet, Coronavirus | |
| 136 | 29/01/2020 | ? | Multiple targets | The attackers behind the Maze ransomware publish a list of 25 victims with small data sets leaked as a proof of the hack. | Malware | Y Multiple Industries | CC | >1 | Maze | |
| 137 | 29/01/2020 | ? | LiveRamp | Facebook reveals that back in October, hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company's Business Manager account -- allowing them to run ads using other people's money. | Account Hijacking | M Professional scientific and technical activities | CC | US | Facebook, LiveRamp | |
| 138 | 30/01/2020 | NEC | NEC confirms to have been hit with a cyberattack since 2018 that resulted in unauthorized access to its internal network and the exposure of 28,000 files. | Targeted attack | C Manufacturing | CE | JP | NEC | ||
| 139 | 30/01/2020 | APT34 AKA Oilrig (Iran government-backed) | US Government workers | Researchers from Intezer Lab reveal the details of a spear-phishing campaign, mimicking Westat surveys, a well-known US government contractor that has managed and administered surveys to more than 80 federal agencies, since at least 16 years. | Targeted attack | O Public administration and defence, compulsory social security | CE | US | APT34, Oilrig, Iran, Intezer Lab, Westat | |
| 140 | 30/01/2020 | TA505 | Multiple targets | Researchers from Microsoft and Prevailion reveal a new campaign by TA505, weaponizing Excel documents. | Targeted attack | Y Multiple Industries | CC | >1 | Microsoft, Prevailion, TA 505, Excel | |
| 141 | 30/01/2020 | ? | Undisclosed Canadian Insurance company | A Canadian insurance company paid nearly $1 million USD (about $1.3 million CAD) following a ransomware attack. | Malware | K Financial and insurance activities | CC | CA | Ransomware | |
| 142 | 30/01/2020 | ? | Users in the US | Multiple Coronavirus Phishing Campaigns are discovered, actively targeting US users. | Account Hijacking | X Individual | CC | US | Coronavirus | |
| 143 | 30/01/2020 | ? | Single Individuals | Researchers discover a new phishing campaign distributing malware, pretending to be from the Spamhaus Project. | Malicious Spam | X Individual | CC | >1 | Spamhaus | |
| 144 | 30/01/2020 | ? | Rijksmuseum Twenthe | Hackers posing as a veteran London art dealer trick Rijksmuseum Twenthe, a Dutch museum, buying a John Constable painting into paying 2.4 million pounds ($3.1 million) to a fraudulent bank account. | Business Email Compromise | S Other service activities | CC | NL | Rijksmuseum Twenthe, John Constable | |
| 145 | 30/01/2020 | ? | UK Taxpayers | Cybersecurity company Mimecast discover an uptick in scams using the promise of tax refunds as a way to entice the victims into giving up private information including their name, address, phone number and card details. | Account Hijacking | X Individual | CC | UK | Mimecast, HMRC | |
| 146 | 30/01/2020 | ? | Multiple targets | Researchers from Lastline discover a large-scale spam campaign spreading info-stealing malware (Agent Tesla and LokiBot) and using advanced obfuscation techniques. | Malicious Spam | Y Multiple Industries | CC | >1 | Lastline, Agent Tesla, LokiBot | |
| 147 | 31/01/2020 | ? | Bouygues Construction | French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware. | Malware | M Professional scientific and technical activities | CC | FR | Bouygues Construction, Maze, Ransomware | |
| 148 | 31/01/2020 | ? | Hong Kong Universities | Researchers from ESET discover a new campaign of the Winnti group targeting some Hong Kong universities via the ShadowPad backdoor. | Targeted attack | P Education | CE | HK | ESET, Winnti. Hong Kong, ShadowPad | |
| 149 | 31/01/2020 | ? | TVEyes | TVEyes, a broadcast television search engine used by political campaigns to monitor opponents and track ads, is hit with a ransomware attack. | Malware | J Information and communication | CC | US | TVEyes, ransomware | |
| 150 | 31/01/2020 | ? | Single Individuals | A new extortion campaign leverages the Ashley Madison breach | Malicious Spam | X Individual | CC | >1 | Ashley Madison | |
| 151 | 31/01/2020 | ? | City of Racine | The city of Racine is hit with a ransomware attack that knocks most of its non-emergency computer services offline. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Racine, malware | |
| 152 | 28/01/2020 | ? | Laurentian Bank | Police investigate after thieves hack three banking machines in the greater Montreal area, making off with an estimated $55,000. | Unknown | K Financial and insurance activities | CC | CA | Laurentian Bank | |
| 153 | 30/01/2020 | ? | Grundy County Courthouse | The Grundy County Courthouse experiences a "cybersecurity breach". | Unknown | O Public administration and defence, compulsory social security | CC | US | Grundy County Courthouse | |
| 154 | 30/01/2020 | ? | Mountain View Los Altos High School (MVLA) | Mountain View Los Altos High School is hit with a cyber attack. | Unknown | P Education | CC | US | Mountain View Los Altos High School, MVLA | |
| 155 | 31/01/2020 | ? | US Department of Defense (DOD) | A security researcher discovers a cryptocurrency-mining botnet inside a web server operated by the US Department of Defense (DOD). | Vulnerability | O Public administration and defence, compulsory social security | CC | US | US Department of Defense, DOD | |
| 156 | 31/01/2020 | ? | Dundee and Angus College | Dundee and Angus College is apparently hit with a ransomware attack. | Malware | P Education | CC | UK | Dundee and Angus College, Ransomware | |
| 157 | 31/01/2020 | ? | Everton Fan Services Twitter account | The Everton Fan Services Twitter account is allegedly hacked. | Account Hijacking | R Arts entertainment and recreation | CC | UK | Everton Fan Services, Twitter | |
| 158 | 31/01/2020 | ? | Fondren Orthopedic Group | Fondren Orthopedic Group notifies patients after a malware incident occurred on November 21, 2019, destroyed patient records. | Malware | Q Human health and social work activities | CC | US | Fondren Orthopedic Group, ransomware | |
| 159 | 31/01/2020 | ? | Belvidere City Hall | Belvidere City Hall is the victim of a cyber attack. | Unknown | O Public administration and defence, compulsory social security | CC | US | Belvidere City Hall | |
| 160 | 01/02/2020 | ? | More than 2,300 Nortek Security & Control (NSC) Linear eMerge E3 building access systems | Researchers from SonicWall reveal that attackers have already compromised more than 2,300 Linear eMerge E3 building access systems exploiting CVE-2019-7256. | Vulnerability | Y Multiple Industries | CC | >1 | Nortek Security & Control, NSC, Linear eMerge E3 | |
| 161 | 01/02/2020 | ? | Five U.S. Law Firms | Five U.S. law firms are among the companies and organizations targeted by a new round of ransomware attacks. | Malware | M Professional scientific and technical activities | CC | US | Ransomware | |
| 162 | 01/02/2020 | ? | Confederation College | Confederation College suffers a malware attack. | Malware | P Education | CC | US | Confederation College | |
| 163 | 03/02/2020 | ? | Toll Group | Toll Group announces that to have experienced a "cybersecurity incident", and shuts down a number of IT systems at multiple sites across Australia in a bid to resolve the issue. The attack is allegedly caused by the Kokoklock (or Mailto) ransomware. | Malware | M Professional scientific and technical activities | CC | AU | Toll Group, ransomware, Kokoklock, Mailto | |
| 164 | 03/02/2020 | ? | Multiple targets | Researchers from Dragos reveal the details of EKANS, a new malware strain able to encrypt data and stop applications used in industrial control systems. | Malware | Y Multiple Industries | CC | >1 | Dragos, EKANS | |
| 165 | 03/02/2020 | ? | Government targets in Middle East | Researchers from Palo Alto Networks discover a new wave of campaigns exploiting CVE-2019-0604 against Middle East government targets. | Targeted attack | O Public administration and defence, compulsory social security | CE | >1 | Palo Alto Networks | |
| 166 | 03/02/2020 | ? | Credit Union National Association (CUNA) | Systems of the Credit Union National Association are knocked offline following a “cyber incident.” | Malware | K Financial and insurance activities | CC | US | Credit Union National Association, CUNA, ransomware | |
| 167 | 03/02/2020 | ? | Twitter users | Twitter discloses a security incident during which third-parties exploited the company's official API to match phone numbers with Twitter usernames. | API Exploit | X Individual | CC | >1 | ||
| 168 | 03/02/2020 | ? | Multiple targets | Security researchers discover a new wave of domains injected with Magecart skimmers hosted on opendoorcdn[.]com. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | opendoorcdn[.]com, Magecart | |
| 169 | 03/02/2020 | ? | Business account holders of the larger banks in Brazil | Researchers from IBM X-Force reveal the details of a new campaign of the Camubot malware targeting business account holders of the larger banks in Brazil. | Targeted attack | K Financial and insurance activities | CC | BR | IBM X-Force, Camubot | |
| 170 | 03/02/2020 | ? | Multiple targets | A new malicious spam campaign distributes the AZORult trojan and uses three levels of encryption to avoid detection. | Malicious Spam | Y Multiple Industries | CC | >1 | AZORult | |
| 171 | 04/02/2020 | ? | Undisclosed state-level voter registration and information site | The US Federal Bureau of Investigation (FBI) warns of a potential DDoS attack that targeted a state-level voter registration and information site. | DDoS | O Public administration and defence, compulsory social security | CC | US | FBI | |
| 172 | 04/02/2020 | ? | Single Individuals | The Emotet Trojan gets ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms. | Malicious Spam | X Individual | CC | >1 | Emotet, W-9 | |
| 173 | 04/02/2020 | ? | Customers of financial institutions in multiple countries. | Researchers from Fortinet discover a new Metamorfo variant targeting customers of financial institutions in multiple countries. | Malware | K Financial and insurance activities | CC | >1 | Fortinet, Metamorfo | |
| 174 | 04/02/2020 | ? | Ukrainian ISP | Ukrainian police arrest a 16-year-old from the city of Odessa for attempting to extort a local ISP into sharing data on one of its subscribers. | DDoS | M Professional scientific and technical activities | CC | UA | Ukraine | |
| 175 | 04/02/2020 | ? | North Miami Beach Police Department | The North Miami Beach Police Department determines to have been impacted by ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | North Miami Beach Police Department | |
| 176 | 04/02/2020 | ? | Golden Entertainment | Golden Entertainment notifies customers, employees, and vendors of a phishing attack occurred between May and October 2019. | Account Hijacking | R Arts entertainment and recreation | CC | US | Golden Entertainment | |
| 177 | 04/02/2020 | ? | St. Louis Community College | More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing attack discovered on January 13. | Account Hijacking | P Education | CC | US | St. Louis Community College | |
| 178 | 04/02/2020 | ? | Eastern Virginia Medical School | Eastern Virginia Medical School discloses a phishing attack that could have exposed employees’ personal information, including bank accounts and Social Security numbers. | Account Hijacking | Q Human health and social work activities | CC | US | Eastern Virginia Medical School | |
| 179 | 05/02/2020 | ? | Credit card holders from India | Researchers from Group-IB discover a database containing over 460,000 payment card records uploaded to Joker's Stash, one of the most popular darknet cardshops. | Unknown | K Financial and insurance activities | CC | IN | Group-IB, Joker's Stash | |
| 180 | 05/02/2020 | ? | Single Individuals | Researchers from Cybereason discover an active campaign distributing an arsenal of malware that is able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world. The payloads observed in this campaign originated from different accounts in code repository platform Bitbucket, which was abused as part of the attackers delivery infrastructure. | Malware | X Individual | CC | >1 | Cybereason, Bitbucket | |
| 181 | 05/02/2020 | ? | Altsbit | Altsbit announces to have been hit with a devastating hack. Criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) "coins" with a combined value of $27,000. | Unknown | V Fintech | CC | IT | Altsbit, Crypto | |
| 182 | 05/02/2020 | Charming Kitten | Journalists, political and human rights activists | Researchers from Certfa Lab identify a new series of phishing attacks from Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services, targeting journalists, political and human rights activists. | Account Hijacking | X Individual | CE | >1 | Charming Kitten | |
| 183 | 05/02/2020 | ? | Single Individuals | Another phishing campaign, claiming to be sent from the World Health Organization (WHO), leverages the fear of the Coronavirus. | Account Hijacking | X Individual | CC | >1 | World Health Organization, WHO, Coronavirus | |
| 184 | 05/02/2020 | APT40 | Malaysian government officials | Malaysia's Computer Emergency Response Team (MyCERT) reveal the details of a campaign carried out by APT40, targeting local government officials using malicious documents exploiting CVE-2014-6352 and CVE-2017-0199. | Targeted attack | O Public administration and defence, compulsory social security | CE | MY | Malaysia's Computer Emergency Response Team, MyCERT, APT40, CVE-2014-6352, CVE-2017-0199 | |
| 185 | 05/02/2020 | ? | Financial services organizations in the United States | Researchers from FireEye continue to observe multiple targeted phishing campaigns designed to download and deploy a backdoor tracked as MINEBRIDGE. | Targeted attack | K Financial and insurance activities | CE | US | FireEye, MINEBRIDGE | |
| 186 | 05/02/2020 | Gamaredon | Ukrainian military and security institutions | Researchers from SentinelOne reveal an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. | Targeted attack | O Public administration and defence, compulsory social security | CE | UA | Gamaredon, SentinelOne, SentinelLabs | |
| 187 | 05/02/2020 | ? | Mississippi Center for Legal Services and North Mississippi Rural Legal Services | Mississippi Center for Legal Services and North Mississippi Rural Legal Services warn to have been hit with a Ryuk ransomware attack on Christmas Eve. | Malware | K Financial and insurance activities | CC | US | Mississippi Center for Legal Services, North Mississippi Rural Legal Services, ransomware, Ryuk | |
| 188 | 05/02/2020 | ? | Educational Enrichment Systems | Educational Enrichment Systems discloses a phishing attack occurred between May and July 2019. | Account Hijacking | P Education | CC | US | Educational Enrichment Systems | |
| 189 | 05/02/2020 | ? | All About Potential Family Chiropractic | All About Potential Family Chiropractic is hit with a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | All About Potential Family Chiropractic, Ransomware, Maze | |
| 190 | 06/02/2020 | ? | Android users | Researchers from Cofense discover a new phishing campaign targeting Android users, infecting their devices with the Anubis banking Trojan, embedded in more than 250 banking and shopping applications. | Malware | X Individual | CC | >1 | Cofense, Android, Anubis | |
| 191 | 06/02/2020 | ? | Pasco Corporation | Japanese defense contractor Pasco Corporation (Pasco) discloses a security breach that happened in May 2018. | Targeted attack | C Manufacturing | CE | JP | Pasco Corporation | |
| 192 | 06/02/2020 | ? | Kobe Steel (Kobelco) | Japanese defense contractor Kobe Steel (Kobelco) discloses a security breach that happened in June 2015/August 2016. | Targeted attack | C Manufacturing | CE | JP | Kobe Steel, Kobelco | |
| 193 | 06/02/2020 | ? | Two undisclosed victims | Researchers from Sophos investigate two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers and install the RobbinHood ransomware. The signed driver is part of a deprecated software package published by Gigabyte, with a known vulnerability tracked as CVE-2018-19320. | Malware | Z Unknown | CE | N/A | Sophos, RobbinHood, ransomware, Gigabyte, CVE-2018-19320 | |
| 194 | 06/02/2020 | ? | Single Individuals | Researchers from Kaspersky discover more than 20 phishing websites and 925 malicious files presented disguised as early released copy of the Oscar movies. | Malware | X Individual | CC | >1 | Kaspersky, Oscar | |
| 195 | 06/02/2020 | ? | Banks and financial institutions in the US and the UK | Researchers from Menlo Security reveal the details of a new Emotet campaign targeting banks and financial institutions in the US and the UK. | Malware | K Financial and insurance activities | CC | US UK | Menlo Security, Emotet | |
| 196 | 06/02/2020 | Gorgon Group | Multiple targets | Researchers from Prevailion reveal the details of a new campaign carried out by the Gorgon Group through spoofed login portals. | Account Hijacking | Y Multiple Industries | CC | >1 | Gorgon Group, Prevailion | |
| 197 | 06/02/2020 | ? | Idaho Central Credit Union | Idaho Central Credit Union informs some customers of two data breaches that impacted the financial institution | Account Hijacking | K Financial and insurance activities | CC | US | Idaho Central Credit Union | |
| 198 | 06/02/2020 | ? | Single Individuals | Researchers from Dr.Web discover a campaign using the CNET website to spread malware through its software download section, via a download link of a popular video player, VSDC. | Malware | X Individual | CC | >1 | CNET, VSDC, Dr.Web | |
| 199 | 07/02/2020 | ? | Multiple targets | Researchers from Binary Defense discover a new variant of Emotet spreading via Wi-Fi networks. | Malware | Y Multiple Industries | CC | >1 | Binary Defense, Emotet | |
| 200 | 07/02/2020 | OurMine | Facebook's Twitter and Instagram accounts | Hackers from the OurMine collective claim to have taken over Facebook's Twitter and Instagram accounts. | Account Hijacking | M Professional scientific and technical activities | CC | US | OurMine, Facebook, Twitter, Instagram | |
| 201 | 07/02/2020 | ? | Single Individuals | Security researchers from Kaspersky discover a phishing campaign that poses as an email from the United States’ CDC (Centers of Disease Control). | Account Hijacking | X Individual | CC | US | Kaspersky, Coronavirus, CDC, Centers of Disease Control | |
| 202 | 07/02/2020 | ? | Rockdale County | Some Rockdale County services are impacted after multiple county servers were are by a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Rockdale County | |
| 203 | 07/02/2020 | LulzSec ITA | Universities of Basilicata, Napoli and Roma 3 | The Italian hacktivist collective LulzSec ITA claims via Twitter to have hacked three Italian universities: Basilicata, Napoli and Roma 3. | SQL Injection | P Education | H | IT | LulzSec ITA, Basilicata, Napoli, Roma 3 | |
| 204 | 07/02/2020 | ? | Allegheny Intermediate Unit school system | The Allegheny Intermediate Unit school system is hit with a ransomware attack. | Malware | P Education | CC | US | Allegheny Intermediate Unit school system, ransomware | |
| 205 | 07/02/2020 | ? | Shields Health Solutions | Shields Health Solutions notifies its patients after an the email account of an employee is hacked between October 22 and October 24 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Shields Health Solutions | |
| 206 | 08/02/2020 | ? | Redcar and Cleveland Council | Redcar and Cleveland Council is hit with a ransomware cyber-attack. | Malware | O Public administration and defence, compulsory social security | CC | UK | Redcar and Cleveland Council, ransomware | |
| 207 | 08/02/2020 | ? | 50 sites of three of the world’s largest manufacturers of IoT devices in the Middle East, North America, and Latin America | Researchers from TrapX discover a malware campaign targeting 50 sites of three of the world’s largest manufacturers of IoT devices to install a variant of the Lemon_Duck cryptominer. | Malware | C Manufacturing | CC | >1 | TrapX, Lemon_Duck crypto | |
| 208 | 09/02/2020 | ? | Iran Internet infrastructure | Iran is allegedly hit with a powerful cyber attack able to take down the 25% if its Internet. | DDoS | J Information and communication | CW | IR | Iran | |
| 209 | 10/02/2020 | Outlaw | Linux-based enterprise systems | Researchers from Trend Micro reveal a new campaign by the group known as Outlaw. This the time the group infiltrates Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin Monero (XMR). | Malware | Y Multiple Industries | CC | >1 | Outlaw, Trend Micro, Crypto, Monero, XMR | |
| 210 | 10/02/2020 | ? | Havre Public Schools | Havre Public Schools are hit with a ransomware attack. | Malware | P Education | CC | US | Havre Public Schools, ransomware | |
| 211 | 10/02/2020 | ? | Wilson Elser Moskowitz Edelman & Dicker | The law firm Wilson Elser Moskowitz Edelman & Dicker is hit with a ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | Wilson Elser Moskowitz Edelman & Dicker, ransomware | |
| 212 | 10/02/2020 | ? | US Supply chain software providers | The FBI has warns the US private sector about an ongoing hacking campaign that's targeting supply chain software providers with the Kwampirs malware. | Malware | Y Multiple Industries | CC | US | FBI, Kwampirs | |
| 213 | 10/02/2020 | ? | Managing Service Providers | A new ransomware called Ragnar Locker emerges, specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped. | Malware | M Professional scientific and technical activities | CC | >1 | Ragnar Locker, Ransomware | |
| 214 | 10/02/2020 | ? | Single Individuals | Researchers from Kaspersky spot a new malware called KBOT, a virus that spreads by injecting malicious code into Windows executable files, the first "living" virus in recent years spotted in the wild. | Malware | X Individual | CC | >1 | KBOT, Kaspersky | |
| 215 | 10/02/2020 | ? | City of Garrison | The City of Garrison is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Garrison, Malware | |
| 216 | 10/02/2020 | ? | Vernon Schools | Vernon Schools shut down the internet after suffering a cyber attack. | Unknown | P Education | CC | US | Vernon Schools | |
| 217 | 10/02/2020 | ? | Industries susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic | Proofpoint researchers uncover new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping, and aim to distribute the AZORult trojan. | Malicious Spam | Y Multiple Industries | CC | >1 | Coronavirus, AZORult | |
| 218 | 11/02/2020 | ? | Nacogdoches Independent School District | A ransomware attack affects some computers at Nacogdoches Independent School District. | Malware | P Education | CC | US | Nacogdoches Independent School District, ransomware | |
| 219 | 11/02/2020 | ? | College of Family Physicians of Canada | Doctors from the College of Family Physicians of Canada are the targets of a phishing campaign. | Account Hijacking | Q Human health and social work activities | CC | CA | College of Family Physicians of Canada | |
| 220 | 11/02/2020 | ? | Baker Wotring | The Baker Wotring law firm has its data exposed by the Maze gang, including fee agreements and diaries from personal injury cases. | Malware | M Professional scientific and technical activities | CC | US | Baker Wotring, Maze, ransomware | |
| 221 | 11/02/2020 | ? | Individuals in the U.S. | The U.S. Federal Trade Commission (FTC) warns about ongoing scam campaigns that make use of the current Coronavirus global scale health crisis to bait potential targets from the United States via phishing emails, text messages, and social media. | Account Hijacking | X Individual | CC | US | U.S. Federal Trade Commission, FTC, Coronavirus | |
| 222 | 11/02/2020 | ? | American Express and Chase Customers | A clever phishing campaign is underway that pretends to be fraud protection emails from American Express and Chase that ask you to confirm if the listed credit card transactions are legitimate. | Account Hijacking | K Financial and insurance activities | CC | US | American Express, Chase | |
| 223 | 11/02/2020 | ? | The Pediatric Physicians’ Organization at Children’s (PPOC) | The Pediatric Physicians’ Organization at Children’s (PPOC) is hit with a ransomware attack. | Malware | Q Human health and social work activities | CC | US | The Pediatric Physicians’ Organization at Children’s, (PPOC), ransomware | |
| 224 | 11/02/2020 | ? | Carson City | Carson City is the latest victim of the Click2Gov breach. | Malicious Script Injection | O Public administration and defence, compulsory social security | CC | US | Carson City, Click2Gov | |
| 225 | 11/02/2020 | ? | Altice USA Inc. | Altice USA Inc. exposes the Social Security numbers, birth dates and other personal information of all 12,000 current employees as well as some former employees and a small number of customers, after a phishing attack in November 2019. | Account Hijacking | J Information and communication | CC | US | Altice USA Inc. | |
| 226 | 12/02/2020 | ? | Puerto Rico’s government | Puerto Rico’s government loses more than $2.6 million after falling for a Business Email Compromise Scam. The incident occurred on January 17. | Business Email Compromise | O Public administration and defence, compulsory social security | CC | PR | Puerto Rico | |
| 227 | 12/02/2020 | ? | IOTA Foundation | IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, shuts down its entire network after hackers exploit a vulnerability in the IOTA wallet app to steal user funds. | Vulnerability | V Fintech | CC | DE | IOTA Foundation, Crypto | |
| 228 | 12/02/2020 | ? | Countries in South America and Central America, as well as the U.S. | Researchers from Cisco Talos discover a new campaign carried out through a new version of Loda, a remote access trojan written in AutoIT | Targeted attack | Y Multiple Industries | CE | >1 | Cisco Talos, Loda | |
| 229 | 12/02/2020 | ? | Single Individuals | Researchers from Emisoft discover a new ransomware strain, dubbed Ransomwared, asking for explicit images are ransom. | Malware | X Individual | CC | >1 | Emisoft, ransomware, Ransomwared, | |
| 230 | 12/02/2020 | ? | Central Kansas Orthopedic Group | Central Kansas Orthopedic Group notifies more than 17,000 patients to have suffered a ransomware attack on January 9, 2019. | Malware | Q Human health and social work activities | CC | US | Central Kansas Orthopedic Group, ransomware | |
| 231 | 12/02/2020 | ? | Palm Beach county's election office | it is reported that Palm Beach election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections. | Malware | O Public administration and defence, compulsory social security | CC | US | Florida, Ransomware | |
| 232 | 13/02/2020 | ? | Rutter's | Rutter's discloses that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information. | Malware | G Wholesale and retail trade | CC | US | Rutter's | |
| 233 | 13/02/2020 | ? | Nedbank | Nedbank discloses a security incident that impacts the personal details of 1.7 million users. The bank says the breach occurred at Computer Facilities (Pty) Ltd, a South African company the bank was using to send out marketing and promotional campaigns. | Vulnerability | K Financial and insurance activities | CC | ZA | Nedbank | |
| 234 | 13/02/2020 | MoleRATs (aka The Gaza Cybergang) | Entities and individuals in the Palestinian territories | Researchers from Cybereason discover two simultaneous campaigns (Spark and Pierogi) targeting entities and individuals in the Palestinian territories. | Targeted attack | X Individual | CE | PS | MoleRATs (aka The Gaza Cybergang) | |
| 235 | 13/02/2020 | ? | Chrome users | Security researchers discover and take down a malicious campaign dating back to 2017, using up to 500 malicious Chrome extensions. | Malicious Browser Extension | X Individual | CC | >1 | Chrome | |
| 236 | 13/02/2020 | ? | Multiple targets | A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system. | Malware | Y Multiple Industries | CC | >1 | Parallax | |
| 237 | 13/02/2020 | ? | SIngle Individuals | Researchers from IBM X-Force discover a new Emotet-powered sextortion campaign. | Malicious Spam | X Individual | CC | >1 | IBM X-Force, Emotet, Sextortion | |
| 238 | 13/02/2020 | ? | Relation Insurance | Relation Insurance discloses a phishing attack occurred on August 15, 2019. | Account Hijacking | K Financial and insurance activities | CC | US | Relation Insurance | |
| 239 | 14/02/2020 | Hidden Cobra (AKA Lazarus Group) | Targets in the US | Multiple U.S. government agencies warn of a newly intensifying threat from North Korea. | Targeted attack | Y Multiple Industries | CE | US | Hidden Cobra, Lazarus Group | |
| 240 | 14/02/2020 | ? | Banks in the U.S. and Canada | Researchers from Lookout discover a phishing campaign focused on mobile banking used over 200 pages to impersonate legitimate websites for well-known banks in the U.S. and Canada. | Account Hijacking | K Financial and insurance activities | CC | US CA | Lookout, US, Canada | |
| 241 | 14/02/2020 | ? | 27 companies | A targeted phishing attack using SLK attachments is underway against twenty-seven companies, with some of them being well-known brands, to gain access to their corporate networks. | Account Hijacking | Y Multiple Industries | CE | >1 | Phishing | |
| 242 | 14/02/2020 | ? | Single Individuals | Researchers from Trend Micro discover a new LokiBot campaign attempting to infect users by impersonating the launcher for Epic Games. | Malware | X Individual | CC | >1 | LokiBot, Trend Micro, Epic Games | |
| 243 | 14/02/2020 | ? | PSL Services | PSL Services notifies its clients of a phishing attack occurred on December 17, 2019. | Account Hijacking | M Professional scientific and technical activities | CC | US | PSL Services | |
| 244 | 14/02/2020 | ? | Charleston Lube Partners | Charleston Lube Partners reveals to have been hit by a PoS malware between February 14, 2019 and August 19, 2019. | Malware | I Accommodation and food service activities | CC | US | Charleston Lube Partners | |
| 245 | 15/02/2020 | ? | Port Lavaca | The Port Lavaca City Hall is hit with a Ryuk ransomware attack, | Malware | O Public administration and defence, compulsory social security | CC | US | Port Lavaca, Ryuk, ransomware | |
| 246 | 15/02/2020 | OurMine | FC Barcelona Twitter Account | Hackers from the OurMine collective claim to have hijacked the Twitter account of FC Barcelona. | Account Hijacking | R Arts entertainment and recreation | CC | ES | OurMine, FC Barcelona, Twitter | |
| 247 | 15/02/2020 | OurMine | The International Olympic Committee Twitter Account | The International Olympic Committee Twitter Account Twitter account is also hacked by OurMine | Account Hijacking | U Activities of extraterritorial organizations and bodies | CC | N/A | OurMine, International Olympic Committee, Twitter | |
| 248 | 15/02/2020 | ? | Interactive Medical Systems | Wake County notifies that 1,900 employees are affected by a phishing attack to Interactive Medical Systems, a former benefits administrator. | Account Hijacking | M Professional scientific and technical activities | CC | US | Wake County, Interactive Medical Systems | |
| 249 | 13/02/2020 | ? | Grand Est | The Grand Est region is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | FR | Grand Est, ransomware | |
| 250 | 14/02/2020 | ? | INA Group | A ransomware attack cripples some business operations at INA Group, Croatia's biggest oil company, and its largest petrol station chain. | Malware | D Electricity gas steam and air conditioning supply | CC | HR | INA Group, ransomware | |
| 251 | 14/02/2020 | ? | BST | A Maze ransomware attack on BST, an accounting firm in December exposes the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm. | Malware | K Financial and insurance activities | CC | US | Maze, BST, Community Care Physicians | |
| 252 | 14/02/2020 | ? | Tennessee Orthopaedic Alliance | Tennessee Orthopaedic Alliance notifies more than 81,000 patients after discovering two employee email accounts had been compromised on October 18, 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Tennessee Orthopaedic Alliance | |
| 253 | 15/02/2020 | ? | Neebs Gaming YouTube channel | Neebs Gaming, a highly popular YouTube gaming channel is hacked by unidentified crypto scammers, who change its name and banner to Coinbase Pro to collect Bitcoin from its viewers/subscribers. | Account Hijacking | R Arts entertainment and recreation | CC | US | Neebs Gaming, YouTube, Coinbase Pro, Bitcoin | |
| 254 | 15/02/2020 | ? | Lodi School District | School officials in Lodi are investigating after student data is breached at two different schools: Bear Creek High and Ronald E. McNair High. | Unknown | P Education | CC | US | Lodi School District | |
| 255 | 16/02/2020 | Fox Kitten | Companies from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors | Researchers from ClearSky reveal that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs to infiltrate and plant backdoors in companies all over the world. | Vulnerability | Y Multiple Industries | CE | >1 | ClearSky, Fox Kitten, CVE-2019-11510, CVE-2018-13379, CVE-2019-1579, CVE-2019-19781 | |
| 256 | 16/02/2020 | APT-C-23 | Israel Defense Force (IDF) soldiers | An IDF’s spokesperson reveals that IDF (Israel Defense Force) and ISA (Israel Security Agency AKA “Shin Bet”) conducted a joint operation to take down a Hamas operation targeting IDF soldiers, dubbed ‘Rebound’. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IL | Israel Defense Force, IDF, APT-C-23, ISA, Israel Security Agency | |
| 257 | 16/02/2020 | ? | Vulnerable Wordpress sites | Researchers from WebARX reveal the details of a currently exploited vulnerability targeting the ThemeGrill Demo Importer plugin that allows the attackers to completely wipe a Wordpress site. | Vulnerability | Y Multiple Industries | CC | >1 | WebARX, ThemeGrill Demo Importer, Wordpress | |
| 258 | 16/02/2020 | ? | Butler County Community College | Butler County Community College is hit with a ransomware attack. | Malware | P Education | CC | US | Butler County Community College, ransomware | |
| 259 | 17/02/2020 | ? | ISS World | A ransomware attack hits the major facilities company ISS World, which has half a million employees worldwide. | Malware | N Administrative and support service activities | CC | DK | ISS World | |
| 260 | 17/02/2020 | ? | More than 80 Turkish companies | Check Point researchers discover an evolving, ongoing malspam campaign targeting more than 80 Turkish companies, distributing the Adwind RAT. | Malicious Spam | Y Multiple Industries | CC | TR | Check Point, Adwind RAT | |
| 261 | 17/02/2020 | ? | Multiple targets | IBM X-Force Threat Intelligence researchers discover a phishing campaign distributing the Lokibot information stealer malware via emails designed to look like they're sent by the Ministry of Health of the People's Republic of China and containing emergency Coronavirus regulations in English. | Malware | Y Multiple Industries | CC | >1 | IBM X-Force, Lokibot, Ministry of Health of the People's Republic of China, Coronavirus, COVID-19 | |
| 262 | 17/02/2020 | ? | Single Individuals | The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware. | Malicious Spam | X Individual | CC | >1 | World Health Organization, WHO, Coronavirus, COVID-19 | |
| 263 | 17/02/2020 | ? | Instagram users in Russia | A large-scale phishing campaign is running on Instagram to bait Russians with a fake presidential decree that promises a lump-sum payment for a citizen to start their own business. | Account Hijacking | X Individual | CC | RU | ||
| 264 | 17/02/2020 | ? | Rabun County | The Rabun County is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Rabun County, ransomware | |
| 265 | 17/02/2020 | ? | East House | East House provide notices of a phishing attack occurred on July 25, 2019. | Account Hijacking | Q Human health and social work activities | CC | US | East House | |
| 266 | 17/02/2020 | ? | Monroe County Hospital & Clinics | More than 7,000 patients of Monroe County Hospital & Clinics are notified that their personal information may have been leaked in a phishing attack occurred on December 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Monroe County Hospital & Clinics | |
| 267 | 18/02/2020 | ? | Undisclosed natural gas compression facility | The Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility. | Malware | D Electricity gas steam and air conditioning supply | CC | US | Cybersecurity and Infrastructure Security Agency, CISA, ransomware | |
| 268 | 18/02/2020 | ? | Vulnerable Wordpress sites | Researchers from Wordfence reveal that a zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially fully taking over the vulnerable website. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, ThemeREX Addons, WordPress | |
| 269 | 18/02/2020 | ? | ProtonVPN users | Researchers from Kaspersky discover a fake ProtonVPN website used since November 2019 to deliver the AZORult information-stealing malware to potential victims in the form of fake ProtonVPN installers. | Malware | X Individual | CC | >1 | Kaspersky, ProtonVPN, AZORult | |
| 270 | 18/02/2020 | ? | Windows users in Italy | Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy. | Malware | X Individual | CC | IT | Dharma, Ransomware | |
| 271 | 18/02/2020 | ? | Government Data Center in Rwanda | A Rwandan data centre that hosts servers related to the country’s government is taken down by hackers. | DDoS | O Public administration and defence, compulsory social security | CC | RW | Rwanda | |
| 272 | 19/02/2020 | ? | MGM Resorts | The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week. | Misconfiguration | I Accommodation and food service activities | CC | US | MGM Resorts | |
| 273 | 19/02/2020 | DRBControl | Gambling companies located in Southeast Asia, Europe and the Middle East | Researchers from Trend Micro and Talent-Jump reveal the details of DRBControl, a criminal organization focused on gambling companies. | Targeted Attack | R Arts entertainment and recreation | CC | >1 | Trend Micro, Talent-Jump, DRBControl | |
| 274 | 19/02/2020 | Exaggerated Lion | Thousands of U.S. companies | Researchers uncover a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. | Business Email Compromise | Y Multiple Industries | CC | US | Agari, Exaggerated Lion | |
| 275 | 19/02/2020 | ? | US Taxpayers | Proofpoint researchers detect the first attacks in theme with the tax season carried out via tax-themed emails with malicious attachments, and legitimate tax-focused websites compromised to deliver malware | Malware | X Individual | CC | US | Proofpoint, Tax | |
| 276 | 19/02/2020 | ? | Swiss companies | Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) warns of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies. | Malware | Y Multiple Industries | CC | CH | Switzerland’s Reporting and Analysis Centre for Information Assurance, MELANI, ransomware | |
| 277 | 19/02/2020 | ? | Multiple targets | Researchers from Prevailion reveal the details of "PHPs Labyrinth", a campaign active since 2017, infecting more than 20,000 WordPress sites via malicious plugins. | Malicious Wordpress Plugin | Y Multiple Industries | CC | >1 | Prevailion, PHPs Labyrinth, WordPress | |
| 278 | 19/02/2020 | ? | Multiple targets | Security researcher Marco Ramilli discover a new batch of e-commerce sites compromised by a Magecart attack. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Marco Ramilli, Magecart. | |
| 279 | 19/02/2020 | ? | Ministère de l’Éducation et de l’Enseignement Supérieur | The PII of at least 51,400, and possibly as many as 360,000 educators, in Quebec Province are exposed when a malicious actor obtained login credentials to the Ministère de l’Éducation et de l’Enseignement Supérieur network. | Unknown | O Public administration and defence, compulsory social security | CC | CA | Ministère de l’Éducation et de l’Enseignement Supérieur | |
| 280 | 19/02/2020 | ? | US Bank Customers | Researchers from IBM X-Force discover a new Emotet campaign spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan. | Malware | K Financial and insurance activities | CC | US | IBM, X-Force, Emotet, TrickBot | |
| 281 | 19/02/2020 | ? | Maroof International Hospital | Maroof International Hospital is hit with a severe ransomware attack | Malware | Q Human health and social work activities | CC | PK | Maroof International Hospital, ransomware | |
| 282 | 19/02/2020 | ? | City of Wayne | The city of Wayne is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Wayne, ransomware | |
| 283 | 19/02/2020 | ? | United Regional Health Care System | United Regional Health Care System discloses an incident that occurred last July when someone accessed an employee email account. 2,000 individuals are affected. | Account Hijacking | P Education | CC | US | United Regional Health Care System | |
| 284 | 20/02/2020 | ? | Defence Information Systems Agency (DISA) | The U.S. Defence Information Systems Agency reveals that Social Security numbers and other personal data in its network may have been compromised between May and July 2019 | Unknown | O Public administration and defence, compulsory social security | CC | US | Defence Information Systems Agency, DISA | |
| 285 | 20/02/2020 | ? | Targets in Southeast Asia | Researchers from Cisco Talos uncover a new campaign, carried out via a remote access tool dubbed ObliqueRAT, focused on targets in Southeast Asia. | Targeted Attack | Y Multiple Industries | CE | >1 | Cisco Talos, ObliqueRAT | |
| 286 | 20/02/2020 | ? | IIT Madras | IIT Madras is hit with the GlobeImposter ransomware. | Malware | P Education | CC | IN | IIT Madras, GlobeImposter, ransomware | |
| 287 | 20/02/2020 | ? | Nine websites | Security researchers discover a new batch of nine websites infected with malicious JavaScript that steals payment card info from online shoppers. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Magecart | |
| 288 | 20/02/2020 | ? | VibrantCare Rehabilitation | VibrantCare Rehabilitation notifies 1,655 patients after an employee’s email account is accessed. | Account Hijacking | Q Human health and social work activities | CC | US | VibrantCare Rehabilitation | |
| 289 | 20/02/2020 | ? | San Felipe Del Rio CISD | A business email compromise targets the San Felipe Del Rio CISD. | Business Email Compromise | P Education | CC | US | San Felipe Del Rio CISD | |
| 290 | 20/02/2020 | ? | South Adams Schools district | The South Adams Schools district is hit with a ransomware attack. | Malware | P Education | CC | US | South Adams Schools district, ransomware | |
| 291 | 21/02/2020 | ? | Android users | Security researchers from Check Point discover a new mobile threat called Haken, hidden in 8 applications. | Malware | X Individual | CC | >1 | Check Point, Haken, Joker, Android | |
| 292 | 21/02/2020 | Lynx | Slickwraps | Slickwraps suffers a data breach after an individual is able to access their systems and after receiving no response to emails, publicly discloses how the access to the site was gained and the data that was exposed. | Vulnerability | C Manufacturing | CC | US | Lynx, Slickwraps | |
| 293 | 21/02/2020 | ? | Reading Municipal Light Department (RMLD) | The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announces it was hit by a ransomware attack. | Malware | D Electricity gas steam and air conditioning supply | CC | US | Reading Municipal Light Department, RMLD, ransomware | |
| 294 | 21/02/2020 | Pakistan? | Indian diplomats and military personnel in some embassies | Researchers from Cybaze-Yoroi ZLab discover that operation Transparent Tribe, allegedly carried out by Pakistan against Indian targets is back after four years. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IN | Cybaze-Yoroi ZLlab, Operation Transparent Tribe, Pakistan, India | |
| 295 | 21/02/2020 | ? | Multiple targets | Researchers from Cofense discover an uptick in phishing attempts using a fake and badly created Office 365 credentials update form. | Account Hijacking | Y Multiple Industries | CC | >1 | Cofense, Office 365 | |
| 296 | 21/02/2020 | ? | Endeavor Energy Resources | Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack on January 14. | Account Hijacking | D Electricity gas steam and air conditioning supply | CC | US | Endeavor Energy Resources | |
| 297 | 21/02/2020 | ? | Moses Lake School District | The Moses Lake School District is hit by a ransomware attack. | Malware | P Education | CC | US | Moses Lake School District, ransomware | |
| 298 | 21/02/2020 | ? | Jackson Public Schools | Jackson Public Schools is hit with a ransomware attack. | Malware | P Education | CC | US | Jackson Public Schools, ransomware | |
| 299 | 22/02/2020 | ? | Major cryptovalues investor | An unknown investor claims to have lost reported $45 million worth of cryptovalues In a SIM Swapping attack. | Account Hijacking | V Fintech | CC | N/A | SIM Swapping, Crypto | |
| 300 | 22/02/2020 | ? | Single Individuals | Security research collective MalwareHunterTeam discover a 3-page Coronavirus-themed Microsoft Office document containing malicious macros, pretending to be from the Center for Public Health of the Ministry of Health of Ukraine, and designed to drop a backdoor malware with clipboard stealing, keylogging, and screenshot capabilities. | Malware | X Individual | CC | UA | MalwareHunterTeam, Coronavirus, COVID-19, Center for Public Health of the Ministry of Health of Ukraine | |
| 301 | 23/02/2020 | ? | Mexico’s economy ministry | Mexico’s economy ministry detects a cyber attack on some of its servers. | Unknown | O Public administration and defence, compulsory social security | CC | MX | Mexico’s economy ministry | |
| 302 | 23/02/2020 | ? | Prince Edward Island | Prince Edward Island reveals it was hit with a Maze ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | CA | Prince Edward Island, ransomware, Maze | |
| 303 | 23/02/2020 | ? | Total Quality Logistics (TQL) | Total Quality Logistics confirms it was the victim of a data breach. | Unknown | N Administrative and support service activities | CC | US | Total Quality Logistics, TQL | |
| 304 | 24/02/2020 | ? | German PayPal users | According to multiple reports, a critical PayPal vulnerability is behind thefts over recent days from numerous German PayPal users (fraudulent transactions with U.S. stores). | Vulnerability | K Financial and insurance activities | CC | DE | PayPal | |
| 305 | 24/02/2020 | Magecart 12 | 40 websites | Security Researcher Max Kersten publishes a list of 40 websites targeted by the Magecart 12 group. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Max Kersten, Magecart 12 | |
| 306 | 24/02/2020 | ? | Ordnance Survey | A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the government-owned mapping agency for Britain. The breach occurred on January this year. | Unknown | O Public administration and defence, compulsory social security | CC | UK | Ordnance Survey | |
| 307 | 24/02/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam discover Mozart, a malware using DNS to communicate with its command and control and evade detection. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, Mozart, DNS | |
| 308 | 24/02/2020 | ? | Portuguese Banking users. | A new campaign carried out via the Lampion malware in disguise of a DPD email, is discovered targeting Portuguese users. | Malware | K Financial and insurance activities | CC | PT | Lampion, DPD | |
| 309 | 24/02/2020 | ? | Pacific Specialty Insurance | Pacific Specialty Insurance notifies plan members of a phishing attack that occurred in March, 2019 | Account Hijacking | K Financial and insurance activities | CC | US | Pacific Specialty Insurance | |
| 310 | 24/02/2020 | ? | Grayson County | Grayson County is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Grayson County | |
| 311 | 24/02/2020 | ? | Transavia | The data of 80,000 Transavia passengers are compromised after a phishing attack. | Account Hijacking | H Transportation and storage | CC | NL | Transavia | |
| 312 | 24/02/2020 | ? | Transmit Security | Transmit Security is breached after a security researcher contacts some of its customers and reports unauthorized access to the data. | Unknown | M Professional scientific and technical activities | CC | IL | Transmit Security | |
| 313 | 25/02/2020 | ? | Multiple targets | Google releases a Chrome update to address three security bugs, including CVE-2020-6418, a zero-day vulnerability actively exploited in the wild. | Vulnerability | Y Multiple Industries | CC | >1 | Google, Chrome, CVE-2020-6418 | |
| 314 | 25/02/2020 | ? | La Salle County | La Salle County is hit with a PwndLocker ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | La Salle County, ransomware, PwndLocker | |
| 315 | 25/02/2020 | ? | Single Individuals | Researchers from Cybaze/Yoroi ZLab discover a new campaign exploiting the Coronavirus theme to distribute the Remcos RAT. | Malware | X Individual | CC | >1 | Cybaze/Yoroi ZLab, Remcos, Coronavirus, COVID-19 | |
| 316 | 25/02/2020 | ? | Reprint Mint | Researchers from Sanguine Security reveal that attackers successfully implanted multiple skimmers, for 30 months on Reprint Mint photo store. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Sanguine Security, Reprint Mint | |
| 317 | 25/02/2020 | tonyredball solarsalvador1234 | Vulnerable Wordpress sites | Other Cybercriminals are taking advantage of the security flaws reported recently in popular WordPress plugins (ThemeGrill Demo Importer, Profile Builder, and Duplicator). | Vulnerability | Y Multiple Industries | CC | >1 | WordPress, ThemeGrill Demo Importer, Profile Builder, Duplicator, tonyredball, solarsalvador1234 | |
| 318 | 25/02/2020 | ? | NRC Health | NRC Health discloses that it was hit by a ransomware attack that took place on February 11. | Malware | M Professional scientific and technical activities | CC | US | NRC Health, ransomware | |
| 319 | 25/02/2020 | ? | Undisclosed target | Researchers from Sophos reveal the details of Cloud Snooper, a sophisticated malware hiding in the cloud, probably backed by an advanced state sponsored actor. | Unknown | Z Unknown | CE | N/A | Cloud Snooper, Sophos | |
| 320 | 25/02/2020 | Overlake Medical Center & Clinics | Overlake Medical Center & Clinics reveals to have been hit by a phishing attack from Dec. 6 to 9, 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Overlake Medical Center & Clinics | ||
| 321 | 25/02/2020 | ? | Advocate Aurora Health | The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign. | Account Hijacking | Q Human health and social work activities | CC | US | Advocate Aurora Health | |
| 322 | 25/02/2020 | ? | Gadsden Independent School District (GISD) | Gadsden Independent School District (GISD) shuts down its internet and communication systems, after a RYUK ransomware attack. | Malware | P Education | CC | US | Gadsden Independent School District, GISD, ransomware | |
| 323 | 25/02/2020 | ? | Hutt Valley High School | Hutt Valley High School reveals that it was hit with a cyber attack. | Unknown | P Education | CC | NZ | Hutt Valley High School | |
| 324 | 26/02/2020 | ? | Clearview AI | Clearview AI discloses to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. | Misconfiguration | M Professional scientific and technical activities | CC | US | Clearview AI | |
| 325 | 26/02/2020 | ? | Bretagne Télécom | Cloud services provider Bretagne Télécom is hacked by the threat actors behind the DoppelPaymer Ransomware using CVE-2019-19781. | Malware | M Professional scientific and technical activities | CC | FR | Bretagne Télécom, DoppelPaymer, Ransomware, CVE-2019-19781 | |
| 326 | 26/02/2020 | ? | Multiple targets | Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution. | Vulnerability | Y Multiple Industries | CC | >1 | Microsoft Exchange, CVE-2020-0688 | |
| 327 | 26/02/2020 | ? | Multiple targets | Researchers from Malwarebytes discover Magecart actors cloaking their credit card skimmers using fake content delivery network domains. | Malicious Script Injection | Y Multiple Industries | CC | >1 | Malwarebytes, Magecart | |
| 328 | 26/02/2020 | ? | Southern Water | British utility Southern Water is the victim of a phishing attack, resulting in a shutdown of some of the company's systems. | Account Hijacking | D Electricity gas steam and air conditioning supply | CC | UK | Southern Water | |
| 329 | 26/02/2020 | Cobalt Ulster (AKA MuddyWater, Seedworm, TEMP.Zagros, and Static Kitten) | Governmental organizations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan. | Researchers from Secureworks reveal the details of the latest cyber espionage campaign carried out by the Iranian state-sponsored actor Cobalt Ulster | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Cobalt Ulster, MuddyWater, Seedworm, TEMP.Zagros, Static Kitten, Secureworks, Iran | |
| 330 | 26/02/2020 | ? | Rady’s Children’s Hospital | Rady’s Children’s Hospital notifies patients whose data were accessed via an "open port" on June 2019, and January 2020. | Unknown | Q Human health and social work activities | CC | US | Rady’s Children’s Hospital | |
| 331 | 27/02/2020 | ? | Barbara Corcoran | Barbara Corcoran, a renowned real-estate broker and business expert, admits she lost $380,000 via a BEC scam. | Business Email Compromise | L Real estate activities | CC | US | Barbara Corcoran | |
| 332 | 27/02/2020 | ? | Kenneth Cole Productions | The operators behind the Sodinokibi Ransomware (AKA Revil) publish the download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from Kenneth Cole Productions. | Malware | C Manufacturing | CC | US | Kenneth Cole Productions, Sodinokibi, Revil, ransomware | |
| 333 | 27/02/2020 | ? | Single Individuals | Researchers from Malwarebytes and X-Force discover an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims. | Malware | X Individual | CC | >1 | Malwarebytes, IBM X-Force, Nemty, Ransomware | |
| 334 | 27/02/2020 | ? | Multiple targets | Researchers from Palo Alto discover a new phishing campaign installing the NetSupport Manager RAT via a Fake Norton LifeLock document. | Malicious Spam | Y Multiple Industries | CC | >1 | Palo Alto, NetSupport Manager RAT, Norton LifeLock | |
| 335 | 27/02/2020 | ? | BGR.in tradinggame.au.com S3 Production | Hackers share three SQL databases from S3 buckets, one dump belonging to the BGR tech news site in India. | Misconfiguration | Y Multiple Industries | CC | >1 | BGR.in, tradinggame.au.com, S3 Production | |
| 336 | 27/02/2020 | ? | Democratic National Committee | The Democratic National Committee warns its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least two other campaigns. | Account Hijacking | S Other service activities | CE | US | Democratic National Committee, Bernie Sanders | |
| 337 | 27/02/2020 | ? | Jordan Health | Jordan Health is hit with a ransomware attack. | Malware | P Education | CC | US | Jordan Health | |
| 338 | 28/02/2020 | ? | 130,000 Asus routers | An unknown criminal manages to breach as many as 130,000 Asus routers, and sells the access to them for few dollars. | Vulnerability | Y Multiple Industries | CC | >1 | Asus | |
| 339 | 28/02/2020 | ? | Multiple targets | Researchers from Morphisec discover a widespread campaign using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap adopted by TrickBot for delivery. | Malware | Y Multiple Industries | CC | >1 | Morphisec, ActiveX, Word, Windows 10, TrickBot | |
| 340 | 28/02/2020 | ? | Vulnerable Wordpress sites | Researchers from Defiant discover that attackers took over tens of thousands of WordPress sites by exploiting multiple zero-days in the following plugins: Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite. | Vulnerability | Y Multiple Industries | CC | >1 | Wordpress, Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite, Defiant | |
| 341 | 28/02/2020 | ? | Munson Healthcare Group | Munson Healthcare Group discloses that hackers gained access to patient data placed by compromising the email accounts of at least two employees. Patient records were accessed from July 31, 2019, to October 22, 2019, but the breach went undetected until January 16, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Munson Healthcare Group | |
| 342 | 29/02/2020 | ? | Epiq Global | Legal services giant Epiq Global is hit by a ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | Epiq Global, ransomware | |
| 343 | 29/02/2020 | ? | RailWorks Corporation | RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, discloses a ransomware attack. | Malware | C Manufacturing | CC | US | RailWorks Corporation, ransomware | |
| 344 | 29/02/2020 | ? | Vulnerable Apache Tomcat servers | Security researchers detect ongoing scans for Apache Tomcat servers unpatched against the Ghostcat (CVE-2020-1938) vulnerability. | Vulnerability | Y Multiple Industries | CC | >1 | Apache Tomcat, Ghostcat, CVE-2020-1938 | |
| 345 | 29/02/2020 | ? | Loqbox | Fintech startup Loqbox reveals to have suffered an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers. | Unknown | V Fintech | CC | UK | Loqbox, Crypto | |
| 346 | 15/02/2020 | ? | EMCOR Group | EMCOR Group, a Fortune 500 company specialized in engineering and industrial construction services, discloses a Ryuk ransomware incident that took down some of its IT systems. | Malware | C Manufacturing | CC | US | EMCOR Group, Ryuk, ransomware | |
| 347 | 21/02/2020 | ? | Coinhako | Coinhako is hit by a sophisticated attack. | Unknown | V Fintech | CC | SG | Coinhako, Crypto | |
| 348 | 27/02/2020 | ? | Okex and Bitfinex | Okex and Bitfinex suffered simultaneous distributed denial of service (DDoS) | DDoS | V Fintech | CC | US HK | Okex, Bitfinex, Coinhako | |
| 349 | 27/02/2020 | Kimsuky | South Korean officials | Researchers from IssueMakersLab reveal that a group of North Korean hackers embedded malware inside documents detailing South Korea's response to the COVID-19 epidemic. The embedded malware is BabyShark a backdoor previously utilized by a North Korean hacker group known as Kimsuky. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR | IssueMakersLab, COVID-19, Kimsuky, BabyShark | |
| 350 | 29/02/2020 | Digileaker | Digitex | A hacker dubbed Digileaker claims to have stolen the data related to 8,000 Digitex users. | Unknown | V Fintech | CC | SC | Digitex, Digileaker | |
| 351 | 01/03/2020 | ? | Visser Precision | Visser Precision, parts maker for space and defense contractors confirms a DoppelPaymer ransomware attack. | Malware | C Manufacturing | CC | US | Visser Precision, DoppelPaymer, ransomware | |
| 352 | 01/03/2020 | ? | Community Development Bank | Community Development Bank becomes the latest victim of the Maze ransomware team. | Malware | K Financial and insurance activities | CC | US | Community Development Bank, Maze, Ransomware | |
| 353 | 02/03/2020 | ? | City of Novi Sad | The City of Novi Sad in Serbia is hit by the PwndLocker ransomware. | Malware | O Public administration and defence, compulsory social security | CC | RS | Novi Sad, Serbia, PwndLocker, ransomware | |
| 354 | 02/03/2020 | ? | Spartanburg School District One | Spartanburg School District One is hit with a ransomware attack. | Malware | P Education | CC | US | Spartanburg School District One | |
| 355 | 02/03/2020 | APT34 | Lebanon Government | Researchers from Cybaze-Yoroi ZLab discover a new campaign targeting the Lebanon government via the Karkoff implant. | Targeted Attack | O Public administration and defence, compulsory social security | CE | LB | Cybaze-Yoroi ZLab, Lebanon, Karkoff | |
| 356 | 02/03/2020 | ? | Large number of French critical infrastructure firms | A large number of French critical infrastructure firms appear to have been hacked as part of an extended malware campaign. | Malware | D Electricity gas steam and air conditioning supply | CC | FR | France | |
| 357 | 02/03/2020 | Egypt? India? | Saudi Arabia UAE | Facebook removes hundreds of accounts and pages used in "Operation Red Card", a deceptive campaign that appears to be from Egyptian and Indian marketing firms, to post anti-Saudi and anti-Emirati content. | Fake Social Network accounts/groups/pages | O Public administration and defence, compulsory social security | CW | SA AE | Operation Red Card, Facebook, India, Egypt | |
| 358 | 02/03/2020 | ? | Tesco | Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack. | Credential Stuffing | G Wholesale and retail trade | CC | UK | Tesco | |
| 359 | 02/03/2020 | ? | Android users | Google addresses a high-severity flaw in MediaTek’s Command Queue driver that developers said affects millions of devices, and which has an exploit already circulating in the wild. | Vulnerability | X Individual | CC | >1 | Google, Android, Mediatek, CVE-2020-0032 | |
| 360 | 03/03/2020 | CIA? | Chinese companies and government agencies | The Chinese company Qihoo 360 publishes a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years (from 2008 to 1019). | Targeted Attack | O Public administration and defence, compulsory social security | CE | CN | Qihoo 360, CIA | |
| 361 | 03/03/2020 | Molerats (AKA Gaza Hackers Team and Gaza Cybergang) | Eight organizations in six different countries in the government, telecommunications, insurance and retail industries | Researchers from Palo Alto Unit 42 observe multiple instances of phishing attacks likely related to the threat group Molerats targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries | Targeted Attack | Y Multiple Industries | CE | >1 | Molerats, Gaza Hackers Team, Gaza Cybergang, Palo Alto, Unit 42 | |
| 362 | 03/03/2020 | ? | J.Crew | Clothing giant J.Crew says an unknown number of customers had their online accounts accessed “by an unauthorized party" in or around April 2019. | Credential Stuffing | G Wholesale and retail trade | CC | US | J.Crew | |
| 363 | 03/03/2020 | Kimsuky | South Korea | Researchers from Cybaze-Yoroi ZLab discover a new campaign by the North Korea-linked APT group, Kimsuky, targeting South Korea. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR | Cybaze-Yoroi ZLab, Kimsuky | |
| 364 | 03/03/2020 | ? | Four Queens Hotel and Casino and Binion’s Casino | Four Queens Hotel and Casino and Binion’s Casino are hit with a ransomware attack. | Malware | R Arts entertainment and recreation | CC | US | Four Queens Hotel and Casino, Binion’s Casino, ransomware | |
| 365 | 04/03/2020 | ? | T-Mobile | US telecommunications giant T-Mobile discloses a security breach that impacted both its employees and customers alike. The attackers gained access to "certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees." | Account Hijacking | J Information and communication | CC | US | T-Mobile | |
| 366 | 04/03/2020 | ? | Australian Defence | The Australian Signals Directorate (ASD reveals that a vulnerability in Citrix, could have been used by malicious actors to access a database of Australian Defence recruitment details. | Vulnerability | O Public administration and defence, compulsory social security | CE | AU | Australian Signals Directorate, ASD, Citrix, Australian Defence, CVE-2019-19781 | |
| 367 | 04/03/2020 | ? | Boots | Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords. | Password-spraying | G Wholesale and retail trade | CC | UK | Boots | |
| 368 | 04/03/2020 | ? | Single Individuals | Researchers from Fortinet discover a new campaign delivering the Lokibot malware and exploiting the COVID-19 fear. | Malware | X Individual | CC | >1 | Fortinet, Lokibot, COVID-19, Coronavirus | |
| 369 | 04/03/2020 | ? | Single Individuals | Researchers from Cofense discover an additional phishing campaign pushing fake messages from The Centers for Disease Control (CDC) stating that the coronavirus has “officially become airborne” and there “have been confirmed cases of the disease in your location.” | Account Hijacking | X Individual | CC | >1 | Cofense, CDC, Coronavirus, COVID-19, The Centers for Disease Control | |
| 370 | 04/03/2020 | ? | SIngle Individuals | Researchers from Cofense discover a phishing campaign, leveraging OneNote to bypass detection tools and download malware onto victims’ systems. | Account Hijacking | X Individual | CC | >1 | Cofense, OneNote | |
| 371 | 05/03/2020 | ? | Carnival Corp. | Carnival Corp. announces that two of its most popular lines, Holland America and Princess Cruises, were hit by a phishing attack between April 11 and July 23, 2019. | Account Hijacking | R Arts entertainment and recreation | CC | US | Carnival Corp., Holland America, Princess Cruises | |
| 372 | 05/03/2020 | ? | Communications & Power Industries (CPI) | Communications & Power Industries (CPI) is still down after a ransomware attack suffered in January. | Malware | C Manufacturing | CC | US | Communications & Power Industries, CPI | |
| 373 | 05/03/2020 | ? | EVRAZ | EVRAZ, one of the world's largest steel manufacturers and mining operations, has its North American activities taken down by a Ryuk ransomware attack. | Malware | C Manufacturing | CC | US | EVRAZ, Ryuk, ransomware | |
| 374 | 05/03/2020 | ? | Banking users in Italy | Researchers from Sophos discover a new campaign distributing the Trickbot malware in Italy and exploiting the COVID-19 outbreak. | Malware | K Financial and insurance activities | CC | IT | Sophos, Trickbot, COVID-19 | |
| 375 | 05/03/2020 | ? | Multiple targets | Researchers from Kaspersky discover a new campaign inviting victims to install malware in disguise of an expired certificate. | Malware | Y Multiple Industries | CC | >1 | Kaspersky | |
| 376 | 05/03/2020 | Tonto Team | Multiple targets in Russia, Japan, and South Korea | Researchers from Cisco Talos reveal the detail of a new cyber espionage campaign carried out by the Tonto Team via the Bisonal RAT. | Targeted Attack | Y Multiple Industries | CE | >1 | Cisco Talos, Tonto Team, Bisonal RAT | |
| 377 | 05/03/2020 | ? | Chrome Users | Researchers at MyCrypto discover a malicious Chrome extension able to steal Ledger wallet recovery seeds. | Malicious Browser Extension | V Fintech | CC | >1 | MyCrypto, Chrome, Ledger | |
| 378 | 06/03/2020 | ? | The City of Durham and Durham County | The City of Durham and Durham County are hit by a Ryuk ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Durham, Durham County, Ryuk. Ransomware | |
| 379 | 06/03/2020 | ? | Trident Crypto Fund | The usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online. | Unknown | V Fintech | CC | MA | Trident Crypto Fund, Crypto | |
| 380 | 06/03/2020 | ? | Entercom | US radio giant Entercom reports a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored in a third-party cloud hosting service and containing Radio.com user credentials. | Unknown | J Information and communication | CC | US | Entercom | |
| 381 | 06/03/2020 | ? | Koodo Mobile | Telus-owned Koodo Mobile suffers a data breach after their systems were hacked on February 13, 2020, and customer data from August and September 2017 was stolen by the attackers. | Account Hijacking | J Information and communication | CC | CA | Koodo Mobile | |
| 382 | 06/03/2020 | ? | Multiple targets | The US Federal Bureau of Investigation (FBI) warns private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise (BEC) attacks. | Business Email Compromise | Y Multiple Industries | CC | US | Federal Bureau of Investigation, FBI, Microsoft Office 365, Google G Suite | |
| 383 | 07/03/2020 | ? | SIngle Individuals | Researchers from MalwareHunterTeam discover another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO), and in reality distributing a malware downloader that installs the FormBook information-stealing Trojan. | Malicious Spam | X Individual | CC | >1 | MalwareHunterTeam, Coronavirus, COVID-19, World Health Organization, WHO, FormBook | |
| 384 | 07/03/2020 | ? | Six Southeast Asian countries, including Malaysia and Singapore | Researchers from Technisanct discover hundreds of thousands of credit card details from at least six Southeast Asian countries, leaked online. | Unknown | K Financial and insurance activities | CC | >1 | Malaysia, Singapore, Technisanct | |
| 385 | 08/03/2020 | ? | Multiple targets | Researchers from Volexity reveal that state-sponsored hacking groups are using a recently disclosed Microsoft Exchange vulnerability (CVE-2020-0688) to attack targets. The same warning is sent also by the NSA. | Vulnerability | Y Multiple Industries | CC | >1 | Volexity, Microsoft Exchange, CVE-2020-0688 | |
| 386 | 08/03/2020 | ? | University of Kentucky and UK HealthCare | The University of Kentucky and UK HealthCare discovers that is suffered a malware attack aimed to install cryptominers. | Malware | P Education | CC | US | University of Kentucky and UK HealthCare | |
| 387 | 09/03/2020 | ? | ENTSO-E | The European Network of Transmission System Operators for Electricity (ENTSO-E), says that its IT network had been compromised in a “cyber intrusion.” | Unknown | D Electricity gas steam and air conditioning supply | N/A | EU | ENTSO-E, European Network of Transmission System Operators for Electricity | |
| 388 | 09/03/2020 | ? | Russian users | Researchers from MalwareHunterTeam discover a new phishing scam targeting Russian victims, and utilizing a "customer service" chatbot. | Account Hijacking | X Individual | CC | RU | MalwareHunterTeam | |
| 389 | 09/03/2020 | ? | Single Individuals | Researchers from IBM X-Force Threat Intelligence discover a new sextortion campaign, luring victims with emails promising to give access to the nude extortion pics of a friend's girlfriend, and delivering the Raccoon malware. | Malicious Spam | X Individual | CC | >1 | IBM, X-Force, sextortion, Raccoon | |
| 390 | 09/03/2020 | ? | TrueFire | The popular online guitar tutoring website TrueFire suffers a ‘Magecart‘ attack that might have exposed customers’ personal information and payment card data. | Malicious Script Injection | S Other service activities | CC | US | TrueFire, Magecart | |
| 391 | 09/03/2020 | ? | Single Individuals | Researchers from security firm Reason discover a fake Coronavirus map, delivering the AZORult trojan. | Malware | X Individual | CC | >1 | Reason, COVID019, Coronavirus, AZORult | |
| 392 | 09/03/2020 | ? | Fort Worth Independent School District | The Fort Worth Independent School District is hit with a ransomware attack, | Malware | P Education | CC | US | Fort Worth Independent School District, ransomware | |
| 393 | 10/03/2020 | Mustang Panda | Targets in Vietnam | Vietnamese cyber-security firm VinCSS detects a Chinese state-sponsored group (codenamed Mustang Panda) spreading emails with a RAR file attachment purporting to carry a message about the coronavirus outbreak from the Vietnamese Prime Minister. | Targeted Attack | Y Multiple Industries | CE | VN | VinCSS, Mustang Panda, Coronavirus | |
| 394 | 10/03/2020 | ? | Multiple targets | Researchers from Cybereason discover a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. | Malware | Y Multiple Industries | CC | >1 | Cybereason, njRAT | |
| 395 | 10/03/2020 | ? | Undisclosed organization in Asia | Researchers from Lastline discover a new campaign spreading the Paradise ransomware via IQY files. | Malware | Z Unknown | CC | N/A | Lastline, Paradise, ransomware, IQY | |
| 396 | 10/03/2020 | ? | Undisclosed target | Researchers from Cofense discover a phishing campaigns using YouTube redirects to evade security controls. | Account Hijacking | Z Unknown | CC | N/A | YouTube | |
| 397 | 10/03/2020 | ? | Multiple targets | Attackers start to exploit a recently discovered vulnerability on ManageEngine Desktop Central. | Vulnerability | Y Multiple Industries | CC | >1 | ManageEngine Desktop Central, CVE-2020-10189 | |
| 398 | 10/03/2020 | ? | Wichita State University | Wichita State University notifies 1,762 individuals whose personal information was accessed by hackers between December 3, 2019 and December 5, 2019. | Unknown | P Education | CC | US | Wichita State University | |
| 399 | 10/03/2020 | ? | Undisclosed company | A global company with an office in Perth is attacked by criminals who demand a $30 million ransom to unlock its computer system in Australia. | Malware | Z Unknown | CC | AU | Perth | |
| 400 | 11/03/2020 | ? | Champaign-Urbana Public Health District | In the midst of a coronavirus pandemic, the Champaign-Urbana Public Health District is hit with a NetWalker ransomware attack. | Malware | Q Human health and social work activities | CC | US | Champaign-Urbana Public Health District, NetWalker, ransomware | |
| 401 | 11/03/2020 | ? | Global insurance, healthcare, and pharmaceutical organizations | Researchers from Proofpoint discover a new phishing campaign impersonating Vanderbilt University Medical Center and sending out fake HIV test result emails. | Malicious Spam | Y Multiple Industries | CC | >1 | Proofpoint, Vanderbilt University Medical Center, HIV | |
| 402 | 11/03/2020 | ? | Northeast Radiology | Northeast Radiology announces that on January 11, 2020, unauthorized individuals gained access to Northeast Radiology’s picture archiving and communication system (“PACS”), | Unknown | Q Human health and social work activities | CC | US | Northeast Radiology | |
| 403 | 12/03/2020 | ? | Facebook Users | Facebook, Twitter and Instagram remove multiple accounts and pages for a coordinated inauthentic behavior on behalf in Ghana and Nigeria on behalf of individuals in Russia, targeting primarily the United States. | Fake Social Network accounts/groups/pages | X Individual | CW | US | Facebook, Instagram, Twitter, Ghana, Nigeria, Russia, United States. | |
| 404 | 12/03/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam discover a new campaign distributing a malware cocktail consisting of the Coronavirus Ransomware and the Kpot information-stealing Trojan. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, Coronavirus, Kpot | |
| 405 | 12/03/2020 | Vicious Panda | Public sector entity of Mongolia | Researchers from Check Point discover a campaign, dubbed Vicious Panda, carried out by a Chinese APT group on a public sector entity of Mongolia, leveraging the coronavirus pandemic. | Targeted Attack | O Public administration and defence, compulsory social security | CE | MN | Check Point, Mongolia, Coronavirus | |
| 406 | 12/03/2020 | ? | Open Exchange Rates | Open Exchange Rates announces a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. The breach occurred between February 9th, 2020, and March 2nd, 2020. | Account Hijacking | M Professional scientific and technical activities | CC | US | Open Exchange Rates | |
| 407 | 12/03/2020 | Turla | Several high-profile Armenian websites | Researchers from ESET discover a watering hole operation targeting several high-profile Armenian websites via a fake Adobe Flash update, delivering two previously undocumented pieces of malware dubbed NetFlash and PyFlash. | Targeted Attack | O Public administration and defence, compulsory social security | CE | AM | ESET, Turla, Adobe Flash, NetFlash, PyFlash | |
| 408 | 12/03/2020 | ? | Multiple targets | Researchers from IBM X-Force discover a new malware strain dubbed PXJ (AKA XVFXGW). | Malware | Y Multiple Industries | CC | >1 | IBM, X-Force, PXJ, XVFXGW | |
| 409 | 13/03/2020 | ? | The National | The National, a Scottish newspaper, is hit by a DDoS attack. | DDoS | J Information and communication | CC | UK | The National, DDoS | |
| 410 | 13/03/2020 | ? | Brno University Hospital | The Brno University Hospital, a COVID-19 testing center, is hit by a cyberattack right in the middle of a COVID-19 outbreak. | Malware | Q Human health and social work activities | CC | CZ | Brno University Hospital, COVID-19, Coronavirus | |
| 411 | 13/03/2020 | ? | Android users | Researchers from Domaintools reveal the details of Covidlock, a ransomware encrypting data on Android devices. | Malware | X Individual | CC | >1 | Domaintools, Covidlock, Android | |
| 412 | 13/03/2020 | Ancient Tortoise | Multiple targets | Researchers from Agari reveal that the Ancient Tortoise Group is now starting using coronavirus-themed scam emails that take advantage of the COVID-19 global outbreak to convince potential victims to send payments to attacker-controlled accounts. | Business Email Compromise | Y Multiple Industries | CC | >1 | Agari, Ancient Tortoise | |
| 413 | 13/03/2020 | ? | Aerial Direct | Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years. | Unknown | J Information and communication | CC | UK | Aerial Direct | |
| 414 | 13/03/2020 | ? | Healthcare professionals | A new email scam targets healthcare professionals with phishing emails about "coronavirus awareness" - part of a wave of scams capitalizing on the pandemic. | Account Hijacking | Q Human health and social work activities | CC | >1 | Coronavirus, COVID-19 | |
| 415 | 13/03/2020 | ? | Randleman Eye Center | Randleman Eye Center discloses a malware attack occurred on January 13. | Malware | Q Human health and social work activities | CC | US | Randleman Eye Center | |
| 416 | 13/03/2020 | ? | Jay Public School District | The Jay Public School District is hit with a cyber attack. | Unknown | P Education | CC | US | Jay Public School District | |
| 417 | 14/03/2020 | ? | Facebook Android users | Researchers from Kaspersky discover the CookieThief malware, targeting the Facebook accounts of Android users. | Malware | X Individual | CC | >1 | Kaspersky, CookieThief, Facebook, Android | |
| 418 | 14/03/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam discover a new backdoor malware called BlackWater pretending to be a COVID-19 information while abusing Cloudflare Workers as an interface to the malware's command and control (C2) server. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, BlackWater, COVID-19, Cloudflare | |
| 419 | 14/03/2020 | ? | AffordaCare Urgent Care Clinic | AffordaCare Urgent Care Clinic is hit by the Maze ransomware team. | Malware | Q Human health and social work activities | CC | US | AffordaCare Urgent Care Clinic, ransomware, Maze | |
| 420 | 14/03/2020 | ? | Advanced Urgent Care of the Florida Keys | Advanced Urgent Care of the Florida Keys | Malware | Q Human health and social work activities | CC | US | Advanced Urgent Care of the Florida Keys, ransomware, Maze | |
| 421 | 15/03/2020 | ? | United States Health and Human Services Department | The United States Health and Human Services Department's web site is hit with a DDoS cyber attack in the middle of the Coronavirus outbreak. | DDoS | O Public administration and defence, compulsory social security | CC | US | United States Health and Human Services Department, Coronavirus | |
| 422 | 15/03/2020 | ? | Townhall of Marseille and the metropolis. | The townhall of Marseille is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | FR | Marseille, ransomware | |
| 423 | 02/03/2020 | ? | Vijay Sales | A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an “exposed backup server” breached in February 2020. | Misconfiguration | G Wholesale and retail trade | CC | IN | Vijay Sales, AWS | |
| 424 | 02/03/2020 | ? | GeoCloud | A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users’ names, email addresses, and passwords as well as the company’s social media keys and company information. | Misconfiguration | S Other service activities | CC | IL | GeoCloud, AWS | |
| 425 | 13/03/2020 | ? | Norwegian Cruise Line | Researchers from Dynarisk discover a breached database belonging to Norwegian Cruise Line, containing 29,969 records | Unknown | R Arts entertainment and recreation | CC | US | Dynarisk, Norwegian Cruise Line | |
| 426 | 14/03/2020 | Maze | Hammersmith Medicines Research (HMR) | Hammersmith Medicines Research (HMR) is hit with a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | UK | Hammersmith Medicines Research, HMR, Maze, Coronavirus | |
| 427 | 14/03/2020 | ? | Energy, construction, and telecoms in the United States | Researchers from Proofpoint discover a small campaign targeting energy, construction, and telecoms in the United States, using the subject line "coronavirus update disease (COVID-19) your neighbors tested positive" and distributing the Remcos remote control tool. | Malware | Y Multiple Industries | CC | US | Proofpoint, Coronavirus, COVID-19, Remcos | |
| 428 | 14/03/2020 | ? | Jamaica National Group | Jamaica National Group is hit with a ransomware attack. | Malware | K Financial and insurance activities | CC | JM | Jamaica National Group, ransomware | |
| 429 | 15/03/2020 | ? | Bluffton Township Fire District | Bluffton Township Fire District is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Bluffton Township Fire District, ransomware | |
| 430 | 16/03/2020 | APT36 | Indian government | Researchers from Malwarebytes discover a new campaign targeting India of the Pakistan-linked APT36 group exploiting COVID-19 to implant the Crimson RAT. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IN | APT36, COVID-19, Crimson, Pakistan, India, Malwarebytes | |
| 431 | 16/03/2020 | ? | Single Individuals | Researchers from ESET discover a massive campaign targeting users in multiple countries carried out via a wave of 2,500 infections of just two strains of malware delivered in COVID-19-themed emails. | Malicious Spam | X Individual | CC | >1 | ESET, COVID-19, Coronavirus | |
| 432 | 16/03/2020 | TA505 | U.S. healthcare, manufacturing, and pharmaceuticals industries. | Researchers from Proofpoint discover a campaign from TA505, using a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries. | Malware | Y Multiple Industries | CC | US | Proofpoint, TA505 | |
| 433 | 16/03/2020 | ? | Single Individuals | Researchers from KnowBe4 discover a new phishing campaign spoofing the CDC and WHO. | Account Hijacking | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19, CDC, WHO | |
| 434 | 16/03/2020 | ? | Multiple targets in the UK | The National Cyber Security Centre (NCSC) warns that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns. | >1 | Y Multiple Industries | CC | UK | National Cyber Security Centre, NCSC, Coronavirus, COVID-19 | |
| 435 | 16/03/2020 | ? | College of DuPage | College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach. | Unknown | P Education | CC | US | College of DuPage | |
| 436 | 16/03/2020 | ? | Android users | Researchers from Kaspersky discover MonitorMinor, a stalkerware able to intercept user data in disguise of a parental control app. | Malware | X Individual | CC | >1 | Kaspersky, MonitorMinor, Android | |
| 437 | 17/03/2020 | ? | Multiple targets in the US | Researchers from Proofpoint discover a medium-sized campaign in the United States primarily targeting the manufacturing industry but also construction, transportation, healthcare, automotive, energy, and aerospace companies. The email spoofs the real address of the head of the World Health Organization (WHO), claims there is a “solution” for “total control”, distributes GuLoader and Agent Tesla, and asks the recipient to “share with all contacts.” | Malware | Y Multiple Industries | CC | US | Proofpoint, World Health Organization, WHO, GuLoader, Agent Tesla, COVID-19, Coronavirus | |
| 438 | 17/03/2020 | ? | Manufacturing and industrial targets in Spain and Portugal | Researchers from Proofpoint discover a small COVID-19 themed campaign against manufacturing and industrial targets in Spain and Portugal and distributing GuLoader. | Malware | Y Multiple Industries | CC | ES PT | Proofpoint, COVID-19, Coronavirus, GuLoader | |
| 439 | 17/03/2020 | ? | Manufacturing, technology, and industrial companies in the Netherlands | Researchers from Proofpoint discover a small campaign in Dutch targeting manufacturing, technology, and industrial companies in the Netherlands, designed to steal banking credentials. | Account Hijacking | Y Multiple Industries | CC | NL | Proofpoint, COVID-19, Coronavirus | |
| 440 | 17/03/2020 | ? | Italian users | Researchers from Cybaze-Yoroi ZLab intercept a new Ursnif campaign targeting Italian users. | Malware | X Individual | CC | IT | Cybaze-Yoroi Zlab, Ursnif | |
| 441 | 17/03/2020 | ? | Vimeo users | Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft. | Malware | X Individual | CC | >1 | Vimeo | |
| 442 | 17/03/2020 | ? | Town of Houlton Police | The Town of Houlton Police discloses that it suffered a malware attack discovered on October 2019. | Malware | O Public administration and defence, compulsory social security | CC | US | Town of Houlton Police | |
| 443 | 17/03/2020 | ? | Tandem Diabetes Care | Tandem Diabetes Care notifies 140,781 patients of a phishing incident discovered on January 17, 2020 | Account Hijacking | Q Human health and social work activities | CC | US | Tandem Diabetes Care | |
| 444 | 17/03/2020 | ? | Multiple targets | A new ransomware called Nefilim that shares much of the same code as Nemty starts to become active in the wild and threatens to release stolen data. | Malware | Y Multiple Industries | CC | >1 | Ransomware, Nefilim, Nemty | |
| 445 | 18/03/2020 | ? | Multiple targets | Trend Micro reveals that hackers are actively exploiting two zero-days (CVE-2020-8467 and CVE-2020-8468) in its antivirus products. | Vulnerability | Y Multiple Industries | CC | >1 | Trend Micro, CVE-2020-8467, CVE-2020-8468 | |
| 446 | 18/03/2020 | Molerats group (AKA Gaza CyberGang) | Arabic speakers interested in Palestine’s potential acceptance of the peace plan | Researchers from IBM X-Force reveal the details of the EnigmaSpark campaign, a politically themed campaign opposing to the Middle East Peace Plan. | Targeted Attack | X Individual | CE | PS | IBM X-Force, EnigmaSpark, Middle East | |
| 447 | 18/03/2020 | ? | Telecommunications providers, universities and financial service | Researchers from Bitdefender discover a new variant of the infamous Trickbot malware targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data. | Malware | Y Multiple Industries | CE | >1 | Bitdefender, Trickbot | |
| 448 | 18/03/2020 | ? | NutriBullet | Researchers at RiskIQ identify a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks. | Malicious Script Injection | G Wholesale and retail trade | CC | US | RiskIQ, NutriBullet, Magecart | |
| 449 | 18/03/2020 | ? | Android users in Libya | Researchers from Lookout discover an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign, exploiting COVID-19, operating out of Libya and targeting Libyan individuals. | Targeted Attack | X Individual | CE | LY | Lookout, Android, COVID-19, Libya | |
| 450 | 18/03/2020 | ? | US retail companies | Researchers from Proofpoint discover a small COVID-19 themed phishing campaign in the United States primarily targeting retail companies and uses concerns about infected staff members to try and lure victims to click. | Account Hijacking | G Wholesale and retail trade | CC | US | Proofpoint, COVID-19, Coronavirus | |
| 451 | 18/03/2020 | ? | Blizzard | Blizzard is hit with a DDoS attack. | DDoS | R Arts entertainment and recreation | CC | US | Blizzard | |
| 452 | 19/03/2020 | ? | Keen | Cybercriminals try to disrupt a charity initiative by Keen aimed to deliver shoes to the workers on the front lines and the families at home fighting through the COVID-19 crisis. | DDoS | G Wholesale and retail trade | CC | US | Keen, COVID-19, Coronavirus | |
| 453 | 19/03/2020 | ? | Brooks International | The Sodinokibi Ransomware operators publish over 12 GB of stolen data allegedly belonging to a company named Brooks International for not paying the ransom. | Malware | M Professional scientific and technical activities | CC | PK | Sodinokibi, ransomware, Brooks International | |
| 454 | 19/03/2020 | ? | Single Individuals | Researchers from Sophos reveal that sextortion scammers are now attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets". | Malicious Spam | X Individual | CC | >1 | COVID-19, Coronavirus | |
| 455 | 19/03/2020 | ? | Single Individuals | The FBI warns of a significant spike in coronavirus scams targeting three states, with unusually high rates of COVID-19 infection: California, New York and Washington. | Malicious Spam | X Individual | CC | US | FBI, coronavirus, COVID-19, California, New York, Washington | |
| 456 | 19/03/2020 | ? | Android users | Researchers from Zscaler discover "Corona Safety Mask" an Android worm in disguise of a Coronavirus safety mask. | Malware | X Individual | CC | >1 | Zscaler, Android, Coronavirus, Covid-19, Corona Safety Mask | |
| 457 | 19/03/2020 | ? | US Mobile users | According to researchers at telecoms security provider AdaptiveMobile, masses of text messages are being sent out to Americans, with offers on masks, survival guides and medically-unsupported COVID-19 treatments like CBD oil. | Malicious Spam | X Individual | CC | US | AdaptiveMobile, COVID-19, CBD oil | |
| 458 | 19/03/2020 | ? | Single Individuals | Researchers from IBM X-Force discover an ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO), actively spreading HawkEye malware payloads onto the devices of unsuspecting victims. | Malware | X Individual | CC | >1 | IBM X-Force, COVID-19, Coronavirus, World Health Organization, WHO, HawkEye | |
| 459 | 19/03/2020 | APT28, AKA Fancy Bear, Sednit, and Pawn Storm | Multiple targets | Researchers from Trend Micro reveal that APT28 have continued to scan and probe the internet for vulnerable email servers during 2019. | Targeted Attack | Y Multiple Industries | CE | >1 | Trend Micro, APT28, Fancy Bear, Sednit, Pawn Storm | |
| 460 | 19/03/2020 | ? | Single Individuals | A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake [email protected] app that installs Redline, an information-stealing malware. | Malware | X Individual | CC | >1 | COVID-19, Coronavirus, [email protected], Redline | |
| 461 | 19/03/2020 | ? | Takeaway | The German food delivery service Takeaway is hit with a DDoS attack. | DDoS | I Accommodation and food service activities | CC | DE | Takeaway | |
| 462 | 19/03/2020 | Mespinoza/Pysa | Local government authorities in France | The France's issues a warning about Mespinoza/Pysa a new ransomware gang that's been recently seen targeting the networks of local government authorities. | Malware | O Public administration and defence, compulsory social security | CC | FR | Mespinoza, Pysa, ransomware | |
| 463 | 19/03/2020 | TA505 AKA Evil Corp | Businesses in Germany | Researchers from Prevailion discover a new campaign by the notoriously prolific TA505 cybercrime organization targeting businesses in Germany via their human resources executives. | Malware | Y Multiple Industries | CC | DE | Prevailion, TA505, Evil Corp | |
| 464 | 20/03/2020 | ? | General Electric (GE) via Canon Business Process Services | General Electric (GE) discloses that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers, Canon Business Process Services. One of their employees' email accounts was breached by an unauthorized party in February. | Account Hijacking | C Manufacturing | CC | US | General Electric, GE, Canon Business Process Services | |
| 465 | 20/03/2020 | Digital Revolution | InformInvestGroup CJSC | Russian hacker group Digital Revolution claims to have breached InformInvestGroup CJSC, a contractor for the FSB, Russia's national intelligence service, and discovered details about Fronton, a project intended for hacking Internet of Things (IoT) devices. | Unknown | M Professional scientific and technical activities | CC | RU | Digital Revolution, InformInvestGroup CJSC, FSB, Fronton, IoT | |
| 466 | 20/03/2020 | ? | Finastra | Finastra, a leading financial technology provider from the UK, announces that it had to take several servers offline following a ransomware attack. | Malware | V Fintech | CC | UK | Finastra, ransomware | |
| 467 | 20/03/2020 | ? | Single Individuals in the US | FBI's Internet Crime Complaint Center (IC3) warns of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. | Account Hijacking | X Individual | CC | US | FBI, Internet Crime Complaint Center, IC3 | |
| 468 | 20/03/2020 | ? | Zyxel devices | Mukashi, a new variant of the Mirai malware is targeting a recently uncovered critical vulnerability in Zyxel network-attached storage devices and exploiting them to rope the machines into an IoT botnet. | Vulnerability | Y Multiple Industries | CC | >1 | Mukashi, Mirai, Zyxel, CVE-2020-9054 | |
| 469 | 20/03/2020 | ? | University of Utah Health | The University of Utah Health discloses a security breach, due to unauthorized access to some employee email accounts along with the presence of malware on its systems. The intrusion took place between January 7 and February 21, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | University of Utah Health | |
| 470 | 20/03/2020 | ? | Rotherham Council | Rotherham Council's IT system is compromised by an email with "COVID-19" in the subject field. | Account Hijacking | O Public administration and defence, compulsory social security | CC | UK | Rotherham Council | |
| 471 | 20/03/2020 | ? | Oregon Department of Human Services | The Oregon Department of Human Services announces that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | Oregon Department of Human Services | |
| 472 | 20/03/2020 | ? | Golden Valley Health Centers | Golden Valley Health Centers notifies patients after an employee email account was compromised on March 3. | Account Hijacking | Q Human health and social work activities | CC | US | Golden Valley Health Centers | |
| 473 | 21/03/2020 | ? | Multiple targets | Researchers from MalwareHunterTeam detect a new Coronavirus phishing campaign installing the NetWalker ransomware. | Malware | Y Multiple Industries | CC | >1 | MalwareHunterTeam, Coronavirus, NetWalker, COVID-19 | |
| 474 | 21/03/2020 | ? | Lilin devices | Criminals are exploiting critical flaws in IoT devices from Lilin to enslave them in at least three botnets used to carry out DDoS attacks. | Vulnerability | Y Multiple Industries | CC | >1 | Lilin | |
| 475 | 21/03/2020 | ? | Bitcoin users | It turns out that a network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks. | Account Hijacking | V Fintech | CC | >1 | Bitcoin, Crypto, QR-Code gernerator | |
| 476 | 23/03/2020 | ? | World Health Organization | Reuters reveal that hackers tried to break into the World Health Organization earlier this month | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | INT | Reuters, World Health Organization, WHO | |
| 477 | 23/03/2020 | ? | Multiple targets | Microsoft issues a warning (ADV200006) that targeted attacks are underway against Windows 10 users, from attackers exploiting a critical vulnerability with no available fix. | Targeted Attack | Y Multiple Industries | CC | >1 | Microsoft, ADV200006 | |
| 478 | 23/03/2020 | ? | 538 million users of Chinese social network Weibo | The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online. | Unknown | X Individual | CC | CN | ||
| 479 | 23/03/2020 | ? | SIngle Individuals | Researchers from KnowBe4 discover a new phishing campaign repurposing old emails to exploit COVID-19. | Account Hijacking | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19 | |
| 480 | 23/03/2020 | ? | Single Individuals | Researchers from MalwareHunterTeam discover the first MBRLocker variant with a Coronavirus theme. | Malware | X Individual | CC | >1 | MalwareHunterTeam, MBRLocker, Coronavirus, COVID-19 | |
| 481 | 23/03/2020 | ? | Single Individuals | Researchers from Malwarebytes discover two sites promoting a bogus Corona Antivirus, taking advantage of the current COVID-19 pandemic, to distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet. | Malware | X Individual | CC | >1 | Malwarebytes, Coronavirus, COVID-19 | |
| 482 | 23/03/2020 | ? | Single Individuals | An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails. | Malware | X Individual | CC | US | HHS, COVID-19, Coronavirus | |
| 483 | 23/03/2020 | ? | 118 118 Money | 118 118 Money writes to personal loans and credit card customers to notify an intrusion. | Unknown | K Financial and insurance activities | CC | UK | 118 118 Money | |
| 484 | 23/03/2020 | ? | LTI Power System | LTI Power System is hit with a ransomware attack. | Malware | C Manufacturing | CC | US | LTI Power System, ransomware | |
| 485 | 24/03/2020 | ? | Industrial-related entities in the Middle East | Researchers from Kaspersky reveal the details of operation WildPressure, a campaign targeting entities in middle east via the Milum trojan. | Targeted Attack | Y Multiple Industries | CC | >1 | Kaspersky, WildPressure, Milum | |
| 486 | 24/03/2020 | ? | Android users | Researchers from Check Point issue a new warning for a malware family dubbed Tekya, using that same native code subterfuge as a previous malware called Haken to slip the security net. | Malware | X Individual | CC | >1 | Check Point, Tekya, Haken | |
| 487 | 24/03/2020 | ? | Banking users in Spain | Researchers from Kaspersky reveal that the operators of the Ginp mobile banking trojan are now targeting users in Spain with a fake "Coronavirus Finder" app. | Malware | K Financial and insurance activities | CC | ES | Kaspersky, Ginp, Coronavirus Finder | |
| 488 | 24/03/2020 | TwoSail Junk | iOS Users in Hong Kong | Researchers from Trend Micro discover a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as LightSpy. | Targeted Attack | X Individual | CE | HK | Trend Micro, iPhone, iOS, LightSpy, TwoSail Junk | |
| 489 | 24/03/2020 | ? | Netflix users | Users are warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic. | Account Hijacking | X Individual | CC | >1 | Netflix, Coronavirus, COVID-19 | |
| 490 | 24/03/2020 | ? | Bank customers in Germany | Researchers from IBM X-Force discover TrickMo, an Android malware targeting TrickBot victims and designed to bypass MFA to bank customers when they need to authorize a transaction. | Malware | K Financial and insurance activities | CC | DE | IBM X-Force, TrickMo, Android, TrickBot | |
| 491 | 24/03/2020 | ? | Twitter users | Hackers take over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic. | Account Hijacking | X Individual | CC | >1 | Twitter, coronavirus, COVID-19 | |
| 492 | 24/03/2020 | ? | PropTiger | Private data of more than 2 million users are shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018. | Unknown | L Real estate activities | CC | IN | PropTiger | |
| 493 | 25/03/2020 | APT41 | Multiple targets | Researchers from FireEye discover a campaign carried out by the Chinese state-sponsored group APT41, using recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe. | Targeted Attack | Y Multiple Industries | CE | >1 | FireEye, APT41 | |
| 494 | 25/03/2020 | ? | Tupperware | Researchers from Malwarebytes reveal that hackers have compromised the website of the world-famous Tupperware brand and stolen customers' payment card details at checkout. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Tupperware, Magecart, Malwarebytes | |
| 495 | 25/03/2020 | ? | Daniel's Hosting | The operator of the biggest free host for dark web sites, Daniel's Hosting, confirms that the service has been shut down following a hack attack that deleted all 7,595 site databases. | Unknown | S Other service activities | CC | DE | Daniel's Hosting | |
| 496 | 25/03/2020 | Palesa | AMD | AMD admits that a hacker has stolen files related to some of its graphics products. | Unknown | C Manufacturing | CC | US | AMD, Palesa | |
| 497 | 25/03/2020 | ? | Linksys Routers | Researchers from Bitdefender reveal the details of a new campaign where the attackers change DNS settings to redirect the victim to a website that claims to be from the World Health Organization, but in reality distributing the Oski infostealer. | Malware | Y Multiple Industries | CC | >1 | Bitdefender, World Health Organization, Oski infostealer, Coronavirus, COVID-19 | |
| 498 | 25/03/2020 | ? | Single Individuals | Researchers from 'Doctor Web' issue a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome. | Malware | X Individual | CC | >1 | Doctor Web, Google Chrome | |
| 499 | 25/03/2020 | ? | Websites using Wordpress | The threat actors behind the WordPress WP-VCD malware start to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site. | Malicious Wordpress Plugin | Y Multiple Industries | CC | >1 | WordPress, WP-VCD, Coronavirus, COVID-19 | |
| 500 | 25/03/2020 | ? | Town of Jupiter | The town of Jupiter is hit by a REvil/Sodinokibi ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Jupiter, REvil, Sodinokibi, ransomware | |
| 501 | 26/03/2020 | China | North Korea | Researchers at Google's Threat Analysis Group reveal on Thursday that an unnamed group of hackers used five zero-day vulnerabilities, or secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019. | Targeted Attack | O Public administration and defence, compulsory social security | CE | KR | China, North Korea, Google | |
| 502 | 26/03/2020 | Maze | Chubb | Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, is hit with a Maze ransomware attack. | Malware | K Financial and insurance activities | CC | CH | Chubb, Maze, ransomware | |
| 503 | 26/03/2020 | DoppelPaymer | Kimchuk | Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware | Malware | C Manufacturing | CC | US | Kimchuk, DoppelPaymer, ransomware | |
| 504 | 26/03/2020 | FIN7 | Multiple targets | The FBI warns organizations and security professionals about the tactic adopted by FIN7 to deliver the GRIFFON malware: malicious USB devices acting as a keyboard when plugged into a computer, injecting commands download and executing a JavaScript backdoor associated with this actor. | Targeted Attack | K Financial and insurance activities | CC | US | FIN7, GRIFFON , FBI | |
| 505 | 26/03/2020 | Ryuk | US health care provider | A US health care provider is hit with the Ryuk ransomware. | Malware | Q Human health and social work activities | CC | US | Ryuk, ransomware | |
| 506 | 26/03/2020 | ? | Undisclosed US hospitality provider | Researchers from Trustwave reveal that a US hospitality provider has recently been the target of an incredibly rare BadUSB attack. | Malware | Q Human health and social work activities | CC | US | Trustwave, BadUSB | |
| 507 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a new phishing campaign pretending to be a missed call about a COVID-19 update. | Account Hijacking | X Individual | CC | US | Forcepoint, COVID-19, Coronavirus | |
| 508 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a new spam campaign exploiting COVID-19. | Malicious Spam | X Individual | CC | US | Forcepoint, COVID-19, Coronavirus | |
| 509 | 26/03/2020 | ? | Single Individuals | Researchers from Forcepoint discover a malicious campaign in Italy, encouraging the opening of an attachment, which it presents to be sent from the World Health Organization (WHO) with information covering all the necessary precautions against Coronavirus infections. | Malware | X Individual | CC | IT | Forcepoint, COVID-19, Coronavirus | |
| 510 | 27/03/2020 | Silence and TA505 | At least two companies operating in pharmaceutical and manufacturing sectors have been affected | Researchers from Group-IB reveal that at least two companies operating in pharmaceutical and manufacturing sectors have been affected have been affected by successful attacks carried out by Silence and TA505, exploiting CVE-2019-1405 and CVE-2019-1322 | Targeted Attack | C Manufacturing | CC | EU | Group-IB, TA505, Silence, CVE-2019-1405, CVE-2019-1322 | |
| 511 | 27/03/2020 | ? | Social Bluebook | Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media “influencers” for posts that promote their products and services, is hacked. | Unknown | J Information and communication | CC | US | Social Bluebook | |
| 512 | 27/03/2020 | ? | U.S. Small Businesses | Researchers from IBM X-Force reveal that attackers are attempting to deliver Remcos remote access tool payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA). | Malware | Y Multiple Industries | CC | US | IBM X-Force, Remcos, U.S. Small Business Administration, U.S. SBA | |
| 513 | 27/03/2020 | ? | Multiple targets in Australia | The Australian Cyber Security Centre (ACSC) issues a new threat update, seeking to raise awareness around coronavirus-themed malicious cyber activity. | Account Hijacking | Y Multiple Industries | CC | AU | Australian Cyber Security Centre, ACSC, COVID-19, Coronavirus | |
| 514 | 28/03/2020 | ? | 4.9 million Georgian citizens | The personal details for more than 4.9 million Georgians, including deceased citizens, are published on a hacking forum. | Unknown | O Public administration and defence, compulsory social security | CC | GE | Georgia | |
| 515 | 28/03/2020 | ? | Single Individuals | Researchers from KnowBe4 discover a malicious campaign warning recipients that they've been exposed to the coronavirus through personal contact with a colleague, friend, or family member. | Malicious Spam | X Individual | CC | US | KnowBe4, Coronavirus, COVID-19 | |
| 516 | 28/03/2020 | Two malicious groups | Multiple targets | Researchers from Qihoo 360 reveal that since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. | Vulnerability | Y Multiple Industries | CC | >1 | Qihoo 360, DrayTek | |
| 517 | 28/03/2020 | ? | Teaching Council | A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared. | Account Hijacking | P Education | CC | IE | Teaching Council | |
| 518 | 29/03/2020 | Saudi Arabia? | Saudi citizens in the US | Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US. | Vulnerability | X Individual | CE | SA | Saudi Arabia | |
| 519 | 29/03/2020 | ? | Single Individuals | A new phishing campaign is spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested. | Malware | X Individual | CC | >1 | COVID-19, Coronavirus | |
| 520 | 30/03/2020 | ? | Major banks from the US, Canada, and Australia | Researchers from IBM X-Force discover a new phishing campaign exploiting COVID-19 to distribute the Zeus Sphinx trojan. | Malware | K Financial and insurance activities | CC | >1 | IBM X-Force, COVID-19, Zeus Sphinx, Coronavirus | |
| 521 | 30/03/2020 | ? | Multiple targets | FBI warns about Zoom bombing as hijackers take over school and business video conferences. | Misconfiguration | Y Multiple Industries | CC | >1 | FBI, Zoom bombing | |
| 522 | 30/03/2020 | ? | Multiple targets in the US | The FBI issues an alert (the third) about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign. | Targeted Attack | Y Multiple Industries | CE | US | FBI, Kwampirs | |
| 523 | 30/03/2020 | ? | YouTuber users | A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates. | Account Hijacking | X Individual | CC | >1 | YouTube, Ponzi scam, Bill Gates. | |
| 524 | 30/03/2020 | ? | GoDaddy.com | A spear-phishing hits a customer service employee at GoDaddy.com, the world’s largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com. | Account Hijacking | J Information and communication | CC | US | GoDaddy.com, escrow.com. | |
| 525 | 30/03/2020 | "Samaneye Shekar” meaning “Hunting system” | 42 million Iranian citizens | The details of 42 million Iranian citizens, allegedly users of HotGram and Talagram, two local Telegram alternatives, are leaked online. | Unknown | X Individual | CC | IR | HotGram, Talagram, Telegram, Samaneye Shekar, Hunting system | |
| 526 | 31/03/2020 | ? | Marriott | Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February. | Account Hijacking | I Accommodation and food service activities | CC | US | Marriott | |
| 527 | 31/03/2020 | ? | Specific Asian religious and ethnic group | Researchers from Kaspersky reveal the details of Holy Water, a campaign targeting people in a specific Asian religious and ethnic group. | Targeted Attack | X Individual | CE | >1 | Kaspersky, Holy Water | |
| 528 | 31/03/2020 | ? | Multiple targets | Researchers from Mimecast discover a new campaign spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. | Malware | Y Multiple Industries | CC | >1 | Mimecast, LimeRAT, Excel | |
| 529 | 31/03/2020 | ? | Single Individuals | Researchers from Cofense discover a new evasive phishing campaign exploiting the COVID-19 fear. | Account Hijacking | X Individual | CC | >1 | Cofense, COVID-19, Coronavirus | |
| 530 | 16/03/2020 | ? | Avalon Health Care Management | Avalon Health Care Management notifies 14,500 patients of a phishing incident occurred on March 16, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Avalon Health Care Management | |
| 531 | 26/03/2020 | Bassterlord | Indian State Tax Office | A hacker having the handle “Bassterlord”, claims to have Admin access to an Indian State Tax office’s network on a Russian hacking forum, | Unknown | O Public administration and defence, compulsory social security | CC | IN | Bassterlord | |
| 532 | 26/03/2020 | ? | Meadville Medical Center | Meadville Medical Center is hit with a malware attack. | Malware | Q Human health and social work activities | CC | US | Meadville Medical Center | |
| 533 | 27/03/2020 | ? | SBTech | SBTech is hit with a ransomware infection | Malware | R Arts entertainment and recreation | CC | MA | SBTech, ransomware | |
| 534 | 27/03/2020 | ? | Brandywine Urology Consultants | Brandywine Urology Consultants notify about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27. | Malware | Q Human health and social work activities | CC | US | Brandywine Urology Consultants, ransomware | |
| 535 | 30/03/2020 | Maze | BetUS | Online gambling operator BetUS is the latest target of the Maze ransomware gang. | Malware | R Arts entertainment and recreation | CC | CW | BetUS, Maze, ransomware | |
| 536 | 31/03/2020 | Nefilim | Cosan | The Nefilim Ransomware operators leak the data of Cosan, a Brazilian conglomerate producer of bioethanol, sugar and energy. | Malware | C Manufacturing | CC | BR | Nefilim, Cosan, ransomware | |
| 537 | 31/03/2020 | ? | Android users | Researchers from Bitdefender discover versions of the Android Zoom video-conferencing application repackaged with malware. | Malware | X Individual | CC | >1 | Bitdefender, Android, Zoom | |
| 538 | 08/04/2020 | ? | Vulnerable IoT devices | Researchers from Bitdefender discover Dark_Nexus, a destructive new botnet that compromises vulnerable IoT devices to carry out DDoS attacks. | Vulnerability | Y Multiple Industries | CC | >1 | Bitdefender, Dark_Nexus | |
| 539 | 08/04/2020 | ? | Bisq | Cryptocurrency exchange Bisq halts trading following a cyberattack leading to the theft of $250,000 worth of virtual currency from users. | Vulnerability | V Fintech | CC | N/A | Bisq, Crypto | |
| 540 | 08/04/2020 | ? | Cisco Webex users | Researchers from Cofense discover a new phishing campaign using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. | Account Hijacking | X Individual | CC | >1 | Cofense, Cisco Webex, COVID-19, Coronavirus | |
| 541 | 08/04/2020 | ? | Multiple targets | Microsoft warns that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses via phishing attacks. | Account Hijacking | Y Multiple Industries | CC | >1 | Microsoft, Coronavirus, COVID-19 | |
| 542 | 09/04/2020 | ? | Government of North Rhine-Westphalia | The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros through a phishing operation mimicking a website built to distribute COVID-19 aid. | Account Hijacking | O Public administration and defence, compulsory social security | CC | DE | North Rhine-Westphalia, COVID-19 | |
| 543 | 09/04/2020 | ? | Android users | Check Point’s researchers discover 16 different malicious apps masquerading as legitimate coronavirus apps, which contain a range of malware aimed at stealing users’ sensitive information or generating fraudulent revenues. | Malware | X Individual | CC | >1 | Check Point, coronavirus, COVID-19, Android | |
| 544 | 09/04/2020 | ? | E-Commerce sites powered by WordPress | Researchers from Sucuri discover a dedicated Javascript skimmer targeting WordPress e-commerce sites powered by WooCommerce. | Malicious Script Injection | Y Multiple Industries | CC | >1 | Sucuri, Javascript, WooCommerce | |
| 545 | 09/04/2020 | ? | Single Individuals | A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam. | Malicious Spam | X Individual | CC | >1 | Extortion | |
| 546 | 09/04/2020 | ? | Single Individuals | Researchers from Inky discover a phishing campaign trying to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump. | Account Hijacking | X Individual | CC | US | Inky, White House, Mike Pence, Coronavirus, COVID-19 | |
| 547 | 09/04/2020 | ? | DESMI | DESMI, a global company specialized in the development and manufacture of pump solutions, discloses a cyber attack. | Malware | C Manufacturing | CC | DK | DESMI, ransomware | |
| 548 | 09/04/2020 | ? | Several Iranian sites including Niazpardaz[.]ir, Arzi24[.]com | Someone is selling personal details of 45,000 Iranians on the dark web. | Unknown | X Individual | CC | IR | Niazpardaz[.]ir, Arzi24[.]com | |
| 549 | 10/04/2020 | ? | Mediterranean Shipping Co (MSC) | Mediterranean Shipping Co., the world’s second largest container line, says it has been hit by a network outage. Few days later the company confirms a malware cyber attack. | Malware | H Transportation and storage | CC | CH | Mediterranean Shipping Co, (MSC) | |
| 550 | 10/04/2020 | Protag | Quidd | Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums. | Unknown | R Arts entertainment and recreation | CC | US | Quidd | |
| 551 | 10/04/2020 | Nefilim | MAS Holdings | The Nefilim ransomware group operators leak the data of MAS Holdings. | Malware | C Manufacturing | CC | LK | Nefilim, Mas Holdings, ransomware | |
| 552 | 10/04/2020 | ? | Single Individuals | Researchers from IntSights discover a database available on an underground forum in the dark web containing more than 2,300 compromised Zoom credentials. | Credential Stuffing | X Individual | CC | >1 | IntSights, Zoom | |
| 553 | 10/04/2020 | ? | Saint Francis Ministries | An unauthorized party gained entry into an employee’s email account at Saint Francis Ministries, accessing sensitive personal identifying information, as well as financial and protected health data between Dec. 13 and 20 of 2019. | Account Hijacking | S Other service activities | CC | US | Saint Francis Ministries | |
| 554 | 10/04/2020 | ? | Single Individuals | Researchers from Sophos reveal a surge in sextortion emails. | Malicious Spam | X Individual | CC | >1 | Sophos, Sextortion | |
| 555 | 10/04/2020 | ? | 115 million Pakistani mobile users | Researchers from Rewterz discover a data dump of 115 million Pakistani mobile users for sale on the dark web today. The cyber criminal behind this data breach demands 300 BTC ($2.1 million USD) for the data. | Unknown | X Individual | CC | PK | Rewterz, Pakistan | |
| 556 | 11/04/2020 | ? | Monte dei Paschi | Hackers accessed the mailboxes of some employees at Italian state-owned bank Monte dei Paschi and send emails to clients. The attack occurred on March 30. | Account Hijacking | K Financial and insurance activities | CC | IT | Monte dei Paschi | |
| 557 | 11/04/2020 | ? | Lafayette Regional Rehabilitation Hospital | Lafayette Regional Rehabilitation Hospital suffers a second phishing attack in few months. | Account Hijacking | Q Human health and social work activities | CC | US | Lafayette Regional Rehabilitation Hospital | |
| 558 | 12/04/2020 | ? | Single Individuals | A malware distributor has decided to play a nasty prank by locking victim's computers, and blaming the infection on two well-known and respected security researchers. | Malware | X Individual | CC | >1 | Ransomware | |
| 559 | 12/04/2020 | ? | New York State | New York State officials are investigating a breach of the state government computer network. The attack, discovered in late January, is believed to have originated outside of the United States. | Vulnerability | O Public administration and defence, compulsory social security | CE | US | New York State | |
| 560 | 12/04/2020 | ? | Doctors based in the US | A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States. | Unknown | Q Human health and social work activities | CC | US | ||
| 561 | 13/04/2020 | ? | Single Individuals | Researchers from Cyble discover over 500,000 Zoom accounts sold on the dark web and hacker forums. | Credential Stuffing | X Individual | CC | >1 | Cyble, 500,000, Zoom | |
| 562 | 13/04/2020 | ? | Hartford HealthCare | Hartford HealthCare releases a statement warning patients about a phishing incident that took place between February 13 and February 14 this year. | Account Hijacking | Q Human health and social work activities | CC | US | Hartford HealthCare | |
| 563 | 13/04/2020 | ? | Government agencies involved in the procurement of personal protective equipment and other supplies | The FBI issues a warning of BEC scams against government agencies involved in the procurement of personal protective equipment and other supplies, during the COVID-19 Pandemic. | Business Email Compromise | O Public administration and defence, compulsory social security | CC | US | FBI, COVID-19, Coronavirus | |
| 564 | 13/04/2020 | ? | Accounts of banking customers in Spain | Researchers from Kaspersky warn of a remote overlay malware attack carried out via a malware called Grandoreiro, which leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. | Malware | K Financial and insurance activities | CC | ES | Kaspersky, Grandoreiro, Chrome | |
| 565 | 13/04/2020 | ? | Doctors Community Medical Center | Doctors Community Medical Center notifies an unreported number of patients whose protected health information was potentially compromised by a phishing incident discovered in January. | Account Hijacking | Q Human health and social work activities | CC | US | Doctors Community Medical Center | |
| 566 | 14/04/2020 | Ragnar Locker | Energias de Portugal (EDP) | Attackers using the Ragnar Locker ransomware encrypt the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). | Malware | D Electricity gas steam and air conditioning supply | CC | PT | Energias de Portugal (EDP), | |
| 567 | 14/04/2020 | ? | Chrome Users | Google removes 49 malicious Chrome browser extensions from its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The applications were discovered by MyCrypto and PhishFort. | Malicious Browser Extension | X Individual | CC | >1 | Google, Chrome, MyCrypto, PhishFort, crypto | |
| 568 | 14/04/2020 | ? | Single Individuals | Researchers at White Ops reveal the details of ICEBUCKET, a massive online fraud operation that for the past few months has been mimicking smart TVs to gain profits from online ads. | Server-Side Ad Insertion (SSAI) Hijacking | X Individual | CC | >1 | White Ops, ICEBUCKET, Smart TVs | |
| 569 | 14/04/2020 | ? | Canadian government healthcare organization | Researchers from Palo Alto discover a ransomware attack against a Canadian government healthcare organization exploiting the COVID-19 pandemic. | Malware | Q Human health and social work activities | CC | CA | Palo Alto Networks, ransomware, COVID-19, Coronavirus | |
| 570 | 14/04/2020 | ? | Canadian medical research facility | Researchers from Palo Alto discover a ransomware attack against a Canadian medical research facility exploiting the COVID-19 pandemic. | Malware | Q Human health and social work activities | CC | CA | Palo Alto Networks, ransomware, COVID-19, Coronavirus | |
| 571 | 14/04/2020 | ? | Medical organizations and medical research facilities located in Japan and Canada | Researchers from Palo Alto discover a separate campaign targeting various organizations, including medical organizations and medical research facilities located in Japan and Canada, with the AgentTesla malware. | Malware | Q Human health and social work activities | CC | CA JP | Palo Alto, AgentTesla, COVID-19, Coronavirus | |
| 572 | 14/04/2020 | ? | GitHub users | GitHub users are targeted by a Sawfish phishing campaign designed to steal their GitHub login credentials and time-based one-time password (TOTP) codes. | Account Hijacking | Y Multiple Industries | CC | >1 | GitHub, Sawfish | |
| 573 | 14/04/2020 | ? | Individuals in the US | Researchers from Fortinet discover a new variant of the NetWire RAT delivered via IRS-themed phishing emails. | Malware | X Individual | CC | US | Fortinet, NetWire, IRS, COVID-19, Coronavirus | |
| 574 | 14/04/2020 | TA505 | Multiple targets | Researchers from IBM X-Force reveal that the TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns spreading the persistent SDBbot RAT. | Malware | Y Multiple Industries | CC | >1 | IBM X-Force, TA505, SDBbot | |
| 575 | 14/04/2020 | ? | Two Manitoba law firms | Two Manitoba law firms are hit with a ransomware attack. | Malware | M Professional scientific and technical activities | CC | CA | Manitoba, ransomware | |
| 576 | 14/04/2020 | ? | Users in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia. | Researchers at Trend Micro discover a potential cyberespionage campaign, named Project Spy, that infects Android and iOS devices with spyware in disguise of a fake COVID-19 app. | Malware | Y Multiple Industries | CE | >1 | Trend Micro, Project Spy, COVID-19 | |
| 577 | 15/04/2020 | Syrian Electronic Army (SEA) | Single Individuals in Syria | Researchers at Lookout discover a COVID-19 Themed Spyware targeting Syrian citizens. | Malware | X Individual | CE | SY | Lookout, COVID-19, Coronavirus | |
| 578 | 15/04/2020 | International Union of Virtual Media (IUVM) (linked to Iran) | Social Network users | Researchers from Graphika discover an Iranian-linked group spreading disinformation about Coronavirus on Facebook, Instagram, and Twitter. | Fake Social Network accounts/groups/pages | X Individual | CW | >1 | Graphika, Iran, COVID-19, Coronavirus, Facebook, Instagram, Twitter, International Union of Virtual Media, IUVM | |
| 579 | 15/04/2020 | Satan | Mercantile Communications Pvt Ltd | A group of hackers manage to gain access to the .np domain of Mercantile Communications Pvt Ltd. | DNS Hijacking | J Information and communication | CC | NP | Mercantile Communications Pvt Ltd, Satan | |
| 580 | 15/04/2020 | ? | Valorant players | Soon after the game Valorant entered closed beta, malware samples are released that targets users who are trying to play the game or get beta keys. | Malware | R Arts entertainment and recreation | CC | >1 | Valorant | |
| 581 | 15/04/2020 | ? | Single Individuals | Researchers from Trustwave detect a peak of BEC scams leveraging COVID-19 | Business Email Compromise | X Individual | CC | US | Trustwave, COVID-19, Coromnavirus | |
| 582 | 15/04/2020 | ? | Wappalyzer | Tech company Wappalyzer discloses a security incident after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000. The incident took place on January 20. | Misconfiguration | M Professional scientific and technical activities | CC | AU | Wappalyzer | |
| 583 | 15/04/2020 | ? | Customers of the main Portuguese banks | A new Android Trojan-Banker targets customers of the main Portuguese banks. | Malware | K Financial and insurance activities | CC | PT | Android, Trojan-Banker | |
| 584 | 15/04/2020 | ? | Single Individuals | Researchers from Mimecast discover a flight refund scam exploiting the COVID-19 outbreak. | Account Hijacking | X Individual | CC | >1 | Mimecast, COVID-19, Coronavirus | |
| 585 | 15/04/2020 | Hidden Cobra | US and western financial institutions | The Department of Home Security issues a warning that hackers from North Korea are launching new attacks against US and western financial institutions. | Targeted Attack | K Financial and insurance activities | CC | >1 | DHS, Department of Homeland Security, DHS, Hidden Cobra, CISA | |
| 586 | 15/04/2020 | ? | Applications Software Technologies | Applications Software Technologies reveals to have discovered on March 9 that an unauthorized party had accessed the company by obtaining access to a company email account. | Account Hijacking | M Professional scientific and technical activities | CC | US | Applications Software Technologies | |
| 587 | 15/04/2020 | ? | EA Sports | EA Sports is hit by a DDoS attack | DDoS | R Arts entertainment and recreation | CC | US | EA Sports | |
| 588 | 15/04/2020 | ? | South African Department for Women, Youth, and Persons with Disabilities | The South African Department for Women, Youth, and Persons with Disabilities is the latest victim of a Zoom bombing attack. | Zoom bombing | O Public administration and defence, compulsory social security | CC | ZA | South African Department for Women, Youth, and Persons with Disabilities, Zoom | |
| 589 | 03/04/2020 | ? | Vulnerable ZyXEL routers | Researchers from Palo Alto Networks discover a new variant of the Hoaxcalls botnet, spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month. | Vulnerability | Y Multiple Industries | CC | >1 | Palo Alto Networks, Hoaxcalls, ZyXEL, Grandstream, DrayTek | |
| 590 | 15/04/2020 | ? | Vulnerable Wordpress servers | Researchers from Sucuri reveal that attackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. | Vulnerability | Y Multiple Industries | CC | >1 | Sucuri, WordPress, OneTone | |
| 591 | 15/04/2020 | ? | Vulnerable IoT devices | Researchers at NetLab 360 discover Moobot, a new botnet family based on Mirai, which targets internet of things (IoT) devices. | Malware | Y Multiple Industries | CC | >1 | NetLab 360, Moobot, Mirai | |
| 592 | 16/04/2020 | Foreign government hackers | Companies conducting research into treatments for COVID-19 | The FBI reveals that foreign government hackers have broken into companies conducting research into treatments for COVID-19. | Targeted Attack | Q Human health and social work activities | CE | US | FBI, COVID-19 | |
| 593 | 16/04/2020 | ? | Azerbaijan government and utility companies | Researchers from Cisco Talos publish an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) targeting both the Azerbaijan government and utility companies, and exploits the COVID-19 outbreak. | Targeted Attack | O Public administration and defence, compulsory social security | CE | AZ | Cisco Talos, PoetRAT, COVID-19 | |
| 594 | 16/04/2020 | ? | Ruby Users | Security researchers from ReversingLabs discover 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users' clipboards. | Malware | Y Multiple Industries | CC | >1 | ReversingLabs, RubyGems, Ruby | |
| 595 | 16/04/2020 | ? | Single Individuals | Researchers from Avast discover a malvertising campaign taking advantage of COVID-19, targeting Internet Explorer users via the Fallout Exploit Kit, to steal their information via the Kpot v2.0 information stealer. | Malvertising | X Individual | CC | >1 | Avast, COVID-19, Internet Explorer, Fallout Exploit Kit, Kpot v2.0 | |
| 596 | 17/04/2020 | ? | Aptoide | A hacker leaks the details of 20 million users of Aptoide, a third-party app store for Android applications. | SQL Injection | J Information and communication | CC | PT | Aptoide, Android | |
| 597 | 17/04/2020 | Trickbot | Multiple targets | Researchers from Microsoft's Security Intelligence team say that the operation behind Trickbot over the past few days sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, with the aim of installing Trickbot malware via unique "macro-laced" malicious document attachments inside the message. | Malware | Y Multiple Industries | CC | >1 | Microsoft, Trickbot, COVID-19, Coronavirus | |
| 598 | 17/04/2020 | Clop | ExecuPharm | U.S. pharmaceutical giant ExecuPharm has its data leaked after it refuses to pay the ransom. | Malware | Q Human health and social work activities | CC | US | ExecuPharm, Clop | |
| 599 | 17/04/2020 | ? | Organizations in Italy | Researchers from Cybaze-Yoroi ZLab discover a new variant of Ursnif targeting organizations in Italy. | Malware | Y Multiple Industries | CC | IT | Cybaze-Yoroi ZLab, Ursnif | |
| 600 | 17/04/2020 | ? | PrimoHoagies | PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020. | Malicious Script Injection | I Accommodation and food service activities | CC | US | PrimoHoagies | |
| 601 | 17/04/2020 | ? | Banking users | Researchers from Trustwave discover a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The campaign attempts to dupe users with themes ranging from fake invoices to COVID-19 related lures and distributes the Gozi banking trojan. | Malware | K Financial and insurance activities | CC | >1 | Trustwave, Excel, COVID-19, Gozi | |
| 602 | 17/04/2020 | ? | Aurora Medical Center Bay Area | Aurora Medical Center Bay Area notifies to have been hit with a phishing attack occurred on January 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Aurora Medical Center Bay Area | |
| 603 | 17/04/2020 | ? | Olean City | Olean City is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Olean City. Ransomware | |
| 604 | 18/04/2020 | ? | Cognizant | Information technologies services giant Cognizant is hit by the Maze Ransomware. | Malware | M Professional scientific and technical activities | CC | US | Cognizant, Maze | |
| 605 | 18/04/2020 | ? | Webkinz World, | A hacker leaks the usernames and passwords of nearly 23 million players of Webkinz World, an online children's game managed by Canadian toy company Ganz. | SQL Injection | R Arts entertainment and recreation | CC | CA | Webkinz World, Ganz | |
| 606 | 19/04/2020 | ? | Uniswap | Hackers try to attack the Uniswap cryptocurrency exchange but the attack is unsuccessful. | Vulnerability | V Fintech | CC | US | Uniswap, Crypto | |
| 607 | 19/04/2020 | ? | Lendf.me | The same hackers steal more than $25 million in cryptocurrency from the Lendf.me lending platform but they need to return the money after they are caught. | Vulnerability | V Fintech | CC | N/A | Lendf.me, crypto | |
| 608 | 19/04/2020 | ? | Facebook users | Researchers from Cyble discover a threat actor selling a database with 267 million Facebook profiles for £500 on the dark web and through hacking forums. | Misconfiguration | X Individual | CC | >1 | Cyble, Facebook | |
| 609 | 19/04/2020 | ? | UniCredit | Researchers from Tesly reveal that data on about 3,000 UniCredit SpA employees was put up for sale on cybercrime forums after an SQL Injection attack. | SQL Injection | K Financial and insurance activities | CC | IT | UniCredit | |
| 610 | 19/04/2020 | ? | Energy, manufacturing, and business services in the United States | Researchers from Proofpoint discover a new campaign designed to steal user credentials via a lure that claims to welcome users to their new Zoom account. | Account Hijacking | Y Multiple Industries | CC | US | Proofpoint, Zoom, COVID-19 | |
| 611 | 19/04/2020 | TA4562 | Manufacturing industrial, marketing/advertising, technology, IT and construction companies | Researchers from Proofpoint discover a campaign distributing the ServLoader and NetSupport remote access Trojans (RATs) via fake Zoom meetings cancellations. | Malware | Y Multiple Industries | CC | >1 | Proofpoint, Zoom, COVID-19, TA4562 | |
| 612 | 19/04/2020 | ? | Danish Agro | Danish Agro is hit with a ransomware attack. | Malware | S Other service activities | CC | DK | Danish Agro, ransomware | |
| 613 | 20/04/2020 | Winnti (aka APT41, BARIUM, Blackfly). | Gravity | Researchers from QuoIntelligence (QuoINT) reveal that attackers from Winnti (aka APT41, BARIUM, Blackfly attempted to breach the internal network of Gravity, the South Korean gaming company behind the popular Ragnarok Online Massive Multiplayer Online Role-Playing Game. | Targeted Attack | R Arts entertainment and recreation | CE | KR | QuoIntelligence, QuoINT, Winnti, APT41, BARIUM, Blackfly, Gravity, Ragnarok | |
| 614 | 20/04/2020 | ? | Believr | Hackers infiltrate a Zoom meeting of a virtual church service hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr. | Zoom Bombing | S Other service activities | CC | US | Zoom, Believr | |
| 615 | 20/04/2020 | ? | Chartered Institute for Securities and Investments (CISI) | The Chartered Institute for Securities and Investments (CISI) confirms that some of its members may have had their financial information stolen after “malicious code” was inserted on its website. | Malicious Script Injection | S Other service activities | CC | UK | Chartered Institute for Securities and Investments, CISI | |
| 616 | 20/04/2020 | ? | Brandywine Counseling and Community Services | Brandywine Counseling and Community Services notifies patients of a ransomware incident occurred on February 2020. | Malware | Q Human health and social work activities | CC | US | Brandywine Counseling and Community Services, ransomware | |
| 617 | 21/04/2020 | ? | Nintendo users | Nintendo users report that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. Few days after the company confirms the compromise of 160,000 accounts after the attackers exploited its Nintendo Network ID (NNID) login system. | Account Hijacking | R Arts entertainment and recreation | CC | JP | Nintendo, Nintendo Network ID, NNID | |
| 618 | 21/04/2020 | ? | China's Uyghur minority | Security firm Volexity discovers Insomnia, a new iOS exploit used to spy on China's Uyghur minority. | Targeted Attack | X Individual | CE | CN | Volexity, Insomnia, iOS, Uyghur | |
| 619 | 21/04/2020 | ? | Zoom users in corporate environments | Researchers from Abnormal Security discover a new phishing campaign targeting Zoom users, using fake Zoom meeting notifications to warn victims that their contracts will either be suspended or terminated. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Zoom, COVID-19 | |
| 620 | 21/04/2020 | DoppelPaymer | City of Torrance | The City of Torrance of the Los Angeles metropolitan area is hit by the DoppelPaymer Ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | The City of Torrance, DoppelPaymer | |
| 621 | 21/04/2020 | ? | US healthcare providers | The FBI warns of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. | Malware | Q Human health and social work activities | CC | US | FBI, COVID-19 | |
| 622 | 21/04/2020 | ? | Single Individuals | A fake WiFi hacking program is used to distribute CoronaLocker, a new Coronavirus-themed malware that tries to lock the victim out of Windows while making some very annoying sounds. | Malware | X Individual | CC | >1 | CoronaLocker, COVID-19 | |
| 623 | 21/04/2020 | ? | Oil and gas industries in multiple countries | Researchers from Bitdefender discover a new campaign targeting the oil and gas industry sector with highly targeted spearphishing campaigns impersonating shipment companies and engineering contractors while attempting to infect their targets with Agent Tesla info-stealer malware payloads. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | >1 | Bitdefender, Agent Tesla | |
| 624 | 21/04/2020 | ? | Parkview Medical Center | Parkview Medical Center is hit with a ransomware attack. | Malware | Q Human health and social work activities | CC | US | Parkview Medical Center, ransomware | |
| 625 | 21/04/2020 | ? | Single Individuals | Researchers from ZeroFOX discover a massive scam campaign circulating via WhatsApp. | Account Hijacking | X Individual | CC | >1 | ZeroFOX, WhatsApp, COVID-19 | |
| 626 | 21/04/2020 | ? | Whisky Auctioneer | An online auction of rare whiskies is postponed indefinitely following a DDoS attack. | DDoS | R Arts entertainment and recreation | CC | US | Whisky Auctioneer | |
| 627 | 21/04/2020 | ? | Banking users in Spain, Portugal, Brazil and other parts of Latin America | Researchers from IBM X-Force uncover Banking.BR, a new Android banking trojan targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America. | Malware | K Financial and insurance activities | CC | >1 | BM X-Force, Banking.BR | |
| 628 | 22/04/2020 | State-sponsored actor | Multiple targets | Researchers from ZecOps discover two zero-day vulnerabilities affecting iPhone and iPad devices, used on a series of ongoing remote attacks targeting iOS users since at least January 2018. | Targeted Attack | Y Multiple Industries | CE | >1 | ZecOps, iPhone, iPad | |
| 629 | 22/04/2020 | ? | Valve | The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked | Unknown | R Arts entertainment and recreation | CC | US | Valve | |
| 630 | 22/04/2020 | Government-backed attackers | US government workers | Google's Threat Analysis Group (TAG) reveals that one group has started using free meals and coupons supposedly from fast-food franchises to lure US government workers into exposing their Gmail credentials. | Account Hijacking | O Public administration and defence, compulsory social security | CE | US | Google's Threat Analysis Group, TAG, Gmail | |
| 631 | 22/04/2020 | Tag Barnakle | Vulnerable AD servers | Researchers from Confiant identify Tag Barnakle, a group that has been compromising advertising networks running old versions of the Revive open-source ad server to redirect victims to malware. | Malvertising | Y Multiple Industries | CC | >1 | Confiant, Tag Barnakle, Revive | |
| 632 | 22/04/2020 | ? | Multiple targets | A new phishing campaign is underway that targets employees with fake customer complaints that install a new backdoor used to compromise a network. | Account Hijacking | Y Multiple Industries | CC | >1 | Phishing | |
| 633 | 22/04/2020 | ? | SIngle Individuals | Researchers from Sophos reveal the details of a massive sextortion campaign netting nearly $500K in five months. | Malicious Spam | X Individual | CC | >1 | Sophos | |
| 634 | 23/04/2020 | Jerusalem Electronic Army (J.E.Army) | Water supply and treatment facilities in Israel | The Israeli National Cyber-Directorate (INCD) warns that hackers have targeted its water supply and treatment facilities. The agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. | Unknown | E Water supply, sewerage waste management, and remediation activities | CE | IL | Jerusalem Electronic Army, J.E.Army, Israeli National Cyber-Directorate, INCD | |
| 635 | 23/04/2020 | Ocean Lotus AKA APT32 | Wuhan government and Chinese Ministry of Emergency Management | Researchers from FireEye believe that hacking group Ocean Lotus, also known as APT32 and linked to the Vietnamese government, was involved in a spear phishing campaign targeting members of the Wuhan government and Chinese Ministry of Emergency Management in search of information related to the coronavirus pandemic. | Targeted Attack | Y Multiple Industries | CE | CN | FireEye, Ocean Lotus, APT32, Wuhan, COVID-19, Coronavirus | |
| 636 | 23/04/2020 | ? | GoDaddy | GoDaddy notifies some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. | Account Hijacking | J Information and communication | CC | US | GoDaddy | |
| 637 | 23/04/2020 | ? | US Universities | Researchers at Proofpoint discover a new campaign targeting Faculty and students at several U.S. colleges and universities with Hupigon RAT. | Malware | P Education | CC | US | Hupigon RAT | |
| 638 | 23/04/2020 | Sodinokibi | SeaChange | SeaChange is hit with the Sodinokibi ransomware. | Malware | J Information and communication | CC | US | SeaChange, Sodinokibi, ransomware | |
| 639 | 23/04/2020 | ? | Multiple targets | The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) issue a joint report warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells. | Web Shells | Y Multiple Industries | CC | US AU | National Security Agency, NSA, Australian Signals Directorate, ASD | |
| 640 | 23/04/2020 | ? | Multiple targets | Researchers from Cofense discover a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service. | Account Hijacking | Y Multiple Industries | CC | >1 | Cofense, Skype, COVID-19 | |
| 641 | 23/04/2020 | ? | Organizations in both public and private sectors, including financial institutions. | Researchers from ESET discover a previously undocumented botnet called VictoryGate, active since at least May 2019, and composed mainly of devices in Peru. The main activity of the botnet is mining Monero cryptocurrency. | Malware | Y Multiple Industries | CC | PE | ESET, VictoryGate, Crypto, Monero | |
| 642 | 23/04/2020 | Florentine Banker | Israeli and UK financial firms | Researchers from Check Point reveal the details of Florentine Banker, a cybercriminal group launching advanced business email compromise (BEC) attacks on leading Israeli and UK financial firms, stealing $1.3 million dollars in just four separate transactions. | Business Email Compromise | K Financial and insurance activities | CC | IL UK | Florentine Banker, Check Point | |
| 643 | 24/04/2020 | ? | Small business owners | Researchers from Abnormal Security discover a new phishing campaign targeting users of US Payroll Protection Program loans for small businesses. | Account Hijacking | Y Multiple Industries | CC | US | Abnormal Security, US Payroll Protection | |
| 644 | 24/04/2020 | ? | Multiple targets | A new phishing campaign delivers a new stealthy malware called BazarBackdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks. | Account Hijacking | Y Multiple Industries | CC | >1 | BazarBackdoor, TrickBot | |
| 645 | 24/04/2020 | ? | US and South Korean financial organizations and banks | Researchers at Group-IB discover that the details on roughly 400,000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker's Stash. | Unknown | K Financial and insurance activities | CC | US KR | Group-IB, Joker's Stash | |
| 646 | 24/04/2020 | ? | Single Individuals | Researchers from Inky discover a new campaign, sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program. | Account Hijacking | X Individual | CC | US | Inky, U.S. Federal Reserve, COVID-19 | |
| 647 | 24/04/2020 | ? | Single Individuals | Hackers setup a fake NHS site, claiming to provide COVID-19 updates, aimed to distribute malware. | Malware | X Individual | CC | US | NHS, COVID-19 | |
| 648 | 24/04/2020 | ? | Illinois Valley Community College | Illinois Valley Community College is hit with a ransomware attack. | Malware | P Education | CC | US | Illinois Valley Community College, ransomware | |
| 649 | 25/04/2020 | Asnarök | Vulnerable Sophos XG Firewalls | Cyber-security firm Sophos publishes an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product, being abused in the wild by hackers. The malware is dubbed Asnarök. | SQL Injection | Y Multiple Industries | CC | >1 | Sophos, XG, Asnarök | |
| 650 | 25/04/2020 | THE0TIME | Huiying Medical Technology | Research from Cyble identify a threat actor attempting to sell Huiying Medical Technology’s source code for AI-assisted COVID-19 detection and experimental data. | Unknown | C Manufacturing | CC | CN | Cyble, Huiying Medical Technology, COVID-19, THE0TIME | |
| 651 | 26/04/2020 | ? | Robert Dyas | Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March. | Malicious Script Injection | G Wholesale and retail trade | CC | UK | Robert Dyas | |
| 652 | 27/04/2020 | ? | Multiple targets | Researchers from Kaspersky discover a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL. | Account Hijacking | Y Multiple Industries | CC | >1 | Kaspersky, COVID-19, FedEx, UPS, DHL | |
| 653 | 27/04/2020 | ? | Lumberton Township Public Schools in Burlington County | Lumberton Township Public Schools in Burlington County announces it will temporarily stop using Zoom after a hacker reportedly streamed pornography and used racist language during a lesson for middle school students. | Zoom Bombing | P Education | CC | US | Lumberton Township Public Schools, Burlington County, Zoom | |
| 654 | 27/04/2020 | Sodinokibi AKA Revil | CivicSmart | CivicSmart, a vendor of smart parking meters, is hit with a Sodinokibi ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | Sodinokibi, Revil, CivicSmart, Ransomware | |
| 655 | 28/04/2020 | Light | Zaha Hadid Architects | A group of hackers breaches the network of Zaha Hadid Architects, one of the world's leading architectural firms. The attackers threaten to release sensitive information on the dark web unless the company pays a ransom demand. | Malware | M Professional scientific and technical activities | CC | UK | Zaha Hadid Architects, Light, ransomware | |
| 656 | 28/04/2020 | ? | Android users | Researchers from Check Point discover a new version of the Lucy malware going mobile, encrypting data and asking for a ransom threatening FBI action. | Malware | X Individual | CC | >1 | Check Point, Lucy, FBI, ransomware, Android | |
| 657 | 28/04/2020 | ? | Single Individuals | Microsoft Security Intelligence Team uncovers a number of fake movie torrents carrying malicious software that attempts to hijack a user’s machine to generate cryptocurrency. | Malware | X Individual | CC | >1 | Microsoft, torrent | |
| 658 | 28/04/2020 | ? | Vulnerable Wordpress servers | Researchers from Wordfence detect a peak of attacks targeting more than 900,000 Wordpress servers exploiting vulnerable plugins. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, Wordpress | |
| 659 | 28/04/2020 | Ocean Lotus AKA APT32? | Android devices in countries including India, Vietnam, Bangladesh, and Indonesia. | Researchers from Kaspersky warn of PhantomLance, an ongoing spying campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data. | Malware | X Individual | CE | >1 | Kaspersky, PhantomLance, Google Play, Android | |
| 660 | 28/04/2020 | Outlaw Hacking Group | Multiple targets in Europe | Researchers from Cybaze-Yoroi ZLab uncover a new botnet that is targeting European organizations. | Malware | Y Multiple Industries | CC | >1 | Cybaze-Yoroi ZLab, Outlaw | |
| 661 | 28/04/2020 | ? | Banking users especially in Brazil, Mexico, Spain and Peru | Researchers from ESET discover a new campaign using the Grandoreiro banking trojan, and exploiting the COVID-19 crisis to attack users especially in Brazil, Mexico, Spain and Peru. | Malware | K Financial and insurance activities | CC | >1 | ESET, Grandoreiro, COVID-19 | |
| 662 | 28/04/2020 | ? | Organizations in Healthcare | Researchers from Microsoft warn of a wave of ransomware attacks with multiple payloads, targeting organizations in Healthcare. | Malware | Q Human health and social work activities | CC | >1 | Microsoft, ransomware, COVID-19 | |
| 663 | 28/04/2020 | ? | Zoom users | Researchers at IntSights discover multiple Zoom databases on underground forums. | Credential stuffing | Y Multiple Industries | CC | >1 | IntSights, Zoom | |
| 664 | 29/04/2020 | ? | High-profile Estonian individuals | The Estonian Internal Security Service (KaPo) reveal that state-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee. | Vulnerability | O Public administration and defence, compulsory social security | CE | EE | KaPo, Mail.ee. | |
| 665 | 29/04/2020 | ? | Chegg | Chegg confirms its third data breach in the past three years: hackers stole 700 current and former employee records, including their names and Social Security numbers. | Unknown | M Professional scientific and technical activities | CC | US | Chegg | |
| 666 | 29/04/2020 | ? | Single Individuals | Researchers at TrendMicro uncover a new cyber-criminal campaign attempting to exploit the COVID-19 pandemic to trick remote workers into installing RevCode WebMonitor RAT in disguise of a fake Zoom installer. | Malware | X Individual | CC | >1 | TrendMicro, COVID-19, Coronavirus, RevCode, Zoom | |
| 667 | 29/04/2020 | ? | Multiple targets | Researchers from Kaspersky reveal a spike in brute-force attacks targeting RDP endpoints after the beginning of the COVID-19 pandemic. | Brute-force | Y Multiple Industries | CC | >1 | Kaspersky, RDP, COVID-19, Coronavirus | |
| 668 | 29/04/2020 | ? | UseNeXT and Usenet.nl | UseNeXT and Usenet.nl, two companies that provide Usenet services, disclose security breaches today, blaming the breaches on "a security vulnerability at a partner company." | Unknown | J Information and communication | CC | DE NL | UseNeXT, Usenet.nl, Usenet | |
| 669 | 29/04/2020 | ? | Undisclosed Multinational conglomerate | Researchers from Check Point reveal that attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company’s compromised Mobile Device Manager (MDM) server. | Malware | Z Unknown | CC | N/A | Check Point, Android, Cerberus, Ransomware | |
| 670 | 29/04/2020 | Aggah | Multiple targets | Researchers from Cisco Talos reveal the details of an updated Aggah campaign distributing a cocktail of malware strains: Agent Tesla, njRAT and Nanocore RAT. | Malware | Y Multiple Industries | CC | >1 | Cisco Talos, Aggah, Agent Tesla, njRAT, Nanocore RAT | |
| 671 | 29/04/2020 | ? | PaperlessPay Corporation | PaperlessPay Corporation, an e-pay vendor, discovers to have been hacked in February 2019, putting at risk the identity of multiple customers. | SQL Injection | M Professional scientific and technical activities | CC | US | PaperlessPay Corporation | |
| 672 | 30/04/2020 | PerSwaysion | High-ranking executives at more than 150 companies | Cyber-security firm Group-IB reveal the detail of PerSwaysion, a cybercrime group operating since mid-2019, able to breach the email accounts of high-ranking executives at more than 150 companies. | Account Hijacking | Y Multiple Industries | CE | >1 | Group-IB, PerSwaysion | |
| 673 | 30/04/2020 | ? | Vulnerable WebLogic servers | Oracle publishes an urgent security alert, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. The company says it received reports of attempts to exploit CVE-2020-2883. | Vulnerability | Y Multiple Industries | CC | >1 | Oracle, WebLogic, CVE-2020-2883. | |
| 674 | 30/04/2020 | ? | Banks and financial services across Europe | Researchers from Cybereason reveal the details of EventBot, a new Android malware targeting banks, financial services across Europe | Malware | K Financial and insurance activities | CC | >1 | Cybereason, EventBot, Android | |
| 675 | 30/04/2020 | ? | Multiple targets | Researchers from IBM X-Force uncover a new Trickbot campaign targeting email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA). | Malware | K Financial and insurance activities | CC | US | Researchers from IBM X-Force, Trickbot, U.S. Department of Labor, DoL, Family and Medical Leave Act, FMLA, COVID-19 | |
| 676 | 30/04/2020 | Netwalker | NWT Power Corporation | NWT Power Corporation (Northwest Territories Power Corporation) confirms to have been hit with a Netwalker ransomware attack | Malware | D Electricity gas steam and air conditioning supply | CC | CA | NWT Power Corporation, Northwest Territories Power Corporation | |
| 677 | 30/04/2020 | LockBit | Multiple countries including the US, the UK, France, Germany, Ukraine, China, India, and Indonesia. | Researchers from McAfee and Northwave Intelligent Security Operations discover a new ransomware called LockBit, able to self-spread inside the victim's network. | Malware | Y Multiple Industries | CC | >1 | McAfee, Northwave Intelligent Security Operations, ransomware, LockBit | |
| 678 | 30/04/2020 | ? | Multiple targets | Researchers from Barracuda Networks observe a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages. | Account Hijacking | Y Multiple Industries | CC | >1 | Barracuda Networks, reCAPTCHA, Microsoft | |
| 679 | 30/04/2020 | ? | Warwick University | The Warwick University reveals to have been breached last year (and tried to cover the breach). | Malware | P Education | CC | UK | Warwick University | |
| 680 | 30/04/2020 | ? | SWPS University of Humanities and Social Sciences (‘SWPS University’) | The Polish University of Humanities and Social Sciences is hit with a ransomware attack. | Malware | P Education | CC | PL | SWPS, University of Humanities and Social Sciences , ransomware | |
| 681 | 27/04/2020 | ? | Aeries Student Information System | Multiple school districts are impacted by a breach occurred to Aeries Student Information System, occurred in November 2019. | Unknown | M Professional scientific and technical activities | CC | US | Aeries Student Information System | |
| 682 | 18/04/2020 | ? | Etana Custody | Etana Custody states that its “client user interface was accessed by an unauthorized external party” | Unknown | V Fintech | CC | US | Etana Custody, Crypto | |
| 683 | 01/05/2020 | Maze | Banco BCR | Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. | Malware | K Financial and insurance activities | CC | CR | Maze, Banco BCR, ransomware | |
| 684 | 01/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security discover a malicious campaign impersonating notifications from Microsoft Teams. | Account Hijacking | O Public administration and defence, compulsory social security | CC | >1 | Microsoft Teams, Abnormal Security, COVID-19 | |
| 685 | 01/05/2020 | ? | Single Individuals | A new phishing campaign is distributing a combination of malware: a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. | Malware | X Individual | CC | >1 | LokiBot, Jigsaw, Ransomware | |
| 686 | 01/05/2020 | Maze | Nashville Plastic Surgery Institute, | Nashville Plastic Surgery Institute, dba Maxwell Aesthetics, is hit by a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | Nashville Plastic Surgery Institute, Maxwell Aesthetics, Maze, ransomware | |
| 687 | 01/05/2020 | Maze | Plastic Surgery Center Dr. Kristin Tarbet’s | Plastic Surgery Center Dr. Kristin Tarbet’s is hit by a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | US | Plastic Surgery Center Dr. Kristin Tarbet’s, Maze, Ransomware | |
| 688 | 01/05/2020 | Sodinokibi (AKA REvil) | MJ Payne | MJ Payne, a London accountancy firm, suffers a REvil ransomware attack. | Malware | K Financial and insurance activities | CC | UK | MJ Payne, REvil ransomware, Sodinokibi | |
| 689 | 02/05/2020 | ? | LineageOS | Hackers breach the main infrastructure of the LineageOS Android, causing a full outage. The attackers exploited a high-severity vulnerability in the open source “Salt” management framework that was disclosed to the public on April 30. | Vulnerability | M Professional scientific and technical activities | CC | N/A | LineageOS, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 690 | 02/05/2020 | ? | PeroxyChem | PeroxyChem is hit by a Maze ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | PeroxyChem, Maze, ransomware | |
| 691 | 03/05/2020 | Shiny Hunters | Tokopedia | A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online. | SQL Injection | G Wholesale and retail trade | CC | ID | Tokopedia, Shiny Hunters | |
| 692 | 03/05/2020 | Shiny Hunters | Unacademy | Online learning platform Unacademy suffers a data breach after a hacker gains access to their database and starts selling the account information for close to 22 million users. | Unknown | P Education | CC | IN | Unacademy, Shiny Hunters | |
| 693 | 03/05/2020 | ? | Naughty Dog | A security flaw in patches from game developer Naughty Dog give hackers access to unreleased content from the upcoming The Last of Us Part II that was stored in an Amazon S3 bucket. | Misconfiguration | R Arts entertainment and recreation | CC | US | Naughty Dog, The Last of Us, Amazon S3 | |
| 694 | 03/05/2020 | ? | Ghost | The blogging platform Ghost is compromised exploiting the Salt vulnerability. The attackers install a cryptominer. | Vulnerability | J Information and communication | CC | US | Ghost, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 695 | 03/05/2020 | ? | Digicert | Digicert is compromised as a consequence of the Salt vulnerability. | Vulnerability | M Professional scientific and technical activities | CC | US | Digicert, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 696 | 03/05/2020 | ? | Xen Orchestra | Xen Orchestra, a platform that provides tools to administrate Citrix Hypervisor is also compromised via the Salt vulnerability. | Vulnerability | M Professional scientific and technical activities | CC | US | Xen Orchestra, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 697 | 03/05/2020 | Sodinokibi (AKA REvil) | Harvest Sherwood Food Distributors | Food supplier Harvest Sherwood Food Distributors is hit by a REvil ransomware attack. | Malware | I Accommodation and food service activities | CC | US | Harvest Sherwood Food Distributors, Sodinokibi, Revil, ransomware | |
| 698 | 03/05/2020 | ? | Florida Gulf Coast University | A virtual ceremony by Florida Gulf Coast University is disrupted by a DDOS attack. | DDoS | P Education | CC | US | Florida Gulf Coast University | |
| 699 | 03/05/2020 | ? | Dakota Carrier Network | Dakota Carrier Network, a consortium of 14 independent broadband companies, is hit by the Maze ransomware. | Malware | M Professional scientific and technical activities | CC | US | Dakota Carrier Network, Maze, Ransomware | |
| 700 | 04/05/2020 | ? | Single individuals in France | A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders. | Malware | X Individual | CC | FR | VCrypt, ransomware | |
| 701 | 04/05/2020 | State-sponsored hackers from Russia, Iran, and China | UK universities and scientific facilities | The UK's National Cyber Security Centre (NCSC) warns that the country's universities and scientific facilities are being subject to a wave of hacking attempts conducted by other countries in the quest for coronavirus research. | Targeted Attack | P Education | CE | UK | National Cyber Security Centre, NCSC, Russia, Iran, China | |
| 702 | 04/05/2020 | ? | Financial Organizations | The US Financial Industry Regulatory Authority (FINRA) issues a cyber-security alert warning member organizations of "a widespread, ongoing phishing campaign." aimed at stealing Microsoft Office and SharePoint account passwords from its member organizations. | Account Hijacking | K Financial and insurance activities | CC | US | Financial Industry Regulatory Authority, FINRA, Microsoft Office, SharePoint | |
| 703 | 04/05/2020 | ? | Companies across different industries | Microsoft warns of multiple malspam campaigns carrying malicious disk image files aimed to distribute the REMCOS remote access tool, using the COVID-19 lure. | Malicious Spam | Y Multiple Industries | CC | >1 | REMCOS, COVID-19 | |
| 704 | 04/05/2020 | ? | Tarkett | French flooring company Tarkett reveals that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result: | Malware | C Manufacturing | CC | FR | Tarkett | |
| 705 | 04/05/2020 | ? | Android users in Ukraine, Russia, Kazakhstan, Turkmenistan | Researchers from Bitdefender discover an existing version of the Android device screen-locking malware SLocker, repackaged in the form of a mobile coronavirus app | Malware | X Individual | CC | >1 | COVID-19, Android, Bitdefender, SLocker | |
| 706 | 04/05/2020 | ? | Bukapalak | The data of 13 million users of the e-commerce platform Bukapalak are posted on a dark web forum, despite the company denies the breach. | Unknown | G Wholesale and retail trade | CC | ID | Bukapalak | |
| 707 | 04/05/2020 | ? | York University | York University suffers a "serious" cyber attack. | Unknown | P Education | CC | CA | York University | |
| 708 | 04/05/2020 | ? | CPC Corp., | Oil refiner Taiwan's CPC Corp., suffers a ransomware attack. | Malware | D Electricity gas steam and air conditioning supply | CC | TW | CPC Corp., | |
| 709 | 05/05/2020 | ? | Individuals in UK | Researchers from Cofense discover a new spear-phishing campaign targeting executives and others in attempt to steal login credentials and bank account details by posing as their smartphone provider EE. | Account Hijacking | X Individual | CC | UK | Cofense, EE | |
| 710 | 05/05/2020 | Government-backed hacking group | Organizations involved in international COVID-19 responses, healthcare, and essential services | A joint advisory by cyber-security agencies from the US (CISA) and the UK (NCSC) reveal that organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups | Password-spraying | Q Human health and social work activities | CE | >1 | CISA, NCSC, COVID-19 | |
| 711 | 05/05/2020 | ? | Single Individuals | Researchers from Malwarebytes reveal that hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon. | Malicious Script Injection | X Individual | CC | >1 | Malwarebytes, JavaScript, Magecart | |
| 712 | 05/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security discover a highly convincing series of phishing attacks, using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users' account credentials. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Cisco Webex | |
| 713 | 05/05/2020 | ? | Mercedes-Benz Instagram account | Unknown hackers post swastikas on Mercedes-Benz Instagram account. | Account Hijacking | C Manufacturing | CC | DE | Mercedes-Benz, Instagram | |
| 714 | 05/05/2020 | ? | Algolia | Search service Algolia says it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure. | Vulnerability | M Professional scientific and technical activities | CC | US | Algolia, CVE-2020-11651, CVE-2020-11652 | |
| 715 | 05/05/2020 | ? | Linux-based servers and smart IoT devices | Security researchers discover Kaiji, another strain of malware specifically built to infect Linux-based servers and smart IoT devices to launch DDoS attacks. | Malware | Y Multiple Industries | CC | >1 | Kaiji | |
| 716 | 05/05/2020 | ? | BJC HealthCare | BJC HealthCare warns patients that their information may have been exposed after it discovered someone gained unauthorized access to three employee email accounts on March 6. | Account Hijacking | Q Human health and social work activities | CC | US | BJC HealthCare | |
| 717 | 05/05/2020 | ? | Formosa Petrochemical Corp., | Formosa Petrochemical Corp., is hit by a malware attack. | Malware | D Electricity gas steam and air conditioning supply | CC | TW | Formosa Petrochemical Corp., | |
| 718 | 06/05/2020 | Snake | Fresenius | Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services is hit in a Snake ransomware cyber attack on its technology systems. | Malware | Q Human health and social work activities | CC | DE | Fresenius, Snake, Ransomware | |
| 719 | 06/05/2020 | Shiny Hunters | Microsoft | A hacker dubbed Shiny Hunters claims to have stolen over 500GB of data from Microsoft's private GitHub repositories | Unknown | M Professional scientific and technical activities | CC | US | Shiny Hunters, Microsoft, GitHub | |
| 720 | 06/05/2020 | ? | Vulnerable Wordpress sites | Researchers from Wordfence reveal that hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins to remotely execute arbitrary code and fully compromise unpatched targets. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, Wordpress, Elementor Pro, Ultimate Addons for Elementor | |
| 721 | 06/05/2020 | Lazarus group | Multiple organizations | Researchers from Malwarebytes reveal that hackers have hidden malware in MinaOTP, a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. | Targeted Attack | Y Multiple Industries | CE | >1 | Malwarebytes, MinaOTP, 2FA, Dacls, North Korea, Lazarus group | |
| 722 | 06/05/2020 | ? | Multiple E-Commerce servers | The FBI warns about attacks on Magento online stores via an old plugin vulnerability (CVE-2017-7391, a vulnerability in MAGMI, Magento Mass Import). | Vulnerability | G Wholesale and retail trade | CC | >1 | FBI, Magento, CVE-2017-7391, MAGMI, Magento Mass Import | |
| 723 | 06/05/2020 | Nefilim | Toll Group | For the second time in three months, Toll Group becomes the victim of a ransomware attack. | Malware | M Professional scientific and technical activities | CC | AU | Toll Group, Nefilim, ransomware | |
| 724 | 06/05/2020 | ? | 44 million Pakistani mobile subscribers | The details of 44 million Pakistani mobile subscribers are leaked online. | Unknown | X Individual | CC | PK | Pakistan | |
| 725 | 06/05/2020 | ? | Chrome users | 11 new fake crypto-wallet extensions add-ons are discovered in the Chrome Web store. | Malicious browser extension | X Individual | CC | >1 | Chrome, Crypto | |
| 726 | 06/05/2020 | ? | Single Individuals in the US | Researchers from Secureworks Counter Threat Unit (CTU) observe an increase in tax identity theft aimed at fraudulently obtaining stimulus checks. | Account Hijacking | X Individual | CC | US | Secureworks Counter Threat Unit, CTU | |
| 727 | 06/05/2020 | ? | Multiple organizations | Researches from Prevailion discover a new variant of the EVILNUM malware. | Malware | Y Multiple Industries | CC | >1 | Researches from Prevailion discover a new variant of the EVILNUM malware. | |
| 728 | 07/05/2020 | Silver Terrier | Multiple organizations | Researchers from Palo Alto Networks reveal the details of a new series of attacks from Silver Terrier, targeting multiple organizations involved with the COVID-19 response. | Business Email Compromise | Y Multiple Industries | CC | >1 | Silver Terrier, Palo Alto Networks, COVID-19 | |
| 729 | 07/05/2020 | Naikon APT | Several national government entities in the Asia Pacific (APAC) region | Researchers from Check Point discover new evidence of an ongoing cyber espionage operation against several national government entities in the Asia Pacific (APAC) region, using a new backdoor named Aria-body. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Check Point, Aria-body, Naikon APT | |
| 730 | 07/05/2020 | ? | Ruhr University Bochum (RUB) | The Ruhr University Bochum (RUB) announces that it was forced to shut down large parts of its central IT infrastructure, after a ransomware attack that took place between May 6 and May 7. | Malware | P Education | CC | DE | Ruhr University Bochum, RUB, ransomware | |
| 731 | 07/05/2020 | DonJuji | MobiFriends | The personal details of 3,688,060 users registered on the MobiFriends dating app are posted online and available for download. The data was obtained in a security breach that took place in January 2019 | Unknown | R Arts entertainment and recreation | CC | ES | MobiFriends, DonJuji | |
| 732 | 07/05/2020 | ? | Web applications built on the ASP.NET | Researchers at security firm Red Canary uncover a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. | Vulnerability | Y Multiple Industries | CC | >1 | Red Canary, Monero, Blue Mockingbird, CVE-2019-18935, ASP.NET, Crypto | |
| 733 | 07/05/2020 | ? | Fitness class | A Zoom hacker scares a group of about 60 children taking part in a fitness class, streaming a child sex abuse footage. | Zoom bombing | R Arts entertainment and recreation | CC | UK | Zoom | |
| 734 | 07/05/2020 | Maze | Sparboe Companies | The threat group MAZE publishes what it claims is data stolen from Sparboe Companies, a Minnesota egg supplier during a ransomware attack. | Malware | I Accommodation and food service activities | CC | US | Sparboe Companies, Maze | |
| 735 | 07/05/2020 | ? | Giannis Antetokounmpo's Twitter account | NBA Milwaukee Bucks' player Giannis Antetokounmpo's Twitter account is hacked. | Account Hijacking | X Individual | CC | US | Giannis Antetokounmpo, Twitter, Milwaukee Bucks | |
| 736 | 07/05/2020 | ? | StorEnvy | The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online. | Unknown | G Wholesale and retail trade | CC | US | StorEnvy | |
| 737 | 08/05/2020 | Sodinokibi (AKA REvil) | Grubman Shire Meiselas & Sacks (GSMLaw) | The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from Grubman Shire Meiselas & Sacks, a prominent entertainment and law firm that counts dozens of international stars as their clients, including Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others. | Malware | N Administrative and support service activities | CC | US | Sodinokibi, REvil. ransomware, Grubman Shire Meiselas & Sacks, GSMLaw, Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross | |
| 738 | 08/05/2020 | Attackers linked to Iran | Gilead Sciences | Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, as the company races to deploy a treatment for the COVID-19 virus. | Targeted Attack | M Professional scientific and technical activities | CC | >1 | Iran, Gilead Sciences Inc, COVID-19 | |
| 739 | 08/05/2020 | Shiny Hunters | HomeChef | A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale in the dark web. | Unknown | I Accommodation and food service activities | CC | US | HomeChef, Shiny Hunters | |
| 740 | 08/05/2020 | Shiny Hunters | ChatBooks | A database with 15 million records belonging to ChatBooks, a photo print service, is put on sale in the dark web. | Unknown | M Professional scientific and technical activities | CC | US | ChatBooks, Shiny Hunters | |
| 741 | 08/05/2020 | Shiny Hunters | Chronicle.com | Chronicle.com, a news source for higher education, is the latest victim to have a database dumped from the Shiny Hunters collective (3 million records). | Unknown | J Information and communication | CC | US | Chronicle.com, Shiny Hunters | |
| 742 | 08/05/2020 | ? | Texas Office of Court Administration (OCA) | The Texas Office of Court Administration (OCA) is hit by ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | Texas Office of Court Administration, Ransomware | |
| 743 | 08/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security discover a new phishing campaign exploiting the DocuSign platform. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, DocuSign | |
| 744 | 08/05/2020 | ? | City Index | Financial trading provider City Index informs users of a breach of their personal data, after its network was accessed by an unauthorized third party on April 14. | Unknown | K Financial and insurance activities | CC | UK | City Index | |
| 745 | 09/05/2020 | ? | Stadler | International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data. | Malware | C Manufacturing | CC | CH | Stadler | |
| 746 | 09/05/2020 | Shiny Hunters | Bhinneka | Bhinneka has 1.2 million records dumped by Shiny Hunters. | Unknown | G Wholesale and retail trade | CC | ID | Bhinneka, Shiny Hunters | |
| 747 | 09/05/2020 | Shiny Hunters | Minted | Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by Shiny Hunters. | Unknown | R Arts entertainment and recreation | CC | US | Minted, Shiny Hunters | |
| 748 | 09/05/2020 | Shiny Hunters | Styleshare | Styleshare, an online platform that allows users to share and receive updates on fashion and beauty, is breached by Shiny Hunters. 6 million records are leaked. | Unknown | J Information and communication | CC | KR | Styleshare, Shiny Hunters | |
| 749 | 09/05/2020 | Shiny Hunters | Ggumim | Ggumim suffers 2 million records leaked by Shiny Hunters. | Unknown | Z Unknown | CC | KR | Shiny Hunters, Ggumim | |
| 750 | 09/05/2020 | Shiny Hunters | Mindful | 2 Million accounts from Mindful are leaked by the Shiny Hunters. | Unknown | Q Human health and social work activities | CC | US | Shiny Hunters, Mindful | |
| 751 | 09/05/2020 | Shiny Hunters | Star Tribune | 1 Million accounts from the Star Tribune are leaked by the Shiny Hunters. | Unknown | J Information and communication | CC | US | Shiny Hunters, Star Tribune | |
| 752 | 09/05/2020 | Shiny Hunters | Zoosk | The Shiny Hunters leak 30 million accounts from Zoosk. | Unknown | S Other service activities | CC | >1 | Shiny Hunters, Zoosk | |
| 753 | 09/05/2020 | ? | U.S. Marshals Service | A data breach at the U.S. Marshals Service exposes the personal information of current and former prisoners (387,000 individuals are affected). The breach occurred on December 2019. | Unknown | O Public administration and defence, compulsory social security | CC | US | U.S. Marshals Service | |
| 754 | 10/05/2020 | ? | Port of Bandar Abbas | Iranian officials say that hackers damaged a small number of computers in a cyber-attack against the port of Bandar Abbas, the country's largest port in the Strait of Hormuz. | Unknown | H Transportation and storage | CW | IR | Bandar Abbas, Strait of Hormuz | |
| 755 | 10/05/2020 | ? | MyBudget | MyBudget, one of Australia's largest debt-management services is taken down by malware. | Malware | K Financial and insurance activities | CC | AU | MyBudget | |
| 756 | 11/05/2020 | Maze | Pitney Bowes | Pitney Bowes suffers a cyber attack for the second time in few months. The attackers are detected but manage to steal some files. | Malware | M Professional scientific and technical activities | CC | US | Pitney Bowes, Maze, Ransomware | |
| 757 | 11/05/2020 | ProLock | Diebold Nixdorf | Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffers a ProLock ransomware attack that disrupts some operations. | Malware | C Manufacturing | CC | US | Diebold Nixdorf, ProLock, ransomware | |
| 758 | 11/05/2020 | ? | WeLeakData.com | The database for the defunct hacker forum and data breach marketplace WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site. | Unknown | S Other service activities | CC | N/A | WeLeakData.com | |
| 759 | 11/05/2020 | ? | Banking users in Brazil | Researchers from Cisco Talos discover a new variant of the Astaroth malware using YouTube as its command and control infrastructure. | Malware | K Financial and insurance activities | CC | BR | Cisco Talos, Astaroth | |
| 760 | 11/05/2020 | ? | Banking users | Researchers from IBM X-Force reveal that the Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams. | Malware | K Financial and insurance activities | CC | >1 | IBM X-Force, Zeus Sphinx, COVID-19 | |
| 761 | 11/05/2020 | ? | Portuguese Banking users | A new campaign targets Portuguese Banking users with the Lampion malware, impersonating an invoice from a Bank transaction, an invoice from Vodafone Group, and emergency funds provided by the Portuguese Government to help the COVID-19 fight. | Malware | K Financial and insurance activities | CC | PT | Lampion, Vodafone Group, COVID-19 | |
| 762 | 11/05/2020 | ? | Multiple organizations | Researchers from Abnormal Security revel the details of a new attack impersonating a notification from Zoom in order to steal Microsoft credentials of employees. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Zoom, Microsoft | |
| 763 | 12/05/2020 | ? | Magellan Health Inc | Magellan Health Inc announces that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers. | Malware | Q Human health and social work activities | CC | US | Magellan Health Inc, ransomware | |
| 764 | 12/05/2020 | HIDDEN COBRA AKA Lazarus Group | US Companies | The US government (FBI, CISA, and DoD) releases information on three new malware variants (COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH) used in malicious cyber activity campaigns by the North Korean government-backed hacker group tracked as HIDDEN COBRA. | Targeted Attack | Y Multiple Industries | CE | US | (FBI, CISA, DoD, COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH, HIDDEN COBRA, Lazarus Group | |
| 765 | 12/05/2020 | Magecart | >1000 websites | Security researcher Max Kersten collects in a span of a few weeks over 1,000 domains infected with payment card skimmers. | Malicious Script Injection | Y Multiple Industries | CC | >1 | Max Kersten, Magecart | |
| 766 | 12/05/2020 | ? | ESET | ESET fends off a DDoS attack facilitated by "Updates for Android", a malicious news app hosted in the Google Play Store and downloaded 50,000 times. | DDoS | M Professional scientific and technical activities | CC | SK | ESET, Updates for Android, Google Play Store, Android | |
| 767 | 12/05/2020 | ? | Nikkei Inc., | Nikkei Inc., announces that personal information on a total of 12,514 people had been leaked after a computer used by a group company employee was infected with a virus in an apparent cyberattack. | Malware | J Information and communication | CC | JP | Nikkei Inc. | |
| 768 | 12/05/2020 | Nefilim | W&T Offshore | The hackers behind the Nefilim malware say they have stolen over 800 gigabytes of personnel and financial data from W&T Offshore Inc., | Malware | D Electricity gas steam and air conditioning supply | CC | US | W&T Offshore, Nefilim | |
| 769 | 13/05/2020 | Threat actors affiliated to the People’s Republic of China | US health care, pharmaceutical, and research industry sectors. | The US government (FBI, CISA, and DoD) reveals that Threat actors affiliated to the People’s Republic of China (PRC) are attempting to compromise and collect COVID-19 information from organizations in the US health care, pharmaceutical, and research industry sectors. | Targeted Attack | Q Human health and social work activities | CE | US | FBI, CISA, DoD, People’s Republic of China, PRC, COVID-19 | |
| 770 | 13/05/2020 | ? | Supercomputers across UK, Germany, Switzerland and Spain | Multiple supercomputers across Europe are infected with cryptocurrency mining malware and shut down to investigate the intrusions. | Malware | P Education | CC | >1 | Supercomputers | |
| 771 | 13/05/2020 | ? | Multiple organizations | Microsoft discovers a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan. | Malware | Y Multiple Industries | CC | >1 | Microsoft, COVID-19, LokiBot | |
| 772 | 13/05/2020 | ? | Multiple organizations | Researchers from ESET discover a new malware toolkit, dubbed Ramsay, able to collect sensitive files from systems isolated from the internet. | Malware | Y Multiple Industries | CC | >1 | ESET, Ramsay | |
| 773 | 13/05/2020 | ? | Interserve | Interserve, a contractor for the Britain’s Ministry of Defence suffers a security breach, after hackers break into a database and steal up to 100,000 of past and current employees details. | Unknown | M Professional scientific and technical activities | CC | UK | Interserve, Ministry of Defence | |
| 774 | 13/05/2020 | ? | Bam Construct | Bam Construct is hit by a malware. | Malware | M Professional scientific and technical activities | CC | UK | Bam Construct | |
| 775 | 13/05/2020 | Russia | German Chancellor Angela Merkel | German Chancellor Angela Merkel reveals that Russia was targeting her in hacking attacks, saying she had concrete proof of the "outrageous" spying attempts. | Targeted Attack | O Public administration and defence, compulsory social security | CE | DE | Angela Merkel, Russia | |
| 776 | 13/05/2020 | ? | Single Individuals | Researchers from Sophos discover a new phishing campaign using a well-crafted fake DHL delivery notification, | Account Hijacking | X Individual | CC | >1 | Sophos, DHL | |
| 777 | 13/05/2020 | ? | Wright County | Wright County notifies residents of a phishing attack occurred on January 31, 2019. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | Wright County | |
| 778 | 13/05/2020 | AKO | North Shore Pain Management | North Shore Pain Management has 4 GB of data leaked by the AKO ransomware gang. | Malware | Q Human health and social work activities | CC | US | North Shore Pain Management, AKO, ransomware | |
| 779 | 14/05/2020 | ? | Norfund | Fraudsters running business email compromise scams were able to swindle Norfund, Norway’s state investment fund, out of $10 million. | Business Email Compromise | K Financial and insurance activities | CC | NO | Norfund | |
| 780 | 14/05/2020 | ? | Multiple organizations | Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Office 365 sign-in pages. | Account Hijacking | Y Multiple Industries | CC | >1 | Microsoft, Azure AD, Office 365 | |
| 781 | 14/05/2020 | Turla APT? | European diplomatic entities | Researchers from Kaspersky discover a new COMpfun remote access trojan (RAT) variant controlled using uncommon HTTP status codes, used in attacks targeting European diplomatic entities. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Kaspersky, COMpfun, Turla | |
| 782 | 14/05/2020 | RATicate | Industrial companies | Researchers from Sophos identifies RATicate, a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies. | Targeted Attack | Y Multiple Industries | CE | >1 | Sophos, RATicate | |
| 783 | 14/05/2020 | ? | Multiple organizations | A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury. | Malware | Y Multiple Industries | CC | US | Adwind, U.S. Department of the Treasury, COVID-19 | |
| 784 | 14/05/2020 | APT from China | Government entities, telecommunications firms, and the gas industry | A joint report issued by ESET and Avast reveal the details of Mikroceen, a backdoor used in attacks against public and private entities in central Asia since 2017. | Targeted Attack | Y Multiple Industries | CE | >1 | ESET, Avast, China, Mikroceen | |
| 785 | 14/05/2020 | ? | Elexon | Elexon, a middleman in the UK power grid network, reports that it fell victim to a cyber-attack (probably malware). | Malware | D Electricity gas steam and air conditioning supply | CC | UK | Elexon, ransomware | |
| 786 | 14/05/2020 | ? | Service NSW | Service NSW reveals to have fallen victim to a phishing attack occurred on April 22. | Account Hijacking | O Public administration and defence, compulsory social security | CC | AU | Service NSW | |
| 787 | 14/05/2020 | ? | Multiple Organizations | Researchers from Palo Alto Networks Unit 42 observe both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. | Vulnerability | Y Multiple Industries | CC | >1 | Palo Alto Networks, Unit 42, Mirai, Hoaxcalls, Symantec | |
| 788 | 14/05/2020 | ? | Multiple organizations | Researchers from Armorblox reveal the details of a phishing campaign exploiting Symantec URL Protection to evade detection. | Account Hijacking | Y Multiple Industries | CC | >1 | Armorblox, Symantec | |
| 789 | 14/05/2020 | ? | Saint Paulus Lutheran Church | Saint Paulus Lutheran Church sues video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse. | Zoom bombing | S Other service activities | CC | US | Saint Paulus Lutheran Church, Zoom | |
| 790 | 14/05/2020 | ? | Des Moines City Council | A Des Moines civil rights meeting is abandoned after being Zoombombed. | Zoom bombing | O Public administration and defence, compulsory social security | CC | US | Des Moines City Council, Zoom | |
| 791 | 15/05/2020 | ? | Online Shops | Researchers at Sucuri discover a new WordPress malware used to scan and identify WooCommerce online shops to be targeted in future Magecart attacks. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Sucuri, WordPress, WooCommerce, Magecart | |
| 792 | 15/05/2020 | ? | Texas Department of Transportation (TxDOT) | A new ransomware attack hits the network of the state’s Department of Transportation (TxDOT). | Malware | O Public administration and defence, compulsory social security | CC | US | Texas Department of Transportation, TxDOT | |
| 793 | 15/05/2020 | ? | Car owners in Moscow | A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum. | Unknown | X Individual | CC | RU | Russia, Car owners | |
| 794 | 15/05/2020 | ? | BlueScope | BlueScope confirms it was the victim of a cyber incident. | Unknown | C Manufacturing | CC | AU | BlueScope | |
| 795 | 15/05/2020 | Tropic Trooper, AKA KeyBoy | Taiwanese and Philippine military | Researchers from Trend Micro reveal the details of a campaign targeting the air-gapped networks of the Taiwanese and the Philippine military via the USBferry malware. | Targeted Attack | O Public administration and defence, compulsory social security | CE | TW PH | Trend Micro, USBferry, Tropic Trooper, KeyBoy | |
| 796 | 04/05/2020 | ? | Healthcare, government entities, financial institutions, and retail | The FBI issues a security alert about a new ransomware strain named ProLock, deployed in intrusions at healthcare, government entities, financial institutions, and retail. | Malware | Y Multiple Industries | CC | US | FBI, ProLock, ransomware | |
| 797 | 08/05/2020 | ? | Nipissing First Nation | Nipissing First Nation is hit by a ransomware attack. | Malware | U Activities of extraterritorial organizations and bodies | CC | CA | Nipissing First Nation, ransomware | |
| 798 | 10/05/2020 | Powerful Greek Army | North Macedonia’s Ministry of Economy and Finance | A Greek group called Powerful Greek Army leaks dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica | Unknown | O Public administration and defence, compulsory social security | H | MK | Powerful Greek Army, North Macedonia’s Ministry of Economy and Finance, Strumica | |
| 799 | 11/05/2020 | ? | Bernards Township | Bernards Township is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Bernards Township, ransomware | |
| 800 | 14/05/2020 | ? | BlockFi | Crypto lending provider BlockFi reports that it suffered a data breach after, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees. | Account Hijacking | V Fintech | CC | US | BlockFi, Crypto | |
| 801 | 14/05/2020 | ? | Single Individuals in the US | Researchers from the advocacy group Abuse.ch discover a COVID-19-related malspam campaign that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials using a remote access trojan. | Account Hijacking | X Individual | CC | US | COVID-19, Abuse.ch, U.S. Treasury Department | |
| 802 | 14/05/2020 | ? | 9 million customers of the CDEK Express transportation service | Data belonging to nine million customers of the CDEK Express transportation service was is up for sale on the Web for 70 thousand rubles ($950). | Unknown | H Transportation and storage | CC | RU | CDEK Express | |
| 803 | 14/05/2020 | ? | Covve | Covve, the popular address book app, is identified as the source of a data breach that exposed the details of nearly 23 million individuals. | Unknown | J Information and communication | CC | CY | Covve | |
| 804 | 18/05/2020 | ? | Undisclosed Target | Researchers from Cofense discover a phishing tactic that leverages the OAuth2 framework and OpenID Connect (OIDC) protocol to access user data. | Account Hijacking | Z Unknown | CC | N/A | Cofense, OAuth2, OpenID Connect | |
| 805 | 18/05/2020 | NetWalker | Multiple organizations | Researchers at Trend Micro discover a new fileless version of the NetWalker ransomware. | Malware | Y Multiple Industries | CC | >1 | Trend Micro, NetWalker, Ransomware | |
| 806 | 19/05/2020 | ? | EasyJet | EasyJet admits that a "highly sophisticated cyber-attack" has affected approximately nine million customers. Email addresses and travel details have also been stolen and 2,208 customers had also their credit and debit card details "accessed". The attack was discovered on January. | Targeted Attack | H Transportation and storage | CC | UK | EasyJet | |
| 807 | 19/05/2020 | ? | Multiple organizations | Microsoft's Security Intelligence team warns of a "massive" COVID-19 themed phishing campaign that attempts to install NetSupport Manager, a remote access tool, by tricking users into opening email attachments containing malicious Excel 4.0 macros. | Malicious Spam | Y Multiple Industries | CC | >1 | Microsoft, COVID-19, NetSupport Manager, Excel | |
| 808 | 19/05/2020 | ? | Banking users | Researchers from Malwarebytes and HYAS reveal the details of Silent Night, a botnet distributed via the RIG exploit kit and COVID-19 spam. | Malware | K Financial and insurance activities | CC | >1 | Malwarebytes, HYAS, Silent Night, RIG exploit kit, COVID-19 | |
| 809 | 19/05/2020 | ? | Thai users of Whatsapp, Facebook Messenger | Researches from Cisco Talos reveal the details of WolfRAT, a new Trojan targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform. | Malware | X Individual | CC | TH | Cisco Talos, WolfRAT, Whatsapp, Facebook Messenger | |
| 810 | 19/05/2020 | Scattered Canary | Single Individuals | Researchers from Agari discover Scattered Canary, a group of business email compromise (BEC) Nigerian scammers targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act. | Business Email Compromise | X Individual | CC | US | Agari, Scattered Canary, BEC, COVID-19, CARES Act | |
| 811 | 19/05/2020 | ? | Undisclosed Target | Researchers from Abnormal Security reveal the detail of a new campaign impersonating the collaboration software provider, LogMeIn. | Account Hijacking | Z Unknown | CC | N/A | Abnormal Security, LogMeIn | |
| 812 | 20/05/2020 | Winnti Group | Massively multiplayer online (MMO) game developers located in South Korea and Taiwan | Cybersecurity firm ESET releases a report on the Winnti APT group, using PipeMon, a new, modular malware on the systems of several massively multiplayer online (MMO) game developers located in South Korea and Taiwan. | Targeted Attack | R Arts entertainment and recreation | CE | KR TW | ESET, Winnti, PipeMon | |
| 813 | 20/05/2020 | ShinyHunters | Wishbone | ShinyHunters puts up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll. | Unknown | M Professional scientific and technical activities | CC | US | ShinyHunters, Wishbone | |
| 814 | 20/05/2020 | ? | Banking users in the U.S., Canada, Germany, Poland, and Australia | Researchers from Proofpoint reveal the details of a new version of the ZLoader banking malware seen in more than 100 email campaigns since the beginning of the year. | Malware | K Financial and insurance activities | CC | >1 | Proofpoint, ZLoader | |
| 815 | 20/05/2020 | CyberWare | Scam companies | A group of hackers calling themselves CyberWare starts targeting scam companies with ransomware and DDoS attacks. | Malware | S Other service activities | CC | N/A | CyberWare | |
| 816 | 20/05/2020 | ? | Multiple organizations | The FBI issues a security alert about Zoom-bombing. | Zoom bombing | Y Multiple Industries | CC | US | FBI, Zoom bombing | |
| 817 | 21/05/2020 | ? | Multiple organizations | Researchers from Sophos reveal the details of RagnarLocker, a new ransomware installing virtual machines to avoid detection. | Malware | Y Multiple Industries | CC | >1 | Sophos, RagnarLocker, ransomware | |
| 818 | 21/05/2020 | Hackers of Savior | 2000 Israeli websites | More than 2000 Israeli websites are defaced to show an anti-Israeli message and with malicious code seeking permission to access visitors' webcams. Most of the websites were hosted on uPress, a local Israeli WordPress hosting service. | Defacement | Y Multiple Industries | H | IL | uPress, Hackers of Savior | |
| 819 | 21/05/2020 | Ke3chang (AKA APT15, Vixen Panda, Playful Dragon, and Royal APT) | Multiple organizations | Researchers from Intezer discover a new operation from the Ke3chang APT, using a new malware dubbed Ketrum. | Targeted Attack | Y Multiple Industries | CE | >1 | Intezer, Ke3chang APT, Ketrum, APT15, Vixen Panda, Playful Dragon, Royal APT | |
| 820 | 21/05/2020 | ? | Multiple organizations | Researchers from Armorblox discover a new campaign in disguise of the Supreme Court, using a CAPTCHA page to evade security controls on Office 365. | Account Hijacking | Y Multiple Industries | CC | >1 | Armorblox, Supreme Court, CAPTCHA, Office 365 | |
| 821 | 21/05/2020 | Chafer APT | Governments in Kuwait and Saudi Arabia | Researchers from BitDefender reveal the details of the Iran-linked Chafer APT group, targeting governments in Kuwait and Saudi Arabia | Targeted Attack | O Public administration and defence, compulsory social security | CE | KW SA | Chafer APT, Iran, BitDefender | |
| 822 | 21/05/2020 | ? | Multiple organizations | Researchers from Trustwave uncover a new phishing campaigns, taking advantage of “the reputation and services” of the Google Cloud’s Firebase mobile and web application development platform. | Account Hijacking | Y Multiple Industries | CC | >1 | Trustwave, Google Cloud, Firebase | |
| 823 | 22/05/2020 | LulzSecITA | San Raffaele Hospital | Hackers from LulzSecITA leak sensitive data from the San Raffaele Hospital in Milan. Data includes personal details of patients, doctors, nurses, and various employees. The breach occurred two months ago. | SQL Injection | Q Human health and social work activities | H | IT | LulzSecITA, San Raffaele | |
| 824 | 22/05/2020 | ShinyHunters | Mathway | ShinyHunters breaches Mathway, a popular math solving application, stealing more than 25 million emails and passwords. | Unknown | M Professional scientific and technical activities | CC | US | ShinyHunters, Mathway | |
| 825 | 22/05/2020 | ? | Multiple organizations | Researchers from Sentinel One discover a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers. | Malware | Y Multiple Industries | CC | >1 | Sentinel One, Sarwent, RDP, Remote Desktop Protocol | |
| 826 | 22/05/2020 | ? | 2 million Indonesians | A threat actor shares the 2014 voter information for close to 2 million Indonesians on a hacker forum. | Unknown | X Individual | CC | ID | Indonesia | |
| 827 | 22/05/2020 | ? | EduCBA | Online education site EduCBA starts notifying customers that they are resetting their passwords after suffering a data breach. | Unknown | P Education | CC | IN | EduCBA | |
| 828 | 22/05/2020 | ? | Italian companies operating in the manufacturing sector. | Researchers from ZLab discover a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. | Targeted Attack | C Manufacturing | CE | IT | ZLab | |
| 829 | 23/05/2020 | ? | Unknown resume aggregator | Researchers from Cyble discover a dump containing 29.1M Indian jobseekers personal details, offered for free in the hacking underground. | Unknown | M Professional scientific and technical activities | CC | IN | Cyble | |
| 830 | 23/05/2020 | ? | Multiple organizations | Researchers from Malwarebytes and HYAS publish a new report related to a new botnet, derived from Zeus, dubbed Silent Night Zeus. | Malware | Y Multiple Industries | CC | >1 | Malwarebytes, HYAS, Zeus, Silent Night Zeus. | |
| 831 | 23/05/2020 | DoubleGun | Multiple organizations in China | Researchers from NetLab 360 dismantle the infrastructure built by the DoubleGun Group, which had amassed hundreds of thousands of bots controlled via public cloud services, including Alibaba and Baidu Tieba. | Malware | Y Multiple Industries | CC | CN | NetLab 360, DoubleGun Group, Alibaba, Baidu Tieba | |
| 832 | 24/05/2020 | ? | Multiple Crypto wallets | The hacker that breached the Ethereum.org forum is allegedly selling the databases of several popular crypto hard wallets, including: Ledger, Trezor, and KeepKey. | Account Hijacking | V Fintech | CC | >1 | Ethereum.org, Ledger, Trezor, KeepKey, Crypto | |
| 833 | 24/05/2020 | ? | Discord users | A new version of the AnarchyGrabber Discord malware is released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service. | Malware | X Individual | CC | >1 | AnarchyGrabber, Discord | |
| 834 | 24/05/2020 | ? | Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online | Researchers from Cyble discover the databases of three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online | Unknown | S Other service activities | CC | N/A | Nulled.ch, Sinfulsite.com, suxx.to, Cyble | |
| 835 | 25/05/2020 | [F]Unicorn | Single individuals in Italy | The Agency for Digital Italy (AgID) discovers a new ransomware threat called [F]Unicorn, encrypting computers in Italy by tricking victims into downloading a fake COVID-19 contact tracing app. | Malware | X Individual | CC | IT | Agency for Digital Italy (AgID), [F]Unicorn, COVID-19 | |
| 836 | 25/05/2020 | ? | More than two dozen SQL databases | More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website (over 1.5 million rows). | Unknown | Y Multiple Industries | CC | >1 | SQL | |
| 837 | 26/05/2020 | Turla | Three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe | Security researchers from ESET have discovered new attacks carried out by Turla via the ComRAT backdoor, taking place in January 2020. The attacks targeted three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | ESET, Turla | |
| 838 | 26/05/2020 | ? | Arbonne International | Arbonne International exposes the personal information and credentials of thousands after its internal systems were breached by an unauthorized party. | Account Hijacking | M Professional scientific and technical activities | CC | US | Arbonne International | |
| 839 | 26/05/2020 | ? | Banking users in Portugal | A new version of the Grandoreiro malware is discovered In Portugal. | Malware | K Financial and insurance activities | CC | PT | Grandoreiro | |
| 840 | 27/05/2020 | NetWalker | City of Weiz | The Austrian City of Weiz is hit by the NetWalker Ransomware. | Malware | O Public administration and defence, compulsory social security | CC | AT | City of Weiz, ransomware, NetWalker | |
| 841 | 27/05/2020 | PonyFinal | Multiple Organizations | Microsoft's security team issues an advisory warning organizations around the globe to deploy protections against PonyFinal a new strain of ransomware that has been in the wild over the past two months. | Malware | Y Multiple Industries | CC | >1 | Microsoft, PonyFinal | |
| 842 | 27/05/2020 | ? | LiveJournal | Blogging platform LiveJournal appears to have suffered a security breach in 2014, and multiple hackers are selling the company's user database on the dark web and on hacking forums (26 million users). | Unknown | J Information and communication | CC | RU | LiveJournal | |
| 843 | 27/05/2020 | ? | Undisclosed Target | Researchers from Abnormal Security reveal the details of a new campaign impersonating AWS notifications. | Account Hijacking | Z Unknown | CC | N/A | AWS, Abnormal Security | |
| 844 | 27/05/2020 | ? | 47.5 million Indian Truecaller users | Researchers from Cyble discover the data of 47.5 million Indian users, apparently leaked on the dark web allegedly originated from the famous caller-ID app, Truecaller. | Unknown | X Individual | CC | IN | Cyble, Truecaller | |
| 845 | 27/05/2020 | "Hack-for-hire" groups operating in India | Employees at financial services, consulting and healthcare firms around the world | "Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from employees at financial services, consulting and healthcare firms around the world, according to Google's Threat Analysis Group. | Account Hijacking | Y Multiple Industries | CC | >1 | Google's Threat Analysis Group | |
| 846 | 28/05/2020 | ? | Cisco Systems | Cisco discloses a security breach that impacted a small part of its backend infrastructure: hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers: | Vulnerability | J Information and communication | CC | US | Cisco Systems, Salt, CVE-2020-11651, CVE-2020-11652 | |
| 847 | 28/05/2020 | ? | NTT | Nippon Telegraph & Telephone (NTT discloses a security breach. Hackers gained access to its internal network from Singapore and stole information on 621 customers from its communications subsidiary, NTT Communications. | Targeted Attack | J Information and communication | CE | JP | NTT, NTT Communications | |
| 848 | 28/05/2020 | ? | Github users | GitHub issues a security alert warning about Octopus Scanner, a new malware strain that's been spreading on its site via 26 boobytrapped Java projects. | Malware | Y Multiple Industries | CC | >1 | GitHub, Octopus Scanner | |
| 849 | 28/05/2020 | Sandworm AKA BlackEnergy | Multiple organizations | The US National Security Agency (NSA publishes a security alert warning of a new wave of cyberattacks against Exim email servers, exploiting CVE-2019-10149, conducted by Sandworm. | Targeted Attack | Y Multiple Industries | CE | US | US National Security Agency, NSA, Exim, CVE-2019-10149, Sandworm, BlackEnergy | |
| 850 | 28/05/2020 | ? | Multiple organizations | Researchers from Cybereason discover a new variant of the Valak malware targeting Microsoft Exchange. | Malware | Y Multiple Industries | CC | >1 | Valak, Cybereason, Microsoft Exchange | |
| 851 | 28/05/2020 | Netwalker | Michigan State University | The operators of the NetWalker (Mailto) ransomware announce that they've infected the network of Michigan State University | Malware | P Education | CC | US | NetWalker, Mailto, ransomware, Michigan State University | |
| 852 | 28/05/2020 | ? | Multiple organizations | Researchers at Palo Alto reveal the details of a new version of the Trickbot malware, providing a better method of evading detection. | Malware | Y Multiple Industries | CC | >1 | Palo Alto Networks, Unit 42, Trickbot | |
| 853 | 28/05/2020 | ? | Valorant Players | Researchers from Dr.Web discover fake Android and iOS Valorant apps, promoting scams. | Malware | R Arts entertainment and recreation | CC | >1 | Valorant, Dr.Web, iOS, Android | |
| 854 | 28/05/2020 | ? | Undisclosed Target | Researchers from Abnormal Security reveal the details of a new campaign impersonating the World Health Organization. | Account Hijacking | Z Unknown | CC | N/A | COVID-19, Abnormal Security, WHO, World Health organization | |
| 855 | 28/05/2020 | ? | City government systems in Minneapolis | City government systems in Minneapolis are taken down by a DDoS attack. | DDoS | O Public administration and defence, compulsory social security | H | US | Minneapolis | |
| 856 | 28/05/2020 | ? | Single Individuals in India | Security researchers from SonicWall discover fake malicious versions of Aarogya Setu, the Indian government’s coronavirus contact tracing mobile application. | Malware | X Individual | CC | IN | SonicWall, Aarogya Setu, COVID-19 | |
| 857 | 29/05/2020 | ? | Amtrak | The National Railroad Passenger Corporation (Amtrak) discloses a data breach that may have resulted in the compromise of customer personally identifiable information (PII). The data breach was discovered on April 16, 2020 and was carried out via compromised credentials. | Account Hijacking | H Transportation and storage | CC | US | Amtrak | |
| 858 | 29/05/2020 | ? | Organizations in Japan, Italy, Germany and the UK | Researchers from Kaspersky identify a series of attacks on organizations in Japan, Italy, Germany and the UK. Up to 50% of the attackers’ targets are organizations in various industrial sectors. | Targeted Attack | M Professional scientific and technical activities | CC | >1 | Kaspersky | |
| 859 | 29/05/2020 | ? | Multiple organizations | Researchers at ZLab discover a new campaign using COVID-19 lures (FMLA: Family and Medical Leave Act) to spread Himera and Absent-Loader. | Malware | Y Multiple Industries | CC | >1 | ZLab, COVID-19, FMLA, Family and Medical Leave Act, Himera, Absent-Loader. | |
| 860 | 29/05/2020 | Toogod | Department of Household Registration (Taiwan) | Researchers from Cyble discover in the dark web a database containing details of over 20 Million Taiwanese citizens. | Unknown | O Public administration and defence, compulsory social security | CC | TW | Cyble, Department of Household Registration, Toogod | |
| 861 | 30/05/2020 | ? | Emirates customers | Emirates airline warned passengers about the latest phishing email scam warning that flights have been cancelled because of COVID-19. | Account Hijacking | H Transportation and storage | CC | UAE | Emirates | |
| 862 | 30/05/2020 | ? | Unpatched Wordpress sites | Researchers from Wordfence reveal that Hackers launched a massive campaign against WordPress websites, attacking old vulnerabilities in unpatched plugins to download configuration files. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, Wordpress | |
| 863 | 30/05/2020 | Anonymous | Minneapolis Police Department | Anonymous takes down the Minneapolis Police Department website in retaliation for the murder of George Floyd. | DDoS | O Public administration and defence, compulsory social security | H | US | Anonymous, Minneapolis Police Department, George Floyd | |
| 864 | 30/05/2020 | ? | Single individuals in Italy | Researchers from D3Lab uncover a new COVID-19-themed phishing campaign targeting the users of the Italian National Institute for Social Security (INPS) and exploiting the COVID-19 measures. | Account Hijacking | X Individual | CC | IT | D3Lab, COVID-19, INPS | |
| 865 | 30/05/2020 | Sekhmet | Excis | Sekhmet ransomware operators claim to have hit an international IT firm, Excis. | Malware | M Professional scientific and technical activities | CC | UK | Excis, Sekhmet, ransomware | |
| 866 | 31/05/2020 | ? | Coincheck | Japanese cryptocurrency exchange Coincheck says hackers took control over its account at Oname.com, a local domain registrar and hijacked one of its domain names, which they later used to contact some of its customers. | Account Hijacking | V Fintech | CC | JP | Coincheck, Oname.com, Crypto | |
| 867 | 14/05/2020 | ? | Genworth Financial | Fortune 500 insurance holding company Genworth Financial discloses a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The breach was discovered by Genworth on April 20. | Account Hijacking | K Financial and insurance activities | CC | US | Genworth Financial | |
| 868 | 22/05/2020 | ? | Everett & Hurite Ophthalmic Association | Everett & Hurite Ophthalmic Association notifies 34,113 patients of a phishing attack occurred between February and March 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Everett & Hurite Ophthalmic Association | |
| 869 | 01/06/2020 | ? | Kent Commercial Services | Kent Commercial Services reveal to have been hit with a ransomware attack on April 2. The attackers demanded 800,000 GBP. | Malware | N Administrative and support service activities | CC | UK | Kent Commercial Services, ransomware | |
| 870 | 01/06/2020 | ? | Multiple organizations | Researchers from Panda Security uncover BazarBackdoor, a new malware sharing code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks. | Malware | Y Multiple Industries | CC | >1 | Panda Security, BazarBackdoor, TrickBot | |
| 871 | 02/06/2020 | ? | Minnesota Senate | The Minnesota Senate’s servers are hacked, and the attackers are able to access a file of passwords used by senators and staff, Senate officials. | Unknown | O Public administration and defence, compulsory social security | CC | US | Minnesota Senate | |
| 872 | 02/06/2020 | ? | Kentucky Employees’ Health Plan (KEHP) | Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) are victims of two connected data breaches that took place in late April and mid-May. | Account Hijacking | Q Human health and social work activities | CC | US | Kentucky Employees’ Health Plan, KEHP | |
| 873 | 02/06/2020 | Sodinokibi AKA REvil | Agromart Group | The gang behind the Sodinokibi ransomware puts on sale on an auction site the data stolen for Agromart Group. | Malware | M Professional scientific and technical activities | CC | CA | Sodinokibi, Agromart Group, ransomware | |
| 874 | 03/06/2020 | Cycldek, Conimes, or Goblin Panda | Large organizations and government institutions in Vietnam | Researchers from Kaspersky reveal the details of USBCulprit, a malware used by a group known as Cycldek, Conimes, or Goblin Panda, designed for compromising air-gapped devices via USB. | Targeted Attack | O Public administration and defence, compulsory social security | CE | VN | Kaspersky, USBCulprit, Cycldek, Conimes, Goblin Panda | |
| 875 | 03/06/2020 | Netwalker | Columbia College of Chicago | The Netwalker Ransomware operators claim to have successfully attacked the Columbia College of Chicago, stole unencrypted data, and encrypted their computers. | Malware | P Education | CC | US | Columbia College of Chicago, Netwalker, Ransomware | |
| 876 | 03/06/2020 | Netwalker | University of California San Francisco (UCSF) | The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stole unencrypted data, and encrypted their computers. | Malware | P Education | CC | US | University of California San Francisco, UCSF, Netwalker, Ransomware | |
| 877 | 03/06/2020 | ? | Microsoft Office 365 customers | Researchers from Abnormal Security discover a new phishing campaign targeting Microsoft Office 365 customers, using bait messages camouflaged as notifications sent by their organization to update the VPN configuration. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Microsoft Office 365, VPN, COVID-19 | |
| 878 | 03/06/2020 | ? | San Francisco Employees’ Retirement System (SFERS) | The San Francisco Employees’ Retirement System (SFERS) suffers a data breach after an unauthorized person gains access to a database hosted in a test environment. The breach occurred on February 2020. | Unknown | S Other service activities | CC | US | San Francisco Employees’ Retirement System, SFERS | |
| 879 | 03/06/2020 | DoppelPaymer | Digital Management Inc. (DMI) | The DoppelPaymer ransomware gang says it successfully breached the network of Digital Management Inc. (DMI), a managed IT and cyber-security services on demand, NASA contractor. | Malware | M Professional scientific and technical activities | CC | US | DoppelPaymer, ransomware, Digital Management Inc., DMI, NASA | |
| 880 | 03/06/2020 | Maze | Westech International | The threat actors behind the Maze ransomware steal and leak the data of Westech International, a US military contractor. | Malware | C Manufacturing | CC | US | Westech International, Maze, Ransomware | |
| 881 | 03/06/2020 | ? | Viva Republica Inc. | Viva Republica Inc., a fintech firm, has its Toss platform hacked suffering a loss worth 9.4 million won ($7,853). | Unknown | V Fintech | CC | KR | Viva Republica Inc., Toss | |
| 882 | 03/06/2020 | ? | Duluth School District | The Duluth School District reveals the details of a security breach involving 14 student accounts. | Account Hijacking | P Education | CC | US | Duluth School District | |
| 883 | 03/06/2020 | ? | Anti-racism organizations | Cloudflare reveals a 1,120 fold soar of cyber-attacks against anti-racism organizations in the wake of the death of George Floyd. | DDoS | U Activities of extraterritorial organizations and bodies | CC | >1 | Cloudflare, George Floyd | |
| 884 | 04/06/2020 | China and Iran APT Groups | Trump and Biden presidential campaigns | Researchers from Google’s Threat Analysis Group say they’ve identified efforts by at least two nation state-backed hackers against the Trump and Biden presidential campaigns. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US | Google, Threat Analysis Group, TAG, Trump, Biden | |
| 885 | 04/06/2020 | Maze | Conduent | The Maze Ransomware operators claim to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network. | Malware | M Professional scientific and technical activities | CC | US | Conduent, Maze, Ransomware | |
| 886 | 04/06/2020 | ? | Chartered Professional Accountants of Canada (CPA) | Chartered Professional Accountants of Canada (CPA) disclose a cyberattack against their website that allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders. | Unknown | S Other service activities | CC | CA | Chartered Professional Accountants of Canada, CPA | |
| 887 | 04/06/2020 | Tycoon | Small to medium size organizations in the software and education industries | Researchers from Blackberry and KPMG discover Tycoon, a new human-operated ransomware strain deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019. | Malware | Y Multiple Industries | CC | >1 | Blackberry, KPMG, Tycoon, ransomware | |
| 888 | 04/06/2020 | ? | Multiple organizations | Researchers from Akamai discover Stealthworker a piece of malware attempting brute-force attacks against cPanel. | Brute-Force | Y Multiple Industries | CC | >1 | Akamai, cPanel, Stealthworker | |
| 889 | 04/06/2020 | ? | Hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services and more | Researchers from Ironscale discover a massive phishing campaign sending fake email notifications for voice messages. | Account Hijacking | Y Multiple Industries | CC | >1 | Ironscale | |
| 890 | 04/06/2020 | ? | Banking users | Researchers from Check Point discover a new malware campaign, spoofing job seekers and delivering Zloader via emails with file attachments that claim to be curriculum vitae (CV). | Malware | K Financial and insurance activities | CC | US | Check Point, Zloader | |
| 891 | 04/06/2020 | Higaisa | Multiple organizations | Researchers from Malwarebytes discover a new campaign from a Korea-linked APT known as Higaisa, using LNK files. | Targeted Attack | Y Multiple Industries | CE | >1 | Malwarebytes, Higaisa, LNK | |
| 892 | 04/06/2020 | ? | Android users | Researchers from Trend Micro reveal that a couple of Android barcode reader apps, downloaded more than 1 million times, were found to contain ad fraud malware (AndroidOS_HiddenAd.HRXJA). | Malware | X Individual | CC | >1 | Trend Micro, Android, AndroidOS_HiddenAd.HRXJA | |
| 893 | 04/06/2020 | ? | San Beda University (SBU) | An unidentified hacker infiltrates the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online. | Unknown | P Education | CC | PH | San Beda University, SBU | |
| 894 | 05/06/2020 | Maze | VT San Antonio Aerospace | The Maze Ransomware gang breach and successfully encrypt the systems of VT San Antonio Aerospace. They also steal and leak unencrypted files. The attack occurred in April 2020. | Malware | M Professional scientific and technical activities | CC | US | VT San Antonio Aerospace, Maze, Ransomware | |
| 895 | 05/06/2020 | "John Wick" and "Korean Hackers" | ZEE5 | A hacker identifying themselves as "John Wick" and "Korean Hackers" claim to have breached the systems for Indian video on demand giant ZEE5 and are threatening to sell the database on criminal markets. | Unknown | J Information and communication | CC | IN | John Wick, Korean Hackers, ZEE5 | |
| 896 | 05/06/2020 | ? | Fitness Depot | Canadian retailer Fitness Depot announces customers that their personal and financial information was stolen following a breach that affected the company's e-commerce platform last month. | Malicious Script Injection | G Wholesale and retail trade | CC | CA | Fitness Depot, Magecart | |
| 897 | 05/06/2020 | Kupidon | Multiple organizations | A new ransomware dubbed Kupidon targets not only corporate networks, but also home user's personal data. | Malware | Y Multiple Industries | CC | >1 | Kupidon, Ransomware | |
| 898 | 05/06/2020 | eCh0raix | QNAP storage devices | The threat actors behind the eCh0raix Ransomware launch a brand new campaign targeting QNAP storage devices. | Malware | Y Multiple Industries | CC | >1 | eCh0raix, Ransomware, QNAP | |
| 899 | 05/06/2020 | ? | City of Florence | The city of Florence, Alabama, is hit by the DoppelPaymer ransomware. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Florence, Alabama | |
| 900 | 05/06/2020 | Maze | ST Engineering | The threat actors behind the Maze ransomware steal and leak the data of ST Engineering. | Malware | C Manufacturing | CC | SG | Maze, ransomware, ST Engineering. | |
| 901 | 05/06/2020 | ? | University of Utah | University of Utah notifies its patients after a phishing incident compromised employee email accounts between April 6 and May 22. | Account Hijacking | Q Human health and social work activities | CC | US | University of Utah | |
| 902 | 05/06/2020 | ? | Multiple organizations | Researchers from Yoroi ZLab reveal the details of a Netwire campaign targeting Italian-speakers. | Targeted Attack | Y Multiple Industries | CE | IT | Yoroi ZLab, Netwire | |
| 903 | 05/06/2020 | ? | Multiple organizations | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are trying to exploit the SMBGhost vulnerability (CVE-2020-0796). | Vulnerability | Y Multiple Industries | CC | US | U.S. Cybersecurity and Infrastructure Security Agency, CISA, SMBGhost, CVE-2020-0796 | |
| 904 | 06/06/2020 | ? | Single Individuals | A fake decryptor for the STOP Djvu Ransomware is being distributed. Instead of getting their files back for free, they are infected with another ransomware, Zorab. | Malware | X Individual | CC | >1 | STOP Djvu, Ransomware, Zorab | |
| 905 | 07/06/2020 | EKANS (SNAKE) | Enel Group | The Enel Group is hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network, | Malware | D Electricity gas steam and air conditioning supply | CC | IT | Enel Group, SNAKE, EKANS, ransomware | |
| 906 | 07/06/2020 | ? | University of the Philippines Cebu | Unknown attackers break into the evaluation portal of the University of the Philippines Cebu. | Unknown | P Education | CC | PH | University of the Philippines Cebu | |
| 907 | 07/06/2020 | ? | Hockley Medical Practice | Hockley Medical Practice have their records of nearly 9,000 patients hacked. | Unknown | Q Human health and social work activities | CC | UK | Hockley Medical Practice | |
| 908 | 08/06/2020 | EKANS (SNAKE) | Honda | Computer networks in Europe and Japan from car manufacturer giant Honda are also affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack. | Malware | C Manufacturing | CC | JP | Honda, SNAKE, EKANS | |
| 909 | 08/06/2020 | Russia? | German multinational corporation | Researchers at IBM X-Force uncover a COVID-19 related phishing campaign targeting a German multinational corporation, associated with a German government-private sector task force to procure personal protective equipment. The threat actors behind this campaign targeted more than 100 high ranking executives within this organization and its third-party ecosystem (approximately 40 organizations). | Targeted Attack | C Manufacturing | CE | DE | IBM X-Force, COVID-19 | |
| 910 | 08/06/2020 | DoppelPaymer | Avon | Cosmetics giant Avon discloses a security incident allegedly due to the DoppelPaymer ransomware. | Malware | C Manufacturing | CC | UK | Avon, DoppelPaymer, ransomware | |
| 911 | 08/06/2020 | ? | Greenworks | Researchers at RapidSpike discover that payment card data from customers of Greenworks hardware tools website is being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Greenworks, RapidSpike, Magecart | |
| 912 | 08/06/2020 | ? | Bitcoin users | Scammers hijack three YouTube channels (Juice TV, Right Human, and MaximSakulevich) to display bitcoin scams impersonating Elon Musk's SpaceX channel, stealing nearly $150,000 in bitcoins in two days. | Account Hijacking | X Individual | CC | >1 | YouTube, Juice TV, Right Human, MaximSakulevich, Elon Musk, SpaceX | |
| 913 | 08/06/2020 | TA410 | U.S. energy providers | Researchers from Proofpoint discover a new spear-phishing campaign targeting U.S. energy providers via FlowCloud, a new remote access trojan (RAT) capable of providing attackers with full control over infected systems. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | US | Proofpoint, FlowCloud | |
| 914 | 08/06/2020 | Avaddon | Single Individuals | Researchers from Appriver discover a new Avaddon Ransomware campaign targeting users worldwide. | Malware | X Individual | CC | >1 | Appriver, Avaddon, Ransomware | |
| 915 | 09/06/2020 | Dark Basin | Environmental advocacy groups, journalists, and others | A joint report by Citizen Labs and the University of Toronto reveals the details of a Dark Basin, a massive hack-for-hire operation targeting especially climate-change organizations who were campaigning against Exxon Mobil. | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | >1 | Dark Basin, Exxon Mobil, Citizen Lab, University of Toronto | |
| 916 | 09/06/2020 | ? | Lion | Australian beverage giant Lion is hit by a Ransomware attack. | Malware | I Accommodation and food service activities | CC | AU | Lion, Ransomware | |
| 917 | 09/06/2020 | ? | Multiple organizations | Security researchers from RiskIQ discover a new wave of attacks relying on Magecart and malicious redirector code lurking in misconfigured S3 buckets. | Misconfiguration | Y Multiple Industries | CC | >1 | RiskIQ, Magecart, S3 | |
| 918 | 09/06/2020 | R3dr0x | Bharat Earth Movers Limited (BEML). | Researchers from Cyble report that a threat actor is offering in a dark web black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML) | Unknown | C Manufacturing | H | IN | Cyble, R3dr0x, Bharat Earth Movers Limited, BEML | |
| 919 | 09/06/2020 | ? | Vulnerable Microsoft SQL Servers | Researchers from Sophos reveal that the operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Servers using brute-force methods in order to mine cryptocurrency. | Brute-Force | Y Multiple Industries | CC | >1 | Sophos, Kingminer, Microsoft SQL Servers, Crypto | |
| 920 | 09/06/2020 | ? | Slovak government | Slovak authorities arrest four suspects as part of an investigation into a series of suspicious devices found connected to the government's official IT network. | Wiretapping | O Public administration and defence, compulsory social security | CC | SK | Slovakia | |
| 921 | 10/06/2020 | Maze | MaxLinear | U.S. system-on-chip (SOC) maker company MaxLinear discloses that some of its computing systems were encrypted by Maze Ransomware operators. The attack was discovered on May 24. | Malware | C Manufacturing | CC | US | MaxLinear, Ransomware, Maze | |
| 922 | 10/06/2020 | ? | Single Individuals | A recent phishing email campaign discovered by Abuse.ch asks to vote anonymously about Black Lives Matter to spread the TrickBot information-stealing malware. | Malware | X Individual | CC | >1 | Abuse.ch, Black Lives Matter, TrickBot | |
| 923 | 10/06/2020 | ? | Small businesses in the UK | Researchers from Abnormal Security discover a new phishing campaign targeting business owners with Microsoft Office 365, and using bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government. | Account Hijacking | Y Multiple Industries | CC | UK | Abnormal Security, Microsoft Office 365, Small Business Grants Fund, SGF, COVID-19 | |
| 924 | 10/06/2020 | ? | Multiple organizations | Researchers from Recorded Future discover a new Ransomware-as-a-service, dubbed Thanos, with high evasion capabilities. | Malware | Y Multiple Industries | CC | >1 | Thanos, Recorded Future, Ransomware | |
| 925 | 10/06/2020 | ? | Microsoft | Microsoft reveals that attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented them. | Misconfiguration | M Professional scientific and technical activities | CC | US | Microsoft, Azure | |
| 926 | 10/06/2020 | ? | Single Individuals | Researchers from Google report an increase in the number of COVID-19 related scams. | Account Hijacking | X Individual | CC | IN | Google, India, COVID-19 | |
| 927 | 10/06/2020 | ? | Small businesses in the UK | Researchers from Google discover a new campaign targeting small businesses in the UK, designed to look like legitimate Small Business Grants Fund (SGF) messages. | Account Hijacking | Y Multiple Industries | CC | UK | Google, Small Business Grants Fund, SGF | |
| 928 | 10/06/2020 | ? | Single Individuals | Researchers from Google discover a phishing campaign themed with streaming services, targeting Brazilian users. | Account Hijacking | X Individual | CC | BR | Google, Brazil | |
| 929 | 10/06/2020 | ? | Single Individuals in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore. | Researchers from Anomali identify 12 fake COVID-19 contact tracing apps targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore. | Malware | X Individual | CC | >1 | Anomali, Armenia, India, Brazil, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore. | |
| 930 | 10/06/2020 | ? | City of Keizer | The city of Keizer is hit with a ransomware attack, and is able to restore the data, paying the perpetrators a $48,000 ransom. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Keizer, ransomware | |
| 931 | 11/06/2020 | ? | City of Knoxville | The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Knoxville, ransomware | |
| 932 | 11/06/2020 | ? | Customers of 36 US financial institutions | Security researchers at F5 Labs discover ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions. | Malware | K Financial and insurance activities | CC | US | F5 Labs, Qbot | |
| 933 | 11/06/2020 | ? | TAIT Towers | TAIT Towers, one of the world's leading live event solutions providers, discloses a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees. | Account Hijacking | C Manufacturing | CC | US | TAIT Towers | |
| 934 | 11/06/2020 | Gamaredon (Primitive Bear) | Ukrainian institutions | Researchers from ESET discover new recent campaigns by Gamaredon (Primitive Bear) containing a Visual Basic for Applications (VBA) project (.OTM file) targeting Microsoft Outlook email client with malicious macro scripts. | Targeted Attack | O Public administration and defence, compulsory social security | CE | UA | ESET, Gamaredon, Primitive Bear, VBA, Microsoft Outlook | |
| 935 | 11/06/2020 | China, Russia, and Turkey | Twitter users | Twitter discloses three new state-linked operations on its platform this year. As a result of its investigation, it bans and removes 32,242 accounts operated out of China, Russia, and Turkey, pushing local political agendas and narratives, and associated with state-sponsored entities. | Fake Social Network accounts/groups/pages | O Public administration and defence, compulsory social security | CC | >1 | Twitter, China, Russia, Turkey | |
| 936 | 11/06/2020 | ? | A1 Telekom | A1 Telekom, the largest internet service provider in Austria, admits a malware security breach from December 2019 to May 2020. | Malware | J Information and communication | CC | AT | A1 Telekom | |
| 937 | 11/06/2020 | Earth Empusa, AKA POISON CARP/Evil Eye, | Uyghurs minority | Researchers from Trend Micro reveal that the Earth Empusa threat group (aka POISON CARP/Evil Eye) is targeting the Uyghurs minority with a new Android spyware dubbed ActionSpy. | Targeted Attack | X Individual | CE | N/A | Trend Micro, Earth Empusa, POISON CARP/Evil Eye, Uyghurs, Android, ActionSpy | |
| 938 | 11/06/2020 | ? | Infinity Diagnostics Center | Infinity Diagnostics Center Instagram account is compromised by an unknown hacker. After gaining access, the threat actor uploads multiple stories designed to paint the business as racist. | Account Hijacking | Q Human health and social work activities | CC | US | Infinity Diagnostics Center | |
| 939 | 11/06/2020 | ? | eHealth Saskatchewan | eHealth Saskatchewan admits to have suffered a ransomware attack on December 20. | Malware | Q Human health and social work activities | CC | CA | eHealth Saskatchewan, ransomware | |
| 940 | 11/06/2020 | Sodinokibi AKA REvil | Activewear | Activewear reveals to have suffered a Sodinokibi ransomware attack back in May 2020. | Malware | G Wholesale and retail trade | CC | AU | Activewear, Sodinokibi, REvil, ransomware | |
| 941 | 12/06/2020 | ? | University of Missouri Health Care (MU Health Care) | University of Missouri Health Care (MU Health Care) discloses a breach that occurred in September 2019, when the email accounts of some students was been accessed without authorization. | Account Hijacking | Q Human health and social work activities | CC | US | University of Missouri Health Care, MU Health Care | |
| 942 | 12/06/2020 | ? | Portuguese users | A new malware called TroyStealer targets Portuguese users. | Malware | X Individual | CC | PT | TroyStealer | |
| 943 | 12/06/2020 | ? | NHS | The NHS confirms that 113 internal email accounts were compromised and used to send malicious spam between May 30 and June 1 2020. | Account Hijacking | Q Human health and social work activities | CC | UK | NHS | |
| 944 | 12/06/2020 | m1x | puebla.gob.mx | A Russian hacker named m1x breaches a Mexican government web portal (puebla.gob.mx) and three days later once the government refused to pay a ransom, publicly-releases some 14,000 Mexican taxpayer ID numbers. | Unknown | O Public administration and defence, compulsory social security | CC | MX | m1x, puebla.gob.mx | |
| 945 | 12/06/2020 | ? | Electronic Waveform Lab, Inc. | Electronic Waveform Lab, Inc. reveals it suffered a ransomware attack on April 11, 2020. | Malware | C Manufacturing | CC | US | Electronic Waveform Lab, Inc., ransomware | |
| 946 | 12/06/2020 | ? | Cano Health | Cano Health warns its patients of a phishing attack involving three employees, discovered on April 2020 and occurred on May 2018. | Account Hijacking | Q Human health and social work activities | CC | US | Cano Health | |
| 947 | 12/06/2020 | ? | www.indianblooddonors.com | A data leak that contains sensitive information of 12,472 Indian blood donors is posted on two forums. | Unknown | Q Human health and social work activities | CC | IN | www.indianblooddonors.com | |
| 948 | 13/06/2020 | Black Kingdom | Multiple organizations | Researchers from REDTEAM.PL reveal that operators of Black Kingdom ransomware target enterprises with unpatched Pulse Secure VPN software or initial access on the network, exploiting CVE-2019-11510. | Vulnerability | Y Multiple Industries | CC | >1 | REDTEAM.PL, Black Kingdom, Pulse Secure, CVE-2019-11510, ransomware | |
| 949 | 13/06/2020 | ? | Rangely District Hospital (RDH) | Rangely District Hospital (RDH) reveals to have been hit by a ransomware attack on April 2020. | Malware | Q Human health and social work activities | CC | US | Rangely District Hospital, RDH, ransomware | |
| 950 | 13/06/2020 | ? | 3,500 Armenian citizens | Azerbaijani hackers publish the data of about 3,500 Armenian citizens (people infected with COVID-19 and their contacts). | Unknown | X Individual | CC | AM | Azerbaijan, Armenia, COVID-19 | |
| 951 | 14/06/2020 | Maze | Threadstone Advisors LLP | The Maze ransomware gang hits Threadstone Advisors LLP, a US corporate advisory firm specialized in M&A. | Malware | K Financial and insurance activities | CC | US | Maze, Threadstone Advisors LLP | |
| 952 | 14/06/2020 | ? | Sapiens International | Israeli software company Sapiens International falls victim to a ransomware attack, paying $250,000 in Bitcoin to hackers | Malware | M Professional scientific and technical activities | CC | IL | Sapiens International, Ransomware | |
| 953 | 14/06/2020 | ? | Bitcoin users | For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages, to steal bitcoins. | Account Hijacking | V Fintech | CC | >1 | Privnotes.com, privnote.com, bitcoin, crypto | |
| 954 | 14/06/2020 | Anonymous USA (@AnonOpUSA) | Atlanta Police Department | The Anonymous claim to have taken down the website of the Atlanta Police Department (atlantapd.org). | DDoS | O Public administration and defence, compulsory social security | H | US | Anonymous, Anonymous USA, @AnonOpUSA, Atlanta Police Department, atlantapd.org | |
| 955 | 15/06/2020 | ? | Foodora | The details of 727,000 Foodora accounts in 14 countries are leaked online. | Unknown | I Accommodation and food service activities | CC | DE | Foodora | |
| 956 | 15/06/2020 | ? | Geox | Geox, the Italian shoe maker is hit with a ransomware attack. | Malware | C Manufacturing | CC | IT | Geox, Ransomware | |
| 957 | 15/06/2020 | ? | Claire's | Researchers from Sansec reveal that the websites for U.S. based jewelry and accessory giant Claire's, and its subsidiary Icing, were compromised in April via a Magecart attack. | Malicious Script Injection | G Wholesale and retail trade | CC | US | Claire's, Magecart, Sansec | |
| 958 | 15/06/2020 | ? | Single Individuals | A new campaign starts to push fake data breach notifications for big company names that really suffered a breach, to distribute malware and scams. | Malware | Y Multiple Industries | CC | >1 | Breach | |
| 959 | 15/06/2020 | ? | Single Individuals | Nine human rights activists, journalists, academics and lawyers in India have been targeted by a “coordinated” spyware operation, according to an investigation by Amnesty International and the Citizen Lab. | Targeted Attack | X Individual | CE | IN | Amnesty International, Citizen Lab | |
| 960 | 15/06/2020 | ? | Intersport | The website of Intersport, one of Europe's largest sporting goods retail chain, is hit by a Magecart attack. | Malicious Script Injection | G Wholesale and retail trade | CC | CH | Intersport, Magecart | |
| 961 | 15/06/2020 | ? | Apple Mac Users | Researchers at Intego warn Apple Mac users of a new malware in disguise of an installer for Adobe Flash Player (a variant of OSX/Shlayer and OSX/Bundlore), distributed via Google search results. | Malware | X Individual | CC | >1 | Apple, Mac, Adobe Flash Player, OSX/Shlayer, OSX/Bundlore, Intego, Google | |
| 962 | 15/06/2020 | Vendetta | Multiple organizations | Researchers from ElevenPaths reveal the details of Vendetta, a threat actor targeting technological, business and government sectors that handle sensitive information | Targeted Attack | Y Multiple Industries | CE | >1 | ElevenPaths, Vendetta | |
| 963 | 08/06/2020 | ? | Preen.Me | Researchers from Risk Based Security reveal that personal data of an estimated 350,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me. | Unknown | M Professional scientific and technical activities | CC | IL | Preen.Me, Risk Based Security | |
| 964 | 09/06/2020 | ? | South Africa’s Life Healthcare | South Africa’s Life Healthcare says its southern African operation is hit by a cyber attack affecting its admissions systems, business processing systems and email servers. | Unknown | Q Human health and social work activities | CC | ZA | Life Healthcare | |
| 965 | 10/06/2020 | ? | Multiple organizations | Researchers from Cofense discover a massive keylogger distribution campaign dubbed Mass Logger. | Malware | Y Multiple Industries | CC | >1 | Cofense, Mass Logger | |
| 966 | 11/06/2020 | ? | University of the Philippines Visayas | The University of the Philippines Visayas confirmed on its official Facebook page that its website, upv.edu.ph, was defaced on Thursday, June 11. | Defacement | P Education | CC | PH | University of the Philippines Visayas, upv.edu.ph | |
| 967 | 16/06/2020 | ? | Countries across Europe and North America | Social media research group Graphika publishes a report unmasking a new Russian information operation codenamed Secondary Infektion, active since 2014, relying on fake news articles, fake leaks, and forged documents to generate political scandals in countries across Europe and North America. | Fake Social Network accounts/groups/pages | O Public administration and defence, compulsory social security | CW | >1 | Graphika, Russia, Secondary Infektion | |
| 968 | 16/06/2020 | ? | Single Individuals | Researchers from Morphisec discover a new campaign exploiting a DLL hijacking vulnerability in Apple’s Push Service (APSDaemon) to install a cryptocurrency miner and avoid detection. | Malware | X Individual | CC | >1 | Morphisec, Apple’s Push Service, APSDaemon, crypto | |
| 969 | 16/06/2020 | ? | Multiple organizations in New Zealand | The New Zealand's national computer emergency response team warns of a crime gang seeking "ransomware attack opportunities" against NZ organizations that use unpatched or poorly secured Citrix remote-access technology. | Misconfiguration | Y Multiple Industries | CC | NZ | New Zealand's national computer emergency response team, Citrix ransomware | |
| 970 | 16/06/2020 | China | India | China launches DDOS attacks against information websites and the country’s financial payments system, amid growing tensions over border disputes in the Kashmir region. | DDoS | O Public administration and defence, compulsory social security | CW | IN | China, India | |
| 971 | 17/06/2020 | ? | Amazon | Amazon reveals that its AWS Shield service mitigated the largest DDoS attack ever recorded, stopping a 2.3 Tbps attack in mid-February this year. | DDoS | M Professional scientific and technical activities | CC | US | Amazon | |
| 972 | 17/06/2020 | Lazarus Group | European aerospace and military companies | Security researchers from ESET disclose a new operation orchestrated by the Lazarus Group codenamed "Operation In(ter)ception," targeting victims for both cyber-espionage and financial theft. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | ESET, Lazarus Group, Operation In(ter)ception, North Korea | |
| 973 | 17/06/2020 | Sodinokibi (AKA REvil) | Light S.A. | Sodinokibi ransomware (aka REvil) operators breach the Brazilian-based electrical energy company Light S.A. and demanding a $14 million worth ransom. | Malware | D Electricity gas steam and air conditioning supply | CC | BR | Sodinokibi, REvil, Light S.A. | |
| 974 | 17/06/2020 | ? | Russian Organizations | Researchers from Palo Alto Unit 42 discover a new malware, dubbed AcidBox, employed in targeted attacks against Russian organizations, and that leverages an exploit previously associated with the Russian-linked Turla APT group. | Targeted Attack | Z Unknown | CE | RU | Palo Alto Unit 42, AcidBox, Turla | |
| 975 | 17/06/2020 | ? | Unnamed Web host | An unnamed webhost was is hit with one of the largest DDoS attacks ever registered by Akamai (1.44 terabit-per-second) | DDoS | Z Unknown | CC | N/A | Akamai, DDoS | |
| 976 | 17/06/2020 | ? | City of Lexington | A Zoom meeting regarding issues surrounding police discipline is interrupted by callers shouting racist and homophobic remarks. | Zoom bombing | O Public administration and defence, compulsory social security | CC | US | Lexington, Zoom | |
| 977 | 17/06/2020 | ? | Cebu Normal University (CNU) | Subdomains of the Cebu Normal University (CNU) website, particularly the Library and Journal for Higher Education (JHE), are hacked by unknown entities. | Unknown | P Education | CC | PH | Cebu Normal University, CNU | |
| 978 | 17/06/2020 | Pinoy Grayhats | Far Eastern University (FEU) | 1,000 student accounts from the Far Eastern University (FEU) are made public, with details such as names, student numbers, and passwords exposed. | Unknown | P Education | CC | PH | Far Eastern University, FEU, Pinoy Grayhats | |
| 979 | 18/06/2020 | InvisiMole and Gamaredon | High-profile organizations in Eastern Europe | Researchers from ESET discover a new campaign carried out by the InvisiMole group in cooperation with Gamaredon (two groups linked to Russia). | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | ESET, InvisiMole, Gamaredon, Russia | |
| 980 | 18/06/2020 | ? | Android users | Researchers at Awake Security reveal that a newly discovered spyware attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser. Google immediately removes 70 of the malicious extensions | Malware | X Individual | CC | >1 | Google, Android, Awake Security | |
| 981 | 18/06/2020 | Holmium AKA APT33, StoneDrill and Elfin | Aerospace, defence, chemical, mining, and petrochemical companies | Researchers from Microsoft reveal the details of a new campaign by Holmium, a group targeting exposed Exchange servers. | Account Hijacking | Y Multiple Industries | CE | >1 | Microsoft, Holmium, APT33, StoneDrill, Elfin | |
| 982 | 18/06/2020 | ? | Wells Fargo customers | Researchers from Abnormal Security discover a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites. | Account Hijacking | K Financial and insurance activities | CC | US | Abnormal Security, Wells Fargo | |
| 983 | 18/06/2020 | ? | European, Asian, and Middle Eastern targets | Researchers from Check Point discover a phishing campaign abusing an Adobe Campaign redirection mechanism, and using a Samsung domain to redirect victims to an O365 themed phishing website. The attackers also hijacked an Oxford email server to deliver the malicious emails. | Account Hijacking | Y Multiple Industries | CC | >1 | Check Point, Adobe Campaign, Samsung, Office 365, Oxford | |
| 984 | 18/06/2020 | ? | Bank of America customers | Researchers from Armorblox discover a phishing campaign against Bank of America customers able to bypass security filters. | Account Hijacking | K Financial and insurance activities | CC | US | Armorblox, Bank of America | |
| 985 | 18/06/2020 | ? | Banking users | Researchers from Juniper discover a new version of the IcedID banking trojan employed in COVID-19 themed attacks exploiting FMLA. | Malware | K Financial and insurance activities | CC | US | Juniper, IcedID, COVID-19, FMLA | |
| 986 | 18/06/2020 | ? | Lion | Australian beverage giant Lion is hit by a second cyber attack. | Unknown | I Accommodation and food service activities | CC | AU | Lion | |
| 987 | 18/06/2020 | ? | RBX.Place | Hackers steal data from RBX.Place, a grey marketplace where players of the massively popular online game Roblox can sell in-game items for real money. | Unknown | S Other service activities | CC | N/A | RBX.Place | |
| 988 | 19/06/2020 | China? | Australian Organizations | Australian Prime Minister Scott Morrison calls a press conference to reveal that Australian organizations (government and private sector) are currently being targeted by a sophisticated state-based cyber actor. Fingers are pointed to China. | Targeted Attack | O Public administration and defence, compulsory social security | CE | AU | Scott Morrison, China | |
| 989 | 19/06/2020 | Anonymous | US Police | A leak-focused activist group known as Distributed Denial of Secrets publishes BlueLeaks, a 269-gigabyte collection of police data, allegedly received from the Anonymous collective, which includes emails, audio, video, and intelligence documents, with more than a million files in total. | Unknown | O Public administration and defence, compulsory social security | H | US | Distributed Denial of Secrets, BlueLeaks, Anonymous | |
| 990 | 19/06/2020 | NetWalker | Crozer-Keystone Health System | Crozer-Keystone Health System suffers a ransomware attack by the NetWalker ransomware gang. The gang auctions the stolen data through its darknet website. | Malware | Q Human health and social work activities | CC | US | Crozer-Keystone Health System, NetWalker | |
| 991 | 19/06/2020 | ? | Blaze Angel Roberts Instagram account | Popular Australian surfer Blaze Angel Roberts has her Instagram account hacked, posting sexually explicit images. | Account Hijacking | X Individual | CC | AU | Blaze Angel Roberts, Instagram | |
| 992 | 19/06/2020 | ? | Bitcoin users | A new bitcoin scam allows attackers to steal more than $2 million in two months from Elon Musk's name. The trick involves the use of Bitcoin vanity addresses in order to give the scam more credibility. | Bitcoin vanity addresses | X Individual | CC | >1 | Bitcoin, Elon Musk, Crypto | |
| 993 | 19/06/2020 | ? | Mid-Michigan College | An attacker breaks into the Mid-Michigan College’s email system, compromising the accounts of 10 employees and compromising personal data of potentially up to 16,000 people. | Account Hijacking | P Education | CC | US | Mid-Michigan College | |
| 994 | 19/06/2020 | ? | Florida Orthopedic Institute | The Florida Orthopedic Institute warns of a ransomware attack suffered on April 9. | Malware | Q Human health and social work activities | CC | US | Florida Orthopedic Institute, Ransomware | |
| 995 | 19/06/2020 | ? | Multiple organizations | Multiple ConnectWise have their customers hit with ransomware through a software flaw. | Malware | Y Multiple Industries | CC | >1 | ConnectWise, ransomware | |
| 996 | 20/06/2020 | ? | Discord users | A new malware dubbed NitroHack is distributed in disguise of the premium Discord Nitro service. | Malware | X Individual | CC | >1 | Discord, NitroHack | |
| 997 | 20/06/2020 | ? | Tallapoosa County Probate Office | Tallapoosa County Probate Office is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Tallapoosa County Probate Office | |
| 998 | 21/06/2020 | ? | Over 230.000 Indonesian COVID-19 patient | Security researchers from Cyble discover over 230.000 Indonesian COVID-19 patients records leaked in the darknet. | Unknown | Z Unknown | CC | ID | Cyble, COVID-19 | |
| 999 | 21/06/2020 | ? | University of California, Davis | A racist cyberattack email is delivered to thousands of University of California, Davis email accounts, prompting the university to block most of the emails, officials said Tuesday. | Malicious Spam | P Education | CC | US | University of California, Davis | |
| 1.000 | 22/06/2020 | CLOP | Indiabulls Group | Indian conglomerate Indiabulls Group is allegedly hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data. | Malware | M Professional scientific and technical activities | CC | IN | Indiabulls Group, CLOP, ransomware | |
| 1.001 | 22/06/2020 | ? | Misconfigured Docker clusters | Security researchers from Trend Micro discover what appears to be the first organized and persistent series of attacks against Docker servers that infect misconfigured clusters with DDoS malware (XORDDoS AKA Backdoor.Linux.XORDDOS.AE and Kaiji DDoS AKA DDoS.Linux.KAIJI.A). | Misconfiguration | Y Multiple Industries | CC | >1 | Trend Micro, Docker, DDoS, XORDDoS, Backdoor.Linux.XORDDOS.AE, Kaiji DDoS, DDoS.Linux.KAIJI.A | |
| 1.002 | 22/06/2020 | ? | Several dozen e-commerce sites using Google Analytics. | Researchers from Sansec reveals they discovered a Magecart campaign using Google Analytics to bypass Content Security Policies. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Sansec, Google Analytics, Content Security Policies, Magecart | |
| 1.003 | 22/06/2020 | ? | Undisclosed technology company | Researchers from Darktrace discover a phishing campaign spoofing QuickBooks, a product commonly being used in advance of the July 15 tax deadline. | Account Hijacking | Z Unknown | CC | US | Darktrace, QuickBooks | |
| 1.004 | 22/06/2020 | ? | Stalker Online | More than one million players of the video game Stalker Online are at risk after a database containing over 1.2 million user records is being sold on hacking forums. Separately, another database which is said to contain more than 136,000 records from the game’s forums are also being offered for sale. | Unknown | R Arts entertainment and recreation | CC | RU | Stalker Online | |
| 1.005 | 22/06/2020 | ? | Government and military orgs in South Asia | Researchers from Cisco Talos discover a military-themed malware campaign targeting military and government organizations in South Asia, using the Cobalt Strike toolset, and distributing a RAT via the IndigoDrop malware dropper. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Cisco Talos, Cobalt Strike, IndigoDrop | |
| 1.006 | 22/06/2020 | ? | Mid-level employees across Austria, Switzerland and Germany | Researchers from Proofpoint discover a campaign spreading the Hakbit ransomware using malicious Microsoft Excel attachments and the GuLoader dropper. | Malware | Y Multiple Industries | CC | >1 | Proofpoint, Hakbit, ransomware, GuLoader | |
| 1.007 | 22/06/2020 | UK Police | Encrochat | The encrypted chat Encrochat shuts down after a police hack. | Unknown | M Professional scientific and technical activities | N/A | N/A | Encrochat | |
| 1.008 | 22/06/2020 | ? | Iowa State University | Iowa State University officials announce hat nearly 4,900 Iowa State University-affiliated email accounts were the recipients of a racist cyberattack from an email sender claiming to be Equity Prime Mortgage. | Malicious Spam | P Education | CC | US | Iowa State University | |
| 1.009 | 22/06/2020 | ? | CHI St. Luke’s Health-Memorial Lufkin | CHI St. Luke’s Health-Memorial Lufkin notifies of a phishing incident occurred on April 23, 2020. | Account Hijacking | P Education | CC | US | CHI St. Luke’s Health-Memorial Lufkin | |
| 1.010 | 23/06/2020 | ? | K12 Schools | The US Federal Bureau of Investigation sends out a security alert to K12 schools about the increase in ransomware attacks during the COVID-19 pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems. | Malware | P Education | CC | US | FBI, K12, Ransomware, COVID-19 | |
| 1.011 | 23/06/2020 | Evil Corp | Multiple organizations | Researchers from Fox-IT reveal that the malicious actor Evil Corp is now deploying the WastedLocker ransomware. | Malware | Y Multiple Industries | CC | >1 | Fox-IT, Evil Corp, WastedLocker | |
| 1.012 | 23/06/2020 | Sodinokibi (AKA REvil) | Multiple organizations | Researchers from Symantec discover a new variant of the Sodinokibi ransomware scanning networks for PoS systems. | Malware | Y Multiple Industries | CC | >1 | Symantec, Sodinokibi, REvil, ransomware | |
| 1.013 | 23/06/2020 | ? | Choice Health Management Services | Choice Health Management Services notifies an unspecified number of individuals of a phishing attack occurred in late 2019. | Account Hijacking | M Professional scientific and technical activities | CC | US | Choice Health Management Services | |
| 1.014 | 24/06/2020 | ? | Five cryptocurrency exchanges in United States, Japan, and the Middle East | Researchers from ClearSky reveal the details of CryptoCore, an organized hacker group believed to be operating out of Eastern Europe, which has stolen around $200 million from online cryptocurrency exchanges | Account Hijacking | V Fintech | CC | >1 | ClearSky, CryptoCore, Crypto | |
| 1.015 | 24/06/2020 | ? | Multiple organizations | Researchers from Sophos reveal the details of Glupteba, an evasive malware that creates a backdoor providing full access to compromised Windows machines, while adding them to a growing botnet. | Malware | Y Multiple Industries | CC | >1 | Sophos, Glupteba | |
| 1.016 | 24/06/2020 | ? | Multiple organizations | Researchers from Palo Alto Unit 42 reveal the details of a new variant of Lucifer, a powerful cryptojacking and DDoS malware exploiting severe vulnerabilities in order to infect Windows machines. | Malware | Y Multiple Industries | CC | >1 | Lucifer, Palo Alto Unit 42 | |
| 1.017 | 24/06/2020 | ? | Android users in Canada | Researchers from ESET discover a malicious Android app in disguise of Canada's official COVID-19 tracing app, but hiding the CryCryptor ransomware. | Malware | X Individual | CC | CA | ESET, Android, COVID-19, CryCryptor ransomware | |
| 1.018 | 24/06/2020 | KelvinSecurity | Frost & Sullivan | U.S. business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet is sold on a hacker forum. | Misconfiguration | M Professional scientific and technical activities | CC | US | Frost & Sullivan, KelvinSecurity | |
| 1.019 | 25/06/2020 | Maze | LG Electronics | Maze ransomware operators claim on their website that they breached and locked the network of the South Korean multinational LG Electronics. | Malware | C Manufacturing | CC | KR | Maze, LG Electronics, ransomware | |
| 1.020 | 25/06/2020 | Maze | Xerox Corporation | Maze ransomware operators update their list of victims adding Xerox Corporation. | Malware | C Manufacturing | CC | US | Maze, Xerox Corporation, ransomware | |
| 1.021 | 25/06/2020 | ? | Multiple e-commerce sites | Researchers from Malwarebytes discover a new Magecart campaign hiding the credit card skimmer inside images. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Malwarebyes, Magecart, | |
| 1.022 | 25/06/2020 | ? | Undisclosed bank in Europe | Akamai reveals that a bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that peaked a record 809 million packets per second (PPS). | DDoS | K Financial and insurance activities | CC | N/A | Akamai, DDoS | |
| 1.023 | 25/06/2020 | ? | Vulnerable Microsoft Exchange servers | Microsoft warns organizations of a spike of attacks against Microsoft Exchange servers trying to exploit CVE-2020-0688 | Vulnerability | Y Multiple Industries | CE | >1 | Microsoft, Microsoft Exchange, CVE-2020-0688 | |
| 1.024 | 25/06/2020 | Chinese Bank | UK-based technology/software vendor and a major financial institution | Researchers from Trustwave reveal that a Chinese bank has forced at least two western companies to install a tax software infected with the GoldenSpy malware on their systems. | Malware | K Financial and insurance activities | CE | N/A | Trustwave, China, GoldenSpy | |
| 1.025 | 25/06/2020 | ? | Multiple organizations | Researchers from Check Point detect a new campaign distributing phishing emails and malicious files disguised as COVID-19 training materials. | Account Hijacking | Y Multiple Industries | CC | >1 | Check Point, COVID-19 | |
| 1.026 | 25/06/2020 | DarkCrewFriends | Vulnerable CMS servers | A report from Check Point reveals that the hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. | Vulnerability | Y Multiple Industries | CC | >1 | Check Point, DarkCrewFriends | |
| 1.027 | 25/06/2020 | ? | Windows and Linux machines | Researchers from Barracuda Networks discover a new variant of the cryptominer malware known as Golang, targeting both Windows and Linux machines. | Malware | Y Multiple Industries | CC | >1 | Barracuda Networks, Golang, Crypto | |
| 1.028 | 26/06/2020 | Anonymous Brazil | Senior Brazilian government officials including president Jair Bolsonaro. | The Brazilian federal investigates the leak of personal details of senior government officials including president Jair Bolsonaro. | Unknown | O Public administration and defence, compulsory social security | H | BR | Anonymous, Jair Bolsonaro. | |
| 1.029 | 26/06/2020 | ? | E27 | Media firm E27 is hacked, and attackers ask for a small "donation" to provide information on the vulnerabilities used in the attack. | Unknown | J Information and communication | CC | SG | E27 | |
| 1.030 | 26/06/2020 | Ransom X | Government agencies and enterprises | A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises. | Malware | Y Multiple Industries | CC | >1 | Ransom X, Malware, Ransomware | |
| 1.031 | 26/06/2020 | ? | France Télévisions | The France Télévisions group announces it was the victim of a cyber attack that targeted one of its broadcasting sites. | Unknown | J Information and communication | CC | FR | France Télévisions | |
| 1.032 | 26/06/2020 | ? | Eight cities across three states in the United States | Researchers from Trend Micro reveal that eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. The sites all appear to have been built using Click2Gov. | Malicious Script Injection | O Public administration and defence, compulsory social security | CC | US | Trend Micro, Click2Gov, Magecart | |
| 1.033 | 28/06/2020 | ? | Israel Philharmonic Orchestra | The online Israel Philharmonic Orchestra concert, hosted by Helen Mirren, was disrupted by cyberattackers. | DDoS | R Arts entertainment and recreation | CC | IL | Israel Philharmonic Orchestra | |
| 1.034 | 28/06/2020 | ? | National Highway Authority of India (NHAI) | The National Highway Authority of India (NHAI) is attacked by a malware. | Malware | O Public administration and defence, compulsory social security | CC | IN | National Highway Authority of India, NHAI | |
| 1.035 | 29/06/2020 | ? | Efun | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | R Arts entertainment and recreation | CC | CN | ||
| 1.036 | 29/06/2020 | ? | Fluke | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | C Manufacturing | CC | US | ||
| 1.037 | 29/06/2020 | ? | Footters | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | J Information and communication | CC | ES | ||
| 1.038 | 29/06/2020 | ? | JamesDelivery | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | I Accommodation and food service activities | CC | BR | ||
| 1.039 | 29/06/2020 | ? | KitchHike | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | I Accommodation and food service activities | CC | JP | ||
| 1.040 | 29/06/2020 | ? | KreditPlus | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | K Financial and insurance activities | CC | ID | ||
| 1.041 | 29/06/2020 | ? | Playwings | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | R Arts entertainment and recreation | CC | KR | ||
| 1.042 | 29/06/2020 | ? | Revelo | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | C Manufacturing | CC | CA | ||
| 1.043 | 29/06/2020 | ? | Yotepresto | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | K Financial and insurance activities | CC | MX | DarkThrone, Efun, Fluke, Footters, JamesDelivery, KitchHike, KreditPlus, Playwings, Revelo Yotepresto | |
| 1.044 | 29/06/2020 | ? | DarkThrone | A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known). | Unknown | R Arts entertainment and recreation | CC | US | ||
| 1.045 | 29/06/2020 | Promethium AKA StrongPity APT | Political targets in multiple targets. | In separate reports, researchers from Cisco Talos and BitDefender reveal new campaigns from the Promethium, AKA StrongPity APT. | Targeted Attack | O Public administration and defence, compulsory social security | CE | >1 | Cisco Talos, BitDefender, Promethium, StrongPity | |
| 1.046 | 29/06/2020 | Cl0ud SecuritY | Old LenovoEMC NAS devices | A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back. | Misconfiguration | Y Multiple Industries | CC | >1 | Cl0ud SecuritY, LenovoEMC | |
| 1.047 | 29/06/2020 | ? | Bloggers and website owners | Researchers from Sophos discover a new phishing campaign targeting bloggers and website owners with emails pretending to be from their hosting provider who wants to upgrade their domain to use secure DNS (DNSSEC). | Account Hijacking | X Individual | CC | >1 | Sophos, DNSSEC | |
| 1.048 | 29/06/2020 | ? | 945 websites | Researchers from Lucy Security discover a collection of SQL databases for sale on the Dark Web. The archived files were stolen from 945 websites around the world. | SQL Injection | Y Multiple Industries | CC | >1 | Lucy Security | |
| 1.049 | 29/06/2020 | ? | City of Duncannon | Duncannon reveals to have been hit with a ransomware attack in April, which left many municipal computer systems inoperable and caused the borough to pay out more than $40,000 to the hackers to restore systems. | Malware | O Public administration and defence, compulsory social security | CC | US | Duncannon, ransomware | |
| 1.050 | 30/06/2020 | Evil Corp | Dozens of US newspaper websites | Researchers from Symantec reveal that the Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms with the WastedLocker ransomware. | Malware | J Information and communication | CC | US | Symantec, Evil Corp, WastedLocker, SocGholish, ransomware | |
| 1.051 | 30/06/2020 | ? | Roblox players | Hackers use leaked credentials on pastebin to deface Roblox profiles to support Donald Trump in the forthcoming US presidential election. | Account Hijacking | R Arts entertainment and recreation | CC | US | Roblox, Donald Trump | |
| 1.052 | 30/06/2020 | ? | MacOS users | Multiple security researchers discover a new ransomware strain targeting macOS users, called OSX.ThiefQuest (or EvilQuest). The malware also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts. | Malware | X Individual | CC | >1 | MacOS, OSX.ThiefQuest, EvilQuest | |
| 1.053 | 30/06/2020 | ? | Android users | Google removes 25 Android applications from the Google Play Store that were caught stealing Facebook credentials. | Malware | X Individual | CC | >1 | Google, Android, Google Play Store, Facebook | |
| 1.054 | 30/06/2020 | ? | Users from multiple countries | Researchers from Group-IB discover thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam. | Unknown | X Individual | CC | >1 | Group-IB, crypto | |
| 1.055 | 30/06/2020 | ? | Self-employed people in the UK | A new campaign targets the passport details of self-employed people, along with other information including personal and bank details, exploiting COVID-19-related HMRC phishing scams. | Account Hijacking | X Individual | CC | UK | COVID-19, HMRC | |
| 1.056 | 12/06/2020 | ? | Managed Service Providers in the US | The US Secret Service (GIOC -- Global Investigations Operations Center) sends out a security alert to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs). | >1 | M Professional scientific and technical activities | CC | US | US Secret Service, GIOC, Global Investigations Operations Center, MSP | |
| 1.057 | 26/06/2020 | Maze | Benefit Recovery Specialists, Inc. (BRSI) | Benefit Recovery Specialists, Inc. (BRSI) discovers a data breach after detecting malware on its systems. The malware, discovered on April 2020, may have allowed unauthorized individuals to obtain the information of 274,837 people. | Malware | M Professional scientific and technical activities | CC | US | Benefit Recovery Specialists, Inc., BRSI, ransomware | |
| 1.058 | 27/06/2020 | Kerala Cyber Hackers | Delhi State Health Mission | Hackers from the Kerala Cyber Hackers Group obtain COVID-19 patient database in protest at treatment of Indian health workers. | Unknown | O Public administration and defence, compulsory social security | H | IN | Delhi State Health Mission, Kerala Cyber Hackers, COVID-19 | |
| 1.059 | 30/06/2020 | Homeland Cheetahs | Nuclear site at Natanz | A group of dissidents within Iran's military and security forces takes credit for a cyber attack causing an incident at the Natanz nuclear facility. | Unknown | D Electricity gas steam and air conditioning supply | CW | IR | Homeland Cheetahs, Natanz | |
| 1.060 | 30/06/2020 | ? | City of Palm Bay | The City of Palm Bay leadership reveals a possible security breach involving the Click2Gov online payment platform. | Malicious Script Injection | O Public administration and defence, compulsory social security | CC | US | City of Palm Bay, Click2Gov | |
| 1.061 | 30/06/2020 | ? | Central California Alliance for Health | The Central California Alliance for Health announces that a recent cybersecurity breach may have compromised the personal health information of a limited number of its members. | Account Hijacking | Q Human health and social work activities | CC | US | Central California Alliance for Health | |
| 1.062 | 17/05/2020 | ? | M.J. Brunner | M.J. Brunner is hit with a Maze ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | M.J. Brunner, Maze, Ransomware | |
| 1.063 | 29/06/2020 | ? | New Mexico State University Foundation | New Mexico State University Foundation is another victim of the Blackbaud hack. | Malware | P Education | CC | US | New Mexico State University Foundation, Blackbaud, ransomware | |
| 1.064 | 01/07/2020 | ? | 22,900 MongoDB databases | A hacker uploads ransom notes on 22,900 MongoDB databases left exposed online without a password, wiping their content, asking for a 0.015 bitcoin (~$140) payment. and threatening to leak their data and then contact the victim's local GDPR enforcement authority. | Misconfiguration | Y Multiple Industries | CC | EU | MongoDB, GDPR | |
| 1.065 | 01/07/2020 | Roaming Mantis | Android users in China, Taiwan, France, Switzerland, Germany, UK, US and other | Researchers from Cybereason discover a campaign distributing the FakeSpy Android malware via a phishing message for a missed package from a local postal or delivery service. | Malware | X Individual | CC | >1 | Cybereason, FakeSpy, Android | |
| 1.066 | 01/07/2020 | ? | Multiple organizations | The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn enterprises of cyberattacks launched from the Tor network. | N/A | Y Multiple Industries | CC | US | Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, Tor | |
| 1.067 | 01/07/2020 | NetWalker | Trinity Metro | The cybercriminals behind NetWalker publish online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs. | Malware | H Transportation and storage | CC | US | NetWalker, Trinity Metro | |
| 1.068 | 01/07/2020 | China | Uyghur ethnic minority | Researchers from Lookout discover four Android surveillance tools, named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle, elements of campaigns originating in China, and primarily targeting the Uyghur ethnic minority. | Targeted Attack | X Individual | CE | CN | Lookout, Android, SilkBean, DoubleAgent, CarbonSteal, GoldenEagle, Uyghur | |
| 1.069 | 01/07/2020 | ? | Multiple organizations | Researchers from CenturyLink discover a comeback of the point-of-sale (POS) malware called Alina, using a new trick for stealing credit- and debit-card data: Domain Name System (DNS) tunneling. | Malware | Y Multiple Industries | CC | >1 | CenturyLink, Alina, DNS tunneling | |
| 1.070 | 01/07/2020 | ? | Financial, Manufacturing, Healthcare and Insurance Firms | Researchers from Cisco Talos discover a new campaign carried out by the group behind the Valak malware, targeting Financial, Manufacturing, Healthcare and Insurance Firms. | Malware | Y Multiple Industries | CC | >1 | Cisco Talos, Valak | |
| 1.071 | 02/07/2020 | ? | Undisclosed company | Researchers from Abnormal Security discover a new campaign impersonating a Twitter security notification email, to lure the victims towards a phishing page. | Account Hijacking | Z Unknown | CC | N/A | Abnormal Security, Twitter | |
| 1.072 | 02/07/2020 | ? | Russia’s Ministry of Foreign Affairs | Unknown hackers hijack the Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data. | Account Hijacking | O Public administration and defence, compulsory social security | CC | RU | Russia’s Ministry of Foreign Affairs, Twitter | |
| 1.073 | 02/07/2020 | KelvinSecurity Team | BMW car owners in the U.K. | A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum. | Unknown | C Manufacturing | CC | UK | BMW, KelvinSecurity Team | |
| 1.074 | 02/07/2020 | ? | Heartland Farm Mutual | A phishing attack at Heartland Farm Mutual, a Canadian insurance firm, may have exposed the personal data of clients, the company warns. | Account Hijacking | K Financial and insurance activities | CC | CA | Heartland Farm Mutual | |
| 1.075 | 02/07/2020 | ? | CNY Works | The names and Social Security numbers of 56,000 people who used CNY Works employment services are exposed in a ransomware discovered in December 2019. | Malware | S Other service activities | CC | US | CNY Works, ransomware | |
| 1.076 | 03/07/2020 | Avaddon | Organizations in Italy | Researchers from Microsoft discover a new Avaddon ransomware campaign focused primarily against organizations in Italy. | Malware | Y Multiple Industries | CC | IT | Microsoft, Avaddon, ransomware | |
| 1.077 | 03/07/2020 | Try2Cry | Multiple targets | Researchers from G DATA discover Try2Cry, a new ransomware with a worm-like behavior to infect other systems. | Malware | Y Multiple Industries | CC | >1 | G DATA, Try2Cry | |
| 1.078 | 03/07/2020 | ? | Kingston’s Royal Military College | Kingston’s Royal Military College is one of four military training schools in Canada targeted in a ransomware attack. | Malware | P Education | CC | CA | Kingston’s Royal Military College, ransomware | |
| 1.079 | 03/07/2020 | ? | Swvl | Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, becomes aware of “unauthorized access to its IT infrastructure”. | Unknown | H Transportation and storage | CC | EG | Swvl | |
| 1.080 | 03/07/2020 | ? | MyGov accounts | Logins for more than 3600 MyGov accounts are for sale on the dark web. | Unknown | X Individual | CC | AU | MyGov | |
| 1.081 | 04/07/2020 | Nefilim | Orange | Orange is hit with a ransomware attack through the "Orange Business Solutions" division. | Malware | J Information and communication | CC | FR | Orange, Orange Business Solutions, ransomware, Nefilim | |
| 1.082 | 04/07/2020 | ? | Multiple organizations | Researchers from NCC Group reveal that hackers have started launching attacks against F5 BIG-IP networking devices. | Vulnerability | Y Multiple Industries | CC | >1 | NCC Group, F5, BIG-IP, CVE-2020-5902 | |
| 1.083 | 04/07/2020 | Sodinokibi (AKA REvil) | Sheriff's Office for Cooke County, Texas | The Sheriff's Office for Cooke County is hit by a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Sodinokibi, REvil, Sheriff's Office for Cooke County | |
| 1.084 | 05/07/2020 | ? | Xchanging | Global IT services and solutions provider DXC Technology announces over the weekend a ransomware attack on systems from its Xchanging subsidiary. | Malware | M Professional scientific and technical activities | CC | US | DXC Technology, Xchanging | |
| 1.085 | 05/07/2020 | ? | Atadan Egemen Koyuncu | The personal information of 10,000 patients is compromised after a medical study in Turkey suffers a cyber attack. | Unknown | Q Human health and social work activities | CC | TR | Atadan Egemen Koyuncu | |
| 1.086 | 05/07/2020 | ? | Multiple targets | Researchers from ProofPoint reveal that the criminals behind the Purple Fox fileless downloader malware recently upgraded their operation, targeting two new vulnerabilities (CVE-2020-0674 and CVE-2019-1458). | Malware | Y Multiple Industries | CC | >1 | ProofPoint, Purple Fox, (CVE-2020-0674, CVE-2019-1458 | |
| 1.087 | 06/07/2020 | Lazarus Group AKA Hidden Cobra | Multiple online stores | Researchers from Sansec reveal that North Korea's state-sponsored hacking crews are breaking into online stores for Magecart attacks. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Sansec, Magecart, Lazarus Group, Hidden Cobra | |
| 1.088 | 06/07/2020 | Sheriff | eToro | Using the alias “Sheriff,” a threat actor advertises an auction for 62,000 accounts belonging to users of the eToro social trading platform. | Unknown | K Financial and insurance activities | CC | IL | eToro, Sheriff | |
| 1.089 | 06/07/2020 | ? | Multiple cryptocurrency exchanges and online trading platforms | Another threat actor puts on sale a list of accounts belonging to payment/money transfer systems, cryptocurrency exchange and online trading platforms, including Advcash, Azimo, Binance, Bitcan, Coinmama, Coinsbank, Neteller, OKPAY, Payoneer, Paypal, Skrill, Yandex Money, Webmoney, Qiwi, along with many others. | Unknown | K Financial and insurance activities | CC | >1 | Advcash, Azimo, Binance, Bitcan, Coinmama, Coinsbank, Neteller, OKPAY, Payoneer, Paypal, Skrill, Yandex Money, Webmoney, Qiwi | |
| 1.090 | 06/07/2020 | ? | Bank users in Portugal | A new release of the Lampion trojan banker targets uses in Portugal. | Malware | K Financial and insurance activities | CC | PT | Lampion | |
| 1.091 | 06/07/2020 | ? | Multiple online stores | Researchers from Malwarebytes identify a new card skimmer campaign targeting ASP.NET sites and exploiting CVE-2017-9248. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Malwarebytes, ASP.NET, CVE-2017-9248, Magecart | |
| 1.092 | 06/07/2020 | ? | Hapvida | Brazilian health insurer Hapvida reveals to have suffered a cyber attack potentially involving access to the personal information of its customers. | Unknown | K Financial and insurance activities | CC | BR | Hapvida | |
| 1.093 | 06/07/2020 | ? | Bcycle | BCycle, a bicycle sharing service, suffered a malware attack in April and launches an investigation, according to a company letter. The stolen information may have included names, credit card numbers and addresses. | Malware | H Transportation and storage | CC | US | Bcycle | |
| 1.094 | 07/07/2020 | Keeper | More than 570 e-commerce sites | Researchers from Gemini Advisory reveal the details of Keeper, a group responsible for compromising more than 570 e-commerce websites with Magecart Attacks. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Gemini Advisory. Keeper, Magecart | |
| 1.095 | 07/07/2020 | Cosmic Lynx | Multiple organizations worldwide | Researchers from Agari reveal the details of Cosmic Lynx, a BEC campaign targeting individuals in 200 companies across 46 countries. | Business Email Compromise | Y Multiple Industries | CC | >1 | Agari, Cosmic Lynx | |
| 1.096 | 07/07/2020 | C-Data? | Users of C-Data devices | Two security researchers discover severe vulnerabilities and what appears to be intentional backdoors in the firmware of devices from popular Chinese vendor C-Data. | Malware | Y Multiple Industries | CE | >1 | C-Data | |
| 1.097 | 07/07/2020 | ? | Multiple targets | Mozilla temporarily suspends the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators. | Malware | Y Multiple Industries | CC | >1 | Mozilla, Firefox Send | |
| 1.098 | 07/07/2020 | ? | Spanish-speaking Android users | Security researchers from Avast discover the Cerberus banking Trojan disguised as a legitimate currency app on Google Play. | Malware | X Individual | CC | >1 | Avast, Cerberus, Google Play, Android | |
| 1.099 | 07/07/2020 | ? | Undisclosed company | Researchers at Abnormal Security uncover a campaign aiming to steal Office 365 user credentials using SurveyMonkey as cover. | Account Hijacking | Z Unknown | CC | N/A | Abnormal Security, Office 365, SurveyMonkey | |
| 1.100 | 07/07/2020 | ? | Chilton County | Chilton County shuts down after being targeted by a suspected ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Chilton County, ransomware | |
| 1.101 | 07/07/2020 | ? | Single individuals | More than 240 website subdomains belonging to organizations large and small, including household names, are hijacked to redirect users to malware, X-rated material, online gambling, and other unexpected content. | Misconfiguration | Y Multiple Industries | CC | >1 | Azure | |
| 1.102 | 08/07/2020 | ? | Android users | Researchers from Malwarebytes discover pre-installed malware on a budget Android phone ANS (American Network Solutions) UL40 handset connected to Assurance Wireless by Virgin Mobile. | Malware | X Individual | CC | US | Malwarebytes, Android, ANS, American Network Solutions, UL40, Assurance Wireless, Virgin Mobile | |
| 1.103 | 08/07/2020 | ? | Multiple targets | Researchers from Carbon Black discover Conti, a ransomware strain using up to 32 simultaneous CPU threads to encrypt files on infected computers for blazing-fast encryption speeds. | Malware | X Individual | CC | >1 | Carbon Black, Conti, ransomware | |
| 1.104 | 08/07/2020 | ? | Undisclosed company | Researchers from Abnormal Security discover a new phishing campaign using fake Zoom notifications to steal Office 365 logins. | Account Hijacking | Z Unknown | CC | N/A | Abnormal Security, Zoom, Office 365 | |
| 1.105 | 08/07/2020 | ? | Office 365 Users | Microsoft issues a warning for Office 365 phishing attacks carried out via malicious OAuth apps. | Account Hijacking | Y Multiple Industries | CC | >1 | Office 365, Oauth | |
| 1.106 | 08/07/2020 | ? | Comtrend routers | Researchers at Trend Micro discover a new version of the Mirai IoT botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers. | Vulnerability | Y Multiple Industries | CC | >1 | Trend Micro, Mirai, CVE-2020-10173, Comtrend | |
| 1.107 | 08/07/2020 | ? | Impact Guru | Researchers from Cyble identify a threat actor claiming to be in possession of more than 500,000 confidential data records of Impact Guru, a crowdfunding platform. | Misconfiguration | S Other service activities | CC | IN | Cyble, Impact Guru | |
| 1.108 | 08/07/2020 | ? | Multiple targets | Researchers from Wordfence reveal that a vulnerability on the Adning Advertising plugin for WordPress is currently under attack. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, Adning Advertising, WordPress | |
| 1.109 | 09/07/2020 | ? | Android users | Researchers from Check Point discover a new version of the Joker malware in Google Play | Malware | X Individual | CC | US | Check Point, Joker. Google Play | |
| 1.110 | 09/07/2020 | ? | Vulnerable Citrix Systems | Researchers from the SANS Institute reveal that threat actor are scanning the internet for two recently-discovered Citrix vulnerabilities (CVE-2020-8195, CVE-2020-8196) | Vulnerability | Y Multiple Industries | CC | >1 | SANS, Citrix, CVE-2020-8195, CVE-2020-8196 | |
| 1.111 | 09/07/2020 | ? | Religare Health Insurance | Researchers from Cyble discover 5 M records from Religare Health Insurance up for sale in the dark web. | Unknown | Q Human health and social work activities | CC | IN | Cyble, Religare Health Insurance | |
| 1.112 | 09/07/2020 | ? | Cloudflare | Cloudflare reveals that on June 21 it detected and mitigated a packet-based volumetric DDoS attack that peaked at 754 million packets-per-second. | DDoS | M Professional scientific and technical activities | CC | US | Cloudflare | |
| 1.113 | 09/07/2020 | ? | HSBC customers in the U.K. | People in the UK are targeted by a new phishing scam designed to trick victims into handing over details of their HSBC bank account. | Account Hijacking | K Financial and insurance activities | CC | UK | HSBC | |
| 1.114 | 09/07/2020 | ? | Indian Users | A fake TikTok app targets Indian users. | Malware | X Individual | CC | IN | TikTok | |
| 1.115 | 09/07/2020 | ? | Single individuals | Researchers from Kaspersky discover over 1000 inactive websites compromised to redirect visitors to unwanted URLs, many of which are malicious and distribute the Shlayer trojan. | Malvertising | X Individual | CC | >1 | Kaspersky, Shlayer | |
| 1.116 | 10/07/2020 | Magadimarus | LiveAuctioneers | LiveAuctioneers discloses a data breach after a well-known data breach broker begins selling 3.4 million stolen user records on a hacker forum. | Unknown | S Other service activities | CC | US | LiveAuctioneers, Magadimarus | |
| 1.117 | 10/07/2020 | LulzSecurityITA | ENAC (Ente Nazionale Aviazione Civile), Italian Agency for the Civil Aviation | The Italian Agency for the Civil Aviation is hit with a cyber attack. | Unknown | O Public administration and defence, compulsory social security | H | IT | ENAC, LulzSecurityITA | |
| 1.118 | 10/07/2020 | Netwalker | Alfanar | Researchers from Cyble discover internal data from Alfanar leaked from the Netwalker ransomware operators. | Malware | C Manufacturing | CC | SA | Alfanar, Cyble, Netwalker, ransomware | |
| 1.119 | 10/07/2020 | ? | Temple Sinai | A malicious hacker disrupts a Jewish congregation's virtual prayer service to display symbols synonymous with anti-Semitism. | Zoom bombing | S Other service activities | CC | US | Temple Sinai, Zoom | |
| 1.120 | 10/07/2020 | ? | Vancouver Coastal Health | Vancouver Coastal Health reveals to have suffered a ransomware attack on May 21. | Malware | Q Human health and social work activities | CC | CA | Vancouver Coastal Health, ransomware | |
| 1.121 | 10/07/2020 | ? | SEC registrants and service providers to SEC registrants. | The SEC’s Office of Compliance Inspections and Examinations (OCIE) issues a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. | Malware | K Financial and insurance activities | CC | US | SEC, Office of Compliance Inspections and Examinations, OCIE, ransomware | |
| 1.122 | 11/07/2020 | ? | Cashaa | U.K.-based cryptocurrency exchange Cashaa reports that hackers stole more than 336 Bitcoin (BTC) and ceases all the crypto-related transactions. | Unknown | V Fintech | CC | UK | Cashaa | |
| 1.123 | 11/07/2020 | ? | Dunzo | Indian delivery service Dunzo said it suffers a data breach that left customer data including email IDs and phone numbers exposed, after attackers accessed one of its databases. | Unknown | I Accommodation and food service activities | CC | IN | Dunzo | |
| 1.124 | 12/07/2020 | AgeLocker | Multiple organizations | A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files. | Malware | Y Multiple Industries | CC | >1 | AgeLocker, Google, ransomware | |
| 1.125 | 12/07/2020 | ? | Multiple organizations | A new password-stealing trojan spam campaign adds an anti-sandbox evasion check. | Malware | Y Multiple Industries | CC | >1 | Any.Run | |
| 1.126 | 12/07/2020 | ? | 45 million travelers to Thailand and Malaysia from multiple countries | Researchers from Cyble discover the availability on the dark web of records of over 45 million travelers to Thailand and Malaysia from multiple countries. | Unknown | Z Unknown | CC | >1 | Cyble, Thailand, Malaysia | |
| 1.127 | 12/07/2020 | ? | 40,000 US citizens | Security researchers at Cyble discover the availability on the dark web of personal details of approximately 40,000 US citizens along with their social security numbers (SSNs). | Unknown | Z Unknown | CC | US | Cyble | |
| 1.128 | 13/07/2020 | ? | Argenta | Antwerp-based savings bank Argenta shuts down 143 ATM machines after falling victim to what is believed to be Belgium’s first jackpotting attacks. | Jackpotting | K Financial and insurance activities | CC | BE | Argenta | |
| 1.129 | 13/07/2020 | NightLion | DataViper | A hacker going by the handle of NightLion claims to have breached the backend servers belonging to DataViper, a cyber security firm, and dumps 8,225 databases. | Unknown | M Professional scientific and technical activities | CC | US | NightLion, DataViper, | |
| 1.130 | 14/07/2020 | Shiny Hunters | Wattpad | An allegedly stolen Wattpad database containing 270 million records is being sold in private sales for over $100,000 and offered for free on hacker forums. | Unknown | J Information and communication | CC | CA | Wattpad, Shiny Hunters | |
| 1.131 | 14/07/2020 | BadPatch? | Users in Palestine | Researchers from ESET discover Welcome Chat, a chat application for Android with spying capabilities. | Targeted Attack | X Individual | CE | PS | ESET, Welcome Chat, Android, BadPatch | |
| 1.132 | 14/07/2020 | Maze | Collabera | Collabera discloses a ransomware attack occurred on June, 8. | Malware | M Professional scientific and technical activities | CC | US | Collabera, ransomware, Maze | |
| 1.133 | 14/07/2020 | LulzSecurityITA | Milan Linate and Malpensa Airports | Hackers from the LulzSecurityITA collective dump the list of 23 databases from the Airports of Milan Linate and Milan Malpensa, allegedly accessed. | Unknown | H Transportation and storage | H | IT | Milan, Linate, Malpensa, LulzSecurityITA | |
| 1.134 | 14/07/2020 | ? | Senior Catalonian Politicians | Roger Torrent, the speaker of Catalan parliament, and at least two other pro-independence supporters, have reportedly been told their phones were targeted last year using the ‘Pegasus’ spyware. | Targeted Attack | X Individual | CE | ES | Roger Torrent, Catalan parliament, Pegasus | |
| 1.135 | 14/07/2020 | Jamescarter | UK ticketing provider | Security researchers from KELA discover a database containing millions of emails and usernames up for sale on the dark web, linked to a well-known UK ticketing provider. | Unknown | R Arts entertainment and recreation | CC | UK | Jamescarter, KELA | |
| 1.136 | 14/07/2020 | ? | Banking customers worldwide | Researchers from Kaspersky reveal that the "Tetrade", a set of four Brazilian banking trojans (Guildma, Javali, Melcoz, Grandoreiro) is now spreading globally. | Malware | K Financial and insurance activities | CC | >1 | Kaspersky, Tetrade, Guildma, Javali, Melcoz, Grandoreiro | |
| 1.137 | 14/07/2020 | RATicate | Industrial companies | Researchers from Sophos discover another campaign carried out by the RATIcate group, using the CloudEye tool | Targeted Attack | Y Multiple Industries | CE | >1 | RATIcate. CloudEye | |
| 1.138 | 15/07/2020 | CIA | Targets in Iran, Russia, China, and North Korea | A new report reveals that the Central Intelligence Agency conducted a series of covert cyber operations against Iran and other targets, including Russia, China, and North Korea. | Targeted Attack | O Public administration and defence, compulsory social security | CW | >1 | CIA, Central Intelligence Agency, Russia, China, North Korea | |
| 1.139 | 15/07/2020 | ? | Citrix third-party | An actor sells what they claim to be a database with information on 2,000,000 Citrix customers on the dark web. An official statement by the company reveals that the database has ben obtained from a third-party. | Unknown | Z Unknown | CC | N/A | Citrix | |
| 1.140 | 15/07/2020 | Graham Ivan Clark | A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, are hijacked to promote a bitcoin scam. The author of the hack is arrested by the FBI two weeks later. | Account Hijacking | S Other service activities | CC | US | Twitter, Bill Gates, Elon Musk, Apple, bitcoin, Graham Ivan Clark | ||
| 1.141 | 15/07/2020 | ? | Banks across Europe | ATM maker Diebold Nixdorf warns banks of a new type of ATM "black box" attack that was recently spotted used across Europe. | ATM "Black Box" | K Financial and insurance activities | CC | EU | Diebold Nixdorf, ATM, Black Box | |
| 1.142 | 15/07/2020 | Mustang Panda | Hong Kong Catholic Church | China's government hackers have targeted members of the Hong Kong Catholic Church in a series of spear-phishing operations traced back to May this year. | Targeted Attack | S Other service activities | CE | HK | Mustang Panda, China, Catholic Church, Hong Kong | |
| 1.143 | 15/07/2020 | Ghost Squad | European Space Agency (ESA) | Hackers from the Ghost Squad deface a domain of the European Space Agency (ESA): business.esa.int. | Defacement | U Activities of extraterritorial organizations and bodies | H | EU | Ghost Squad, European Space Agency, ESA, business.esa.int. | |
| 1.144 | 15/07/2020 | ? | Blackbaud | Blackbaud, a cloud software provider specializing in fundraising suites for charities and educational institutions, discloses a ransomware attack occurred on May, 2020. | Malware | M Professional scientific and technical activities | CC | US | Blackbaud, ransomware | |
| 1.145 | 15/07/2020 | ? | Single individuals in the UK | The Cofense Phishing Defense Center observes a new email-based phishing scam that aims to harvest Her Majesties Revenue and Customs (HMRC) credentials and sensitive personal information by preying on UK workers who are expecting COVID-19 tax relief grants. | Account Hijacking | X Individual | CC | US | Cofense, PDC, Her Majesties Revenue and Customs, HMRC, COVID-19 | |
| 1.146 | 15/07/2020 | ? | Misconfigured Docker servers | Researchers from Aqua Security discover a new campaign exploits misconfigured Docker API ports in order to infect victims with a resource-hijacking cryptominer. | Misconfiguration | Y Multiple Industries | CC | >1 | Aqua Security, Docker | |
| 1.147 | 15/07/2020 | ? | Multiple targets | Researchers from Bad Packets report that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability, tracked as CVE-2020-6287. | Vulnerability | Y Multiple Industries | CC | >1 | CVE-2020-6287, SAP | |
| 1.148 | 15/07/2020 | ? | Tax Collector’s Office for Polk County | Tax Collector’s Office for Polk County blames malware found on an employee's computer for a data breach that affected around 450,000 residents of Polk County. The breach occurred in June. | Malware | O Public administration and defence, compulsory social security | CC | US | Tax Collector’s Office for Polk County | |
| 1.149 | 15/07/2020 | ? | Air travelers in the US | The Federal Bureau of Investigation issues a warning to air travelers to be wary of bogus US airport websites when booking flights online. | Account Hijacking | H Transportation and storage | CC | US | FBI | |
| 1.150 | 15/07/2020 | ? | Gravitas | An Auckland research firm, Gravitas, suffers a hack and loses the information provided by the NZ Police. As a consequence the police decides to close the contract. | Unknown | M Professional scientific and technical activities | CC | NZ | Gravitas | |
| 1.151 | 16/07/2020 | APT29 (AKA Cozy Bear, The Dukes, and Yttrium) | Organizations involved in coronavirus vaccine development in Canada, UK, and the US | The National Cyber Security Centre (NCSC) in UK, warns of an ongoing campaign, carried out by Russian malicious actors, targeting organizations involved in coronavirus vaccine development. | Targeted Attack | Q Human health and social work activities | CE | >1 | National Cyber Security Centre, NCSC, APT29, Cozy Bear, The Dukes, Yttrium, COVID-19 | |
| 1.152 | 16/07/2020 | ? | Android users | Researchers from ThreatFabric discover a new Android banking trojan dubbed BlackRock. | Malware | K Financial and insurance activities | CC | >1 | ThreatFabric, Android, BlackRock | |
| 1.153 | 16/07/2020 | ? | Apple macOS users | Researchers from ESET reveal that Apple macOS users are targeted in a fresh campaign aiming to pilfer cryptocurrency from their wallets via the Gmera trojan. | Malware | V Fintech | CC | >1 | ESET, Apple macOS, Gmera, crypto | |
| 1.154 | 16/07/2020 | ? | Targets across the US and Europe in the professional, healthcare, IT, manufacturing, logistics, and travel sector | Researchers from Cybereason discover a new backdoor, dubbed Bazar, linked to the threat actors behind Trickbot. | Malware | Y Multiple Industries | CC | >1 | Cybereason, Bazar, Trickbot | |
| 1.155 | 17/07/2020 | ? | Multiple targets | Emotet, 2019's most active cybercrime operation and malware botnet, returns to life with new attacks. | Malicious Spam | Y Multiple Industries | CC | >1 | Emotet | |
| 1.156 | 17/07/2020 | Netwalker | Lorien Health Services | Lorien Health Services announces that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident. | Malware | Q Human health and social work activities | CC | US | Lorien Health Services, Netwalker, ransomware | |
| 1.157 | 17/07/2020 | ? | Agricultural water pumps in upper Galilee | Local news outlet in Israel report that the agricultural water pumps in upper Galilee were hit by a cyber attack back in June | Unknown | E Water supply, sewerage waste management, and remediation activities | CW | IL | Agricultural water pumps in upper Galilee | |
| 1.158 | 17/07/2020 | ? | Water pumps in the province of Mateh Yehuda | Also the agricultural water pumps in upper Galilee were hit by a cyber attack back in June. | Unknown | E Water supply, sewerage waste management, and remediation activities | CW | IL | Water pumps in the province of Mateh Yehuda | |
| 1.159 | 17/07/2020 | ? | Office 365 Users | Researchers from Abnormal Security discover two phishing campaigns using the bait of an Office 365 subscription renewal. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Microsoft Office 365 | |
| 1.160 | 18/07/2020 | REvil AKA Sodinokibi | Telecom Argentina | The REvil ransomware gang infects the internal network of Telecom Argentina, and asks for a $7.5 million ransom demand to unlock encrypted files. | Malware | J Information and communication | CC | AR | REvil, Sodinokibi, Telecom Argentina, ransomware | |
| 1.161 | 18/07/2020 | ? | Multiple targets | A new phishing campaign uses a trio of enterprise cloud services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud. | Account Hijacking | Y Multiple Industries | CC | >1 | Microsoft Azure, Microsoft Dynamics, IBM Cloud | |
| 1.162 | 19/07/2020 | ? | GEDMatch | More than a million DNA profiles are available to search on GEDMatch after the genealogy portal is hacked. | Account Hijacking | S Other service activities | CC | US | GEDMatch | |
| 1.163 | 20/07/2020 | ? | Multiple financial targets | After awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on infected Windows computers. | Malware | K Financial and insurance activities | CC | >1 | Emotet, TrickBot | |
| 1.164 | 20/07/2020 | ? | UK Consumers | UK consumers are targeted by a new phishing scam falsely purporting to be from UK supermarket Tesco. | Account Hijacking | X Individual | CC | UK | Tesco | |
| 1.165 | 20/07/2020 | ? | Single Individuals | Researchers from Area 1 Security discover an email phishing campaign impersonating the Bill & Melinda Gates Foundation with messages demanding Bitcoin being sent out. | Account Hijacking | X Individual | CC | >1 | Area 1 Security, Bill & Melinda Gates Foundation, Bitcoin | |
| 1.166 | 20/07/2020 | ? | University of Utah Health | University of Utah Health notifies 10,000 patients after it suffered a phishing attack. | Account Hijacking | Q Human health and social work activities | CC | US | University of Utah Health | |
| 1.167 | 21/07/2020 | ? | Multiple financial targets | Researchers tracking Emotet botnet notice that, after the comeback, the malware is starting to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload. | Malware | K Financial and insurance activities | CC | >1 | Emotet, QakBot, TrickBot | |
| 1.168 | 21/07/2020 | ? | DeepSource | DeepSource resets the user logins after an employee falls for the Sawfish phishing campaign. | Account Hijacking | M Professional scientific and technical activities | CC | US | DeepSource, Sawfish | |
| 1.169 | 21/07/2020 | ? | Multiple targets | Researchers from Check Point discover a new phishing campaign using Google Cloud Services to steal Office 365 logins. | Account Hijacking | Y Multiple Industries | CC | >1 | Check Point, Google Cloud Services, Office 365 | |
| 1.170 | 21/07/2020 | ? | MyHeritage | MyHeritage, a genealogy website based in Israel, announces that some of its users had been subjected to a phishing attack to obtain their log-in details for the site, apparently targeting email addresses obtained in the attack on GEDmatch just two days before. | Account Hijacking | S Other service activities | CC | IL | MyHeritage, GEDMatch | |
| 1.171 | 21/07/2020 | ? | Multiple targets | The FBI sends out an alert warning about the discovery of new network protocols abused to launch large-scale distributed denial of service (DDoS) attacks. The list includes CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software. | DDoS | Y Multiple Industries | CC | US | FBI, DDoS, CoAP, Constrained Application Protocol, WS-DD, Web Services Dynamic Discovery, ARMS, Apple Remote Management Service,Jenkins | |
| 1.172 | 21/07/2020 | Suspected Chinese APT | Political entities and individuals in India and Hong Kong. | Researchers from Malwarebytes discover an uptick in the spread of a new MgBot malware variant across India and Hong Kong by a suspected Chinese advanced persistent threat (APT) group. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IN HK | Malwarebytes, MgBot, India, Hong Kong, China | |
| 1.173 | 21/07/2020 | ? | UFO VPN | UFO VPN database is destroyed by a 'meow' attack. | Misconfiguration | M Professional scientific and technical activities | CC | HK | UFO VPN, meow | |
| 1.174 | 22/07/2020 | ? | Unsecured databases | Hundreds of unsecured databases exposed on the public web are the target of an automated 'meow' attack that destroys data without any explanation. | Misconfiguration | Y Multiple Industries | CC | >1 | meow | |
| 1.175 | 22/07/2020 | ? | Twilio | Twilio discloses that its TaskRouter JS SDK was compromised by attackers after they gained access to one of its misconfigured Amazon AWS S3 buckets which left the SDK's path publicly readable and writable for roughly five years, since 2015. | Misconfiguration | J Information and communication | CC | US | Twilio, TaskRouter JS SDK, Amazon, AWS, S3 | |
| 1.176 | 22/07/2020 | ? | Multiple organizations | Research from Cisco Talos reveal the details of Prometei, a new cryptojacking botnet spreading across compromised networks via multiple methods including the EternalBlue exploit for Windows SMB. The s goal is to mine Monero (XMR) cryptocurrency. | Malware | Y Multiple Industries | CC | >1 | Cisco Talos, Prometei, EternalBlue, SMB, Monero, XMR, crypto | |
| 1.177 | 22/07/2020 | The Lazarus Group AKA HIDDEN COBRA | Corporate entities from multiple countries | Researches from Kaspersky reveal the details of MATA, a recently discovered malware framework used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft. | Malware | Y Multiple Industries | CC | >1 | Kaspersky, MATA, The Lazarus Group. HIDDEN COBRA | |
| 1.178 | 22/07/2020 | OilRig APT | A telecom company in the Middle East | Researchers from Palo Alto Networks discover a series of cyberattacks on a telecom company in the Middle East signaling the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT. | Targeted Attack | J Information and communication | CE | N/A | Palo Alto Networks, OilRig APT | |
| 1.179 | 22/07/2020 | ? | SUNY Erie Community College | About 50 computers at SUNY Erie Community College are disabled by a malware attack. | Malware | P Education | CC | US | SUNY Erie Community College | |
| 1.180 | 23/07/2020 | REvil AKA Sodinokibi | Administrador de Infraestructuras Ferroviarias (ADIF) | Administrador de Infraestructuras Ferroviarias (ADIF), a Spanish state-owned railway infrastructure manager is hit by REvil ransomware operators. | Malware | H Transportation and storage | CC | ES | REvil, Sodinokibi, Administrador de Infraestructuras Ferroviarias, ADIF | |
| 1.181 | 23/07/2020 | ? | Sports organizations and teams, including Premier League football clubs | The UK National Cyber Security Centre (NCSC) highlight the increasing risks posed by ransomware attacks, phishing campaigns, and Business Email Compromise (BEC) fraud schemes targeting sports organizations and teams, including Premier League football clubs. | >1 | R Arts entertainment and recreation | CC | UK | UK National Cyber Security Centre, NCSC, Business Email Compromise, BEC, Premier League | |
| 1.182 | 23/07/2020 | ? | University of York | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.183 | 23/07/2020 | ? | CouchSurfing | CouchSurfing, an online service that lets users find free lodgings, investigates a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums. | Unknown | I Accommodation and food service activities | CC | US | CouchSurfing | |
| 1.184 | 23/07/2020 | China | US companies in the healthcare, chemical, and finance sectors | The Federal Bureau of Investigation issues an alert to inform organizations in the United States of the risk associated with the use of Chinese tax software. | Malware | Y Multiple Industries | CE | US | FBI, China, GoldenSpy | |
| 1.185 | 23/07/2020 | ? | Critical infrastructure across the U.S | The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of cyber attacks targeting critical infrastructure across the U.S. | >1 | D Electricity gas steam and air conditioning supply | CC | US | National Security Agency, NSA, Cybersecurity and Infrastructure Security Agency, CISA | |
| 1.186 | 23/07/2020 | ? | Instacart | Online shopping service Instacart says reused passwords are to blame for a recent spate of account breaches, which saw personal data belonging to hundreds of thousands of Instacart customers stolen and put up for sale on the dark web. | Password-spraying | I Accommodation and food service activities | CC | US | Instacart | |
| 1.187 | 23/07/2020 | ? | ? | Researchers from White Ops expose Chartreuse Blur. a malicious cyber-operation involving 29 fraudulent photo-editing apps downloaded 3.5 million times. | Malware | X Individual | CC | >1 | White Ops, Chartreuse Blur | |
| 1.188 | 23/07/2020 | ? | Oxford Brookes University | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.189 | 23/07/2020 | ? | Loughborough University | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.190 | 23/07/2020 | ? | University of Leeds | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.191 | 23/07/2020 | ? | University of London | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.192 | 23/07/2020 | ? | University of Reading | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.193 | 23/07/2020 | ? | University College Oxford | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.194 | 23/07/2020 | ? | Ambrose University in Alberta | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.195 | 23/07/2020 | ? | Canada Human Rights Watch | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.196 | 23/07/2020 | ? | Young Minds, Rhode Island School of Design | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.197 | 23/07/2020 | ? | University of Exeter | At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware. | Malware | P Education | CC | UK | University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter | |
| 1.198 | 24/07/2020 | WastedLocker | Garmin | Garmin is hit by a WastedLocker ransomware attack. | Malware | C Manufacturing | CC | US | Garmin, WastedLocker, ransomware | |
| 1.199 | 24/07/2020 | APT28 AKA Fancy Bear | US Government and Energy Targets | From December 2018 until at least May of this year, APT28 AKA Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US | APT28, Fancy Bear, FBI | |
| 1.200 | 24/07/2020 | APT28 AKA Fancy Bear | US Government and Energy Targets | From December 2018 until at least May of this year, APT28 AKA Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May. | Targeted Attack | D Electricity gas steam and air conditioning supply | CE | US | ||
| 1.201 | 24/07/2020 | ? | Multiple organizations | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) publishes a warning confirming the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. | Vulnerability | Y Multiple Industries | CC | >1 | Cybersecurity and Infrastructure Security Agency, CISA, RCE, CVE-2020-5902,F5, Big-IP | |
| 1.202 | 24/07/2020 | ? | Multiple targets | Cisco fixes a high severity and actively exploited vulnerability affecting the web services interface of two of its firewall products (CVE-2020-3452). | Vulnerability | Y Multiple Industries | CC | >1 | Cisco, CVE-2020-3452 | |
| 1.203 | 24/07/2020 | ? | Emotet botnet | Someone is taking fun at the Emotet botnet and disrupting its operations by hacking into the malware's distribution sites and replacing malicious payloads with memes and GIFs. | Account Hijacking | S Other service activities | H | N/A | Emotet | |
| 1.204 | 24/07/2020 | ? | Aberystwyth University | The Aberystwyth University is an additional university hit with ransomware after the Blackbaud hack. | Malware | P Education | CC | UK | Aberystwyth University, Blackbaud | |
| 1.205 | 24/07/2020 | ? | Sheldon Independent School District | Sheldon Independent School District notifies current and former staff and students of an unauthorized access on its network occurred on June 15, 2020. | Unknown | P Education | CC | US | Sheldon Independent School District | |
| 1.206 | 25/07/2020 | RagnarLocker | Carlson Wagonlit Travel (CWT) | US corporate travel management firm Carlson Wagonlit Travel (CWT) suffers an intrusion and it is believed to have paid a $4.5m ransom to get its data back. | Malware | H Transportation and storage | CC | US | Carlson Wagonlit Travel, CWT, RagnarLocker, ransomware | |
| 1.207 | 25/07/2020 | ? | Beaumont Health | Beaumont Health, Michigan's largest healthcare provider warns around 6,000 patients that their data may have been exposed following a phishing attack occurred between January 3, 2020, and January 29, 2020. | Account Hijacking | Q Human health and social work activities | CC | US | Beaumont Health, Michigan | |
| 1.208 | 26/07/2020 | ? | Waydev | Hackers use a blind SQL injection vulnerability to gain access to its database, from where they stole GitHub and GitLab OAuth tokens from other companies. | SQL Injection | M Professional scientific and technical activities | CC | US | GitHub, GitLab, OAuth, Waydev | |
| 1.209 | 26/07/2020 | ? | Dave.com | Loan app Dave.com has 7.5 million records leaked, blaming the breach to the OAuth tokens stolen by the attackers from Waydev. | OAuth token hijacking | K Financial and insurance activities | CC | US | Dave.com, Waydev | |
| 1.210 | 26/07/2020 | ? | Flood.io | Software testing service Flood.io suffers a breach blamed to the OAuth tokens stolen by the attackers from Waydev. | OAuth token hijacking | M Professional scientific and technical activities | CC | AU | Flood.io, Waydev | |
| 1.211 | 27/07/2020 | ShinyHunters | Promo.com | Promo.com, an Israeli-based marketing video creation site, discloses a data breach after a database containing 22 million user records is leaked for free on a hacker forum. | Unknown | M Professional scientific and technical activities | CC | US | Promo.com, ShinyHunters | |
| 1.212 | 27/07/2020 | ShinyHunters | Drizly | ShinyHunters leaks the database of Drizly, containing approximately 2.5 million records | Unknown | I Accommodation and food service activities | CC | IT | ShinyHunters, Drizly | |
| 1.213 | 27/07/2020 | Ensiko | Systems running PHP | Researchers from Trend Micro discover Ensiko, a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. | Malware | Y Multiple Industries | CC | >1 | Trend Micro, Ensiko, ransomware, PHP | |
| 1.214 | 27/07/2020 | ? | Office 365 Users | Researchers from Abnormal Security discover a new campaign targeting Microsoft Office 365 users, and making use of bait messages camouflaged as automated SharePoint notifications to steal their accounts. | Account Hijacking | Y Multiple Industries | CC | >1 | Abnormal Security, Microsoft Office 365, SharePoint | |
| 1.215 | 27/07/2020 | ? | Sheffield Hallam University | The Sheffield Hallam University confirms that it is dealing with a data breach linked to the software provider Blackbaud. | Unknown | P Education | CC | UK | Sheffield Hallam University, Blackbaud | |
| 1.216 | 27/07/2020 | ? | Users in the UK | Users in UK are warned not to fall for yet another COVID-related lure after warnings of a new phishing campaign, this time promising the recipient a government-funded tax cut. | Account Hijacking | X Individual | CC | UK | COVID-19 | |
| 1.217 | 28/07/2020 | Netwalker | U.S. and foreign government organizations | The FBI issues a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations. | Malware | O Public administration and defence, compulsory social security | CC | >1 | FBI, Netwalker, ransomware | |
| 1.218 | 28/07/2020 | The Lazarus Group AKA HIDDEN COBRA | Multiple Enterprise Targets | Researchers from Kaspersky reveal that North Korean-backed hackers from the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets. | Malware | Y Multiple Industries | CC | >1 | The Lazarus Group, Kaspersky, VHD, ransomware, HIDDEN COBRA | |
| 1.219 | 28/07/2020 | ? | Misconfigured cloud-based docker instances | Researchers from Intezer Labs reveal the details of Doki, a malware part of the Ngrok Cryptominer Botnet targeting misconfigured cloud-based docker instances running on Linux. | Misconfiguration | Y Multiple Industries | CC | >1 | Intezer Labs, Doki, Ngrok, Crypto, Linux | |
| 1.220 | 28/07/2020 | Nefilim | Dresdner Kühlanlagenbau GmbH (DKA) | The Nefilim ransomware operation begins to publish unencrypted files stolen from a Dussmann Group subsidiary, Dresdner Kühlanlagenbau GmbH (DKA), during a recent attack. | Malware | S Other service activities | CC | DE | Nefilim, ransomware, Dussmann Group, Dresdner Kühlanlagenbau GmbH, DKA | |
| 1.221 | 28/07/2020 | ? | Netflix users | Researchers from Armorblox discover a phishing campaign targeting Netflix users and using CAPTCHA to avoid detection. | Account Hijacking | R Arts entertainment and recreation | CC | >1 | Armorblox, Netflix, CAPTCHA | |
| 1.222 | 28/07/2020 | ? | Rhode Island College Foundation | Rhode Island College Foundation is another victim of the Blackbaud ransomware attack. | Malware | P Education | CC | US | Rhode Island College Foundation, Blackbaud, ransomware | |
| 1.223 | 28/07/2020 | ? | Providence Children’s Museum | Even the Rhode Island College Foundation is a victim of the Blackbaud hack | Malware | R Arts entertainment and recreation | CC | US | Providence Children’s Museum, Blackbaud, ransomware | |
| 1.224 | 29/07/2020 | Hidden Cobra | U.S. defense and aerospace contractors | Researchers from McAfee reveal the details of Operation North Star, a long-lasting spear-phishing campaign targeting U.S. defense and aerospace contractors between early April and mid-June 2020. | Targeted Attack | C Manufacturing | CE | US | McAfee, Operation North Star, Hidden Cobra | |
| 1.225 | 29/07/2020 | Deceptikons | Law firms and fintech companies in Europe and Middle East. | Researchers from Kaspersky discover a new hacker-for-hire mercenary group codenamed Deceptikons, and active for almost a decade. | Targeted Attack | K Financial and insurance activities | CE | >1 | Kaspersky, Deceptikons | |
| 1.226 | 29/07/2020 | Deceptikons | Law firms and fintech companies in Europe and Middle East. | Researchers from Kaspersky discover a new hacker-for-hire mercenary group codenamed Deceptikons, and active for almost a decade. | Targeted Attack | V Fintech | CE | >1 | Kaspersky, Deceptikons | |
| 1.227 | 29/07/2020 | ShinyHunters | Havenly | Havenly, discloses a data breach that impacted 1.3 million users. | Unknown | G Wholesale and retail trade | CC | US | Havenly, ShinyHunters | |
| 1.228 | 29/07/2020 | China? | Vatican and the Holy See’s Study Mission to China’ | Researchers from Recorded Future reveal that the Vatican’s computer networks have allegedly been infiltrated by Chinese hackers in the run up to sensitive talks between the Catholic Church and Beijing focusing on the religion’s status in China. | Targeted Attack | O Public administration and defence, compulsory social security | CE | VA | Recorded Future, Vatican and the Holy See’s Study Mission to China’ | |
| 1.229 | 29/07/2020 | ? | European Bank for Reconstruction and Development (EBRD) Twitter account | The European Bank for Reconstruction and Development (EBRD) Twitter account is hijacked. | Account Hijacking | U Activities of extraterritorial organizations and bodies | CC | EU | European Bank for Reconstruction and Development, EBRD | |
| 1.230 | 29/07/2020 | ? | Ledger | Crypto-wallet firm Ledger reveals a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands after the vulnerability was exploited in June 25, 2020. | Vulnerability | V Fintech | CC | FR | Ledger | |
| 1.231 | 29/07/2020 | ? | Athens ISD | Athens ISD pays a $50,000 ransom for school data that was taken in a ransomware attack. | Malware | P Education | CC | US | Athens ISD, ransomware | |
| 1.232 | 29/07/2020 | ? | Las Cruces Middle School | Las Cruces Middle School suffers a Zoom bombing attack. | Zoom bombing | P Education | CC | US | Las Cruces Middle School, Zoom bombing | |
| 1.233 | 30/07/2020 | ShinyHunters | Appen.com | ShinyHunters leaks the databases of 18 startups. | Unknown | M Professional scientific and technical activities | CC | US | ShinyHunters, Appen.com, Indabamusic.com, Ivoy.mx, Proctoru.com, Rewards1.com, Vakinha.com.br | |
| 1.234 | 30/07/2020 | ShinyHunters | Indabamusic.com | ShinyHunters leaks the databases of 18 startups. | Unknown | R Arts entertainment and recreation | CC | US | ||
| 1.235 | 30/07/2020 | ShinyHunters | Ivoy.mx | ShinyHunters leaks the databases of 18 startups. | Unknown | M Professional scientific and technical activities | CC | MX | ||
| 1.236 | 30/07/2020 | ShinyHunters | Proctoru.com | ShinyHunters leaks the databases of 18 startups. | Unknown | M Professional scientific and technical activities | CC | US | ||
| 1.237 | 30/07/2020 | ShinyHunters | Rewards1.com | ShinyHunters leaks the databases of 18 startups. | Unknown | R Arts entertainment and recreation | CC | US | ||
| 1.238 | 30/07/2020 | ShinyHunters | Vakinha.com.br | ShinyHunters leaks the databases of 18 startups. | Unknown | S Other service activities | CC | BR | ||
| 1.239 | 30/07/2020 | ShinyHunters | Scentbird | Shentbird discloses the security breach after ShinyHunters leak their database. | Unknown | G Wholesale and retail trade | CC | US | Scentbird, ShinyHunters | |
| 1.240 | 30/07/2020 | ? | Multiple organizations | Researchers from Cofense discover an Office 365 phishing campaign abusing Google Ads to bypass secure email gateways, redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. | Account Hijacking | Y Multiple Industries | CC | >1 | Cofense, Office 365, Google Ads | |
| 1.241 | 30/07/2020 | ? | High-impact targets with valuable financial information. | Researchers from Intezer Labs reveal that the TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. | Malware | Y Multiple Industries | CC | >1 | Intezer Labs, TrickBot, Anchor, Linux | |
| 1.242 | 30/07/2020 | Russia? | Audiences in Lithuania, Latvia, and Poland | Researchers from FireEye discover Ghostwriter, a widespread long-lasting influence campaign using compromised websites to discredit the NATO. | Vulnerability | O Public administration and defence, compulsory social security | CW | >1 | FireEye, NATO, Ghostwriter, Russia | |
| 1.243 | 31/07/2020 | ? | Zello | The push-to-talk app, Zello, discloses a data breach that revealed user's email addresses and hashed passwords after discovering unauthorized activity on their systems on July 8, 2020. | Unknown | J Information and communication | CC | US | Zello | |
| 1.244 | 31/07/2020 | ? | Pivot Technology Solutions | Managed service provider Pivot Technology Solutions discloses that it was the victim of a failed ransomware attack that resulted in sensitive information being accessed by the hackers. The incident occurred last month. | Malware | M Professional scientific and technical activities | CC | CA | Pivot Technology Solutions, ransomware | |
| 1.245 | 31/07/2020 | ? | Multiple government websites | In an ongoing blackhat SEO campaign, scammers use open redirects found on government websites to redirect visitors to pornography sites. | Malicious SEO redirection | X Individual | CC | US | SEO | |
| 1.246 | 31/07/2020 | ? | 2gether | 2gether reveals a cyberattack in which roughly €1.2 million in cryptocurrency has been stolen from cryptocurrency investment accounts. | Unknown | V Fintech | CC | ES | 2gether | |
| 1.247 | 31/07/2020 | ? | Elkins Rehabilitation & Care Center | Elkins Rehabilitation & Care Center notifies residents and employees of a phishing attack discovered in February 2019. | Account Hijacking | Q Human health and social work activities | CC | US | Elkins Rehabilitation & Care Center, ERCC | |
| 1.248 | 21/07/2020 | ? | Pepperstone | Pepperstone sends out an email to clients, alerting them of a data security incident in which third parties are reaching out to the broker’s clients and falsely claiming to be Pepperstone. | Unknown | K Financial and insurance activities | CC | AU | Pepperstone | |
| 1.249 | 27/07/2020 | ? | City of Lafayette | The City of Lafayette suffers a ransomware attack that impact the phone services, email, and online payment reservation systems. The city is forced to pay $45,000. | Malware | O Public administration and defence, compulsory social security | CC | US | City of Lafayette, ransomware | |
| 1.250 | 29/07/2020 | ? | iVoy | Delivery startup, iVoy, experiences a data breach, over 127,000 accounts exposed. | Unknown | H Transportation and storage | CC | MX | iVoy | |
| 1.251 | 30/07/2020 | Maze | Canon | Canon suffers a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. | Malware | C Manufacturing | CC | JP | Canon, Ransomware, Maze | |
| 1.252 | 30/07/2020 | RansomEXX | Konica Minolta | Konica Minolta is hit with a RansomEXX ransomware attack | Malware | C Manufacturing | CC | JP | Konica Minolta, RansomEXX, ransomware | |
| 1.253 | 30/07/2020 | ? | British Dental Association | The British Dental Association notifies its members of a breach occurred on July 30. | Unknown | S Other service activities | CC | UK | British Dental Association | |
| 1.254 | 02/08/2020 | ? | Telstra | Telstra is hit with a DDoS attack | DDoS | J Information and communication | CC | AU | Telstra | |
| 1.255 | 02/08/2020 | Indian Hackers | Dawn News Channel | One of the leading Pakistan News Channels, Dawn, was reportedly targeted by Indian hackers. | Unknown | J Information and communication | H | PK | Pakistan, India | |
| 1.256 | 02/08/2020 | ? | Hudson Independent School District | Hudson ISD’s website is down after a cyber attack affected the website’s host. | Unknown | P Education | CC | US | Hudson Independent School District | |
| 1.257 | 03/08/2020 | Chinese state-sponsored hackers | US private entities | Three agencies of the US government CISA, CyberCom, and FBI) publish a joint alert about new versions of Taidoor (AKA Taurus RAT), a malware family previously associated with Chinese state-sponsored hackers. | Targeted Attack | Y Multiple Industries | CE | US | CISA, CyberCom, FBI, Taidoor, Taurus RAT, China | |
| 1.258 | 03/08/2020 | Russian Hackers | Liam Fox | A personal email account belonging to Liam Fox, the former UK trade minister, is repeatedly hacked into by Russian attackers who stole classified documents relating to US-UK trade talks. | Targeted Attack | O Public administration and defence, compulsory social security | CE | UK | Liam Fox, Russia | |
| 1.259 | 03/08/2020 | ? | Multiple targets | The FBI warns private industry partners of increased security risks because of devices still running Windows 7, after observing some attacks. | >1 | Y Multiple Industries | CC | US | FBI, Windows 7 | |
| 1.260 | 03/08/2020 | Maze | Regis | Regis, an aged-care operator is hit by a Maze ransomware attack. | Malware | Q Human health and social work activities | CC | AU | Regis, Raze, Ransomware | |
| 1.261 | 03/08/2020 | Netwalker | Forsee Power | Netwalker ransomware operators leak the data of Forsee Power, a well-known player in the electromobility market. | Malware | C Manufacturing | CC | FR | Netwalker, ransomware, Forsee Power | |
| 1.262 | 03/08/2020 | ? | Single Individuals in U.K. | Hundreds of Britons are targeted by a free TV license SMS phishing campaign. | Account Hijacking | X Individual | CC | UK | TV | |
| 1.263 | 03/08/2020 | ? | Tacoma Public Schools | Tacoma Public Schools email is hacked and sends out phishing emails. | Account Hijacking | P Education | CC | US | Tacoma Public Schools | |
| 1.264 | 04/08/2020 | ? | Multiple targets | A hacker publishes a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers. | Vulnerability | Y Multiple Industries | CC | >1 | CVE-2019-11510, Pulse Secure | |
| 1.265 | 04/08/2020 | ? | SMB in the U.S. | A report from Interpol reveals that American medium-sized companies are actively targeted by LockBit ransomware. | Malware | Y Multiple Industries | CC | US | LockBit, ransomware | |
| 1.266 | 04/08/2020 | ? | Chrome users | Researchers from Adguard reveal that more than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results. | Malicious Browser Extension | X Individual | CC | >1 | Adguard, Chrome | |
| 1.267 | 04/08/2020 | ? | UberEats | Security researchers from Cyble discover user records of American online food ordering and delivery platform UberEats on the DarkWeb. | Unknown | I Accommodation and food service activities | CC | US | Cyble, UberEats | |
| 1.268 | 04/08/2020 | ? | Multiple targets | Researchers from INKY discover a phishing campaign in several countries designed to extract credentials from users via fake Zoom invites. | Account Hijacking | Y Multiple Industries | CC | >1 | INKY, Zoom | |
| 1.269 | 05/08/2020 | ? | Hillsborough County | A court hearing held via Zoom for the US teenager accused of masterminding the Twitter hack is interrupted with rap music and porn. | Zoom bombing | O Public administration and defence, compulsory social security | CC | US | Zoom, Twitter, Hillsborough County | |
| 1.270 | 05/08/2020 | ? | Pace Center for Girls | Pace Center for Girls issues a warning to its supporters after the organization discovers some of its data was affected by the security breach at Blackbaud. | Malware | Q Human health and social work activities | CC | US | Pace Center for Girls, Blackbaud, ransomware | |
| 1.271 | 05/08/2020 | ? | Hancock County school district | Hancock County school district is hit by a cyber attack, affecting the internet connectivity | Unknown | P Education | CC | US | Hancock County school district | |
| 1.272 | 06/08/2020 | China, Russia, Iran, and Tunisia | Multiple countries | In its TAG bulletin, Google reveals it took down ten influence operation campaigns in Q2 2020, traced back to China, Russia, Iran, and Tunisia. | Fake Social Network accounts/groups/pages | O Public administration and defence, compulsory social security | CW | >1 | TAG bulletin, Google, China, Russia, Iran, Tunisia | |
| 1.273 | 06/08/2020 | ? | Intel | Classified and confidential documents from Intel, allegedly resulting from a breach, are uploaded to a public file sharing service. | Misconfiguration | C Manufacturing | CC | US | Intel | |
| 1.274 | 06/08/2020 | Water Nue | More than 1,000 companies in the U.S. and Canada | Researchers from Trend Micro discover Water Nue, a series of business email compromise campaigns targeting executives of more than 1,000 companies, most recently in the US and Canada. | Business Email Compromise | Y Multiple Industries | CC | US CA | Trend Micro, Water Nue | |
| 1.275 | 06/08/2020 | Chimera | Taiwan semiconductor vendors | Researchers from CyCraft Technology reveal the details of Operation Skeleton, a series of targeted attacks against Taiwan semiconductor vendors. | Targeted Attack | C Manufacturing | CE | TW | CyCraft Technology, Operation Skeleton, Chimera | |
| 1.276 | 06/08/2020 | ? | Firefox users | Firefox fixes a bug abused in the wild by tech support scammers to create artificial mouse cursors and prevent users from easily leaving malicious sites. | Evil cursor | X Individual | CC | >1 | Firefox | |
| 1.277 | 06/08/2020 | Magecart Group 8 | Multiple Targets | Researchers from Malwarebytes discover a new credit card skimming campaign making use of homoglyph techniques, connected to an existing Magecart threat group. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Malwarebytes, homoglyph, Magecart, Magecart Group 8 | |
| 1.278 | 06/08/2020 | Interactive Data | ? | Interactive Data, a data broker, is hacked and fuels fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts | Unknown | M Professional scientific and technical activities | CC | US | Interactive Data, COVID-19 | |
| 1.279 | 06/08/2020 | ? | Imperial Valley College | Imperial Valley College is hit with a Ransomware Attack | Malware | P Education | CC | US | Imperial Valley College | |
| 1.280 | 06/08/2020 | ? | Scholarship America | Scholarship America discloses a phishing attack. | Account Hijacking | Q Human health and social work activities | CC | US | Scholarship America | |
| 1.281 | 07/08/2020 | DoppelPaymer | Boyce Technologies | The DoppelPaymer ransomware gang hits ventilator manufacturer Boyce Technologies amid the COVID-19 pandemic. | Malware | C Manufacturing | CC | US | Boyce Technologies, ransomware, | |
| 1.282 | 07/08/2020 | ? | Reddit users | Multiple Reddit subreddits are defaced, with the attackers posting pro-Trump messages and changing the communities' themes to show content supporting Trump's 2020 campaign. | Account Hijacking | Y Multiple Industries | H | US | Reddit, Trump | |
| 1.283 | 07/08/2020 | ? | Britain's National Trust | Britain's National Trust warns volunteers of a data breach linked to the cyber-attack on US cloud computing and software provider Blackbaud in May. | Malware | Q Human health and social work activities | CC | UK | Britain's National Trust, Blackbaud, ransomware | |
| 1.284 | 08/08/2020 | Fox Kitten (AKA Parisite) | Fortune 500 firms, government agencies, and banks. | The FBI warns of Iranian hackers actively attempting to exploit CVE-2020-5902 affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks. | Vulnerability | Y Multiple Industries | CC | US | FBI, CVE-2020-5902, F5 Big-IP, ADC, Fox Kitten, Parisite | |
| 1.285 | 08/08/2020 | ? | cPanel users | A phishing scam is targeting cPanel users with a fake security advisory alerting them of critical vulnerabilities in their web hosting management panel. | Account Hijacking | Y Multiple Industries | CC | >1 | cPanel | |
| 1.286 | 08/08/2020 | ? | Southeastern Pennsylvania Transportation Authority | The Southeastern Pennsylvania Transportation Authority is hit with a malware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Southeastern Pennsylvania Transportation Authority | |
| 1.287 | 09/08/2020 | ? | Defcon.org | The defcon.org forum is attacked with CVE-2019-16759 (targeting vBulletin), three hours after it is disclosed. | Vulnerability | S Other service activities | CC | US | Defcon.org, CVE-2019-16759, vBulletin | |
| 1.288 | 09/08/2020 | ? | Users accessing cryptocurrency-related sites | A report reveals that a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser. | SSL Stripping | V Fintech | CC | >1 | Tor | |
| 1.289 | 09/08/2020 | Nefilim | SPIE group | Nefilim ransomware operators leak the date of SPIE group, an independent European leader in multi-technical services | Malware | M Professional scientific and technical activities | CC | FR | Nefilim, ransomware, SPIE | |
| 1.290 | 10/08/2020 | ? | utahgunexchange.com | A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. | Misconfiguration | S Other service activities | CC | >1 | utahgunexchange.com | |
| 1.291 | 10/08/2020 | ? | muleyfreak.com | A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. | Misconfiguration | S Other service activities | CC | >1 | muleyfreak.com | |
| 1.292 | 10/08/2020 | ? | deepjunglekratom.com | A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum. | Misconfiguration | S Other service activities | CC | >1 | deepjunglekratom.com | |
| 1.293 | 10/08/2020 | ? | Michigan State University (MSU) | Michigan State University (MSU) discloses that attackers were able to steal credit card and personal information from roughly 2,600 users of its shop.msu.edu online store. The attacked lasted between Oct. 19, 2019 and June 26, 2020 | Malicious Script Injection | P Education | CC | US | Michigan State University, MSU, Magecart | |
| 1.294 | 10/08/2020 | Avaddon | Undisclosed Construction company | The gang behind the Avaddon ransomware launches a data leak site to extort victims and published the data of a construction company. | Malware | C Manufacturing | CC | N/A | Avaddon, ransomware | |
| 1.295 | 10/08/2020 | ? | Single Individuals | Researchers from Cyble discover a large scale hacking campaign targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams. | Malware | Y Multiple Industries | CC | >1 | Cyble | |
| 1.296 | 10/08/2020 | ? | Multiple targets | Researchers from SentinelOne discover new variants of the popular Agent Tesla Trojan that include new modules to steal credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. | Malware | Y Multiple Industries | CC | >1 | SentinelOne, Agent Tesla | |
| 1.297 | 10/08/2020 | ? | US Small businesses | Researchers from Proofpoint reveal the details of a wave of phishing attacks impersonating the US Small Business Administration (SBA). | Account Hijacking | Y Multiple Industries | CC | US | Proofpoint, US Small Business Administration, SBA | |
| 1.298 | 10/08/2020 | Pysa (AKA Mespinoza) | Piedmont Orthopedics/OrthoAtlanta | Piedmont Orthopedics/OrthoAtlanta is hit with a Pysa (AKA Mespinoza) ransomware attack. The threat actors leak the data. | Malware | Q Human health and social work activities | CC | US | Piedmont Orthopedics/OrthoAtlanta, Pysa, Mespinoza, ransomware | |
| 1.299 | 10/08/2020 | Netwalker | The Center for Fertility and Gynecology | The Center for Fertility and Gynecology is yet another victim of the Netwalker ransomware gang. | Malware | Q Human health and social work activities | CC | US | Center for Fertility and Gynecology, Netwalker ransomware | |
| 1.300 | 10/08/2020 | Netwalker | Olympia House Rehab | The Olympia House Rehab is hit with a Netwalker ransomware attack. | Malware | Q Human health and social work activities | CC | US | Olympia House Rehab, Netwalker, ransomware | |
| 1.301 | 10/08/2020 | ? | Premier Health | Premier Health discloses a phishing attack occurred on June 8. | Account Hijacking | Q Human health and social work activities | CC | US | Premier Health | |
| 1.302 | 10/08/2020 | ? | Bexar County | A Bexar County court hearing is Zoom bombed. | Zoom bombing | O Public administration and defence, compulsory social security | CC | US | Bexar County, Zoom | |
| 1.303 | 10/08/2020 | ? | Clayton County School | Clayton County School is zoom bombed. | Zoom bombing | P Education | CC | US | Clayton County School, Zoom | |
| 1.304 | 10/08/2020 | ? | Buffalo and Erie County Public Library | The Buffalo and Erie County Public Library discloses to have been hit by hackers earlier this year. | Unknown | P Education | CC | US | Buffalo and Erie County Public Library | |
| 1.305 | 10/08/2020 | ? | Virtu Financial | High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in Ma | Business Email Compromise | K Financial and insurance activities | CC | US | Virtu Financial | |
| 1.306 | 11/08/2020 | ? | SANS Institute | The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack. | Account Hijacking | P Education | CC | UK | SANS Institute | |
| 1.307 | 11/08/2020 | bcorp33 | Multiple targets | Researchers from Shadow Intelligence expose bcorp33, a threat actors selling access to high-profile targets exploiting CVE-2019-11510 (Pulse Secure) and CVE-2020-5902 (F5). | Vulnerability | Y Multiple Industries | CC | >1 | Shadow Intelligence, bcorp33, CVE-2019-11510, CVE-2020-5902 | |
| 1.308 | 11/08/2020 | ? | Multiple targets | Microsoft addresses 120 vulnerabilities with its August 2020 Patch Tuesday updates, including two vulnerabilities, CVE-2020-1464 and CVE-2020-1380, actively exploited in attacks. | Vulnerability | Y Multiple Industries | CC | >1 | Microsoft, CVE-2020-1464 , CVE-2020-1380 | |
| 1.309 | 11/08/2020 | ? | Single Individuals | Researchers from Check Point reveal the details of multiple phishing campaigns exploiting the promise of a COVID-19 vaccine. | Account Hijacking | X Individual | CC | >1 | COVID-19, Check Point | |
| 1.310 | 11/08/2020 | ? | FHN | Illinois healthcare system FHN notifies patients of a phishing attack that took place in February and was discovered in April. | Account Hijacking | Q Human health and social work activities | CC | US | FHN | |
| 1.311 | 11/08/2020 | ? | Adit | An unsecured database with 3.1 million patients' details is exposed by a medical software company and subsequently destroyed by a "meow" attack. | Misconfiguration | M Professional scientific and technical activities | CC | US | Adit, meow | |
| 1.312 | 12/08/2020 | The Lazarus Group AKA Hidden Cobra AKA APT37 | Israeli Defense Industry | Researchers from ClearSky reveal that hackers from North Korea were able to steal sensitive information from dozens of companies in the defense sector. The campaign is dubbed Dreamjob. | Targeted Attack | O Public administration and defence, compulsory social security | CE | IL | ClearSky, North Korea, The Lazarus Group, Hidden Cobra, APT37 | |
| 1.313 | 12/08/2020 | ? | Various government organization in the U.S. | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) releases an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts. | Account Hijacking | O Public administration and defence, compulsory social security | CC | US | The U.S. Cybersecurity and Infrastructure Security Agency, CISA, COVID-19 | |
| 1.314 | 12/08/2020 | DarkHotel? | Undisclosed South Korean Company | Researchers from Kaspersky reveal the details of "Operation PowerFall,” an attack occurred in May, relying on two unknown vulnerabilities back then: CVE-2020-1380 and CVE-2020-0986. | Targeted Attack | Z Unknown | CE | KR | Kaspersky, Operation PowerFall, CVE-2020-1380, CVE-2020-0986, DarkHotel | |
| 1.315 | 12/08/2020 | India | Pakistan | An alleged cyber attack by Indian intelligence agencies is identified by the Pakistani intelligence. | Unknown | O Public administration and defence, compulsory social security | CE | PK | India, Pakistan | |
| 1.316 | 12/08/2020 | ? | NHS | A report reveals that NHS staff were hit with a wave of malicious email attacks at the height of the COVID-19 pandemic, with doctors, nurses and other key workers reporting over 40,000 spam and phishing attacks between March and the first half of July. | Account Hijacking | O Public administration and defence, compulsory social security | CC | UK | NHS, COVID-19 | |
| 1.317 | 12/08/2020 | ? | Flintshire Council | Personal information of people who left comments about local planning issues on Flintshire council's website is hacked. | Unknown | O Public administration and defence, compulsory social security | CC | UK | Flintshire Council | |
| 1.318 | 12/08/2020 | ? | Multiple targets | Researchers from Juniper discover a new phishing campaign targeting business customers with a new version of the IceID malware using password protection, among other techniques, to avoid detection. | Malware | Y Multiple Industries | CC | >1 | Juniper, IcedID | |
| 1.319 | 13/08/2020 | Russian Intelligence Directorate (GRU) | Multiple targets | The NSA and FBI warn about espionage operations from the Russian Intelligence Directorate (GRU) using a previously undisclosed Linux malware toolset called Drovorub. | Targeted Attack | Y Multiple Industries | CE | US | NSA, FBI, Russian Intelligence Directorate, GRU, Linux, Drovorub | |
| 1.320 | 13/08/2020 | RedCurl | Multiple targets | Researchers from Group-IB reveal the details of RedCurl, a cyber espionage group conducting carefully planned attacks against victims in a wide geography to steal confidential corporate documents. | Targeted Attack | Y Multiple Industries | CE | >1 | Group-IB, RedCurl | |
| 1.321 | 13/08/2020 | ? | Banking users in multiple countries | Researchers from ESET reveal the details of Mekotio, a banking trojan targeting users in multiple countries (including Mexico, Brazil, Chile, Spain, Peru, and Portugal). | Malware | K Financial and insurance activities | CC | >1 | ESET, Mekotio, Mexico, Brazil, Chile, Spain, Peru, Portugal | |
| 1.322 | 13/08/2020 | ? | U.S. Financial Industry Regulatory Authority (FINRA) members | The U.S. Financial Industry Regulatory Authority (FINRA) warns its members that a copycat site is impersonating them and potentially being used in phishing attacks. | Account Hijacking | K Financial and insurance activities | CC | US | U.S. Financial Industry Regulatory Authority, FINRA | |
| 1.323 | 13/08/2020 | ? | Nykaa | Nykaa, an Indian retail seller of beauty, wellness and fashion, loses Rs 62 lakh (around USD 85,000) after the email of an Italian supplier is spoofed. | Business Email Compromise | G Wholesale and retail trade | CC | IN | Nykaa | |
| 1.324 | 13/08/2020 | CactusPete (AKA Karma Panda or Tonto Team) | Financial and military organizations in Eastern Europe | Researchers from Kaspersky discover a new campaign carried out by Cactus Pete, an APT linked to the Chinese military. | Targeted Attack | Y Multiple Industries | CE | >1 | Kaspersky, Cactus Pete, Karma Panda, Tonto Team | |
| 1.325 | 13/08/2020 | ? | Bletchley Park Trust | The Bletchley Park Trust is another victim hit in Blackbaud breach. | Malware | R Arts entertainment and recreation | CC | UK | Bletchley Park Trust, ransomware, Blackbaud | |
| 1.326 | 13/08/2020 | ? | Harvard University | Even the Harvard University might have compromised by the Blackbaud breach. | Malware | P Education | CC | US | Harvard University, ransomware, Blackbaud | |
| 1.327 | 13/08/2020 | ? | Verizon customers | Researchers from Armorblox discover a new phishing campaign targeting Verizon customers to steal user credentials, passwords and personal details. | Account Hijacking | J Information and communication | CC | US | Armorblox, Verizon | |
| 1.328 | 13/08/2020 | ? | FuhrparkService (BWFU) | Unknown hackers infiltrate the FuhrparkService (BWFU) transport fleet, Germany's state-owned vehicle fleet, which provides chauffeurs for parliamentarians and is run by the Bundeswehr military. | Unknown | O Public administration and defence, compulsory social security | CC | DE | FuhrparkService, BWFU | |
| 1.329 | 14/08/2020 | Defray | R1 RCM Inc | R1 RCM Inc., one of the US largest medical debt collection companies, is hit in a ransomware attack. | Malware | Q Human health and social work activities | CC | US | R1 RCM Inc, Defray, ransomware | |
| 1.330 | 14/08/2020 | ? | U.S. Businesses | The Emotet malware has begun to spam COVID-19 related emails to U.S. businesses | Malware | Y Multiple Industries | CC | US | Emotet | |
| 1.331 | 14/08/2020 | ? | Multiple Targets | Researchers from Menlo Security reveal the details of Duri, a new attack campaign using a combination of HTML smuggling techniques and data blobs to evade detection and download malware. | Malware | Y Multiple Industries | CC | >1 | Menlo Security, Duri, HTML smuggling | |
| 1.332 | 14/08/2020 | ? | Multiple targets | Researchers from Trend Micro discover XCSSET, a malware family exploiting Xcode projects to spread a form of Mac malware specializing in the compromise of Safari and other browsers. | Targeted Attack | Y Multiple Industries | CE | >1 | Trend Micro, XCSSET, Xcode, Mac | |
| 1.333 | 14/08/2020 | Hackers from North Korea | Multiple targets | The US Cybersecurity and Infrastructure Security Agency (CISA) publishes an alert on a new wave of attacks delivering the KONNI remote access Trojan (RAT). | Targeted Attack | Y Multiple Industries | CE | US | US Cybersecurity and Infrastructure Security Agency, CISA, KONNI | |
| 1.334 | 14/08/2020 | ? | ASDA Supermarket shoppers in the UK | ASDA Supermarket shoppers in the UK are targeted by a phishing scam run via Facebook and Twitter. | Account Hijacking | G Wholesale and retail trade | CC | UK | ASDA | |
| 1.335 | 14/08/2020 | ? | Gwinnet County High School | Gwinnet County High School is zoom bombed. | Zoom bombing | P Education | CC | US | Gwinnet County High School | |
| 1.336 | 14/08/2020 | ? | Oklahoma State Board of Education | Oklahoma State Board of Education is zoom bombed. | Zoom bombing | P Education | CC | US | Oklahoma State Board of Education, Zoom | |
| 1.337 | 15/08/2020 | ? | Carnival Corporation | Cruise line operator Carnival Corporation discloses that one of their brands suffered a ransomware attack. | Malware | R Arts entertainment and recreation | CC | US/UK | Carnival Corporation, ransomware | |
| 1.338 | 15/08/2020 | ? | GCKey | Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits are breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is a critical single sign-on (SSO) system used by the public to access multiple Canadian government services. | Credential Stuffing | O Public administration and defence, compulsory social security | CC | CA | COVID-19, GCKey | |
| 1.339 | 15/08/2020 | Sodinokibi (AKA REvil) | Brown-Forman | Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffers a ransomware attack. The intruders allegedly copied 1TB of confidential data. | Malware | I Accommodation and food service activities | CC | US | Sodinokibi, Revil, Brown-Forman | |
| 1.340 | 15/08/2020 | ? | Customers of Ritz Hotel in London | Diners at the luxury Ritz hotel in London are targeted by "extremely convincing" scammers who posed as hotel staff to steal payment card details. The scammers were able to obtain the victims' reservation details. | Unknown | I Accommodation and food service activities | CC | UK | Ritz Hotel | |
| 1.341 | 15/08/2020 | ? | Rochester City School District | Rochester City School District is zoom bombed. | Zoom bombing | P Education | CC | US | Rochester City School District, Zoom | |
| 1.342 | 02/08/2020 | Maze | Ventura Orthopedics | The Maze ransomware operators add Ventura Orthopedics to their leak site | Malware | Q Human health and social work activities | CC | US | Ventura Orthopedics, Maze, Ransomware | |
| 1.343 | 03/08/2020 | Maze | United Memorial Medical Center (UMMC) | The Maze ransomware team adds the United Memorial Medical Center (UMMC) to their leak site. | Malware | Q Human health and social work activities | CC | US | Maze, ransomware, United Memorial Medical Center, UMMC | |
| 1.344 | 03/08/2020 | ? | Kent State University | Kent State University is among the victims of the Blackbaud ransomware attack. | Malware | P Education | CC | US | Kent State University, Blackbaud, ransomware | |
| 1.345 | 05/08/2020 | ? | Isetan Mitsukoshi Co. | Isetan Mitsukoshi Co. announces that that, along with its subsidiary MI Card Co., it suffered a data breach affecting approximately 19,000 customers as a result of unauthorized access | Unknown | G Wholesale and retail trade | CC | JP | Isetan Mitsukoshi Co., MI Card Co. | |
| 1.346 | 06/08/2020 | ? | Cuyahoga Community College Foundation | The Cuyahoga Community College Foundation notifies to be among the organizations affected by the Blackbaud ransomware attack. | Malware | P Education | CC | US | Cuyahoga Community College Foundation, Blackbaud, ransomware | |
| 1.347 | 10/08/2020 | DarkSide | Multiple targets | A new ransomware operation named DarkSide begins to attack organizations with customized attacks that have already earned them million-dollar payouts. | Malware | Y Multiple Industries | CC | >1 | DarkSide, Ransomware | |
| 1.348 | 10/08/2020 | ? | Bletchley Park | Bletchley Park joins the list of the victims of the Blackbaud ransomware attack. | Malware | R Arts entertainment and recreation | CC | UK | Bletchley Park, Blackbaud ransomware | |
| 1.349 | 12/08/2020 | ? | Luminate Education Group (LEG) | Luminate Education Group (LEG) is hit by a cyber attack, affecting Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College and University Centre Leeds. | Unknown | P Education | CC | UK | Luminate Education Group, LEG, Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College, University Centre Leeds | |
| 1.350 | 12/08/2020 | ? | RailYatri | An unsecured server of the Indian ticket platform RailYatri exposes the personal information of over 700,000 passengers and is wiped out by a Meow attack. | Misconfiguration | H Transportation and storage | CC | IN | RailYatri, Meow | |
| 1.351 | 15/08/2020 | ? | Ponca City Schools | Ponca City Schools is the target of ransomware attack. | Malware | P Education | CC | US | Ponca City Schools, ransomware | |
| 1.352 | 16/08/2020 | ? | 600+ organizations worldwide | Vairav Technology uncovers a Microsoft Office 365 phishing campaign targeting more than 600 organizations worldwide. | Account Hijacking | Y Multiple Industries | CC | >1 | Vairav Technology, Microsoft Office 365 | |
| 1.353 | 17/08/2020 | ? | Momentum Metropolitan | Financial services group Momentum Metropolitan warns that a third party unlawfully accessed a limited portion of data of a subsidiary of the group. | Unknown | K Financial and insurance activities | CC | ZA | Momentum Metropolitan | |
| 1.354 | 17/08/2020 | ? | Financial Service Providers | Researchers from Akamai discover a group, using the names Fancy Bear and Armada Collective, launching DDoS attacks against some of the world's biggest financial service providers, including Moneygram and Braintree. | DDoS | K Financial and insurance activities | CC | >1 | Akamai, Fancy Bear, Armada Collective, Moneygram, Braintree | |
| 1.355 | 17/08/2020 | ? | Single individuals | The Criminal Investigation Department (CID) of the West Bengal police warns citizens of fake oximeter apps on mobile phones, leading to phishing attacks and theft of personal data | Account Hijacking | X Individual | CC | IN | Criminal Investigation Department, CID, West Bengal, COVID-19 | |
| 1.356 | 17/08/2020 | ? | East Anglia's Children's Hospices (EACH) | East Anglia's Children's Hospices (EACH) joins the victims of the Blackbaud ransomware cyber attack. | Malware | Q Human health and social work activities | CC | UK | East Anglia's Children's Hospices, EACH, Blackbaud, Ransomware | |
| 1.357 | 17/08/2020 | ? | Baugo Community Schools | Baugo Community Schools is hit by an unspecified cyber attack via its ISP. | Unknown | P Education | CC | US | Baugo Community Schools | |
| 1.358 | 18/08/2020 | TeamTNT | Multiple targets | Researchers from Cado Security discover a cybercrime group known as TeamTNT, using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems. | Malware | Y Multiple Industries | CC | >1 | Cado Security, TeamTNT, AWS, Docker, Kubernetes | |
| 1.359 | 18/08/2020 | HIDDEN COBRA AKA The Lazarus Group AKA APT38 | Unnamed organization in the cryptocurrency vertical | Researchers from F-Secure Labs discover a targeted attack against an organization in the cryptocurrency vertical, attributed to the Lazarus Group. | Targeted Attack | V Fintech | CC | N/A | HIDDEN COBRA, The Lazarus Group, F-Secure | |
| 1.360 | 18/08/2020 | ? | Cleveland Museum of Natural History | Even the Cleveland Museum of Natural History is affected by the Blackbaud ransomware breach. | Malware | R Arts entertainment and recreation | CC | US | Cleveland Museum of Natural History, Blackbaud, ransomware | |
| 1.361 | 19/08/2020 | ? | Multiple targets | Researchers from Netscout discover a new version of the Lucifer cryptomining DDoS malware, targeting Linux systems. | Malware | Y Multiple Industries | CC | >1 | Netscout, Lucifer, Linux | |
| 1.362 | 19/08/2020 | HIDDEN COBRA AKA The Lazarus Group AKA APT38 | US government contractors | The FBI and CISA issue a joint advisory exposing information on BLINDINGCAN, a RAT malware used by North Korean hackers in attacks targeting government contractors. | Targeted Attack | O Public administration and defence, compulsory social security | CE | US | FBI, CISA, BLINDINGCAN, HIDDEN COBRA, The Lazarus Group, APT38 | |
| 1.363 | 19/08/2020 | ? | Multiple targets | Researchers from Guardicore reveal the details of FritzFrog, a sophisticated botnet campaign attacking SSH servers around the world, since at least January 2020. | Brute-force | Y Multiple Industries | CC | >1 | Guardicore, FritzFrog, SSH | |
| 1.364 | 19/08/2020 | ? | TFI International | The four Canadian courier divisions of TFI International (Canpar Express, ICS Courier, Loomis Express and TForce Integrated Solutions) are hit with a ransomware attack. | Malware | H Transportation and storage | CC | CA | TFI International, Canpar Express, ICS Courier, Loomis Express, TForce Integrated Solutions, ransomware | |
| 1.365 | 19/08/2020 | Blacktech AKA Taidoor | Taiwan Government | The Taiwan Investigation Bureau’s Cyber Security Investigation Office reveals that Chinese hackers have hacked 6000 Taiwan Government email accounts belonging at least 10 Taiwan agencies. | Targeted Attack | O Public administration and defence, compulsory social security | CE | TW | The Taiwan Investigation Bureau’s Cyber Security Investigation Office, Blacktech, Taidoor | |
| 1.366 | 19/08/2020 | ? | Samaritan Medical Center | After three weeks the Samaritan Medical Center restores from a malware attack. | Malware | Q Human health and social work activities | CC | US | Samaritan Medical Center | |
| 1.367 | 19/08/2020 | ? | The Donkey Sanctuary | Hackers may have seized childrens' personal details after targeting the Donkey Sanctuary, as a consequence of the Blackbaud breach. | Malware | Q Human health and social work activities | CC | UK | The Donkey Sanctuary, Blackbaud, ransomware | |
| 1.368 | 19/08/2020 | ? | Lee County High School | Students who logged on to a virtual Spanish class via Google Meet are shown racist, violent and pornographic content by an unknown person who gained access to the lesson. | Account Hijacking | P Education | CC | US | Lee County High School | |
| 1.369 | 19/08/2020 | ? | Multiple targets | A group of cyber criminals targets organizations via a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. | Account Hijacking | Y Multiple Industries | CC | US | VPN, vishing, COVID-19 | |
| 1.370 | 20/08/2020 | CCP Unmasked | Knowlesys | A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. | Unknown | M Professional scientific and technical activities | H | CN | Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked | |
| 1.371 | 20/08/2020 | CCP Unmasked | Yunrun Big Data Service | A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. | Unknown | M Professional scientific and technical activities | H | CN | Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked | |
| 1.372 | 20/08/2020 | CCP Unmasked | OneSight | A group of hackers says they have obtained internal files from three Chinese social media monitoring companies. | Unknown | M Professional scientific and technical activities | H | CN | Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked | |
| 1.373 | 20/08/2020 | ? | University of Utah | The University of Utah reveals to have paid a $457,000 ransomware to prevent threat actors from releasing files stolen during a ransomware attack. | Malware | P Education | CC | US | University of Utah, Ransomware | |
| 1.374 | 20/08/2020 | APT from South Korea? | Unnamed architecture firm | Researchers from Bitdefender reveal that an advanced hackers-for-hire group has compromised computers of an architecture firm via a malicious plugin for the Autodesk 3ds Max software. | Malicous Autodesk plugin | M Professional scientific and technical activities | CE | N/A | Bitdefender, Autodesk 3ds Max | |
| 1.375 | 20/08/2020 | ? | Multiple targets | The FBI and CISA issue a joint advisory warning teleworkers of an ongoing vishing campaign targeting entities from multiple US industry sectors. | Account Hijacking | Y Multiple Industries | CC | US | FBI, CISA, vishing | |
| 1.376 | 20/08/2020 | Transparent Tribe | Multiple countries, mainly India and Afghanistan | Researchers from Kaspersky reveal a new operation by the Transparent Tribe APT. | Targeted Attack | Y Multiple Industries | CE | >1 | Kaspersky, Transparent Tribe, India, Afghanistan | |
| 1.377 | 20/08/2020 | ? | SnapFulfil | A UK warehouse management software company, SnapFulfil, is hit by ransomware | Malware | M Professional scientific and technical activities | CC | UK | SnapFulfil, ransomware | |
| 1.378 | 20/08/2020 | Maze | SK hynix | South Korean semiconductor manufacturer SK hynix is hit with a Maze ransomware attack. | Malware | C Manufacturing | CC | KR | SK hynix, Maze, ransomware | |
| 1.379 | 21/08/2020 | ? | Freepik | Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website. | SQL Injection | S Other service activities | CC | ES | Freepik, Flaticon | |
| 1.380 | 21/08/2020 | ? | U.S. Financial Industry Regulatory Authority (FINRA) members | The U.S. Financial Industry Regulatory Authority (FINRA) issues a new regulatory notice warning members of threat actors using registered brokers' info to create phishing websites. | Account Hijacking | K Financial and insurance activities | CC | US | U.S. Financial Industry Regulatory Authority, FINRA | |
| 1.381 | 21/08/2020 | Maze | Hoa Sen Group | The Maze ransomware operators claim to have breached the steel sheet giant Hoa Sen Group. | Malware | C Manufacturing | CC | VN | Maze, ransomware, Hoa Sen Group | |
| 1.382 | 21/08/2020 | ? | Spanish users | Researchers from ESET reveal that the operators behind the Grandoreiro banking trojan, have been using emails posing as the Agencia Tributaria to trick Spanish victims into installing the malware. | Malware | X Individual | CC | ES | ESET, Grandoreiro, Agencia Tributaria | |
| 1.383 | 21/08/2020 | ? | Food Bank of Central & Eastern North Carolina | The Food Bank of Central & Eastern North Carolina reveals it was a victim in the Blackbaud data breach. | Malware | Q Human health and social work activities | CC | US | Food Bank of Central & Eastern North Carolina, Ransomware, Blackbaud | |
| 1.384 | 21/08/2020 | ? | Planned Parenthood | Even Planned Parenthood is hit with the Blackbaud breach. | Malware | Q Human health and social work activities | CC | US | Planned Parenthood, Blackbaud, Ransomware | |
| 1.385 | 21/08/2020 | ? | Myerscough College | Myerscough College is hit with a cyber attack. | Unknown | P Education | CC | UK | Myerscough College | |
| 1.386 | 21/08/2020 | ? | Millbrook Magnet High School | The virtual lessons via Google Meet on Millbrook Magnet High School are disrupted by an intruder. | Account Hijacking | P Education | CC | US | Millbrook Magnet High School, Google Meet | |
| 1.387 | 21/08/2020 | ? | Oberlin Magnet Middle School | Even the virtual lessons via Google Meet on Oberlin Magnet Middle School are disrupted by an intruder. | Account Hijacking | P Education | CC | US | Oberlin Magnet Middle School, Google Meet | |
| 1.388 | 21/08/2020 | ? | Multiple targets | Researchers from Mitiga discover a Community Amazon Machine Image infected with malware. | Malware | Y Multiple Industries | CC | >1 | Amazon Machine Image, Mitiga | |
| 1.389 | 21/08/2020 | ? | Multiple MSPs | Researchers from Huntress Labs discover a malware campaign targeting MSPs and using multiple strategies to go undetected. | Malware | M Professional scientific and technical activities | CC | >1 | Huntress Labs | |
| 1.390 | 21/08/2020 | ? | Mental Health Partners | Mental Health Partners notified clients and employees about an employee email account compromise discovered in late March. | Account Hijacking | Q Human health and social work activities | CC | US | Mental Health Partners | |
| 1.391 | 21/08/2020 | ? | Multiple targets | Researchers from Sophos discover a new phishing campaign pretending to delivery a mail issue notification and delivering the malicious payload from Azure. | Account Hijacking | Y Multiple Industries | CC | >1 | Sophos, Azure | |
| 1.392 | 22/08/2020 | ? | Tempo.co | Tempo.co, a news site that criticized the local government for the strategy adopted against the pandemic is defaced. | Defacement | J Information and communication | CC | ID | Tempo.co | |
| 1.393 | 22/08/2020 | ? | Center for Indonesia’s Strategic Development Initiatives (CISDI) | The Center for Indonesia’s Strategic Development Initiatives (CISDI), also known to be critical of the Indonesian government’s coronavirus policies, is defaced. | Defacement | Q Human health and social work activities | CC | ID | Center for Indonesia’s Strategic Development Initiatives, CISDI | |
| 1.394 | 22/08/2020 | ? | Twitter account of Pandu Riono | The Twitter account of Pandu Riono, an epidemiologist at the University of Indonesia (UI), also critical against the Indonesian government, is hijacked. | Account Hijacking | X Individual | CC | ID | Twitter, Pandu Riono | |
| 1.395 | 23/08/2020 | ? | Gosnell School District | The Gosnell School District is hit with a ransomware attack. | Malware | P Education | CC | US | Gosnell School District, ransomware | |
| 1.396 | 23/08/2020 | ? | Rialto Unified School District | Even the Rialto Unified School District is hit with a ransomware attack. | Malware | P Education | CC | US | Rialto Unified School District, ransomware | |
| 1.397 | 24/08/2020 | Iranian hackers | Multiple targets | Researchers from Group-IB expose a low-skilled group of Iranian hackers exploiting exposed RDP servers to deploy the Dharma ransomware. | Malware | Y Multiple Industries | CC | >1 | Group-IB, Iran, RDP, Dharma, Ransomware | |
| 1.398 | 24/08/2020 | SunCrypt | Haywood County School district | The SunCrypt Ransomware shuts down the Haywood County School district. | Malware | P Education | CC | US | SunCrypt, Ransomware, Haywood County School district. | |
| 1.399 | 24/08/2020 | ? | Empire Market | The dark web site Empire Market is hit by a prolonged DDoS attack, before its admins decide to abruptly leave the business. | DDoS | S Other service activities | CC | N/A | Empire Market | |
| 1.400 | 24/08/2020 | ? | Vulnerable WordPress servers | Researchers from WebARX reveal that hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated XSS vulnerabilities in the Discount Rules for WooCommerce WordPress, a plugin with more than 30,000 installations. | Vulnerability | Y Multiple Industries | CC | >1 | WebARX, Discount Rules for WooCommerce, WordPress | |
| 1.401 | 24/08/2020 | ? | iOS users | Security firm Snyk claims to have found malicious code inside SourMint, a Chinese iOS SDK by Mintegral, used by more than 1,200 iOS applications, all collectively downloaded more than 300 million times per month. | Malware | X Individual | CC | >1 | Snyk, Mintegral, iOS, SourMint | |
| 1.402 | 24/08/2020 | DeathStalker | Organizations in the financial sector | Researchers from Kaspersky reveal the details of a hack-for-hire group, tracked as DeathStalker, targeting organizations in the financial sector since 2012. | Targeted Attack | K Financial and insurance activities | CC | >1 | Kaspersky, DeathStalker | |
| 1.403 | 24/08/2020 | ? | Multiple targets | Researchers from KnowBe4 discover a wave of phishing campaigns exploiting AWS to deliver the Malicous payload. | Account Hijacking | Y Multiple Industries | CC | >1 | KnowBe4, AWS | |
| 1.404 | 24/08/2020 | ? | Transsion Tecno W2 handsets mainly in Egypt, Ethiopia, South Africa, Cameroon, Ghana | Researchers from Secure-D Lab discover a new Chinese handset with pre-installed Triada malware. | Malware | X Individual | CE | >1 | Secure-D Lab, Transsion Tecno W2, Egypt, Ethiopia, South Africa, Cameroon, Ghana, Triada | |
| 1.405 | 24/08/2020 | ? | Rialto Unified School District | Rialto Unified School District is affected by malware | Malware | P Education | CC | US | Rialto Unified School District | |
| 1.406 | 24/08/2020 | ? | Holden Forests and Gardens | Holden Forests and Gardens reveals to have been affected by the Blackbaud ransomware attack. | Malware | Q Human health and social work activities | CC | US | Holden Forests and Gardens, Blackbaud, ransomware | |
| 1.407 | 25/08/2020 | ? | New Zealand’s stock exchange (NZX) | New Zealand’s stock exchange (NZX) is hit by DDoS attacks in the last two days. | DDoS | K Financial and insurance activities | CC | NZ | New Zealand’s stock exchange, NZX | |
| 1.408 | 25/08/2020 | ? | 38 Japanese companies including Sumitomo Forestry Co. and Hitachi Chemical Co. | 38 Japanese companies have authentication information to access their virtual private networks stolen and leaked. | Vulnerability | Y Multiple Industries | CC | JP | Sumitomo Forestry Co.. Hitachi Chemical Co., CVE-2019-11510 | |
| 1.409 | 25/08/2020 | DarkSide | Brookfield Residential | Brookfield Residential is one of the first victims of the new DarkSide Ransomware. | Malware | L Real estate activities | CC | CA | Brookfield Residential, DarkSide, Ransomware | |
| 1.410 | 25/08/2020 | ? | Multiple targets | Researchers from Sophos discover a new version of the Lemon_Duck cryptominer updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances. | Malware | Y Multiple Industries | CC | >1 | Sophos, Lemon_Duck, crypto, Linux, SSH, SMBGhost, Windows, Redis, Hadoop | |
| 1.411 | 25/08/2020 | ? | Multiple targets | Researchers from Armorblox detect a phishing campaign delivering the phishing page from Box. | Account Hijacking | Y Multiple Industries | CC | >1 | Armorblox, Box | |
| 1.412 | 25/08/2020 | ? | Crypto currency traders | Researchers from Abnormal Security reveal that Cyber-criminals have been impersonating the well-known Bitcoin BTC ERA trading platform in order to infect users of the online currency with malware. | Malware | V Fintech | CC | >1 | Abnormal Security, Bitcoin BTC ERA | |
| 1.413 | 25/08/2020 | ? | North Okanagan Pediatric Clinic | The North Okanagan Pediatric Clinic reveals to have been hacked in late May 2020. | Unknown | Q Human health and social work activities | CC | US | North Okanagan Pediatric Clinic | |
| 1.414 | 26/08/2020 | BeagleBoyz | Several international banks | A joint advisory issued by several U.S. Government agencies reveals that North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks. The campaign is called "Fast Cash" | Malware | K Financial and insurance activities | CC | >1 | BeagleBoyz, North Korea, Fast Cash | |
| 1.415 | 26/08/2020 | China | Twitter users | Social media research group Graphika identifies Dracula, a Twitter botnet of around 3,000 bots that pushed pro-Chinese political spam, echoing official messaging released through state propaganda accounts. | Fake Social Network accounts/groups/pages | X Individual | CW | >1 | Graphika, Dracula, Twitter, China | |
| 1.416 | 26/08/2020 | ? | Multiple targets | Microsoft warns of a recently uncovered piece of malware, tracked as Anubis, designed to steal information from infected systems. | Malware | Y Multiple Industries | CC | >1 | Microsoft, Anubis | |
| 1.417 | 26/08/2020 | China? | US organizations doing business in China | The FBI and CISA issue another warning to organizations doing business in China after reports of a potentially widespread attempt to remotely target them with powerful malware hidden in tax software. | Malware | Y Multiple Industries | CE | US | FBI, CISA, China, GoldenHelper | |
| 1.418 | 26/08/2020 | ? | MetroHealth Foundation | The MetroHealth Foundation is among the victims of the Blackbaud ransomware attack. | Malware | Q Human health and social work activities | CC | US | MetroHealth Foundation, Blackbaud, ransomware | |
| 1.419 | 27/08/2020 | Netwalker | Argentina's official immigration agency, Dirección Nacional de Migraciones, | Argentina's official immigration agency, Dirección Nacional de Migraciones, suffers a Netwalker ransomware attack that temporarily halts border crossing into and out of the country. | Malware | O Public administration and defence, compulsory social security | CC | AR | Dirección Nacional de Migraciones, Ransomware, Netwalker | |
| 1.420 | 27/08/2020 | Charming Kitten, AKA APT35, NewsBeef, Newscaster, or Ajax | Academia experts, human rights activists, and journalists specialized in Iranian affairs | Researchers from ClearSky reveal that Iranian government hackers have impersonated journalists to reach out to targets via LinkedIn, and set up WhatsApp calls to win their trust, before sharing links to phishing pages and malware-infected files. | Targeted Attack | X Individual | CE | >1 | ClearSky, Iran, LinkedIn, WhatsApp, Charming Kitten, APT35, NewsBeef, Newscaster, Ajax | |
| 1.421 | 27/08/2020 | ? | Multiple targets | Researchers from Check Point discover a new Qbot campaign, stealing full email threads to use in reply-chain. | Malware | Y Multiple Industries | CC | >1 | Check Point, Qbot | |
| 1.422 | 27/08/2020 | ? | Data#3 | Australian IT vendor Data#3 notifies to have experienced what it dubbed as a "cyber incident". | Unknown | J Information and communication | CC | AU | Data#3 | |
| 1.423 | 27/08/2020 | REvil AKA Sodinokibi | Valley Health Systems | REvil ransomware operators claim to have breached Valley Health Systems. | Malware | Q Human health and social work activities | CC | US | REvil, Sodinokibi, Ransomware, Valley Health Systems | |
| 1.424 | 27/08/2020 | ? | Misconfigured Docker containers | Researchers from Palo Alto Networks reveal the details of Cetus, a new Docker cryptojacking worm mining for Monero. | Misconfiguration | Y Multiple Industries | CC | >1 | Palo Alto Networks, Cetus | |
| 1.425 | 27/08/2020 | ? | NCR Corporation | NCR Corporation confirms that it found malware-infected computers in an isolated non-production lab environment outside of the U.S., but claims its clients were never at risk of a secondary infection. | Malware | C Manufacturing | CC | US | NCR Corporation | |
| 1.426 | 27/08/2020 | DoppelPaymer | Amphastar Pharmaceuticals | Amphastar Pharmaceuticals reveals to have been hit with a DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21. | Malware | C Manufacturing | CC | US | Amphastar Pharmaceuticals, DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21. | |
| 1.427 | 27/08/2020 | ? | Clark County School District | The Clark County School District notifies parents after a "data security incident". | Unknown | P Education | CC | US | Clark County School District | |
| 1.428 | 27/08/2020 | ? | Single individuals | Researchers at Area 1 Security discover a global phishing campaign that purports to offer information about surgical masks and other protective equipment for the COVID-19 pandemic, infecting victims' devices with the AgentTesla RAT. | Account Hijacking | X Individual | CC | >1 | Area 1 Security, COVID-19, AgentTesla | |
| 1.429 | 28/08/2020 | UltraRank | 700 websites and more than a dozen third-party service providers | Security researchers from Group-IB reveal the details of UltraRank, a cybercriminal group specialized in infecting online shops to steal payment card data, responsible for compromising almost 700 websites and more than a dozen third-party service providers. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Group-IB, UltraRank | |
| 1.430 | 28/08/2020 | ? | "Fall Guys: Ultimate Knockout" players | The npm security team removes a malicious JavaScript library, named "fallguys", from the npm portal, designed to steal sensitive files from an infected users' browser and Discord application. | Malware | X Individual | CC | >1 | JavaScript, npm, fallguys, Discord | |
| 1.431 | 28/08/2020 | ? | Several ISPs across Europe | More than a dozen ISPs across Europe report DDoS attacks targeting their DNS infrastructure. The list includes Belgium's EDP, France's Bouygues Télécom, FDN, K-net, SFR, and the Netherlands' Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl. | DDoS | J Information and communication | CC | >1 | DNS, EDP, Bouygues Télécom, FDN, K-net, SFR, Caiway, Delta, FreedomNet, Online.nl, Signet, Tweak.nl. | |
| 1.432 | 28/08/2020 | ? | SIngle individuals | The Irish Department of Social Protection warns against “sophisticated” phishing scams. | Account Hijacking | X Individual | CC | IE | Department of Social Protection | |
| 1.433 | 28/08/2020 | ? | Multiple targets | Email service provider Sendgrid suffers an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. | Account Hijacking | Y Multiple Industries | CC | >1 | Sendgrid | |
| 1.434 | 28/08/2020 | ? | Turkish Instagram users | Researchers from Trend Micro reveal that Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. | Account Hijacking | X Individual | CC | TR | Trend Micro, Instagram | |
| 1.435 | 28/08/2020 | ? | PULAU Corporation | Defense supplier PULAU Corporation notifies their employees about an intrusion and unauthorized access into parts of their network between June 11 and June 29. | Unknown | C Manufacturing | CC | US | PULAU Corporation | |
| 1.436 | 28/08/2020 | ? | Rocky Mount | Rocky Mount is hit with a ransomware attack. | Malware | O Public administration and defence, compulsory social security | CC | US | Rocky Mount, Ransomware | |
| 1.437 | 28/08/2020 | ? | Selma Unified School District | Selma Unified School District is hit with a ransomware attack. | Malware | P Education | CC | US | Selma Unified School District, ransomware | |
| 1.438 | 29/08/2020 | ? | Utah Pathology Services | Utah Pathology Services notifying more than 110,000 patients of a data breach when the personal information of certain individuals was accessible to an unauthorized party: | Unknown | Q Human health and social work activities | CC | US | Utah Pathology Services | |
| 1.439 | 30/08/2020 | John Wick? | PayTM Group | PayTM Group suffers a breach after hackers from John Wick access its internal database. | Vulnerability | K Financial and insurance activities | CC | >1 | PayTM Group, John Wick | |
| 1.440 | 30/08/2020 | ? | Android users | Google removes 56 Android applications from the official Google Play Store that the company says were part of Terracotta, an ad fraud botnet discovered by White Ops. | Malware | X Individual | CC | >1 | Android, Google Play Store, Terracotta, White Ops | |
| 1.441 | 30/08/2020 | ? | Unknown Bitcoin user | A user loses 1400 Bitcoin ($16 million worth) via a fake bitcoin wallet. | Malware | K Financial and insurance activities | CC | N/A | Bitcoin | |
| 1.442 | 30/08/2020 | ? | Greenville Technical College | Greenville Technical College acknowledges to have been hit with a ransomware attack, while the threat actors claim to have successfully exfiltrated personal information of staff and students. | Malware | P Education | CC | US | Greenville Technical College | |
| 1.443 | 31/08/2020 | Pioneer Kitten | Multiple targets | Researchers from Crowdstrike reveal that a group of Iranian hackers tracked as Pioneer Kitten is selling corporate-network credentials on hacker forums. The credentials have been obtained from vulnerable VPN devices. | Vulnerability | Y Multiple Industries | CE | >1 | Crowdstrike, Pioneer Kitten Pulse Secure, F5, Citrix | |
| 1.444 | 31/08/2020 | ? | Multiple targets | Cisco warns that threat actors are trying to exploit two high severity memory exhaustion denial-of-service (DoS) vulnerabilities in the company's Cisco IOS XR software that runs on carrier-grade routers. | Vulnerability | Y Multiple Industries | CC | >1 | Cisco, CVE-2020-3566, CVE-2020-3569 | |
| 1.445 | 31/08/2020 | ? | American Payroll Association (APA) | The American Payroll Association (APA) discloses a data breach affecting members and customers after attackers successfully planted a web skimmer on the organization's website login and online store checkout pages. | Malicious Script Injection | S Other service activities | CC | US | American Payroll Association, APA, Magecart | |
| 1.446 | 31/08/2020 | ? | Multiple e-commerce targets | Visa issues a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Visa, JavaScript, Baka | |
| 1.447 | 31/08/2020 | ? | MacOS users | Security researchers discover that the authors of the Shlayer malware have been able to bypass the Apple's automated notarizing process. | Malware | X Individual | CC | >1 | Shlayer, Apple, MacOS | |
| 1.448 | 31/08/2020 | ? | Vulnerable QNAP devices | Researchers from Qihoo 360 reveal that hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a RCE vulnerability to implant backdoor. | Vulnerability | Y Multiple Industries | CC | >1 | Qihoo 360, QNAP, RCE | |
| 1.449 | 31/08/2020 | ? | Android users | Researchers at Pradeo discover six new Android apps infected with Joker malware, | Malware | X Individual | CC | >1 | Pradeo, Android, Joker | |
| 1.450 | 31/08/2020 | ? | Multiple targets | Researchers from KnowBe4 discover a wave of phishing campaigns exploiting Slack to deliver phishing pages. | Account Hijacking | Y Multiple Industries | CC | >1 | KnowBe4, Slack | |
| 1.451 | 31/08/2020 | ? | Atrium Health | Atrium Health joins the list of the victims of the Blackbaud ransomware attack. | Malware | Q Human health and social work activities | CC | US | Atrium Health, Blackbaud, ransomware | |
| 1.452 | 17/07/2020 | ? | Somerset Berkley Regional High School | Somerset Berkley Regional High School is hit with a ransomware attack | Malware | P Education | CC | US | Somerset Berkley Regional High School, ransomware | |
| 1.453 | 30/08/2020 | DoppelPaymer | Newcastle University | The Newcastle University is hit with a DoppelPaymer ransomware attack. | Malware | P Education | CC | UK | Newcastle University, DoppelPaymer, ransomware | |
| 1.454 | 31/08/2020 | ? | Multiple targets | Visa issues a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Visa, JavaScript, Baka | |
| 1.455 | 31/08/2020 | ? | Northumbria University | Northumbria University is also hit with a ransomware attack. | Malware | P Education | CC | UK | Northumbria University, ransomware | |
| 1.456 | 28/08/2020 | Kimsuky | 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council. | Kimsuky, a hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council. | Targeted Attack | U Activities of extraterritorial organizations and bodies | CE | N/A | Kimsuky, United Nations | |
| 1.457 | 31/08/2020 | ? | Anglicare Sidney | Anglicare Sydney is hit with a ransomware attack and 17GB of its data is transmitted “to a remote location”. | Malware | Q Human health and social work activities | CC | AU | Anglicare Sidney, ransomware | |
| 1.458 | 01/09/2020 | Russia? | Norwegian Parliament (Stortinget) | Attackers compromise a limited number of email accounts of Norwegian Parliament (Stortinget) representatives and employees. Fingers are pointed to Russia | Targeted Attack | O Public administration and defence, compulsory social security | CE | NO | Norwegian Parliament, Stortinget, Russia | |
| 1.459 | 01/09/2020 | RansomExx AKA Defray | SoftServe | Ukrainian software developer and IT services provider SoftServe suffers a RansomExx ransomware attack | Malware | M Professional scientific and technical activities | CC | UA | SoftServe, RansomExx, Defray | |
| 1.460 | 01/09/2020 | ProLock | Multiple targets | The FBI issues a second warning to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims' systems. | Malware | Y Multiple Industries | CC | US | FBI, ProLock, ransomware | |
| 1.461 | 01/09/2020 | ? | Warner Music Group (WMG) | Warner Music Group (WMG) discloses a data breach affecting customers' personal and financial information after several of its US-based e-commerce stores were hacked in April 2020 in what looks like a Magecart attack. | Malicious Script Injection | R Arts entertainment and recreation | CC | US | Warner Music Group, WMG, Magecart | |
| 1.462 | 01/09/2020 | ? | Vulnerable Wordpress sites | Researchers from Wordfence reveal that hackers are actively exploiting a critical RCE vulnerability that allows to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions. | Vulnerability | Y Multiple Industries | CC | >1 | Wordfence, File Manager | |
| 1.463 | 01/09/2020 | ? | Multiple targets | Researchers from Malwarebytes analyze a new credit card skimmer exfiltrating data via Telegram. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | Malwarebytes, Telegram, Magecart | |
| 1.464 | 01/09/2020 | Epic Manchego | Companies all over the world | Researchers from NVISO Labs reveal the details of Epic Manchego, a malware gang, active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document. | Malware | Y Multiple Industries | CC | >1 | NVISO Labs, Epic Manchego, Excel | |
| 1.465 | 01/09/2020 | Russia? | Facebook and Twitter users | Facebook and Twitter remove social media accounts for a news organization going by the name of PeaceData, which they linked to Russia's state propaganda efforts. | Fake Social Network accounts/groups/pages | X Individual | CW | >1 | Facebook, Twitter, PeaceData, Russia | |
| 1.466 | 01/09/2020 | ? | Catholic Health | Catholic Health joins the list of the entities hit with the Blackbaud breach. | Malware | Q Human health and social work activities | CC | US | Catholic Health, Blackbaud, ransomware | |
| 1.467 | 01/09/2020 | ? | Roswell Park Alliance Foundation | Even the Roswell Park Alliance Foundation is hit by the Blackbaud breach. | Malware | Q Human health and social work activities | CC | US | Roswell Park Alliance Foundation, Blackbaud, ransomware | |
| 1.468 | 01/09/2020 | ? | Several million American voters | A database containing several million American voters’ personal information appears on the Russian dark web. | Unknown | Z Unknown | CC | US | American voters | |
| 1.469 | 01/09/2020 | ? | Bykea | Unidentified hackers successfully infiltrate and delete the entire database of Bykea, a Pakistan-based vehicle for hire and delivery company. | Unknown | H Transportation and storage | CC | PK | Bykea | |
| 1.470 | 01/09/2020 | ? | Georgian Ministry of Health | Hackers break into the Georgian Ministry of Health to steal data on the Russian nerve agent Novichok | Targeted Attack | O Public administration and defence, compulsory social security | CE | GE | Georgian Ministry of Health | |
| 1.471 | 01/09/2020 | ? | Canadian Ministry of Justice | The Canadian Ministry of Justice is hit with an Emotet attack. | Malware | O Public administration and defence, compulsory social security | CC | CA | Canadian Ministry of Justice, Emotet | |
| 1.472 | 01/09/2020 | ? | Mansfield City Schools | The Mansfield City Schools District is hit with a cyber attack. | Unknown | P Education | CC | US | Mansfield City Schools | |
| 1.473 | 01/09/2020 | ? | St. Louis County | The St. Louis County website goes down without notice after a cyber attack. | Unknown | O Public administration and defence, compulsory social security | CC | US | St. Louis County | |
| 1.474 | 02/09/2020 | ? | Cryptocurrency users in the Czech Republic and Slovakia | Researchers from ESET discover KryptoCibule, a new malware family focused on getting as much cryptocurrency as possible from its victims. | Malware | V Fintech | CC | >1 | ESET, KryptoCibule, Crypto | |
| 1.475 | 02/09/2020 | ? | Multiple targets | Researchers from Tencent discover MrbMiner, a malware targeting vulnerable exposed Microsoft MSSQL servers. | Malware | Y Multiple Industries | CC | >1 | Tencent, MrbMiner, Microsoft MSSQL | |
| 1.476 | 02/09/2020 | ? | K7Maths | A leak from K7Maths, an online service providing school e-learning solutions, causes the compromise of the personal details of more than one million students, teachers, and staff. | Misconfiguration | P Education | CC | AU | K7Maths | |
| 1.477 | 02/09/2020 | ? | Hartford School District | The Hartford School District in Connecticut postpones the first day of school after a ransomware attack. | Malware | P Education | CC | US | Hartford School District, ransomware | |
| 1.478 | 02/09/2020 | Belarusians government? | Belarusians attending anti-government protests | Google removes from the Play Sore NEXTA LIVE, an Android used to collect personal information from Belarusians attending anti-government protests. | Malware | X Individual | CE | BY | Google, Play Sore NEXTA LIVE, Android | |
| 1.479 | 02/09/2020 | ? | Meteorological Service of New Zealand (Metservice) | The Meteorological Service of New Zealand (Metservice) is hit with a DDoS attack. | DDoS | O Public administration and defence, compulsory social security | CC | NZ | Meteorological Service of New Zealand, Metservice | |
| 1.480 | 02/09/2020 | TA413 | European diplomatic entities and the Tibetan community | Researchers from Proofpoint reveal the details of a new campaign targeting European diplomatic entities and the Tibetan community with the Sepulcher malware. | Targeted Attack | Y Multiple Industries | CE | >1 | TA413, Sepulcher, Proofpoint | |
| 1.481 | 02/09/2020 | ? | Jewish Federation of Greater Washington | The Jewish Federation of Greater Washington reports a hack that stole $7.5 million from its endowment fund and funneled the money into international accounts. | Account Hijacking | S Other service activities | CC | US | Jewish Federation of Greater Washington | |
| 1.482 | 02/09/2020 | ? | Multiple targets | Researchers from RiskIQ reveal the details of Inter, a Magecart Skimming Tool affecting more than 1,500 Sites. | Malicious Script Injection | G Wholesale and retail trade | CC | >1 | RiskIQ, Inter, Magecart | |
| 1.483 | 02/09/2020 | ? | Multiple targets | Researchers from Sophos discover a new phishing campaign using Sharepoint and OneNote to avoid detection. | Account Hijacking | Y Multiple Industries | CC | >1 | Sophos, Sharepoint, OneNote | |
| 1.484 | 03/09/2020 | John Wick | Twitter account of Indian Prime Minister Narendra Modi | The Twitter account of Indian Prime Minister Narendra Modi is hacked. | Account Hijacking | X Individual | CC | IN | Twitter, Narendra Modi, John Wick | |
| 1.485 | 03/09/2020 | Evilnum | Financial tech organizations | Researchers from Cybereason unveil the latest campaign by Evilnum, using a Python RAT dubbed PyVil RAT. | Targeted Attack | K Financial and insurance activities | CC | >1 | Cybereason, Evilnum, Python, PyVil RAT | |
| 1.486 | 03/09/2020 | John Wick | India's CNN-News18 | A hacking group claims to have breached India's CNN-News18 news site to use it to refute claims that they hacked PayTM Mall | Unknown | J Information and communication | CC | IN | John Wick, CNN-News18 | |
| 1.487 | 03/09/2020 | ? | Maynooth University | Maynooth University is hit with a ransomware attack. | Malware | P Education | CC | IE | Maynooth University, ransomware | |
| 1.488 | 03/09/2020 | ? | Multiple targets | Researchers from Cofense discover a new phishing campaign, using the company's home page to disguise the attack and trick potential victims into providing login credentials. | Account Hijacking | Y Multiple Industries | CC | >1 | Cofense | |
| 1.489 | 03/09/2020 | Salfram | Multiple targets | Researchers from Cisco Talos discover multiple "Salfram" campaigns use, distributing multiple payloads, including ZLoader, SmokeLoader, and AveMaria. | Malware | Y Multiple Industries | CC | >1 | Cisco Talos, Salfram, ZLoader, SmokeLoader, AveMaria | |
| 1.490 | 03/09/2020 | ? | Sverdlovsk Regional Clinical Center | The Sverdlovsk Regional Clinical Center suffers a ransomware attack. | Malware | Q Human health and social work activities | CC | RU | Sverdlovsk Regional Clinical Center, ransomware | |
| 1.491 | 03/09/2020 | ? | Roper St. Francis Healthcare | Roper St. Francis Healthcare notifies 6,000 patients of a phishing incident. | Account Hijacking | Q Human health and social work activities | CC | US | Roper St. Francis Healthcare | |
| 1.492 | 03/09/2020 | ? | Oregon State University | Oregon State University announces that personal information of some students and faculty may have been exposed during a recent IT security incident. | Unknown | P Education | CC | US | Oregon State University | |
| 1.493 | 04/09/2020 | ? | Lloyds Bank customers | Lloyds Bank customers are targeted by a sophisticated email and SMS messaging phishing campaign. | Account Hijacking | K Financial and insurance activities | CC | UK | Lloyds Bank | |
| 1.494 | 04/09/2020 | ? | Essex Region Conservation Authority (ERCA) | The Essex Region Conservation Authority (ERCA) loses $300,00 to a phishing scam | Account Hijacking | O Public administration and defence, compulsory social security | CC | CA | Essex Region Conservation Authority, ERCA | |
| 1.495 | 04/09/2020 | ? | University Tor Vergata | The University Tor Vergata in Rome is hit with a ransomware attack. | Malware | P Education | CC | IT | The University Tor Vergata, ransomware | |
| 1.496 | 04/09/2020 | ? | Cygilant | Cygilant, a threat detection cybersecurity company, confirms a ransomware attack. | Malware | M Professional scientific and technical activities | CC | US | Cygilant, ransomware | |
| 1.497 | 04/09/2020 | ? | University of Missouri | Even the personal information from donors to the University of Missouri's four campuses was stolen during the Blackbaud data breach. | Malware | P Education | CC | US | University of Missouri, Blackbaud | |
| 1.498 | 06/09/2020 | Netwalker | Equinix | Data center and colocation giant Equinix is hit with a Netwalker ransomware attack. Threat actors demand $4.5 million for a decryptor and to prevent the release of stolen data. | Malware | M Professional scientific and technical activities | CC | US | Equinix, Netwalker, ransomware | |
| 1.499 | 06/09/2020 | ? | Tower Semiconductors | Tower Semiconductors is hit with a ransomware attack. | Malware | C Manufacturing | CC | IL | Tower Semiconductors, ransomware | |
| 1.500 | 07/09/2020 | Sodinokibi (AKA REvil) | Banco Estado | Banco Estado, one of Chile's three biggest banks, is forced to shut down all branches following a ransomware attack that took place over the weekend. | Malware | K Financial and insurance activities | CC | CL | Banco Estado, ransomware, Sodinokibi, Revil | |
| 1.501 | 07/09/2020 | Netwalker | K-Electric | K-Electric, the sole electricity provider for Karachi, Pakistan, suffers a Netwalker ransomware attack that leads to the disruption of billing and online services. | Malware | D Electricity gas steam and air conditioning supply | CC | PK | K-Electric, Netwalker, ransomware | |
| 1.502 | 07/09/2020 | ? | Private sector and public administration entities | The French national cyber-security agency publishes an alert warning of a surge in Emotet attacks targeting the private sector and public administration entities throughout the country. | Malware | Y Multiple Industries | CC | FR | Emotet | |
| 1.503 | 07/09/2020 | ? | Entities in Japan | Even the cyber-security agency from Japan publishes an alert warning about an uptick in Emotet attacks. | Malware | Y Multiple Industries | CC | JP | Emotet | |
| 1.504 | 07/09/2020 | ? | Entities in New Zealand | And finally, even the cyber-security agency from New Zealand publishes an alert warning about an uptick in Emotet attacks. | Malware | Y Multiple Industries | CC | NZ | Emotet | |
| 1.505 | 08/09/2020 | TeamTNT | Undisclosed Target | Researchers from Intezer discover a new operation by TeamTNT, abusing Weave Scope, a trusted tool which gives the user full access to their cloud environment. | Misconfiguration | Z Unknown | CC | N/A | Intezer. TeamTNT, Weave Scope | |
| 1.506 | 08/09/2020 | ? | NorthShore Health System | NorthShore Health System says the personal information of 348,000 people was compromised in the Blackbaud breach. | Malware | Q Human health and social work activities | CC | US | NorthShore Health System, Blackbaud, ransomware | |
| 1.507 | 08/09/2020 | ? | Single Individuals | Researchers from Zscaler discover a new Android spyware campaign pushing a fake “Pro” version of the TikTok app. | Malware | X Individual | CC | US | Zscaler, Android, TikTok | |
| 1.508 | 08/09/2020 | ? | College of Nurses of Ontario (CNO) | The College of Nurses of Ontario suffers a ransomware attack. | Malware | Q Human health and social work activities | CC | CA | College of Nurses of Ontario, ransomware, CNO | |
| 1.509 | 08/09/2020 | Maze | Toledo Public Schools | The Toledo Public Schools district is hit with a Maze ransomware attack. | Malware | P Education | CC | US | The Toledo Public Schools, Maze, ransomware | |
| 1.510 | 08/09/2020 | ? | Somerset Hills School District | The Somerset Hills School District is hit with a ransomware attack. | Malware | P Education | CC | US | The Somerset Hills School District, ransomware | |
| 1.511 | 08/09/2020 | ? | Roper St. Francis Healthcare | Roper St. Francis Healthcare notifies 93,000 involved in the Blackbaud ransomware incident. | Malware | Q Human health and social work activities | CC | US | Roper St. Francis Healthcare, Blackbaud, ransomware | |
| 1.512 | 08/09/2020 | ? | Pickens County School District | The Pickens County School District is hit with a DDoS attack. | DDoS | P Education | CC | US | Pickens County School District | |
| 1.513 | 09/09/2020 | ? | Development Bank of Seychelles (DBS) | The Development Bank of Seychelles (DBS) is hit by ransomware | Malware | K Financial and insurance activities | CC | SC | Development Bank of Seychelles, ransomware | |
| 1.514 | 09/09/2020 | ? | ETERBASE | ETERBASE, a Bratislava-based cryptocurrency exchange, discloses a security breach. The exchange says hackers breached its internal network and stole cryptocurrency funds worth $5.4 million. | Unknown | V Fintech | CC | SK | ETERBASE, Crypto | |
| 1.515 | 09/09/2020 | ? |