2020 Cyber Attacks Statistics

Paolo Passeri

Twitter

Facebook

Tumblr

Buffer

Last Updated on February 19, 2021

As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.

As always, be aware that the sample refers exclusively to the attacks included in my timelines, available from public sources such as blogs and news sites. Obviously the sample cannot be complete, but only aims to provide an high level overview of the threat landscape.

And please support my work, sharing the content and following me on Twitter and Linkedin for the latest updates.

ID	Date	Author	Target	Description	Attack	Target Class	Attack Class	Country	Tags
1	02/01/2020	Chuckling Squad	Adam Sandler's Twitter account	Adam Sandler's Twitter account is hacked and used to post offensive messages against Mariah Carey, President Obama, and President Trump.	Account Hijacking	R Arts entertainment and recreation	CC	US	Adam Sandler, Twitter, Mariah Carey, President Obama, President Trump, Chuckling Squad
2	02/01/2020	?	Klamath County Veterans Service Office	Klamath County Veterans Service Office notifies a phishing attack occurred on September 19, 2019	Account Hijacking	O Public administration and defence, compulsory social security	CC	US	Klamath County Veterans Service Office
3	03/01/2020	?	Alomere Health	The personal and medical information of 49,351 patients is exposed following a security incident involving two employees' email accounts.	Account Hijacking	Q Human health and social work activities	CC	US	Alomere Health
4	03/01/2020	?	Contra Costa County Library System	The Contra Costa County Library System is hit by ransomware	Malware	O Public administration and defence, compulsory social security	CC	US	The Contra Costa County Library System, ransomware
5	03/01/2020	?	Native American Rehabilitation Association	Native American Rehabilitation Association announces that it experienced an Emotet attack on November 4-5, 2019.	Malware	Q Human health and social work activities	CC	US	Native American Rehabilitation Association, Emotet
6	04/01/2020	?	Austria's foreign ministry	Austria's foreign ministry is targeted by a cyber-attack that is suspected to have been conducted by a foreign country.	Targeted attack	O Public administration and defence, compulsory social security	CE	AT	Austria
7	04/01/2020	Iran cyber security group hackers	U.S. Federal Depository Library Program	The homepage for the U.S. Federal Depository Library Program is briefly altered to show a pro-Iranian message and an image of bloodied Donald Trump being punched in the face.	Defacement	O Public administration and defence, compulsory social security	CW	US	FDLP, U.S. Federal Depository Library Program, Iran, Iran cyber security group hackers
8	04/01/2020	Shield Iran	Sierra Leone Commercial Bank (slcb.com)	For the same reason, a group of Iranian hackers dubbed "Shield Iran" defaces the Sierra Leone Commercial Bank	Defacement	K Financial and insurance activities	CW	SL	Shield Iran, Sierra Leone Commercial Bank, slcb.com
9	04/01/2020	?	Multiple targets	Researchers from Fortinet report that a ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme.	Malware	Y Multiple Industries	CC	>1	Fortinet, ransomware, DeathRansom
10	04/01/2020	?	Saskatchewan’s eHealth	Hackers make through the first level of security for Saskatchewan’s eHealth records system, locking the government out of some systems and asking for a ransom.	Unknown	Q Human health and social work activities	CC	US	Saskatchewan’s eHealth
11	06/01/2020	Iranian Hacker	Texas Department of Agriculture	The Texas Department of Agriculture is hit with a cyberattack that defaces its website with an image of Gen. Qassem Soleimani, the top Iranian commander who was killed in a U.S. strike the previous week.	Defacement	O Public administration and defence, compulsory social security	CW	US	Texas Department of Agriculture, Qassem Soleimani, Iranian Hacker
12	06/01/2020	SideWinder APT Group	Military entities	Researchers from Trend Micro discover the first example of a malicious app in the Google Play Market, exploiting the recently patched CVE-2019-2215 zero-day vulnerability.	Targeted attack	O Public administration and defence, compulsory social security	CE	>1	Trend Micro, Google Play Market, CVE-2019-2215
13	06/01/2020	?	Canyon	Canyon announces it was struck by a "massive cyber attack" over the Christmas break by a "professionally organized group".	Unknown	C Manufacturing	CC	DE	Canyon
14	06/01/2020	?	Focus Camera	Researchers from Juniper Threat Labs reveal that the website of popular photography and imaging retailer Focus Camera got hacked late in December 2019 by MageCart attackers to inject malicious code that stole customer payment card details.	Malicious Script Injection	G Wholesale and retail trade	CC	US	Focus Camera, Magecart, Juniper Threat Labs
15	06/01/2020	?	Single Individuals	Researchers from Fortinet discover a new campaign of the "Predator the Thief" malware.	Malware	X Individual	CC	>1	Fortinet, Predator the Thief
16	06/01/2020	?	Multiple targets	UK Security Researcher Kevin Beaumont warns that the attackers behind REvil ransomware (AKA Sodinokibi) are now targeting unpatched Pulse Secure VPN servers	Vulnerability	Y Multiple Industries	CC	>1	Kevin Beaumont, Revil, Sodinokibi, Pulse Secure, CVE-2019-11510
17	06/01/2020	?	Pittsburg Unified School District	Students in the Pittsburg Unified School District of Pennsylvania are left without internet access as the result of a ransomware attack.	Malware	P Education	CC	US	Pittsburg Unified School District
18	06/01/2020	?	Hamden Schools	Public schools in Hamden are taken down by a malware attack.	Malware	P Education	CC	US	Hamden Schools
19	06/01/2020	?	Wallace State Community College	The Wallace State Community College is hit by a cyber attack.	Malware	P Education	CC	US	Wallace State Community College
20	07/01/2020	?	City of Las Vegas	The City of Las Vegas is hit by a cyber attack via a malicious email.	Targeted attack	O Public administration and defence, compulsory social security	N/A	US	City of Las Vegas
21	07/01/2020	?	Unpatched routers (D-Link, Netgear, and Linksys)	Researchers from BitDefender reveal the details of LiquorBot, a cryptomining botnet attacking unpatched routers since at least May 2019	Vulnerability	Y Multiple Industries	CC	>1	BitDefender, LiquorBot, CVE-2015-2051, CVE-2016-1555, CVE-2016-6277, Crypto
22	07/01/2020	?	Single Individuals	A new phishing campaign tries to take advantage of the Iran cyber attack scare.	Account Hijacking	X Individual	CC	>1	Iran
23	07/01/2020	Master X	Multiple targets	Researchers from AppRiver reveal that a hacker with the handle “Master X” is leveraging a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” to deliver either the Lokibot info stealer or Azorult remote access trojan.	Malware	Y Multiple Industries	CC	>1	AppRiver, Master X, Drake, Lokibot, Azorult
24	07/01/2020	?	Enloe Medical Center	Enloe Medical Center is hit by a ransomware attack that causes the hospital to reschedule some elective procedures.	Malware	Q Human health and social work activities	CC	US	Enloe Medical Center, ransomware
25	07/01/2020	?	City of Bend	The City of Bend is the latest victim of the Click2Gov breach.	Malicious Script Injection	O Public administration and defence, compulsory social security	CC	US	City of Bend
26	08/01/2020	?	US financial entity	The FBI says that unidentified threat actors have used the CVE-2019-11510 Pulse Secure VPN flaw "to exploit a notable US financial entity’s research network since August 2019.	Vulnerability	K Financial and insurance activities	CC	US	FBI, CVE-2019-11510, Pulse Secure VPN
27	08/01/2020	?	US municipal government	The FBI says that also a US municipal government was breached via the CVE-2019-11510 Pulse Secure VPN flaw.	Vulnerability	O Public administration and defence, compulsory social security	CC	US	FBI, CVE-2019-11510, Pulse Secure VPN
28	08/01/2020	?	Well-known personalities in Korea	A recent report from South Korean media claims that Samsung Galaxy smartphones of many well-known personalities in Korea were hacked. According to the report, the hacker extorts cash from its victims. If the victim fails to pay the ransom, the hacker threatens to disclose all data.	Account Hijacking	X Individual	CC	KR	Samsung, South Korea
29	08/01/2020	?	Multiple targets	Security researchers observe ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781.	Vulnerability	Y Multiple Industries	CC	>1	Citrix, NetScaler ADC, Citrix Gateway, CVE-2019-19781
30	08/01/2020	?	Multiple targets	A new ransomware called Snake emerges in the threat landscape.	Malware	Y Multiple Industries	CC	>1	Snake, Ransomware
31	08/01/2020	Lazarus Group	Cryptocurrency businesses	Researchers from Kaspersky reveal the details of a new wave of attacks linked to Operation AppleJeus, and targeting cryptocurrency business in multiple countries including UK, Poland, Russia and China.	Targeted attack	V Fintech	CC	>1	Kaspersky, Operation AppleJeus, Lazarus Group
32	08/01/2020	?	Firefox users	Mozilla warns Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users. The vulnerability is indexed as CVE-2019-17026.	Targeted attack	X Individual	CC	>1	Mozilla, Firefox
33	09/01/2020	Iranian state-sponsored hackers	Bapco	Multiple sources reveal that Iranian state-sponsored hackers have deployed Dustman, a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company. The attack occurred on December 29, 2019.	Malware	D Electricity gas steam and air conditioning supply	CW	BH	Dustman, Bapco, Iran
34	09/01/2020	?	Albany International Airport	Albany International Airport's staff announces that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.	Malware	H Transportation and storage	CC	US	Albany International Airport, Ransomware, Sodinokibi
35	09/01/2020	Magnallium AKA APT33, Refined Kitten, or Elfin	American Electric Utilities	Researchers from Dragos reveal that a state-sponsored group affiliated to Iran called Magnallium has been probing American electric utilities for the past year.	Password-spraying	D Electricity gas steam and air conditioning supply	CW	US	Dragos, Iran, Magnallium, APT33, Refined Kitten, Elfin
36	09/01/2020	Xenotyme, Dymalloy, Electrum	American Electric Utilities	The same report details the activities of three additional groups targeting the American Electric Utilities.	Targeted attack	D Electricity gas steam and air conditioning supply	CW	US	Xenotyme, Dymalloy, Electrum, Dragos
37	09/01/2020	?	Android users	Google reveals to have removed roughly 1,700 applications infected with the Joker Android malware (also known as Bread) since the company started tracking it in early 2017.	Malware	X Individual	CC	>1	Android, Bread, Joker, Google
38	09/01/2020	?	Multiple targets	A new ransomware dubbed Ako emerges in the threat landscape.	Malware	Y Multiple Industries	CC	>1	Ako, Ransomware
39	09/01/2020	?	Multiple targets	Researchers at Sentinel One reveal that the Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets.	Malware	Y Multiple Industries	CC	>1	Sentinel One, TrickBot, PowerTrick
40	09/01/2020	?	City of Dunwoody	The City of Dunwoody reveals to have been hit by a cyber attack during the Christmas Eve.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Dunwoody
41	09/01/2020	?	btyDental	btyDental notifies patients after suffering a ransomware attack discovered on November 2019.	Malware	Q Human health and social work activities	CC	US	btyDental, ransomware
42	09/01/2020	?	Bartlett Public Library District	The Bartlett Public Library District’s computer systems recovers from a ransomware attack occurred on Saturday, November 30.	Malware	O Public administration and defence, compulsory social security	CC	US	Bartlett Public Library District, ransomware
43	09/01/2020	?	City of Dawson Creek	The City of Dawson Creek says its computer systems were hacked in an apparent ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	CA	Dawson Creek, Ransomware
44	10/01/2020	?	Manor Independent School District	Manor Independent School District announces that email scammers had fleeced the District out of $2.3 million.	Business Email Compromise	P Education	CC	US	Manor Independent School District
45	10/01/2020	?	European websites for Perricone MD	Researchers from RapidSpike reveal that multiple european websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Perricone MD, RapidSpike, Magecart
46	10/01/2020	?	Multiple targets in the US	The US Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit the CVE-2019-11510 remote code execution (RCE) vulnerability.	Vulnerability	Y Multiple Industries	CC	>1	US Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-11510, RCE
47	10/01/2020	?	Website collecting donations for the victims of the Australia bushfires	Researchers from Malwarebytes discover that attackers compromised a website collecting donations for the victims of the Australia bushfires and injected ATMZOW, a malicious script that steals the payment information of the donors.	Malicious Script Injection	Q Human health and social work activities	CC	AU	Magecart, Malwarebytes, ATMZOW
48	10/01/2020	?	Single Individuals	A malicious ad campaign is underway in Google Search results that leads users to fake Amazon support sites and tech support scams.	Search Engine Poisoning	X Individual	CC	>1	Google Search, Amazon
49	10/01/2020	?	High-profile Facebook pages	Facebook addresses a security issue that exposed page admin accounts, after the bug was exploited in attacks in the wild against several high-profile pages.	Vulnerability	X Individual	CC	>1	Facebook
50	10/01/2020	?	Android users	Researchers from Malwarebytes discover that the UMX U686CL, an Android phone subsidized by the US government for low-income users comes preinstalled with malware (Android/Trojan.HiddenAds.WRACT).	Malware	X Individual	CC	US	Malwarebytes, UMX U686CL, Android, Android/Trojan.HiddenAds.WRACT
51	10/01/2020	?	Boing Boing	The popular Boing Boing blog is hacked by an unknown party who plants malicious code into the site’s WordPress theme. Users visiting the site from desktop computers are redirected to a fake download page for an Adobe Flash update.	Account Hijacking	J Information and communication	CC	US	Boing Boing, Adobe Flash
52	10/01/2020	?	The Center for Facial Restoration	The Center for Facial Restoration reveals to have been victim of hack back in November 2019, with the attackers threatening to release the patients' data.	Unknown	Q Human health and social work activities	CC	US	The Center for Facial Restoration
53	10/01/2020	?	Los Angeles County	Los Angeles County confirms it was the target of a phishing attack last month, which staff detected and contained before it exposed any county resident data.	Account Hijacking	P Education	CC	US	Los Angeles County
54	11/01/2020	?	Android users	Researchers from Kaspersky reveal that an Android malware, dubbed Trojan-Dropper.AndroidOS.Shopper.a, camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more.	Malware	X Individual	CC	>1	Kaspersky, Android, Trojan-Dropper.AndroidOS.Shopper.a, Google Play Protect
55	13/01/2020	?	Multiple targets	Researchers from Cofense reveal that after almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.	Malicious Spam	X Individual	CC	>1	Cofense, Emotet
56	13/01/2020	?	UNIX Systems	The security team at npm takes down a malicious package, discovered by the Microsoft Vulnerability Research team and named 1337qq-js, caught stealing sensitive information from UNIX systems.	Malware	Y Multiple Industries	CC	>1	npm, Microsoft Vulnerability Research team, 1337qq-js,UNIX
57	13/01/2020	?	Android users	An Android banking Trojan dubbed Faketoken has recently been observed by security researchers from Kaspersky while draining its victims' accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world.	Malware	K Financial and insurance activities	CC	>1	Android, Faketoken, Kaspersky
58	13/01/2020	?	Account receivable specialists	Researchers from Agari discover a new group called Ancient Tortoise targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages.	Business Email Compromise	K Financial and insurance activities	CC	>1	Agari, Ancient Tortoise
59	13/01/2020	?	Company in the medical tech sector	Researchers from Guardicore reveal the details of an attack targeting a company in the medical tech sector via a malware hiding its modules in WAV audio files and spreading to vulnerable Windows 7 machines on the network via EternalBlue.	Malware	C Manufacturing	CC	N/A	Guardicore, WAV, EternalBlue, Crypto
60	14/01/2020	Fancy Bear AKA APT28	Burisma	Researchers from Area 1 reveal that Russian spies from GRU are suspected of trying to hack into Burisma, the Ukrainian gas company with whom Hunter Biden worked.	Targeted attack	D Electricity gas steam and air conditioning supply	CE	UA	Area 1, Burisma, GRU, Hunter Biden, Russia, APT28, Fancy Bear
61	14/01/2020	Omnichorus	LimeLeads	49 million user records extracted from a misconfigured Elasticsearch database by US data broker LimeLeads are put up for sale online.	Misconfiguration	M Professional scientific and technical activities	CC	US	Elasticsearch, LimeLeads, Omnichorus
62	14/01/2020	?	Single Individuals	The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new ransomware named 5ss5c.	Malware	X Individual	CC	>1	Satan, ransomware, 5ss5c
63	14/01/2020	?	Single Individuals	Researchers from Bitdefender discover 17 Google Play apps that, once installed, start hiding their presence on the user’s device and constantly display aggressive ads.	Malware	X Individual	CC	>1	Bitdefender, Google Play
64	14/01/2020	?	New Mexico Public Regulation Commission	The New Mexico Public Regulation Commission is "hacked by an outside source"	Unknown	O Public administration and defence, compulsory social security	CC	US	New Mexico Public Regulation Commission
65	15/01/2020	?	United Nations	The United Nations is hit by a cyberattack through the malware Emotet.	Malware	U Activities of extraterritorial organizations and bodies	CC	N/A	United Nations,Emotet
66	15/01/2020	?	P&N‌ Bank	P&N‌ Bank in Western Australia informs its customers that hackers may have accessed personal information stored on its systems following a cyber attack on December 12, during an upgrade at a third-party hosting company.	Unknown	K Financial and insurance activities	CC	AU	P&N‌ Bank
67	15/01/2020	?	PlanetDrugsDirect	Canadian online pharmacy PlanetDrugsDirect emails customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. 400,000 individuals are potentially compromised.	Unknown	Q Human health and social work activities	CC	CA	PlanetDrugsDirect
68	15/01/2020	?	Single Individuals	An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more.	Malware	X Individual	CC	>1	Oski
69	06/01/2020	?	Twitter account of former Australian cricket coach Darren Lehmann	The Twitter account of former Australian cricket coach Darren Lehmann is hacked by a Donald Trump supporter.	Account Hijacking	X Individual	H	AU	Twitter, Darren Lehmann, Donald Trump
70	08/01/2020	?	Kuwait State News Agency	Kuwait state news agency says its Twitter was hacked to spread misinformation about US withdrawal.	Account Hijacking	J Information and communication	H	KW	Kuwait State News Agency
71	10/01/2020	?	PIH Health	PIH Health notifies almost 200,000 patients whose protected health information was in employee email accounts that were compromised.	Account Hijacking	Q Human health and social work activities	CC	US	PIH Health
72	10/01/2020	?	Panama-Buena Vista Union School	Panama-Buena Vista Union School District is hit with a ransomware attack.	Malware	P Education	CC	US	Panama-Buena Vista Union School, ransomware
73	10/01/2020	Anonymous Iran	City of Ozark	Hackers from Anonymous Iran claim to have defaced the website of city of Ozark.	Defacement	O Public administration and defence, compulsory social security	H	US	Anonymous Iran, City of Ozark
74	13/01/2020	?	St. Louis Community College	More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing scam.	Account Hijacking	P Education	CC	US	St. Louis Community College
75	15/01/2020	?	Town of Colonie	The Albany County town of Colonie is hit by a cyber-attack that takes the town's computer system and email offline.	Unknown	O Public administration and defence, compulsory social security	CC	US	Town of Colonie
76	16/01/2020	?	Vulnerable Citrix Systems	Researchers from FireEye discover a malicious actor deploying a previously-unseen payload called NOTROBIN on vulnerable Citrix Systems. The actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts, establishing a backdoor for subsequent campaigns.	Vulnerability	Y Multiple Industries	CC	>1	FireEye, NOTROBIN, Citrix, CVE-2019-19781
77	16/01/2020	TA542	Pharmaceutical companies in the US, Canada and Mexico	Researchers from Proofpoint discover a new Emotet campaign targeting pharmaceutical companies in the US, Canada and Mexico	Malware	M Professional scientific and technical activities	CC	US CA MX	Proofpoint, Emotet
78	16/01/2020	?	Targets in Middle East	Researchers from Cisco Talos discover a new campaign selectively attacking targets in Middle East via a Remote Access Trojan (RAT), dubbed JhoneRAT, and abusing cloud services.	Targeted attack	Y Multiple Industries	CE	>1	Cisco Talos, RAT, JhoneRAT
79	16/01/2020	?	Multiple targets	Researchers from Zscaler discover a new version of the FTCODE ransomware with password-stealing capabilities.	Malware	Y Multiple Industries	CC	>1	Zscaler, FTCODE, ransomware
80	16/01/2020	?	Rudolf and Stephanie Hospital in Benešov	The Rudolf and Stephanie Hospital in Benešov is hit with a Ryuk ransomware attack.	Malware	Q Human health and social work activities	CC	CZ	The Rudolf and Stephanie Hospital, Benešov, Ryuk, Ransomware
81	16/01/2020	?	Georgia election server (Center for Election Systems at Kennesaw State University)	Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock.	Vulnerability	O Public administration and defence, compulsory social security	CC	US	Georgia, Shellshock, Center for Election Systems at Kennesaw State University
82	16/01/2020	?	US Government and Military	A new research from Cisco Talos discover a new Emotet campaign affecting the United States of America's government and military.	Malware	O Public administration and defence, compulsory social security	CC	US	Talos, Emotet
83	16/01/2020	?	City of Detroit	The City of Detroit officials warn data breach exposed city workers and residents after several email accounts were compromised.	Account Hijacking	O Public administration and defence, compulsory social security	CC	US	City of Detroit
84	17/01/2020	?	Multiple targets	Microsoft publishes a security advisory containing mitigation measures for CVE-2020-0674, an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.	Targeted attack	Y Multiple Industries	N/A	>1	Microsoft, CVE-2020-0674
85	17/01/2020	Phoenix’s Helmets (Anka Neferler Tim)	Several Greek government websites	Several Greek government websites are taken down by Turkish hackers. Targets include the Greek Parliament, the Foreign Affairs Ministry, the Athens Stock Exchange, the National Intelligence Service (EYP) and the Finance Ministry.	DDoS	O Public administration and defence, compulsory social security	H	GR	Phoenix’s Helmets, Anka Neferler Tim
86	17/01/2020	?	ADP Users	In proximity of the tax season, cybercriminals launch a phishing campaign targeting some ADP users.	Account Hijacking	X Individual	CC	US	ADP
87	17/01/2020	?	Sunset Cardiology	Sunset Cardiology is hit with a Maze ransomware attack.	Malware	Q Human health and social work activities	CC	US	Sunset Cardiology, Maze, ransomware
88	18/01/2020	?	Temple Har Shalom Synagogue	The Temple Har Shalom Synagogue is hit with a Sodinokibi Ransomware attack.	Malware	U Activities of extraterritorial organizations and bodies	CC	US	Temple Har Shalom Synagogue, Sodinokibi, Ransomware
89	18/01/2020	Anonymous Greece	Top Channel 24 TV	Anonymous Greece responds to the ongoing attacks of Turkish hackers by attacking the Turkish channel Top Channel 24 TV.	DDoS	J Information and communication	H	TR	Anonymous Greece, Top Channel 24 TV
90	18/01/2020	?	New Orleans Ernest N. Morial Convention Center	The New Orleans Ernest N. Morial Convention Center is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	New Orleans, Ernest N. Morial Convention Center, ransomware
91	18/01/2020	?	Adventist Health	Adventist Health notifies 2,653 patients after suffering a phishing incident.	Account Hijacking	Q Human health and social work activities	CC	US	Adventist Health
92	19/01/2020	?	Single Individuals	A new sextortion scam leverages the insecurity of connected devices to trick the victims.	Malicious Spam	X Individual	CC	>1	Sextortion
93	19/01/2020	?	Multiple targets	A hacker publishes a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.	Misconfiguration	Y Multiple Industries	CC	>1	Telnet, IoT
94	19/01/2020	?	Kamaru Usman Twitter account	UFC champion Kamaru Usman says his Twitter account was hacked, after series of explicit tweets against Conor McGregor	Account Hijacking	X Individual	CC	US	UFC, Kamaru Usman, Twitter, Conor McGregor
95	19/01/2020	?	Oman United Insurance	Oman United Insurance, one among the largest insurers in the country discloses a “ransomware attack” on the company’s data centre early this month.	Malware	K Financial and insurance activities	CC	OM	Oman United Insurance, ransomware
96	20/01/2020	Tick (China)	Mitsubishi Electric	Mitsubishi Electric discloses a security breach that might have caused the leak of personal and confidential corporate information. The breach was detected on June 28, 2019.	Targeted attack	C Manufacturing	CE	JP	Mitsubishi Electric, Tick
97	20/01/2020	?	Hanna Andersson	US children's apparel maker and online retailer Hanna Andersson discloses that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months.	Malicious Script Injection	G Wholesale and retail trade	CC	US	Hanna Andersson, Magecart
98	21/01/2020	Saudi Arabia	Jeff Bezos	An investigation reveals that Jeff Bezos' phone exfiltrated a massive amounts of personal information after receiving a WhatsApp-attached video file sent by the future king of Saudi Arabia, Prince Mohammed bin Salman on May 1, 2018.	Targeted attack	X Individual	CE	US	Jeff Bezos, WhatsApp, Prince Mohammed bin Salman
99	21/01/2020	?	Volusia County Public Library (VCPL	600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9	Unknown	O Public administration and defence, compulsory social security	CC	US	Volusia County Public Library, VCPL
100	21/01/2020	?	Vulnerable Wordpress sites	Researchers from Sucuri reveal that over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites. The campaign was possible because of two vulnerable plugins ("CP Contact Form with PayPal" and "Simple Fields").	Vulnerability	Y Multiple Industries	CC	>1	Sucuri, Wordpress, "CP Contact Form with PayPal", "Simple Fields"
101	21/01/2020	?	100 UPS Store Locations	Sensitive personal and financial information of UPS Store customers is exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020.	Account Hijacking	G Wholesale and retail trade	CC	US	UPS Store
102	21/01/2020	Threat Actors from Iran	Multiple targets in the US	The FBI Cyber Division issues a flash security alert related to the recent defacement attacks operated by Iranian threat actors.	Defacement	Y Multiple Industries	CW	US	FBI, Iran
103	21/01/2020	?	Single Individuals	Researchers from Malwarebytes reveal the details of a large high-profile malvertising campaign distributing browser lockers.	Malvertising	X Individual	CC	>1	Malwarebytes
104	21/01/2020	?	Citibank customers	Researchers discover q new Citibank phishing scam that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily trick their victims.	Account Hijacking	K Financial and insurance activities	CC	US	Citibank
105	21/01/2020	?	Multiple targets	Researchers from Microsoft discover a new version of the sLoad malware downloader, dubbed Starslord.	Malware	Y Multiple Industries	CC	>1	Microsoft, sLoad, Starslord
106	21/01/2020	?	PayPal customers	Researchers from ZeroFOX discover a new version of the 16Shop phishing campaign targeting PayPal customers.	Account Hijacking	G Wholesale and retail trade	CC	>1	ZeroFOX, 16Shop, PayPal
107	21/01/2020	?	Vulnerable internet routers running the Tomato firmware	Researchers from Palo Alto Networks reveal that internet routers running the Tomato alternative firmware are under active attack by the Muhstik botnet, searching for devices using default credentials.	Misconfiguration	Y Multiple Industries	CC	>1	Palo alto Networks, Muhstik, Tomato
108	21/01/2020	?	Multiple targets	Researchers from Cisco Talos discover a new large-scale cryptomining campaign, dubbed Vivin, acting since more than two years.	Malware	Y Multiple Industries	CC	>1	Cisco Talos, Vivin, Crypto
109	22/01/2020	?	Tillamook County	Tillamook County is hit by a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Tillamook County, ransomware
110	22/01/2020	?	Greenville Water	Greenville Water is hit by a cyber attack.	Unknown	E Water supply, sewerage waste management, and remediation activities	CC	US	Greenville Water
111	22/01/2020	?	FedEx customers	FedEx warns of a new text message phishing scam that at first glance looks to be about a FedEx package delivery.	Account Hijacking	X Individual	CC	US	FedEx
112	22/01/2020	?	Android users	Researchers from Dr.Web discover a new campaign targeting Android users via the Android.Xiny mobile trojan.	Malware	X Individual	CC	>1	Dr.Web, Android, Android.Xiny
113	23/01/2020	?	Gedia Automotive Group	Parts manufacturer Gedia Automotive Group shuts down its network after being hit with a Sodinokibi ransomware attack.	Malware	C Manufacturing	CC	DE	Gedia Automotive Group, ransomware, Sodinokibi
114	23/01/2020	?	Sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics	The sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics (olympictickets2020[.]com), are the victims of a magecart attack.	Malicious Script Injection	R Arts entertainment and recreation	CC	N/A	Magecart, Euro Cup, Tokyo Summer Olympics, olympictickets2020[.]com
115	23/01/2020	APT33?	European energy sector organization	Researchers from Recorded Future discover a cyber espionage campaign with suspected ties to Iran, targeting the European energy sector in a reconnaissance campaign via the PupyRAT software.	Targeted attack	D Electricity gas steam and air conditioning supply	CE	EU	APT33, PupyRAT, Recorded Future
116	23/01/2020	?	Bitcoin Gold	Bitcoin Gold experiences a 51% attack. A total amount of over $70,000 is double-spent	51% Attack	V Fintech	CC	N/A	Bitcoin Gold
117	23/01/2020	?	Ben Gurion International Airport	As Israel hosted dozens of world leaders last week for the World Holocaust Forum, the country’s cyber defense system fended off hundreds of cyberattacks targeting the country’s international airport and the planes of the world leaders.	>1	H Transportation and storage	>1	IL	Ben Gurion International Airport
118	24/01/2020	?	City of Potsdam	The City of Potsdam severs the administration servers' Internet connection following a ransomware attack carried out exploiting the CVE-2019-1978 vulnerability.	Malware	O Public administration and defence, compulsory social security	CC	DE	City of Potsdam, ransomware, CVE-2019-1978
119	24/01/2020	Konni Group	U.S. government agency	Researchers at Palo Alto Networks' Unit 42 discover a new campaign dubbed "Fractured Statue", carried out via a malware called CARROTBALL, used in targeted attacks, against a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.	Targeted attack	O Public administration and defence, compulsory social security	CE	US	Palo Alto Networks, Unit 42, CARROTBALL, North Korea, Konni Group, Fractured Statue
120	24/01/2020	?	Targets in the government, military, and financial sector	A new version of the Ryuk Stealer malware is discovered. This version allows to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.	Malware	Y Multiple Industries	CC	>1	Ryuk, ransomware
121	24/01/2020	Turkish hackers	Several Government websites in Greece	A new DDoS attack hits the official state websites of the Greek prime minister, the national police and fire service and other ministries.	DDoS	O Public administration and defence, compulsory social security	H	GR	Turkey, Greece
122	24/01/2020	?	Tampa Bay Times	The Tampa Bay Times suffers a Ryuk ransomware attack.	Malware	J Information and communication	CC	US	Tampa Bay Times, Malware
123	26/01/2020	?	Bird Construction	Bird Construction acknowledges to have been recently hit with a Maze ransomware attack.	Malware	M Professional scientific and technical activities	CC	CA	Bird Construction, Maze, ransomware
124	26/01/2020	?	SuperCasino	The online gambling platform SuperCasino experiences a data breach that exposes sensitive information belonging to its customers.	Unknown	R Arts entertainment and recreation	CC	MT	SuperCasino
125	27/01/2020	State-sponsored Turkish hackers	At least 30 organizations	Turkish hackers allegedly acting in the interest of the Turkish government are believed to have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups	DNS hijacking	Y Multiple Industries	CE	>1	Turkey
126	27/01/2020	OurMine	Twitter accounts of over a dozen popular American football teams, the NFL, the UFC, and ESPN.	The OurMine collective hacks hijacks the Twitter accounts of over a dozen popular American football teams, including the San Francisco 49ers and Kansas City Chiefs, who competed in the Super Bowl Final, the NFL, the UFC, and ESPN.	Account Hijacking	R Arts entertainment and recreation	CC	US	OurMine, Twitter, San Francisco 49ers, Kansas City Chiefs, Super Bowl, NFL, UFC, ESPN
127	27/01/2020	Aggah	Some Italian companies operating in the Retail sector	Researchers from Yoroi-Cybaze ZLab discover a new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign.	Targeted attack	G Wholesale and retail trade	CC	IT	Aggah, Yoroi-Cybaze Zlab
128	27/01/2020	?	Royal Yachting Association	The Royal Yachting Association (RYA) forces a password reset for all online users after warning that some that their data may have been compromised by a third party.	Unknown	S Other service activities	CC	US	Royal Yachting Association
129	28/01/2020	?	Vulnerable Citrix ADC servers	A new ransomware called Ragnarok is detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.	Malware	Y Multiple Industries	CC	>1	Ragnarok, Citrix, CVE-2019-19781, Ransomware
130	28/01/2020	?	Red Kite Community Housing	Red Kite Community Housing announces to have fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000.	Domain Spoofing	S Other service activities	CC	UK	Red Kite Community Housing
131	28/01/2020	?	Tissue Regenix Group PLC	Tissue Regenix Group PLC says that its computer systems and a third-party IT service provider in the United States were accessed without authorization.	Unknown	C Manufacturing	CC	US	Tissue Regenix Group PLC
132	28/01/2020	?	Personal Touch Home Care of Greater Portsmouth.	Personal Touch Home Care of Greater Portsmouth notifies a Maze ransomware attack occurred on December 1, 2019.	Malware	S Other service activities	CC	US	Personal Touch Home Care of Greater Portsmouth, Maze, Ransomware
133	29/01/2020	?	United Nations	A leaked report reveals that the European network of the United Nations were compromised during the Summer of 2019	Targeted attack	U Activities of extraterritorial organizations and bodies	CE	N/A	United Nations
134	29/01/2020	?	Electronic Warfare Associates (EWA)	Electronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government contractor, is hit with the Ryuk ransomware.	Malware	C Manufacturing	CC	US	Electronic Warfare Associates, EWA, Ryuk, ransomware
135	29/01/2020	?	Users in Japan	A new campaign is discovered distributing the Emotet malware in Japan, and leveraging the scare of Coronavirus.	Malicious Spam	X Individual	CC	JP	Emotet, Coronavirus
136	29/01/2020	?	Multiple targets	The attackers behind the Maze ransomware publish a list of 25 victims with small data sets leaked as a proof of the hack.	Malware	Y Multiple Industries	CC	>1	Maze
137	29/01/2020	?	LiveRamp	Facebook reveals that back in October, hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company's Business Manager account -- allowing them to run ads using other people's money.	Account Hijacking	M Professional scientific and technical activities	CC	US	Facebook, LiveRamp
138	30/01/2020		NEC	NEC confirms to have been hit with a cyberattack since 2018 that resulted in unauthorized access to its internal network and the exposure of 28,000 files.	Targeted attack	C Manufacturing	CE	JP	NEC
139	30/01/2020	APT34 AKA Oilrig (Iran government-backed)	US Government workers	Researchers from Intezer Lab reveal the details of a spear-phishing campaign, mimicking Westat surveys, a well-known US government contractor that has managed and administered surveys to more than 80 federal agencies, since at least 16 years.	Targeted attack	O Public administration and defence, compulsory social security	CE	US	APT34, Oilrig, Iran, Intezer Lab, Westat
140	30/01/2020	TA505	Multiple targets	Researchers from Microsoft and Prevailion reveal a new campaign by TA505, weaponizing Excel documents.	Targeted attack	Y Multiple Industries	CC	>1	Microsoft, Prevailion, TA 505, Excel
141	30/01/2020	?	Undisclosed Canadian Insurance company	A Canadian insurance company paid nearly $1 million USD (about $1.3 million CAD) following a ransomware attack.	Malware	K Financial and insurance activities	CC	CA	Ransomware
142	30/01/2020	?	Users in the US	Multiple Coronavirus Phishing Campaigns are discovered, actively targeting US users.	Account Hijacking	X Individual	CC	US	Coronavirus
143	30/01/2020	?	Single Individuals	Researchers discover a new phishing campaign distributing malware, pretending to be from the Spamhaus Project.	Malicious Spam	X Individual	CC	>1	Spamhaus
144	30/01/2020	?	Rijksmuseum Twenthe	Hackers posing as a veteran London art dealer trick Rijksmuseum Twenthe, a Dutch museum, buying a John Constable painting into paying 2.4 million pounds ($3.1 million) to a fraudulent bank account.	Business Email Compromise	S Other service activities	CC	NL	Rijksmuseum Twenthe, John Constable
145	30/01/2020	?	UK Taxpayers	Cybersecurity company Mimecast discover an uptick in scams using the promise of tax refunds as a way to entice the victims into giving up private information including their name, address, phone number and card details.	Account Hijacking	X Individual	CC	UK	Mimecast, HMRC
146	30/01/2020	?	Multiple targets	Researchers from Lastline discover a large-scale spam campaign spreading info-stealing malware (Agent Tesla and LokiBot) and using advanced obfuscation techniques.	Malicious Spam	Y Multiple Industries	CC	>1	Lastline, Agent Tesla, LokiBot
147	31/01/2020	?	Bouygues Construction	French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware.	Malware	M Professional scientific and technical activities	CC	FR	Bouygues Construction, Maze, Ransomware
148	31/01/2020	?	Hong Kong Universities	Researchers from ESET discover a new campaign of the Winnti group targeting some Hong Kong universities via the ShadowPad backdoor.	Targeted attack	P Education	CE	HK	ESET, Winnti. Hong Kong, ShadowPad
149	31/01/2020	?	TVEyes	TVEyes, a broadcast television search engine used by political campaigns to monitor opponents and track ads, is hit with a ransomware attack.	Malware	J Information and communication	CC	US	TVEyes, ransomware
150	31/01/2020	?	Single Individuals	A new extortion campaign leverages the Ashley Madison breach	Malicious Spam	X Individual	CC	>1	Ashley Madison
151	31/01/2020	?	City of Racine	The city of Racine is hit with a ransomware attack that knocks most of its non-emergency computer services offline.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Racine, malware
152	28/01/2020	?	Laurentian Bank	Police investigate after thieves hack three banking machines in the greater Montreal area, making off with an estimated $55,000.	Unknown	K Financial and insurance activities	CC	CA	Laurentian Bank
153	30/01/2020	?	Grundy County Courthouse	The Grundy County Courthouse experiences a "cybersecurity breach".	Unknown	O Public administration and defence, compulsory social security	CC	US	Grundy County Courthouse
154	30/01/2020	?	Mountain View Los Altos High School (MVLA)	Mountain View Los Altos High School is hit with a cyber attack.	Unknown	P Education	CC	US	Mountain View Los Altos High School, MVLA
155	31/01/2020	?	US Department of Defense (DOD)	A security researcher discovers a cryptocurrency-mining botnet inside a web server operated by the US Department of Defense (DOD).	Vulnerability	O Public administration and defence, compulsory social security	CC	US	US Department of Defense, DOD
156	31/01/2020	?	Dundee and Angus College	Dundee and Angus College is apparently hit with a ransomware attack.	Malware	P Education	CC	UK	Dundee and Angus College, Ransomware
157	31/01/2020	?	Everton Fan Services Twitter account	The Everton Fan Services Twitter account is allegedly hacked.	Account Hijacking	R Arts entertainment and recreation	CC	UK	Everton Fan Services, Twitter
158	31/01/2020	?	Fondren Orthopedic Group	Fondren Orthopedic Group notifies patients after a malware incident occurred on November 21, 2019, destroyed patient records.	Malware	Q Human health and social work activities	CC	US	Fondren Orthopedic Group, ransomware
159	31/01/2020	?	Belvidere City Hall	Belvidere City Hall is the victim of a cyber attack.	Unknown	O Public administration and defence, compulsory social security	CC	US	Belvidere City Hall
160	01/02/2020	?	More than 2,300 Nortek Security & Control (NSC) Linear eMerge E3 building access systems	Researchers from SonicWall reveal that attackers have already compromised more than 2,300 Linear eMerge E3 building access systems exploiting CVE-2019-7256.	Vulnerability	Y Multiple Industries	CC	>1	Nortek Security & Control, NSC, Linear eMerge E3
161	01/02/2020	?	Five U.S. Law Firms	Five U.S. law firms are among the companies and organizations targeted by a new round of ransomware attacks.	Malware	M Professional scientific and technical activities	CC	US	Ransomware
162	01/02/2020	?	Confederation College	Confederation College suffers a malware attack.	Malware	P Education	CC	US	Confederation College
163	03/02/2020	?	Toll Group	Toll Group announces that to have experienced a "cybersecurity incident", and shuts down a number of IT systems at multiple sites across Australia in a bid to resolve the issue. The attack is allegedly caused by the Kokoklock (or Mailto) ransomware.	Malware	M Professional scientific and technical activities	CC	AU	Toll Group, ransomware, Kokoklock, Mailto
164	03/02/2020	?	Multiple targets	Researchers from Dragos reveal the details of EKANS, a new malware strain able to encrypt data and stop applications used in industrial control systems.	Malware	Y Multiple Industries	CC	>1	Dragos, EKANS
165	03/02/2020	?	Government targets in Middle East	Researchers from Palo Alto Networks discover a new wave of campaigns exploiting CVE-2019-0604 against Middle East government targets.	Targeted attack	O Public administration and defence, compulsory social security	CE	>1	Palo Alto Networks
166	03/02/2020	?	Credit Union National Association (CUNA)	Systems of the Credit Union National Association are knocked offline following a “cyber incident.”	Malware	K Financial and insurance activities	CC	US	Credit Union National Association, CUNA, ransomware
167	03/02/2020	?	Twitter users	Twitter discloses a security incident during which third-parties exploited the company's official API to match phone numbers with Twitter usernames.	API Exploit	X Individual	CC	>1	Twitter
168	03/02/2020	?	Multiple targets	Security researchers discover a new wave of domains injected with Magecart skimmers hosted on opendoorcdn[.]com.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	opendoorcdn[.]com, Magecart
169	03/02/2020	?	Business account holders of the larger banks in Brazil	Researchers from IBM X-Force reveal the details of a new campaign of the Camubot malware targeting business account holders of the larger banks in Brazil.	Targeted attack	K Financial and insurance activities	CC	BR	IBM X-Force, Camubot
170	03/02/2020	?	Multiple targets	A new malicious spam campaign distributes the AZORult trojan and uses three levels of encryption to avoid detection.	Malicious Spam	Y Multiple Industries	CC	>1	AZORult
171	04/02/2020	?	Undisclosed state-level voter registration and information site	The US Federal Bureau of Investigation (FBI) warns of a potential DDoS attack that targeted a state-level voter registration and information site.	DDoS	O Public administration and defence, compulsory social security	CC	US	FBI
172	04/02/2020	?	Single Individuals	The Emotet Trojan gets ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms.	Malicious Spam	X Individual	CC	>1	Emotet, W-9
173	04/02/2020	?	Customers of financial institutions in multiple countries.	Researchers from Fortinet discover a new Metamorfo variant targeting customers of financial institutions in multiple countries.	Malware	K Financial and insurance activities	CC	>1	Fortinet, Metamorfo
174	04/02/2020	?	Ukrainian ISP	Ukrainian police arrest a 16-year-old from the city of Odessa for attempting to extort a local ISP into sharing data on one of its subscribers.	DDoS	M Professional scientific and technical activities	CC	UA	Ukraine
175	04/02/2020	?	North Miami Beach Police Department	The North Miami Beach Police Department determines to have been impacted by ransomware.	Malware	O Public administration and defence, compulsory social security	CC	US	North Miami Beach Police Department
176	04/02/2020	?	Golden Entertainment	Golden Entertainment notifies customers, employees, and vendors of a phishing attack occurred between May and October 2019.	Account Hijacking	R Arts entertainment and recreation	CC	US	Golden Entertainment
177	04/02/2020	?	St. Louis Community College	More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing attack discovered on January 13.	Account Hijacking	P Education	CC	US	St. Louis Community College
178	04/02/2020	?	Eastern Virginia Medical School	Eastern Virginia Medical School discloses a phishing attack that could have exposed employees’ personal information, including bank accounts and Social Security numbers.	Account Hijacking	Q Human health and social work activities	CC	US	Eastern Virginia Medical School
179	05/02/2020	?	Credit card holders from India	Researchers from Group-IB discover a database containing over 460,000 payment card records uploaded to Joker's Stash, one of the most popular darknet cardshops.	Unknown	K Financial and insurance activities	CC	IN	Group-IB, Joker's Stash
180	05/02/2020	?	Single Individuals	Researchers from Cybereason discover an active campaign distributing an arsenal of malware that is able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world. The payloads observed in this campaign originated from different accounts in code repository platform Bitbucket, which was abused as part of the attackers delivery infrastructure.	Malware	X Individual	CC	>1	Cybereason, Bitbucket
181	05/02/2020	?	Altsbit	Altsbit announces to have been hit with a devastating hack. Criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) "coins" with a combined value of $27,000.	Unknown	V Fintech	CC	IT	Altsbit, Crypto
182	05/02/2020	Charming Kitten	Journalists, political and human rights activists	Researchers from Certfa Lab identify a new series of phishing attacks from Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services, targeting journalists, political and human rights activists.	Account Hijacking	X Individual	CE	>1	Charming Kitten
183	05/02/2020	?	Single Individuals	Another phishing campaign, claiming to be sent from the World Health Organization (WHO), leverages the fear of the Coronavirus.	Account Hijacking	X Individual	CC	>1	World Health Organization, WHO, Coronavirus
184	05/02/2020	APT40	Malaysian government officials	Malaysia's Computer Emergency Response Team (MyCERT) reveal the details of a campaign carried out by APT40, targeting local government officials using malicious documents exploiting CVE-2014-6352 and CVE-2017-0199.	Targeted attack	O Public administration and defence, compulsory social security	CE	MY	Malaysia's Computer Emergency Response Team, MyCERT, APT40, CVE-2014-6352, CVE-2017-0199
185	05/02/2020	?	Financial services organizations in the United States	Researchers from FireEye continue to observe multiple targeted phishing campaigns designed to download and deploy a backdoor tracked as MINEBRIDGE.	Targeted attack	K Financial and insurance activities	CE	US	FireEye, MINEBRIDGE
186	05/02/2020	Gamaredon	Ukrainian military and security institutions	Researchers from SentinelOne reveal an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December.	Targeted attack	O Public administration and defence, compulsory social security	CE	UA	Gamaredon, SentinelOne, SentinelLabs
187	05/02/2020	?	Mississippi Center for Legal Services and North Mississippi Rural Legal Services	Mississippi Center for Legal Services and North Mississippi Rural Legal Services warn to have been hit with a Ryuk ransomware attack on Christmas Eve.	Malware	K Financial and insurance activities	CC	US	Mississippi Center for Legal Services, North Mississippi Rural Legal Services, ransomware, Ryuk
188	05/02/2020	?	Educational Enrichment Systems	Educational Enrichment Systems discloses a phishing attack occurred between May and July 2019.	Account Hijacking	P Education	CC	US	Educational Enrichment Systems
189	05/02/2020	?	All About Potential Family Chiropractic	All About Potential Family Chiropractic is hit with a Maze ransomware attack.	Malware	Q Human health and social work activities	CC	US	All About Potential Family Chiropractic, Ransomware, Maze
190	06/02/2020	?	Android users	Researchers from Cofense discover a new phishing campaign targeting Android users, infecting their devices with the Anubis banking Trojan, embedded in more than 250 banking and shopping applications.	Malware	X Individual	CC	>1	Cofense, Android, Anubis
191	06/02/2020	?	Pasco Corporation	Japanese defense contractor Pasco Corporation (Pasco) discloses a security breach that happened in May 2018.	Targeted attack	C Manufacturing	CE	JP	Pasco Corporation
192	06/02/2020	?	Kobe Steel (Kobelco)	Japanese defense contractor Kobe Steel (Kobelco) discloses a security breach that happened in June 2015/August 2016.	Targeted attack	C Manufacturing	CE	JP	Kobe Steel, Kobelco
193	06/02/2020	?	Two undisclosed victims	Researchers from Sophos investigate two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers and install the RobbinHood ransomware. The signed driver is part of a deprecated software package published by Gigabyte, with a known vulnerability tracked as CVE-2018-19320.	Malware	Z Unknown	CE	N/A	Sophos, RobbinHood, ransomware, Gigabyte, CVE-2018-19320
194	06/02/2020	?	Single Individuals	Researchers from Kaspersky discover more than 20 phishing websites and 925 malicious files presented disguised as early released copy of the Oscar movies.	Malware	X Individual	CC	>1	Kaspersky, Oscar
195	06/02/2020	?	Banks and financial institutions in the US and the UK	Researchers from Menlo Security reveal the details of a new Emotet campaign targeting banks and financial institutions in the US and the UK.	Malware	K Financial and insurance activities	CC	US UK	Menlo Security, Emotet
196	06/02/2020	Gorgon Group	Multiple targets	Researchers from Prevailion reveal the details of a new campaign carried out by the Gorgon Group through spoofed login portals.	Account Hijacking	Y Multiple Industries	CC	>1	Gorgon Group, Prevailion
197	06/02/2020	?	Idaho Central Credit Union	Idaho Central Credit Union informs some customers of two data breaches that impacted the financial institution	Account Hijacking	K Financial and insurance activities	CC	US	Idaho Central Credit Union
198	06/02/2020	?	Single Individuals	Researchers from Dr.Web discover a campaign using the CNET website to spread malware through its software download section, via a download link of a popular video player, VSDC.	Malware	X Individual	CC	>1	CNET, VSDC, Dr.Web
199	07/02/2020	?	Multiple targets	Researchers from Binary Defense discover a new variant of Emotet spreading via Wi-Fi networks.	Malware	Y Multiple Industries	CC	>1	Binary Defense, Emotet
200	07/02/2020	OurMine	Facebook's Twitter and Instagram accounts	Hackers from the OurMine collective claim to have taken over Facebook's Twitter and Instagram accounts.	Account Hijacking	M Professional scientific and technical activities	CC	US	OurMine, Facebook, Twitter, Instagram
201	07/02/2020	?	Single Individuals	Security researchers from Kaspersky discover a phishing campaign that poses as an email from the United States’ CDC (Centers of Disease Control).	Account Hijacking	X Individual	CC	US	Kaspersky, Coronavirus, CDC, Centers of Disease Control
202	07/02/2020	?	Rockdale County	Some Rockdale County services are impacted after multiple county servers were are by a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Rockdale County
203	07/02/2020	LulzSec ITA	Universities of Basilicata, Napoli and Roma 3	The Italian hacktivist collective LulzSec ITA claims via Twitter to have hacked three Italian universities: Basilicata, Napoli and Roma 3.	SQL Injection	P Education	H	IT	LulzSec ITA, Basilicata, Napoli, Roma 3
204	07/02/2020	?	Allegheny Intermediate Unit school system	The Allegheny Intermediate Unit school system is hit with a ransomware attack.	Malware	P Education	CC	US	Allegheny Intermediate Unit school system, ransomware
205	07/02/2020	?	Shields Health Solutions	Shields Health Solutions notifies its patients after an the email account of an employee is hacked between October 22 and October 24 2019.	Account Hijacking	Q Human health and social work activities	CC	US	Shields Health Solutions
206	08/02/2020	?	Redcar and Cleveland Council	Redcar and Cleveland Council is hit with a ransomware cyber-attack.	Malware	O Public administration and defence, compulsory social security	CC	UK	Redcar and Cleveland Council, ransomware
207	08/02/2020	?	50 sites of three of the world’s largest manufacturers of IoT devices in the Middle East, North America, and Latin America	Researchers from TrapX discover a malware campaign targeting 50 sites of three of the world’s largest manufacturers of IoT devices to install a variant of the Lemon_Duck cryptominer.	Malware	C Manufacturing	CC	>1	TrapX, Lemon_Duck crypto
208	09/02/2020	?	Iran Internet infrastructure	Iran is allegedly hit with a powerful cyber attack able to take down the 25% if its Internet.	DDoS	J Information and communication	CW	IR	Iran
209	10/02/2020	Outlaw	Linux-based enterprise systems	Researchers from Trend Micro reveal a new campaign by the group known as Outlaw. This the time the group infiltrates Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin Monero (XMR).	Malware	Y Multiple Industries	CC	>1	Outlaw, Trend Micro, Crypto, Monero, XMR
210	10/02/2020	?	Havre Public Schools	Havre Public Schools are hit with a ransomware attack.	Malware	P Education	CC	US	Havre Public Schools, ransomware
211	10/02/2020	?	Wilson Elser Moskowitz Edelman & Dicker	The law firm Wilson Elser Moskowitz Edelman & Dicker is hit with a ransomware attack.	Malware	M Professional scientific and technical activities	CC	US	Wilson Elser Moskowitz Edelman & Dicker, ransomware
212	10/02/2020	?	US Supply chain software providers	The FBI has warns the US private sector about an ongoing hacking campaign that's targeting supply chain software providers with the Kwampirs malware.	Malware	Y Multiple Industries	CC	US	FBI, Kwampirs
213	10/02/2020	?	Managing Service Providers	A new ransomware called Ragnar Locker emerges, specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.	Malware	M Professional scientific and technical activities	CC	>1	Ragnar Locker, Ransomware
214	10/02/2020	?	Single Individuals	Researchers from Kaspersky spot a new malware called KBOT, a virus that spreads by injecting malicious code into Windows executable files, the first "living" virus in recent years spotted in the wild.	Malware	X Individual	CC	>1	KBOT, Kaspersky
215	10/02/2020	?	City of Garrison	The City of Garrison is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Garrison, Malware
216	10/02/2020	?	Vernon Schools	Vernon Schools shut down the internet after suffering a cyber attack.	Unknown	P Education	CC	US	Vernon Schools
217	10/02/2020	?	Industries susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic	Proofpoint researchers uncover new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping, and aim to distribute the AZORult trojan.	Malicious Spam	Y Multiple Industries	CC	>1	Coronavirus, AZORult
218	11/02/2020	?	Nacogdoches Independent School District	A ransomware attack affects some computers at Nacogdoches Independent School District.	Malware	P Education	CC	US	Nacogdoches Independent School District, ransomware
219	11/02/2020	?	College of Family Physicians of Canada	Doctors from the College of Family Physicians of Canada are the targets of a phishing campaign.	Account Hijacking	Q Human health and social work activities	CC	CA	College of Family Physicians of Canada
220	11/02/2020	?	Baker Wotring	The Baker Wotring law firm has its data exposed by the Maze gang, including fee agreements and diaries from personal injury cases.	Malware	M Professional scientific and technical activities	CC	US	Baker Wotring, Maze, ransomware
221	11/02/2020	?	Individuals in the U.S.	The U.S. Federal Trade Commission (FTC) warns about ongoing scam campaigns that make use of the current Coronavirus global scale health crisis to bait potential targets from the United States via phishing emails, text messages, and social media.	Account Hijacking	X Individual	CC	US	U.S. Federal Trade Commission, FTC, Coronavirus
222	11/02/2020	?	American Express and Chase Customers	A clever phishing campaign is underway that pretends to be fraud protection emails from American Express and Chase that ask you to confirm if the listed credit card transactions are legitimate.	Account Hijacking	K Financial and insurance activities	CC	US	American Express, Chase
223	11/02/2020	?	The Pediatric Physicians’ Organization at Children’s (PPOC)	The Pediatric Physicians’ Organization at Children’s (PPOC) is hit with a ransomware attack.	Malware	Q Human health and social work activities	CC	US	The Pediatric Physicians’ Organization at Children’s, (PPOC), ransomware
224	11/02/2020	?	Carson City	Carson City is the latest victim of the Click2Gov breach.	Malicious Script Injection	O Public administration and defence, compulsory social security	CC	US	Carson City, Click2Gov
225	11/02/2020	?	Altice USA Inc.	Altice USA Inc. exposes the Social Security numbers, birth dates and other personal information of all 12,000 current employees as well as some former employees and a small number of customers, after a phishing attack in November 2019.	Account Hijacking	J Information and communication	CC	US	Altice USA Inc.
226	12/02/2020	?	Puerto Rico’s government	Puerto Rico’s government loses more than $2.6 million after falling for a Business Email Compromise Scam. The incident occurred on January 17.	Business Email Compromise	O Public administration and defence, compulsory social security	CC	PR	Puerto Rico
227	12/02/2020	?	IOTA Foundation	IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, shuts down its entire network after hackers exploit a vulnerability in the IOTA wallet app to steal user funds.	Vulnerability	V Fintech	CC	DE	IOTA Foundation, Crypto
228	12/02/2020	?	Countries in South America and Central America, as well as the U.S.	Researchers from Cisco Talos discover a new campaign carried out through a new version of Loda, a remote access trojan written in AutoIT	Targeted attack	Y Multiple Industries	CE	>1	Cisco Talos, Loda
229	12/02/2020	?	Single Individuals	Researchers from Emisoft discover a new ransomware strain, dubbed Ransomwared, asking for explicit images are ransom.	Malware	X Individual	CC	>1	Emisoft, ransomware, Ransomwared,
230	12/02/2020	?	Central Kansas Orthopedic Group	Central Kansas Orthopedic Group notifies more than 17,000 patients to have suffered a ransomware attack on January 9, 2019.	Malware	Q Human health and social work activities	CC	US	Central Kansas Orthopedic Group, ransomware
231	12/02/2020	?	Palm Beach county's election office	it is reported that Palm Beach election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections.	Malware	O Public administration and defence, compulsory social security	CC	US	Florida, Ransomware
232	13/02/2020	?	Rutter's	Rutter's discloses that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information.	Malware	G Wholesale and retail trade	CC	US	Rutter's
233	13/02/2020	?	Nedbank	Nedbank discloses a security incident that impacts the personal details of 1.7 million users. The bank says the breach occurred at Computer Facilities (Pty) Ltd, a South African company the bank was using to send out marketing and promotional campaigns.	Vulnerability	K Financial and insurance activities	CC	ZA	Nedbank
234	13/02/2020	MoleRATs (aka The Gaza Cybergang)	Entities and individuals in the Palestinian territories	Researchers from Cybereason discover two simultaneous campaigns (Spark and Pierogi) targeting entities and individuals in the Palestinian territories.	Targeted attack	X Individual	CE	PS	MoleRATs (aka The Gaza Cybergang)
235	13/02/2020	?	Chrome users	Security researchers discover and take down a malicious campaign dating back to 2017, using up to 500 malicious Chrome extensions.	Malicious Browser Extension	X Individual	CC	>1	Chrome
236	13/02/2020	?	Multiple targets	A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system.	Malware	Y Multiple Industries	CC	>1	Parallax
237	13/02/2020	?	SIngle Individuals	Researchers from IBM X-Force discover a new Emotet-powered sextortion campaign.	Malicious Spam	X Individual	CC	>1	IBM X-Force, Emotet, Sextortion
238	13/02/2020	?	Relation Insurance	Relation Insurance discloses a phishing attack occurred on August 15, 2019.	Account Hijacking	K Financial and insurance activities	CC	US	Relation Insurance
239	14/02/2020	Hidden Cobra (AKA Lazarus Group)	Targets in the US	Multiple U.S. government agencies warn of a newly intensifying threat from North Korea.	Targeted attack	Y Multiple Industries	CE	US	Hidden Cobra, Lazarus Group
240	14/02/2020	?	Banks in the U.S. and Canada	Researchers from Lookout discover a phishing campaign focused on mobile banking used over 200 pages to impersonate legitimate websites for well-known banks in the U.S. and Canada.	Account Hijacking	K Financial and insurance activities	CC	US CA	Lookout, US, Canada
241	14/02/2020	?	27 companies	A targeted phishing attack using SLK attachments is underway against twenty-seven companies, with some of them being well-known brands, to gain access to their corporate networks.	Account Hijacking	Y Multiple Industries	CE	>1	Phishing
242	14/02/2020	?	Single Individuals	Researchers from Trend Micro discover a new LokiBot campaign attempting to infect users by impersonating the launcher for Epic Games.	Malware	X Individual	CC	>1	LokiBot, Trend Micro, Epic Games
243	14/02/2020	?	PSL Services	PSL Services notifies its clients of a phishing attack occurred on December 17, 2019.	Account Hijacking	M Professional scientific and technical activities	CC	US	PSL Services
244	14/02/2020	?	Charleston Lube Partners	Charleston Lube Partners reveals to have been hit by a PoS malware between February 14, 2019 and August 19, 2019.	Malware	I Accommodation and food service activities	CC	US	Charleston Lube Partners
245	15/02/2020	?	Port Lavaca	The Port Lavaca City Hall is hit with a Ryuk ransomware attack,	Malware	O Public administration and defence, compulsory social security	CC	US	Port Lavaca, Ryuk, ransomware
246	15/02/2020	OurMine	FC Barcelona Twitter Account	Hackers from the OurMine collective claim to have hijacked the Twitter account of FC Barcelona.	Account Hijacking	R Arts entertainment and recreation	CC	ES	OurMine, FC Barcelona, Twitter
247	15/02/2020	OurMine	The International Olympic Committee Twitter Account	The International Olympic Committee Twitter Account Twitter account is also hacked by OurMine	Account Hijacking	U Activities of extraterritorial organizations and bodies	CC	N/A	OurMine, International Olympic Committee, Twitter
248	15/02/2020	?	Interactive Medical Systems	Wake County notifies that 1,900 employees are affected by a phishing attack to Interactive Medical Systems, a former benefits administrator.	Account Hijacking	M Professional scientific and technical activities	CC	US	Wake County, Interactive Medical Systems
249	13/02/2020	?	Grand Est	The Grand Est region is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	FR	Grand Est, ransomware
250	14/02/2020	?	INA Group	A ransomware attack cripples some business operations at INA Group, Croatia's biggest oil company, and its largest petrol station chain.	Malware	D Electricity gas steam and air conditioning supply	CC	HR	INA Group, ransomware
251	14/02/2020	?	BST	A Maze ransomware attack on BST, an accounting firm in December exposes the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm.	Malware	K Financial and insurance activities	CC	US	Maze, BST, Community Care Physicians
252	14/02/2020	?	Tennessee Orthopaedic Alliance	Tennessee Orthopaedic Alliance notifies more than 81,000 patients after discovering two employee email accounts had been compromised on October 18, 2019.	Account Hijacking	Q Human health and social work activities	CC	US	Tennessee Orthopaedic Alliance
253	15/02/2020	?	Neebs Gaming YouTube channel	Neebs Gaming, a highly popular YouTube gaming channel is hacked by unidentified crypto scammers, who change its name and banner to Coinbase Pro to collect Bitcoin from its viewers/subscribers.	Account Hijacking	R Arts entertainment and recreation	CC	US	Neebs Gaming, YouTube, Coinbase Pro, Bitcoin
254	15/02/2020	?	Lodi School District	School officials in Lodi are investigating after student data is breached at two different schools: Bear Creek High and Ronald E. McNair High.	Unknown	P Education	CC	US	Lodi School District
255	16/02/2020	Fox Kitten	Companies from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors	Researchers from ClearSky reveal that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs to infiltrate and plant backdoors in companies all over the world.	Vulnerability	Y Multiple Industries	CE	>1	ClearSky, Fox Kitten, CVE-2019-11510, CVE-2018-13379, CVE-2019-1579, CVE-2019-19781
256	16/02/2020	APT-C-23	Israel Defense Force (IDF) soldiers	An IDF’s spokesperson reveals that IDF (Israel Defense Force) and ISA (Israel Security Agency AKA “Shin Bet”) conducted a joint operation to take down a Hamas operation targeting IDF soldiers, dubbed ‘Rebound’.	Targeted Attack	O Public administration and defence, compulsory social security	CE	IL	Israel Defense Force, IDF, APT-C-23, ISA, Israel Security Agency
257	16/02/2020	?	Vulnerable Wordpress sites	Researchers from WebARX reveal the details of a currently exploited vulnerability targeting the ThemeGrill Demo Importer plugin that allows the attackers to completely wipe a Wordpress site.	Vulnerability	Y Multiple Industries	CC	>1	WebARX, ThemeGrill Demo Importer, Wordpress
258	16/02/2020	?	Butler County Community College	Butler County Community College is hit with a ransomware attack.	Malware	P Education	CC	US	Butler County Community College, ransomware
259	17/02/2020	?	ISS World	A ransomware attack hits the major facilities company ISS World, which has half a million employees worldwide.	Malware	N Administrative and support service activities	CC	DK	ISS World
260	17/02/2020	?	More than 80 Turkish companies	Check Point researchers discover an evolving, ongoing malspam campaign targeting more than 80 Turkish companies, distributing the Adwind RAT.	Malicious Spam	Y Multiple Industries	CC	TR	Check Point, Adwind RAT
261	17/02/2020	?	Multiple targets	IBM X-Force Threat Intelligence researchers discover a phishing campaign distributing the Lokibot information stealer malware via emails designed to look like they're sent by the Ministry of Health of the People's Republic of China and containing emergency Coronavirus regulations in English.	Malware	Y Multiple Industries	CC	>1	IBM X-Force, Lokibot, Ministry of Health of the People's Republic of China, Coronavirus, COVID-19
262	17/02/2020	?	Single Individuals	The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.	Malicious Spam	X Individual	CC	>1	World Health Organization, WHO, Coronavirus, COVID-19
263	17/02/2020	?	Instagram users in Russia	A large-scale phishing campaign is running on Instagram to bait Russians with a fake presidential decree that promises a lump-sum payment for a citizen to start their own business.	Account Hijacking	X Individual	CC	RU	Instagram
264	17/02/2020	?	Rabun County	The Rabun County is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Rabun County, ransomware
265	17/02/2020	?	East House	East House provide notices of a phishing attack occurred on July 25, 2019.	Account Hijacking	Q Human health and social work activities	CC	US	East House
266	17/02/2020	?	Monroe County Hospital & Clinics	More than 7,000 patients of Monroe County Hospital & Clinics are notified that their personal information may have been leaked in a phishing attack occurred on December 2019.	Account Hijacking	Q Human health and social work activities	CC	US	Monroe County Hospital & Clinics
267	18/02/2020	?	Undisclosed natural gas compression facility	The Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility.	Malware	D Electricity gas steam and air conditioning supply	CC	US	Cybersecurity and Infrastructure Security Agency, CISA, ransomware
268	18/02/2020	?	Vulnerable Wordpress sites	Researchers from Wordfence reveal that a zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially fully taking over the vulnerable website.	Vulnerability	Y Multiple Industries	CC	>1	Wordfence, ThemeREX Addons, WordPress
269	18/02/2020	?	ProtonVPN users	Researchers from Kaspersky discover a fake ProtonVPN website used since November 2019 to deliver the AZORult information-stealing malware to potential victims in the form of fake ProtonVPN installers.	Malware	X Individual	CC	>1	Kaspersky, ProtonVPN, AZORult
270	18/02/2020	?	Windows users in Italy	Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.	Malware	X Individual	CC	IT	Dharma, Ransomware
271	18/02/2020	?	Government Data Center in Rwanda	A Rwandan data centre that hosts servers related to the country’s government is taken down by hackers.	DDoS	O Public administration and defence, compulsory social security	CC	RW	Rwanda
272	19/02/2020	?	MGM Resorts	The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.	Misconfiguration	I Accommodation and food service activities	CC	US	MGM Resorts
273	19/02/2020	DRBControl	Gambling companies located in Southeast Asia, Europe and the Middle East	Researchers from Trend Micro and Talent-Jump reveal the details of DRBControl, a criminal organization focused on gambling companies.	Targeted Attack	R Arts entertainment and recreation	CC	>1	Trend Micro, Talent-Jump, DRBControl
274	19/02/2020	Exaggerated Lion	Thousands of U.S. companies	Researchers uncover a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams.	Business Email Compromise	Y Multiple Industries	CC	US	Agari, Exaggerated Lion
275	19/02/2020	?	US Taxpayers	Proofpoint researchers detect the first attacks in theme with the tax season carried out via tax-themed emails with malicious attachments, and legitimate tax-focused websites compromised to deliver malware	Malware	X Individual	CC	US	Proofpoint, Tax
276	19/02/2020	?	Swiss companies	Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) warns of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.	Malware	Y Multiple Industries	CC	CH	Switzerland’s Reporting and Analysis Centre for Information Assurance, MELANI, ransomware
277	19/02/2020	?	Multiple targets	Researchers from Prevailion reveal the details of "PHPs Labyrinth", a campaign active since 2017, infecting more than 20,000 WordPress sites via malicious plugins.	Malicious Wordpress Plugin	Y Multiple Industries	CC	>1	Prevailion, PHPs Labyrinth, WordPress
278	19/02/2020	?	Multiple targets	Security researcher Marco Ramilli discover a new batch of e-commerce sites compromised by a Magecart attack.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Marco Ramilli, Magecart.
279	19/02/2020	?	Ministère de l’Éducation et de l’Enseignement Supérieur	The PII of at least 51,400, and possibly as many as 360,000 educators, in Quebec Province are exposed when a malicious actor obtained login credentials to the Ministère de l’Éducation et de l’Enseignement Supérieur network.	Unknown	O Public administration and defence, compulsory social security	CC	CA	Ministère de l’Éducation et de l’Enseignement Supérieur
280	19/02/2020	?	US Bank Customers	Researchers from IBM X-Force discover a new Emotet campaign spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.	Malware	K Financial and insurance activities	CC	US	IBM, X-Force, Emotet, TrickBot
281	19/02/2020	?	Maroof International Hospital	Maroof International Hospital is hit with a severe ransomware attack	Malware	Q Human health and social work activities	CC	PK	Maroof International Hospital, ransomware
282	19/02/2020	?	City of Wayne	The city of Wayne is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Wayne, ransomware
283	19/02/2020	?	United Regional Health Care System	United Regional Health Care System discloses an incident that occurred last July when someone accessed an employee email account. 2,000 individuals are affected.	Account Hijacking	P Education	CC	US	United Regional Health Care System
284	20/02/2020	?	Defence Information Systems Agency (DISA)	The U.S. Defence Information Systems Agency reveals that Social Security numbers and other personal data in its network may have been compromised between May and July 2019	Unknown	O Public administration and defence, compulsory social security	CC	US	Defence Information Systems Agency, DISA
285	20/02/2020	?	Targets in Southeast Asia	Researchers from Cisco Talos uncover a new campaign, carried out via a remote access tool dubbed ObliqueRAT, focused on targets in Southeast Asia.	Targeted Attack	Y Multiple Industries	CE	>1	Cisco Talos, ObliqueRAT
286	20/02/2020	?	IIT Madras	IIT Madras is hit with the GlobeImposter ransomware.	Malware	P Education	CC	IN	IIT Madras, GlobeImposter, ransomware
287	20/02/2020	?	Nine websites	Security researchers discover a new batch of nine websites infected with malicious JavaScript that steals payment card info from online shoppers.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Magecart
288	20/02/2020	?	VibrantCare Rehabilitation	VibrantCare Rehabilitation notifies 1,655 patients after an employee’s email account is accessed.	Account Hijacking	Q Human health and social work activities	CC	US	VibrantCare Rehabilitation
289	20/02/2020	?	San Felipe Del Rio CISD	A business email compromise targets the San Felipe Del Rio CISD.	Business Email Compromise	P Education	CC	US	San Felipe Del Rio CISD
290	20/02/2020	?	South Adams Schools district	The South Adams Schools district is hit with a ransomware attack.	Malware	P Education	CC	US	South Adams Schools district, ransomware
291	21/02/2020	?	Android users	Security researchers from Check Point discover a new mobile threat called Haken, hidden in 8 applications.	Malware	X Individual	CC	>1	Check Point, Haken, Joker, Android
292	21/02/2020	Lynx	Slickwraps	Slickwraps suffers a data breach after an individual is able to access their systems and after receiving no response to emails, publicly discloses how the access to the site was gained and the data that was exposed.	Vulnerability	C Manufacturing	CC	US	Lynx, Slickwraps
293	21/02/2020	?	Reading Municipal Light Department (RMLD)	The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announces it was hit by a ransomware attack.	Malware	D Electricity gas steam and air conditioning supply	CC	US	Reading Municipal Light Department, RMLD, ransomware
294	21/02/2020	Pakistan?	Indian diplomats and military personnel in some embassies	Researchers from Cybaze-Yoroi ZLab discover that operation Transparent Tribe, allegedly carried out by Pakistan against Indian targets is back after four years.	Targeted Attack	O Public administration and defence, compulsory social security	CE	IN	Cybaze-Yoroi ZLlab, Operation Transparent Tribe, Pakistan, India
295	21/02/2020	?	Multiple targets	Researchers from Cofense discover an uptick in phishing attempts using a fake and badly created Office 365 credentials update form.	Account Hijacking	Y Multiple Industries	CC	>1	Cofense, Office 365
296	21/02/2020	?	Endeavor Energy Resources	Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack on January 14.	Account Hijacking	D Electricity gas steam and air conditioning supply	CC	US	Endeavor Energy Resources
297	21/02/2020	?	Moses Lake School District	The Moses Lake School District is hit by a ransomware attack.	Malware	P Education	CC	US	Moses Lake School District, ransomware
298	21/02/2020	?	Jackson Public Schools	Jackson Public Schools is hit with a ransomware attack.	Malware	P Education	CC	US	Jackson Public Schools, ransomware
299	22/02/2020	?	Major cryptovalues investor	An unknown investor claims to have lost reported $45 million worth of cryptovalues In a SIM Swapping attack.	Account Hijacking	V Fintech	CC	N/A	SIM Swapping, Crypto
300	22/02/2020	?	Single Individuals	Security research collective MalwareHunterTeam discover a 3-page Coronavirus-themed Microsoft Office document containing malicious macros, pretending to be from the Center for Public Health of the Ministry of Health of Ukraine, and designed to drop a backdoor malware with clipboard stealing, keylogging, and screenshot capabilities.	Malware	X Individual	CC	UA	MalwareHunterTeam, Coronavirus, COVID-19, Center for Public Health of the Ministry of Health of Ukraine
301	23/02/2020	?	Mexico’s economy ministry	Mexico’s economy ministry detects a cyber attack on some of its servers.	Unknown	O Public administration and defence, compulsory social security	CC	MX	Mexico’s economy ministry
302	23/02/2020	?	Prince Edward Island	Prince Edward Island reveals it was hit with a Maze ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	CA	Prince Edward Island, ransomware, Maze
303	23/02/2020	?	Total Quality Logistics (TQL)	Total Quality Logistics confirms it was the victim of a data breach.	Unknown	N Administrative and support service activities	CC	US	Total Quality Logistics, TQL
304	24/02/2020	?	German PayPal users	According to multiple reports, a critical PayPal vulnerability is behind thefts over recent days from numerous German PayPal users (fraudulent transactions with U.S. stores).	Vulnerability	K Financial and insurance activities	CC	DE	PayPal
305	24/02/2020	Magecart 12	40 websites	Security Researcher Max Kersten publishes a list of 40 websites targeted by the Magecart 12 group.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Max Kersten, Magecart 12
306	24/02/2020	?	Ordnance Survey	A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the government-owned mapping agency for Britain. The breach occurred on January this year.	Unknown	O Public administration and defence, compulsory social security	CC	UK	Ordnance Survey
307	24/02/2020	?	Multiple targets	Researchers from MalwareHunterTeam discover Mozart, a malware using DNS to communicate with its command and control and evade detection.	Malware	Y Multiple Industries	CC	>1	MalwareHunterTeam, Mozart, DNS
308	24/02/2020	?	Portuguese Banking users.	A new campaign carried out via the Lampion malware in disguise of a DPD email, is discovered targeting Portuguese users.	Malware	K Financial and insurance activities	CC	PT	Lampion, DPD
309	24/02/2020	?	Pacific Specialty Insurance	Pacific Specialty Insurance notifies plan members of a phishing attack that occurred in March, 2019	Account Hijacking	K Financial and insurance activities	CC	US	Pacific Specialty Insurance
310	24/02/2020	?	Grayson County	Grayson County is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Grayson County
311	24/02/2020	?	Transavia	The data of 80,000 Transavia passengers are compromised after a phishing attack.	Account Hijacking	H Transportation and storage	CC	NL	Transavia
312	24/02/2020	?	Transmit Security	Transmit Security is breached after a security researcher contacts some of its customers and reports unauthorized access to the data.	Unknown	M Professional scientific and technical activities	CC	IL	Transmit Security
313	25/02/2020	?	Multiple targets	Google releases a Chrome update to address three security bugs, including CVE-2020-6418, a zero-day vulnerability actively exploited in the wild.	Vulnerability	Y Multiple Industries	CC	>1	Google, Chrome, CVE-2020-6418
314	25/02/2020	?	La Salle County	La Salle County is hit with a PwndLocker ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	La Salle County, ransomware, PwndLocker
315	25/02/2020	?	Single Individuals	Researchers from Cybaze/Yoroi ZLab discover a new campaign exploiting the Coronavirus theme to distribute the Remcos RAT.	Malware	X Individual	CC	>1	Cybaze/Yoroi ZLab, Remcos, Coronavirus, COVID-19
316	25/02/2020	?	Reprint Mint	Researchers from Sanguine Security reveal that attackers successfully implanted multiple skimmers, for 30 months on Reprint Mint photo store.	Malicious Script Injection	G Wholesale and retail trade	CC	US	Sanguine Security, Reprint Mint
317	25/02/2020	tonyredball solarsalvador1234	Vulnerable Wordpress sites	Other Cybercriminals are taking advantage of the security flaws reported recently in popular WordPress plugins (ThemeGrill Demo Importer, Profile Builder, and Duplicator).	Vulnerability	Y Multiple Industries	CC	>1	WordPress, ThemeGrill Demo Importer, Profile Builder, Duplicator, tonyredball, solarsalvador1234
318	25/02/2020	?	NRC Health	NRC Health discloses that it was hit by a ransomware attack that took place on February 11.	Malware	M Professional scientific and technical activities	CC	US	NRC Health, ransomware
319	25/02/2020	?	Undisclosed target	Researchers from Sophos reveal the details of Cloud Snooper, a sophisticated malware hiding in the cloud, probably backed by an advanced state sponsored actor.	Unknown	Z Unknown	CE	N/A	Cloud Snooper, Sophos
320	25/02/2020		Overlake Medical Center & Clinics	Overlake Medical Center & Clinics reveals to have been hit by a phishing attack from Dec. 6 to 9, 2019.	Account Hijacking	Q Human health and social work activities	CC	US	Overlake Medical Center & Clinics
321	25/02/2020	?	Advocate Aurora Health	The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign.	Account Hijacking	Q Human health and social work activities	CC	US	Advocate Aurora Health
322	25/02/2020	?	Gadsden Independent School District (GISD)	Gadsden Independent School District (GISD) shuts down its internet and communication systems, after a RYUK ransomware attack.	Malware	P Education	CC	US	Gadsden Independent School District, GISD, ransomware
323	25/02/2020	?	Hutt Valley High School	Hutt Valley High School reveals that it was hit with a cyber attack.	Unknown	P Education	CC	NZ	Hutt Valley High School
324	26/02/2020	?	Clearview AI	Clearview AI discloses to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted.	Misconfiguration	M Professional scientific and technical activities	CC	US	Clearview AI
325	26/02/2020	?	Bretagne Télécom	Cloud services provider Bretagne Télécom is hacked by the threat actors behind the DoppelPaymer Ransomware using CVE-2019-19781.	Malware	M Professional scientific and technical activities	CC	FR	Bretagne Télécom, DoppelPaymer, Ransomware, CVE-2019-19781
326	26/02/2020	?	Multiple targets	Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution.	Vulnerability	Y Multiple Industries	CC	>1	Microsoft Exchange, CVE-2020-0688
327	26/02/2020	?	Multiple targets	Researchers from Malwarebytes discover Magecart actors cloaking their credit card skimmers using fake content delivery network domains.	Malicious Script Injection	Y Multiple Industries	CC	>1	Malwarebytes, Magecart
328	26/02/2020	?	Southern Water	British utility Southern Water is the victim of a phishing attack, resulting in a shutdown of some of the company's systems.	Account Hijacking	D Electricity gas steam and air conditioning supply	CC	UK	Southern Water
329	26/02/2020	Cobalt Ulster (AKA MuddyWater, Seedworm, TEMP.Zagros, and Static Kitten)	Governmental organizations in Turkey, Jordan, Iraq along with intergovernmental and other agencies in Georgia and Azerbaijan.	Researchers from Secureworks reveal the details of the latest cyber espionage campaign carried out by the Iranian state-sponsored actor Cobalt Ulster	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	Cobalt Ulster, MuddyWater, Seedworm, TEMP.Zagros, Static Kitten, Secureworks, Iran
330	26/02/2020	?	Rady’s Children’s Hospital	Rady’s Children’s Hospital notifies patients whose data were accessed via an "open port" on June 2019, and January 2020.	Unknown	Q Human health and social work activities	CC	US	Rady’s Children’s Hospital
331	27/02/2020	?	Barbara Corcoran	Barbara Corcoran, a renowned real-estate broker and business expert, admits she lost $380,000 via a BEC scam.	Business Email Compromise	L Real estate activities	CC	US	Barbara Corcoran
332	27/02/2020	?	Kenneth Cole Productions	The operators behind the Sodinokibi Ransomware (AKA Revil) publish the download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from Kenneth Cole Productions.	Malware	C Manufacturing	CC	US	Kenneth Cole Productions, Sodinokibi, Revil, ransomware
333	27/02/2020	?	Single Individuals	Researchers from Malwarebytes and X-Force discover an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.	Malware	X Individual	CC	>1	Malwarebytes, IBM X-Force, Nemty, Ransomware
334	27/02/2020	?	Multiple targets	Researchers from Palo Alto discover a new phishing campaign installing the NetSupport Manager RAT via a Fake Norton LifeLock document.	Malicious Spam	Y Multiple Industries	CC	>1	Palo Alto, NetSupport Manager RAT, Norton LifeLock
335	27/02/2020	?	BGR.in tradinggame.au.com S3 Production	Hackers share three SQL databases from S3 buckets, one dump belonging to the BGR tech news site in India.	Misconfiguration	Y Multiple Industries	CC	>1	BGR.in, tradinggame.au.com, S3 Production
336	27/02/2020	?	Democratic National Committee	The Democratic National Committee warns its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least two other campaigns.	Account Hijacking	S Other service activities	CE	US	Democratic National Committee, Bernie Sanders
337	27/02/2020	?	Jordan Health	Jordan Health is hit with a ransomware attack.	Malware	P Education	CC	US	Jordan Health
338	28/02/2020	?	130,000 Asus routers	An unknown criminal manages to breach as many as 130,000 Asus routers, and sells the access to them for few dollars.	Vulnerability	Y Multiple Industries	CC	>1	Asus
339	28/02/2020	?	Multiple targets	Researchers from Morphisec discover a widespread campaign using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap adopted by TrickBot for delivery.	Malware	Y Multiple Industries	CC	>1	Morphisec, ActiveX, Word, Windows 10, TrickBot
340	28/02/2020	?	Vulnerable Wordpress sites	Researchers from Defiant discover that attackers took over tens of thousands of WordPress sites by exploiting multiple zero-days in the following plugins: Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite.	Vulnerability	Y Multiple Industries	CC	>1	Wordpress, Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite, Defiant
341	28/02/2020	?	Munson Healthcare Group	Munson Healthcare Group discloses that hackers gained access to patient data placed by compromising the email accounts of at least two employees. Patient records were accessed from July 31, 2019, to October 22, 2019, but the breach went undetected until January 16, 2020.	Account Hijacking	Q Human health and social work activities	CC	US	Munson Healthcare Group
342	29/02/2020	?	Epiq Global	Legal services giant Epiq Global is hit by a ransomware attack.	Malware	M Professional scientific and technical activities	CC	US	Epiq Global, ransomware
343	29/02/2020	?	RailWorks Corporation	RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, discloses a ransomware attack.	Malware	C Manufacturing	CC	US	RailWorks Corporation, ransomware
344	29/02/2020	?	Vulnerable Apache Tomcat servers	Security researchers detect ongoing scans for Apache Tomcat servers unpatched against the Ghostcat (CVE-2020-1938) vulnerability.	Vulnerability	Y Multiple Industries	CC	>1	Apache Tomcat, Ghostcat, CVE-2020-1938
345	29/02/2020	?	Loqbox	Fintech startup Loqbox reveals to have suffered an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers.	Unknown	V Fintech	CC	UK	Loqbox, Crypto
346	15/02/2020	?	EMCOR Group	EMCOR Group, a Fortune 500 company specialized in engineering and industrial construction services, discloses a Ryuk ransomware incident that took down some of its IT systems.	Malware	C Manufacturing	CC	US	EMCOR Group, Ryuk, ransomware
347	21/02/2020	?	Coinhako	Coinhako is hit by a sophisticated attack.	Unknown	V Fintech	CC	SG	Coinhako, Crypto
348	27/02/2020	?	Okex and Bitfinex	Okex and Bitfinex suffered simultaneous distributed denial of service (DDoS)	DDoS	V Fintech	CC	US HK	Okex, Bitfinex, Coinhako
349	27/02/2020	Kimsuky	South Korean officials	Researchers from IssueMakersLab reveal that a group of North Korean hackers embedded malware inside documents detailing South Korea's response to the COVID-19 epidemic. The embedded malware is BabyShark a backdoor previously utilized by a North Korean hacker group known as Kimsuky.	Targeted Attack	O Public administration and defence, compulsory social security	CE	KR	IssueMakersLab, COVID-19, Kimsuky, BabyShark
350	29/02/2020	Digileaker	Digitex	A hacker dubbed Digileaker claims to have stolen the data related to 8,000 Digitex users.	Unknown	V Fintech	CC	SC	Digitex, Digileaker
351	01/03/2020	?	Visser Precision	Visser Precision, parts maker for space and defense contractors confirms a DoppelPaymer ransomware attack.	Malware	C Manufacturing	CC	US	Visser Precision, DoppelPaymer, ransomware
352	01/03/2020	?	Community Development Bank	Community Development Bank becomes the latest victim of the Maze ransomware team.	Malware	K Financial and insurance activities	CC	US	Community Development Bank, Maze, Ransomware
353	02/03/2020	?	City of Novi Sad	The City of Novi Sad in Serbia is hit by the PwndLocker ransomware.	Malware	O Public administration and defence, compulsory social security	CC	RS	Novi Sad, Serbia, PwndLocker, ransomware
354	02/03/2020	?	Spartanburg School District One	Spartanburg School District One is hit with a ransomware attack.	Malware	P Education	CC	US	Spartanburg School District One
355	02/03/2020	APT34	Lebanon Government	Researchers from Cybaze-Yoroi ZLab discover a new campaign targeting the Lebanon government via the Karkoff implant.	Targeted Attack	O Public administration and defence, compulsory social security	CE	LB	Cybaze-Yoroi ZLab, Lebanon, Karkoff
356	02/03/2020	?	Large number of French critical infrastructure firms	A large number of French critical infrastructure firms appear to have been hacked as part of an extended malware campaign.	Malware	D Electricity gas steam and air conditioning supply	CC	FR	France
357	02/03/2020	Egypt? India?	Saudi Arabia UAE	Facebook removes hundreds of accounts and pages used in "Operation Red Card", a deceptive campaign that appears to be from Egyptian and Indian marketing firms, to post anti-Saudi and anti-Emirati content.	Fake Social Network accounts/groups/pages	O Public administration and defence, compulsory social security	CW	SA AE	Operation Red Card, Facebook, India, Egypt
358	02/03/2020	?	Tesco	Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack.	Credential Stuffing	G Wholesale and retail trade	CC	UK	Tesco
359	02/03/2020	?	Android users	Google addresses a high-severity flaw in MediaTek’s Command Queue driver that developers said affects millions of devices, and which has an exploit already circulating in the wild.	Vulnerability	X Individual	CC	>1	Google, Android, Mediatek, CVE-2020-0032
360	03/03/2020	CIA?	Chinese companies and government agencies	The Chinese company Qihoo 360 publishes a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years (from 2008 to 1019).	Targeted Attack	O Public administration and defence, compulsory social security	CE	CN	Qihoo 360, CIA
361	03/03/2020	Molerats (AKA Gaza Hackers Team and Gaza Cybergang)	Eight organizations in six different countries in the government, telecommunications, insurance and retail industries	Researchers from Palo Alto Unit 42 observe multiple instances of phishing attacks likely related to the threat group Molerats targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries	Targeted Attack	Y Multiple Industries	CE	>1	Molerats, Gaza Hackers Team, Gaza Cybergang, Palo Alto, Unit 42
362	03/03/2020	?	J.Crew	Clothing giant J.Crew says an unknown number of customers had their online accounts accessed “by an unauthorized party" in or around April 2019.	Credential Stuffing	G Wholesale and retail trade	CC	US	J.Crew
363	03/03/2020	Kimsuky	South Korea	Researchers from Cybaze-Yoroi ZLab discover a new campaign by the North Korea-linked APT group, Kimsuky, targeting South Korea.	Targeted Attack	O Public administration and defence, compulsory social security	CE	KR	Cybaze-Yoroi ZLab, Kimsuky
364	03/03/2020	?	Four Queens Hotel and Casino and Binion’s Casino	Four Queens Hotel and Casino and Binion’s Casino are hit with a ransomware attack.	Malware	R Arts entertainment and recreation	CC	US	Four Queens Hotel and Casino, Binion’s Casino, ransomware
365	04/03/2020	?	T-Mobile	US telecommunications giant T-Mobile discloses a security breach that impacted both its employees and customers alike. The attackers gained access to "certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees."	Account Hijacking	J Information and communication	CC	US	T-Mobile
366	04/03/2020	?	Australian Defence	The Australian Signals Directorate (ASD reveals that a vulnerability in Citrix, could have been used by malicious actors to access a database of Australian Defence recruitment details.	Vulnerability	O Public administration and defence, compulsory social security	CE	AU	Australian Signals Directorate, ASD, Citrix, Australian Defence, CVE-2019-19781
367	04/03/2020	?	Boots	Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords.	Password-spraying	G Wholesale and retail trade	CC	UK	Boots
368	04/03/2020	?	Single Individuals	Researchers from Fortinet discover a new campaign delivering the Lokibot malware and exploiting the COVID-19 fear.	Malware	X Individual	CC	>1	Fortinet, Lokibot, COVID-19, Coronavirus
369	04/03/2020	?	Single Individuals	Researchers from Cofense discover an additional phishing campaign pushing fake messages from The Centers for Disease Control (CDC) stating that the coronavirus has “officially become airborne” and there “have been confirmed cases of the disease in your location.”	Account Hijacking	X Individual	CC	>1	Cofense, CDC, Coronavirus, COVID-19, The Centers for Disease Control
370	04/03/2020	?	SIngle Individuals	Researchers from Cofense discover a phishing campaign, leveraging OneNote to bypass detection tools and download malware onto victims’ systems.	Account Hijacking	X Individual	CC	>1	Cofense, OneNote
371	05/03/2020	?	Carnival Corp.	Carnival Corp. announces that two of its most popular lines, Holland America and Princess Cruises, were hit by a phishing attack between April 11 and July 23, 2019.	Account Hijacking	R Arts entertainment and recreation	CC	US	Carnival Corp., Holland America, Princess Cruises
372	05/03/2020	?	Communications & Power Industries (CPI)	Communications & Power Industries (CPI) is still down after a ransomware attack suffered in January.	Malware	C Manufacturing	CC	US	Communications & Power Industries, CPI
373	05/03/2020	?	EVRAZ	EVRAZ, one of the world's largest steel manufacturers and mining operations, has its North American activities taken down by a Ryuk ransomware attack.	Malware	C Manufacturing	CC	US	EVRAZ, Ryuk, ransomware
374	05/03/2020	?	Banking users in Italy	Researchers from Sophos discover a new campaign distributing the Trickbot malware in Italy and exploiting the COVID-19 outbreak.	Malware	K Financial and insurance activities	CC	IT	Sophos, Trickbot, COVID-19
375	05/03/2020	?	Multiple targets	Researchers from Kaspersky discover a new campaign inviting victims to install malware in disguise of an expired certificate.	Malware	Y Multiple Industries	CC	>1	Kaspersky
376	05/03/2020	Tonto Team	Multiple targets in Russia, Japan, and South Korea	Researchers from Cisco Talos reveal the detail of a new cyber espionage campaign carried out by the Tonto Team via the Bisonal RAT.	Targeted Attack	Y Multiple Industries	CE	>1	Cisco Talos, Tonto Team, Bisonal RAT
377	05/03/2020	?	Chrome Users	Researchers at MyCrypto discover a malicious Chrome extension able to steal Ledger wallet recovery seeds.	Malicious Browser Extension	V Fintech	CC	>1	MyCrypto, Chrome, Ledger
378	06/03/2020	?	The City of Durham and Durham County	The City of Durham and Durham County are hit by a Ryuk ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Durham, Durham County, Ryuk. Ransomware
379	06/03/2020	?	Trident Crypto Fund	The usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online.	Unknown	V Fintech	CC	MA	Trident Crypto Fund, Crypto
380	06/03/2020	?	Entercom	US radio giant Entercom reports a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored in a third-party cloud hosting service and containing Radio.com user credentials.	Unknown	J Information and communication	CC	US	Entercom
381	06/03/2020	?	Koodo Mobile	Telus-owned Koodo Mobile suffers a data breach after their systems were hacked on February 13, 2020, and customer data from August and September 2017 was stolen by the attackers.	Account Hijacking	J Information and communication	CC	CA	Koodo Mobile
382	06/03/2020	?	Multiple targets	The US Federal Bureau of Investigation (FBI) warns private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise (BEC) attacks.	Business Email Compromise	Y Multiple Industries	CC	US	Federal Bureau of Investigation, FBI, Microsoft Office 365, Google G Suite
383	07/03/2020	?	SIngle Individuals	Researchers from MalwareHunterTeam discover another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO), and in reality distributing a malware downloader that installs the FormBook information-stealing Trojan.	Malicious Spam	X Individual	CC	>1	MalwareHunterTeam, Coronavirus, COVID-19, World Health Organization, WHO, FormBook
384	07/03/2020	?	Six Southeast Asian countries, including Malaysia and Singapore	Researchers from Technisanct discover hundreds of thousands of credit card details from at least six Southeast Asian countries, leaked online.	Unknown	K Financial and insurance activities	CC	>1	Malaysia, Singapore, Technisanct
385	08/03/2020	?	Multiple targets	Researchers from Volexity reveal that state-sponsored hacking groups are using a recently disclosed Microsoft Exchange vulnerability (CVE-2020-0688) to attack targets. The same warning is sent also by the NSA.	Vulnerability	Y Multiple Industries	CC	>1	Volexity, Microsoft Exchange, CVE-2020-0688
386	08/03/2020	?	University of Kentucky and UK HealthCare	The University of Kentucky and UK HealthCare discovers that is suffered a malware attack aimed to install cryptominers.	Malware	P Education	CC	US	University of Kentucky and UK HealthCare
387	09/03/2020	?	ENTSO-E	The European Network of Transmission System Operators for Electricity (ENTSO-E), says that its IT network had been compromised in a “cyber intrusion.”	Unknown	D Electricity gas steam and air conditioning supply	N/A	EU	ENTSO-E, European Network of Transmission System Operators for Electricity
388	09/03/2020	?	Russian users	Researchers from MalwareHunterTeam discover a new phishing scam targeting Russian victims, and utilizing a "customer service" chatbot.	Account Hijacking	X Individual	CC	RU	MalwareHunterTeam
389	09/03/2020	?	Single Individuals	Researchers from IBM X-Force Threat Intelligence discover a new sextortion campaign, luring victims with emails promising to give access to the nude extortion pics of a friend's girlfriend, and delivering the Raccoon malware.	Malicious Spam	X Individual	CC	>1	IBM, X-Force, sextortion, Raccoon
390	09/03/2020	?	TrueFire	The popular online guitar tutoring website TrueFire suffers a ‘Magecart‘ attack that might have exposed customers’ personal information and payment card data.	Malicious Script Injection	S Other service activities	CC	US	TrueFire, Magecart
391	09/03/2020	?	Single Individuals	Researchers from security firm Reason discover a fake Coronavirus map, delivering the AZORult trojan.	Malware	X Individual	CC	>1	Reason, COVID019, Coronavirus, AZORult
392	09/03/2020	?	Fort Worth Independent School District	The Fort Worth Independent School District is hit with a ransomware attack,	Malware	P Education	CC	US	Fort Worth Independent School District, ransomware
393	10/03/2020	Mustang Panda	Targets in Vietnam	Vietnamese cyber-security firm VinCSS detects a Chinese state-sponsored group (codenamed Mustang Panda) spreading emails with a RAR file attachment purporting to carry a message about the coronavirus outbreak from the Vietnamese Prime Minister.	Targeted Attack	Y Multiple Industries	CE	VN	VinCSS, Mustang Panda, Coronavirus
394	10/03/2020	?	Multiple targets	Researchers from Cybereason discover a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT.	Malware	Y Multiple Industries	CC	>1	Cybereason, njRAT
395	10/03/2020	?	Undisclosed organization in Asia	Researchers from Lastline discover a new campaign spreading the Paradise ransomware via IQY files.	Malware	Z Unknown	CC	N/A	Lastline, Paradise, ransomware, IQY
396	10/03/2020	?	Undisclosed target	Researchers from Cofense discover a phishing campaigns using YouTube redirects to evade security controls.	Account Hijacking	Z Unknown	CC	N/A	YouTube
397	10/03/2020	?	Multiple targets	Attackers start to exploit a recently discovered vulnerability on ManageEngine Desktop Central.	Vulnerability	Y Multiple Industries	CC	>1	ManageEngine Desktop Central, CVE-2020-10189
398	10/03/2020	?	Wichita State University	Wichita State University notifies 1,762 individuals whose personal information was accessed by hackers between December 3, 2019 and December 5, 2019.	Unknown	P Education	CC	US	Wichita State University
399	10/03/2020	?	Undisclosed company	A global company with an office in Perth is attacked by criminals who demand a $30 million ransom to unlock its computer system in Australia.	Malware	Z Unknown	CC	AU	Perth
400	11/03/2020	?	Champaign-Urbana Public Health District	In the midst of a coronavirus pandemic, the Champaign-Urbana Public Health District is hit with a NetWalker ransomware attack.	Malware	Q Human health and social work activities	CC	US	Champaign-Urbana Public Health District, NetWalker, ransomware
401	11/03/2020	?	Global insurance, healthcare, and pharmaceutical organizations	Researchers from Proofpoint discover a new phishing campaign impersonating Vanderbilt University Medical Center and sending out fake HIV test result emails.	Malicious Spam	Y Multiple Industries	CC	>1	Proofpoint, Vanderbilt University Medical Center, HIV
402	11/03/2020	?	Northeast Radiology	Northeast Radiology announces that on January 11, 2020, unauthorized individuals gained access to Northeast Radiology’s picture archiving and communication system (“PACS”),	Unknown	Q Human health and social work activities	CC	US	Northeast Radiology
403	12/03/2020	?	Facebook Users	Facebook, Twitter and Instagram remove multiple accounts and pages for a coordinated inauthentic behavior on behalf in Ghana and Nigeria on behalf of individuals in Russia, targeting primarily the United States.	Fake Social Network accounts/groups/pages	X Individual	CW	US	Facebook, Instagram, Twitter, Ghana, Nigeria, Russia, United States.
404	12/03/2020	?	Multiple targets	Researchers from MalwareHunterTeam discover a new campaign distributing a malware cocktail consisting of the Coronavirus Ransomware and the Kpot information-stealing Trojan.	Malware	Y Multiple Industries	CC	>1	MalwareHunterTeam, Coronavirus, Kpot
405	12/03/2020	Vicious Panda	Public sector entity of Mongolia	Researchers from Check Point discover a campaign, dubbed Vicious Panda, carried out by a Chinese APT group on a public sector entity of Mongolia, leveraging the coronavirus pandemic.	Targeted Attack	O Public administration and defence, compulsory social security	CE	MN	Check Point, Mongolia, Coronavirus
406	12/03/2020	?	Open Exchange Rates	Open Exchange Rates announces a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. The breach occurred between February 9th, 2020, and March 2nd, 2020.	Account Hijacking	M Professional scientific and technical activities	CC	US	Open Exchange Rates
407	12/03/2020	Turla	Several high-profile Armenian websites	Researchers from ESET discover a watering hole operation targeting several high-profile Armenian websites via a fake Adobe Flash update, delivering two previously undocumented pieces of malware dubbed NetFlash and PyFlash.	Targeted Attack	O Public administration and defence, compulsory social security	CE	AM	ESET, Turla, Adobe Flash, NetFlash, PyFlash
408	12/03/2020	?	Multiple targets	Researchers from IBM X-Force discover a new malware strain dubbed PXJ (AKA XVFXGW).	Malware	Y Multiple Industries	CC	>1	IBM, X-Force, PXJ, XVFXGW
409	13/03/2020	?	The National	The National, a Scottish newspaper, is hit by a DDoS attack.	DDoS	J Information and communication	CC	UK	The National, DDoS
410	13/03/2020	?	Brno University Hospital	The Brno University Hospital, a COVID-19 testing center, is hit by a cyberattack right in the middle of a COVID-19 outbreak.	Malware	Q Human health and social work activities	CC	CZ	Brno University Hospital, COVID-19, Coronavirus
411	13/03/2020	?	Android users	Researchers from Domaintools reveal the details of Covidlock, a ransomware encrypting data on Android devices.	Malware	X Individual	CC	>1	Domaintools, Covidlock, Android
412	13/03/2020	Ancient Tortoise	Multiple targets	Researchers from Agari reveal that the Ancient Tortoise Group is now starting using coronavirus-themed scam emails that take advantage of the COVID-19 global outbreak to convince potential victims to send payments to attacker-controlled accounts.	Business Email Compromise	Y Multiple Industries	CC	>1	Agari, Ancient Tortoise
413	13/03/2020	?	Aerial Direct	Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.	Unknown	J Information and communication	CC	UK	Aerial Direct
414	13/03/2020	?	Healthcare professionals	A new email scam targets healthcare professionals with phishing emails about "coronavirus awareness" - part of a wave of scams capitalizing on the pandemic.	Account Hijacking	Q Human health and social work activities	CC	>1	Coronavirus, COVID-19
415	13/03/2020	?	Randleman Eye Center	Randleman Eye Center discloses a malware attack occurred on January 13.	Malware	Q Human health and social work activities	CC	US	Randleman Eye Center
416	13/03/2020	?	Jay Public School District	The Jay Public School District is hit with a cyber attack.	Unknown	P Education	CC	US	Jay Public School District
417	14/03/2020	?	Facebook Android users	Researchers from Kaspersky discover the CookieThief malware, targeting the Facebook accounts of Android users.	Malware	X Individual	CC	>1	Kaspersky, CookieThief, Facebook, Android
418	14/03/2020	?	Multiple targets	Researchers from MalwareHunterTeam discover a new backdoor malware called BlackWater pretending to be a COVID-19 information while abusing Cloudflare Workers as an interface to the malware's command and control (C2) server.	Malware	Y Multiple Industries	CC	>1	MalwareHunterTeam, BlackWater, COVID-19, Cloudflare
419	14/03/2020	?	AffordaCare Urgent Care Clinic	AffordaCare Urgent Care Clinic is hit by the Maze ransomware team.	Malware	Q Human health and social work activities	CC	US	AffordaCare Urgent Care Clinic, ransomware, Maze
420	14/03/2020	?	Advanced Urgent Care of the Florida Keys	Advanced Urgent Care of the Florida Keys	Malware	Q Human health and social work activities	CC	US	Advanced Urgent Care of the Florida Keys, ransomware, Maze
421	15/03/2020	?	United States Health and Human Services Department	The United States Health and Human Services Department's web site is hit with a DDoS cyber attack in the middle of the Coronavirus outbreak.	DDoS	O Public administration and defence, compulsory social security	CC	US	United States Health and Human Services Department, Coronavirus
422	15/03/2020	?	Townhall of Marseille and the metropolis.	The townhall of Marseille is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	FR	Marseille, ransomware
423	02/03/2020	?	Vijay Sales	A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an “exposed backup server” breached in February 2020.	Misconfiguration	G Wholesale and retail trade	CC	IN	Vijay Sales, AWS
424	02/03/2020	?	GeoCloud	A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users’ names, email addresses, and passwords as well as the company’s social media keys and company information.	Misconfiguration	S Other service activities	CC	IL	GeoCloud, AWS
425	13/03/2020	?	Norwegian Cruise Line	Researchers from Dynarisk discover a breached database belonging to Norwegian Cruise Line, containing 29,969 records	Unknown	R Arts entertainment and recreation	CC	US	Dynarisk, Norwegian Cruise Line
426	14/03/2020	Maze	Hammersmith Medicines Research (HMR)	Hammersmith Medicines Research (HMR) is hit with a Maze ransomware attack.	Malware	Q Human health and social work activities	CC	UK	Hammersmith Medicines Research, HMR, Maze, Coronavirus
427	14/03/2020	?	Energy, construction, and telecoms in the United States	Researchers from Proofpoint discover a small campaign targeting energy, construction, and telecoms in the United States, using the subject line "coronavirus update disease (COVID-19) your neighbors tested positive" and distributing the Remcos remote control tool.	Malware	Y Multiple Industries	CC	US	Proofpoint, Coronavirus, COVID-19, Remcos
428	14/03/2020	?	Jamaica National Group	Jamaica National Group is hit with a ransomware attack.	Malware	K Financial and insurance activities	CC	JM	Jamaica National Group, ransomware
429	15/03/2020	?	Bluffton Township Fire District	Bluffton Township Fire District is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Bluffton Township Fire District, ransomware
430	16/03/2020	APT36	Indian government	Researchers from Malwarebytes discover a new campaign targeting India of the Pakistan-linked APT36 group exploiting COVID-19 to implant the Crimson RAT.	Targeted Attack	O Public administration and defence, compulsory social security	CE	IN	APT36, COVID-19, Crimson, Pakistan, India, Malwarebytes
431	16/03/2020	?	Single Individuals	Researchers from ESET discover a massive campaign targeting users in multiple countries carried out via a wave of 2,500 infections of just two strains of malware delivered in COVID-19-themed emails.	Malicious Spam	X Individual	CC	>1	ESET, COVID-19, Coronavirus
432	16/03/2020	TA505	U.S. healthcare, manufacturing, and pharmaceuticals industries.	Researchers from Proofpoint discover a campaign from TA505, using a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries.	Malware	Y Multiple Industries	CC	US	Proofpoint, TA505
433	16/03/2020	?	Single Individuals	Researchers from KnowBe4 discover a new phishing campaign spoofing the CDC and WHO.	Account Hijacking	X Individual	CC	US	KnowBe4, Coronavirus, COVID-19, CDC, WHO
434	16/03/2020	?	Multiple targets in the UK	The National Cyber Security Centre (NCSC) warns that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns.	>1	Y Multiple Industries	CC	UK	National Cyber Security Centre, NCSC, Coronavirus, COVID-19
435	16/03/2020	?	College of DuPage	College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach.	Unknown	P Education	CC	US	College of DuPage
436	16/03/2020	?	Android users	Researchers from Kaspersky discover MonitorMinor, a stalkerware able to intercept user data in disguise of a parental control app.	Malware	X Individual	CC	>1	Kaspersky, MonitorMinor, Android
437	17/03/2020	?	Multiple targets in the US	Researchers from Proofpoint discover a medium-sized campaign in the United States primarily targeting the manufacturing industry but also construction, transportation, healthcare, automotive, energy, and aerospace companies. The email spoofs the real address of the head of the World Health Organization (WHO), claims there is a “solution” for “total control”, distributes GuLoader and Agent Tesla, and asks the recipient to “share with all contacts.”	Malware	Y Multiple Industries	CC	US	Proofpoint, World Health Organization, WHO, GuLoader, Agent Tesla, COVID-19, Coronavirus
438	17/03/2020	?	Manufacturing and industrial targets in Spain and Portugal	Researchers from Proofpoint discover a small COVID-19 themed campaign against manufacturing and industrial targets in Spain and Portugal and distributing GuLoader.	Malware	Y Multiple Industries	CC	ES PT	Proofpoint, COVID-19, Coronavirus, GuLoader
439	17/03/2020	?	Manufacturing, technology, and industrial companies in the Netherlands	Researchers from Proofpoint discover a small campaign in Dutch targeting manufacturing, technology, and industrial companies in the Netherlands, designed to steal banking credentials.	Account Hijacking	Y Multiple Industries	CC	NL	Proofpoint, COVID-19, Coronavirus
440	17/03/2020	?	Italian users	Researchers from Cybaze-Yoroi ZLab intercept a new Ursnif campaign targeting Italian users.	Malware	X Individual	CC	IT	Cybaze-Yoroi Zlab, Ursnif
441	17/03/2020	?	Vimeo users	Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft.	Malware	X Individual	CC	>1	Vimeo
442	17/03/2020	?	Town of Houlton Police	The Town of Houlton Police discloses that it suffered a malware attack discovered on October 2019.	Malware	O Public administration and defence, compulsory social security	CC	US	Town of Houlton Police
443	17/03/2020	?	Tandem Diabetes Care	Tandem Diabetes Care notifies 140,781 patients of a phishing incident discovered on January 17, 2020	Account Hijacking	Q Human health and social work activities	CC	US	Tandem Diabetes Care
444	17/03/2020	?	Multiple targets	A new ransomware called Nefilim that shares much of the same code as Nemty starts to become active in the wild and threatens to release stolen data.	Malware	Y Multiple Industries	CC	>1	Ransomware, Nefilim, Nemty
445	18/03/2020	?	Multiple targets	Trend Micro reveals that hackers are actively exploiting two zero-days (CVE-2020-8467 and CVE-2020-8468) in its antivirus products.	Vulnerability	Y Multiple Industries	CC	>1	Trend Micro, CVE-2020-8467, CVE-2020-8468
446	18/03/2020	Molerats group (AKA Gaza CyberGang)	Arabic speakers interested in Palestine’s potential acceptance of the peace plan	Researchers from IBM X-Force reveal the details of the EnigmaSpark campaign, a politically themed campaign opposing to the Middle East Peace Plan.	Targeted Attack	X Individual	CE	PS	IBM X-Force, EnigmaSpark, Middle East
447	18/03/2020	?	Telecommunications providers, universities and financial service	Researchers from Bitdefender discover a new variant of the infamous Trickbot malware targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data.	Malware	Y Multiple Industries	CE	>1	Bitdefender, Trickbot
448	18/03/2020	?	NutriBullet	Researchers at RiskIQ identify a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks.	Malicious Script Injection	G Wholesale and retail trade	CC	US	RiskIQ, NutriBullet, Magecart
449	18/03/2020	?	Android users in Libya	Researchers from Lookout discover an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign, exploiting COVID-19, operating out of Libya and targeting Libyan individuals.	Targeted Attack	X Individual	CE	LY	Lookout, Android, COVID-19, Libya
450	18/03/2020	?	US retail companies	Researchers from Proofpoint discover a small COVID-19 themed phishing campaign in the United States primarily targeting retail companies and uses concerns about infected staff members to try and lure victims to click.	Account Hijacking	G Wholesale and retail trade	CC	US	Proofpoint, COVID-19, Coronavirus
451	18/03/2020	?	Blizzard	Blizzard is hit with a DDoS attack.	DDoS	R Arts entertainment and recreation	CC	US	Blizzard
452	19/03/2020	?	Keen	Cybercriminals try to disrupt a charity initiative by Keen aimed to deliver shoes to the workers on the front lines and the families at home fighting through the COVID-19 crisis.	DDoS	G Wholesale and retail trade	CC	US	Keen, COVID-19, Coronavirus
453	19/03/2020	?	Brooks International	The Sodinokibi Ransomware operators publish over 12 GB of stolen data allegedly belonging to a company named Brooks International for not paying the ransom.	Malware	M Professional scientific and technical activities	CC	PK	Sodinokibi, ransomware, Brooks International
454	19/03/2020	?	Single Individuals	Researchers from Sophos reveal that sextortion scammers are now attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets".	Malicious Spam	X Individual	CC	>1	COVID-19, Coronavirus
455	19/03/2020	?	Single Individuals	The FBI warns of a significant spike in coronavirus scams targeting three states, with unusually high rates of COVID-19 infection: California, New York and Washington.	Malicious Spam	X Individual	CC	US	FBI, coronavirus, COVID-19, California, New York, Washington
456	19/03/2020	?	Android users	Researchers from Zscaler discover "Corona Safety Mask" an Android worm in disguise of a Coronavirus safety mask.	Malware	X Individual	CC	>1	Zscaler, Android, Coronavirus, Covid-19, Corona Safety Mask
457	19/03/2020	?	US Mobile users	According to researchers at telecoms security provider AdaptiveMobile, masses of text messages are being sent out to Americans, with offers on masks, survival guides and medically-unsupported COVID-19 treatments like CBD oil.	Malicious Spam	X Individual	CC	US	AdaptiveMobile, COVID-19, CBD oil
458	19/03/2020	?	Single Individuals	Researchers from IBM X-Force discover an ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO), actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.	Malware	X Individual	CC	>1	IBM X-Force, COVID-19, Coronavirus, World Health Organization, WHO, HawkEye
459	19/03/2020	APT28, AKA Fancy Bear, Sednit, and Pawn Storm	Multiple targets	Researchers from Trend Micro reveal that APT28 have continued to scan and probe the internet for vulnerable email servers during 2019.	Targeted Attack	Y Multiple Industries	CE	>1	Trend Micro, APT28, Fancy Bear, Sednit, Pawn Storm
460	19/03/2020	?	Single Individuals	A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake [email protected] app that installs Redline, an information-stealing malware.	Malware	X Individual	CC	>1	COVID-19, Coronavirus, [email protected], Redline
461	19/03/2020	?	Takeaway	The German food delivery service Takeaway is hit with a DDoS attack.	DDoS	I Accommodation and food service activities	CC	DE	Takeaway
462	19/03/2020	Mespinoza/Pysa	Local government authorities in France	The France's issues a warning about Mespinoza/Pysa a new ransomware gang that's been recently seen targeting the networks of local government authorities.	Malware	O Public administration and defence, compulsory social security	CC	FR	Mespinoza, Pysa, ransomware
463	19/03/2020	TA505 AKA Evil Corp	Businesses in Germany	Researchers from Prevailion discover a new campaign by the notoriously prolific TA505 cybercrime organization targeting businesses in Germany via their human resources executives.	Malware	Y Multiple Industries	CC	DE	Prevailion, TA505, Evil Corp
464	20/03/2020	?	General Electric (GE) via Canon Business Process Services	General Electric (GE) discloses that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers, Canon Business Process Services. One of their employees' email accounts was breached by an unauthorized party in February.	Account Hijacking	C Manufacturing	CC	US	General Electric, GE, Canon Business Process Services
465	20/03/2020	Digital Revolution	InformInvestGroup CJSC	Russian hacker group Digital Revolution claims to have breached InformInvestGroup CJSC, a contractor for the FSB, Russia's national intelligence service, and discovered details about Fronton, a project intended for hacking Internet of Things (IoT) devices.	Unknown	M Professional scientific and technical activities	CC	RU	Digital Revolution, InformInvestGroup CJSC, FSB, Fronton, IoT
466	20/03/2020	?	Finastra	Finastra, a leading financial technology provider from the UK, announces that it had to take several servers offline following a ransomware attack.	Malware	V Fintech	CC	UK	Finastra, ransomware
467	20/03/2020	?	Single Individuals in the US	FBI's Internet Crime Complaint Center (IC3) warns of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims.	Account Hijacking	X Individual	CC	US	FBI, Internet Crime Complaint Center, IC3
468	20/03/2020	?	Zyxel devices	Mukashi, a new variant of the Mirai malware is targeting a recently uncovered critical vulnerability in Zyxel network-attached storage devices and exploiting them to rope the machines into an IoT botnet.	Vulnerability	Y Multiple Industries	CC	>1	Mukashi, Mirai, Zyxel, CVE-2020-9054
469	20/03/2020	?	University of Utah Health	The University of Utah Health discloses a security breach, due to unauthorized access to some employee email accounts along with the presence of malware on its systems. The intrusion took place between January 7 and February 21, 2020.	Account Hijacking	Q Human health and social work activities	CC	US	University of Utah Health
470	20/03/2020	?	Rotherham Council	Rotherham Council's IT system is compromised by an email with "COVID-19" in the subject field.	Account Hijacking	O Public administration and defence, compulsory social security	CC	UK	Rotherham Council
471	20/03/2020	?	Oregon Department of Human Services	The Oregon Department of Human Services announces that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail.	Account Hijacking	O Public administration and defence, compulsory social security	CC	US	Oregon Department of Human Services
472	20/03/2020	?	Golden Valley Health Centers	Golden Valley Health Centers notifies patients after an employee email account was compromised on March 3.	Account Hijacking	Q Human health and social work activities	CC	US	Golden Valley Health Centers
473	21/03/2020	?	Multiple targets	Researchers from MalwareHunterTeam detect a new Coronavirus phishing campaign installing the NetWalker ransomware.	Malware	Y Multiple Industries	CC	>1	MalwareHunterTeam, Coronavirus, NetWalker, COVID-19
474	21/03/2020	?	Lilin devices	Criminals are exploiting critical flaws in IoT devices from Lilin to enslave them in at least three botnets used to carry out DDoS attacks.	Vulnerability	Y Multiple Industries	CC	>1	Lilin
475	21/03/2020	?	Bitcoin users	It turns out that a network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks.	Account Hijacking	V Fintech	CC	>1	Bitcoin, Crypto, QR-Code gernerator
476	23/03/2020	?	World Health Organization	Reuters reveal that hackers tried to break into the World Health Organization earlier this month	Targeted Attack	U Activities of extraterritorial organizations and bodies	CE	INT	Reuters, World Health Organization, WHO
477	23/03/2020	?	Multiple targets	Microsoft issues a warning (ADV200006) that targeted attacks are underway against Windows 10 users, from attackers exploiting a critical vulnerability with no available fix.	Targeted Attack	Y Multiple Industries	CC	>1	Microsoft, ADV200006
478	23/03/2020	?	538 million users of Chinese social network Weibo	The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online.	Unknown	X Individual	CC	CN	Weibo
479	23/03/2020	?	SIngle Individuals	Researchers from KnowBe4 discover a new phishing campaign repurposing old emails to exploit COVID-19.	Account Hijacking	X Individual	CC	US	KnowBe4, Coronavirus, COVID-19
480	23/03/2020	?	Single Individuals	Researchers from MalwareHunterTeam discover the first MBRLocker variant with a Coronavirus theme.	Malware	X Individual	CC	>1	MalwareHunterTeam, MBRLocker, Coronavirus, COVID-19
481	23/03/2020	?	Single Individuals	Researchers from Malwarebytes discover two sites promoting a bogus Corona Antivirus, taking advantage of the current COVID-19 pandemic, to distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet.	Malware	X Individual	CC	>1	Malwarebytes, Coronavirus, COVID-19
482	23/03/2020	?	Single Individuals	An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails.	Malware	X Individual	CC	US	HHS, COVID-19, Coronavirus
483	23/03/2020	?	118 118 Money	118 118 Money writes to personal loans and credit card customers to notify an intrusion.	Unknown	K Financial and insurance activities	CC	UK	118 118 Money
484	23/03/2020	?	LTI Power System	LTI Power System is hit with a ransomware attack.	Malware	C Manufacturing	CC	US	LTI Power System, ransomware
485	24/03/2020	?	Industrial-related entities in the Middle East	Researchers from Kaspersky reveal the details of operation WildPressure, a campaign targeting entities in middle east via the Milum trojan.	Targeted Attack	Y Multiple Industries	CC	>1	Kaspersky, WildPressure, Milum
486	24/03/2020	?	Android users	Researchers from Check Point issue a new warning for a malware family dubbed Tekya, using that same native code subterfuge as a previous malware called Haken to slip the security net.	Malware	X Individual	CC	>1	Check Point, Tekya, Haken
487	24/03/2020	?	Banking users in Spain	Researchers from Kaspersky reveal that the operators of the Ginp mobile banking trojan are now targeting users in Spain with a fake "Coronavirus Finder" app.	Malware	K Financial and insurance activities	CC	ES	Kaspersky, Ginp, Coronavirus Finder
488	24/03/2020	TwoSail Junk	iOS Users in Hong Kong	Researchers from Trend Micro discover a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as LightSpy.	Targeted Attack	X Individual	CE	HK	Trend Micro, iPhone, iOS, LightSpy, TwoSail Junk
489	24/03/2020	?	Netflix users	Users are warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic.	Account Hijacking	X Individual	CC	>1	Netflix, Coronavirus, COVID-19
490	24/03/2020	?	Bank customers in Germany	Researchers from IBM X-Force discover TrickMo, an Android malware targeting TrickBot victims and designed to bypass MFA to bank customers when they need to authorize a transaction.	Malware	K Financial and insurance activities	CC	DE	IBM X-Force, TrickMo, Android, TrickBot
491	24/03/2020	?	Twitter users	Hackers take over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic.	Account Hijacking	X Individual	CC	>1	Twitter, coronavirus, COVID-19
492	24/03/2020	?	PropTiger	Private data of more than 2 million users are shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018.	Unknown	L Real estate activities	CC	IN	PropTiger
493	25/03/2020	APT41	Multiple targets	Researchers from FireEye discover a campaign carried out by the Chinese state-sponsored group APT41, using recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe.	Targeted Attack	Y Multiple Industries	CE	>1	FireEye, APT41
494	25/03/2020	?	Tupperware	Researchers from Malwarebytes reveal that hackers have compromised the website of the world-famous Tupperware brand and stolen customers' payment card details at checkout.	Malicious Script Injection	G Wholesale and retail trade	CC	US	Tupperware, Magecart, Malwarebytes
495	25/03/2020	?	Daniel's Hosting	The operator of the biggest free host for dark web sites, Daniel's Hosting, confirms that the service has been shut down following a hack attack that deleted all 7,595 site databases.	Unknown	S Other service activities	CC	DE	Daniel's Hosting
496	25/03/2020	Palesa	AMD	AMD admits that a hacker has stolen files related to some of its graphics products.	Unknown	C Manufacturing	CC	US	AMD, Palesa
497	25/03/2020	?	Linksys Routers	Researchers from Bitdefender reveal the details of a new campaign where the attackers change DNS settings to redirect the victim to a website that claims to be from the World Health Organization, but in reality distributing the Oski infostealer.	Malware	Y Multiple Industries	CC	>1	Bitdefender, World Health Organization, Oski infostealer, Coronavirus, COVID-19
498	25/03/2020	?	Single Individuals	Researchers from 'Doctor Web' issue a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome.	Malware	X Individual	CC	>1	Doctor Web, Google Chrome
499	25/03/2020	?	Websites using Wordpress	The threat actors behind the WordPress WP-VCD malware start to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site.	Malicious Wordpress Plugin	Y Multiple Industries	CC	>1	WordPress, WP-VCD, Coronavirus, COVID-19
500	25/03/2020	?	Town of Jupiter	The town of Jupiter is hit by a REvil/Sodinokibi ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Jupiter, REvil, Sodinokibi, ransomware
501	26/03/2020	China	North Korea	Researchers at Google's Threat Analysis Group reveal on Thursday that an unnamed group of hackers used five zero-day vulnerabilities, or secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019.	Targeted Attack	O Public administration and defence, compulsory social security	CE	KR	China, North Korea, Google
502	26/03/2020	Maze	Chubb	Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, is hit with a Maze ransomware attack.	Malware	K Financial and insurance activities	CC	CH	Chubb, Maze, ransomware
503	26/03/2020	DoppelPaymer	Kimchuk	Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware	Malware	C Manufacturing	CC	US	Kimchuk, DoppelPaymer, ransomware
504	26/03/2020	FIN7	Multiple targets	The FBI warns organizations and security professionals about the tactic adopted by FIN7 to deliver the GRIFFON malware: malicious USB‌ devices acting as a keyboard when plugged into a computer, injecting commands download and executing a JavaScript backdoor associated with this actor.	Targeted Attack	K Financial and insurance activities	CC	US	FIN7, GRIFFON , FBI
505	26/03/2020	Ryuk	US health care provider	A US health care provider is hit with the Ryuk ransomware.	Malware	Q Human health and social work activities	CC	US	Ryuk, ransomware
506	26/03/2020	?	Undisclosed US hospitality provider	Researchers from Trustwave reveal that a US hospitality provider has recently been the target of an incredibly rare BadUSB attack.	Malware	Q Human health and social work activities	CC	US	Trustwave, BadUSB
507	26/03/2020	?	Single Individuals	Researchers from Forcepoint discover a new phishing campaign pretending to be a missed call about a COVID-19 update.	Account Hijacking	X Individual	CC	US	Forcepoint, COVID-19, Coronavirus
508	26/03/2020	?	Single Individuals	Researchers from Forcepoint discover a new spam campaign exploiting COVID-19.	Malicious Spam	X Individual	CC	US	Forcepoint, COVID-19, Coronavirus
509	26/03/2020	?	Single Individuals	Researchers from Forcepoint discover a malicious campaign in Italy, encouraging the opening of an attachment, which it presents to be sent from the World Health Organization (WHO) with information covering all the necessary precautions against Coronavirus infections.	Malware	X Individual	CC	IT	Forcepoint, COVID-19, Coronavirus
510	27/03/2020	Silence and TA505	At least two companies operating in pharmaceutical and manufacturing sectors have been affected	Researchers from Group-IB reveal that at least two companies operating in pharmaceutical and manufacturing sectors have been affected have been affected by successful attacks carried out by Silence and TA505, exploiting CVE-2019-1405 and CVE-2019-1322	Targeted Attack	C Manufacturing	CC	EU	Group-IB, TA505, Silence, CVE-2019-1405, CVE-2019-1322
511	27/03/2020	?	Social Bluebook	Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media “influencers” for posts that promote their products and services, is hacked.	Unknown	J Information and communication	CC	US	Social Bluebook
512	27/03/2020	?	U.S. Small Businesses	Researchers from IBM X-Force reveal that attackers are attempting to deliver Remcos remote access tool payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA).	Malware	Y Multiple Industries	CC	US	IBM X-Force, Remcos, U.S. Small Business Administration, U.S. SBA
513	27/03/2020	?	Multiple targets in Australia	The Australian Cyber Security Centre (ACSC) issues a new threat update, seeking to raise awareness around coronavirus-themed malicious cyber activity.	Account Hijacking	Y Multiple Industries	CC	AU	Australian Cyber Security Centre, ACSC, COVID-19, Coronavirus
514	28/03/2020	?	4.9 million Georgian citizens	The personal details for more than 4.9 million Georgians, including deceased citizens, are published on a hacking forum.	Unknown	O Public administration and defence, compulsory social security	CC	GE	Georgia
515	28/03/2020	?	Single Individuals	Researchers from KnowBe4 discover a malicious campaign warning recipients that they've been exposed to the coronavirus through personal contact with a colleague, friend, or family member.	Malicious Spam	X Individual	CC	US	KnowBe4, Coronavirus, COVID-19
516	28/03/2020	Two malicious groups	Multiple targets	Researchers from Qihoo 360 reveal that since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks.	Vulnerability	Y Multiple Industries	CC	>1	Qihoo 360, DrayTek
517	28/03/2020	?	Teaching Council	A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared.	Account Hijacking	P Education	CC	IE	Teaching Council
518	29/03/2020	Saudi Arabia?	Saudi citizens in the US	Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US.	Vulnerability	X Individual	CE	SA	Saudi Arabia
519	29/03/2020	?	Single Individuals	A new phishing campaign is spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.	Malware	X Individual	CC	>1	COVID-19, Coronavirus
520	30/03/2020	?	Major banks from the US, Canada, and Australia	Researchers from IBM X-Force discover a new phishing campaign exploiting COVID-19 to distribute the Zeus Sphinx trojan.	Malware	K Financial and insurance activities	CC	>1	IBM X-Force, COVID-19, Zeus Sphinx, Coronavirus
521	30/03/2020	?	Multiple targets	FBI warns about Zoom bombing as hijackers take over school and business video conferences.	Misconfiguration	Y Multiple Industries	CC	>1	FBI, Zoom bombing
522	30/03/2020	?	Multiple targets in the US	The FBI issues an alert (the third) about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign.	Targeted Attack	Y Multiple Industries	CE	US	FBI, Kwampirs
523	30/03/2020	?	YouTuber users	A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates.	Account Hijacking	X Individual	CC	>1	YouTube, Ponzi scam, Bill Gates.
524	30/03/2020	?	GoDaddy.com	A spear-phishing hits a customer service employee at GoDaddy.com, the world’s largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com.	Account Hijacking	J Information and communication	CC	US	GoDaddy.com, escrow.com.
525	30/03/2020	"Samaneye Shekar” meaning “Hunting system”	42 million Iranian citizens	The details of 42 million Iranian citizens, allegedly users of HotGram and Talagram, two local Telegram alternatives, are leaked online.	Unknown	X Individual	CC	IR	HotGram, Talagram, Telegram, Samaneye Shekar, Hunting system
526	31/03/2020	?	Marriott	Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February.	Account Hijacking	I Accommodation and food service activities	CC	US	Marriott
527	31/03/2020	?	Specific Asian religious and ethnic group	Researchers from Kaspersky reveal the details of Holy Water, a campaign targeting people in a specific Asian religious and ethnic group.	Targeted Attack	X Individual	CE	>1	Kaspersky, Holy Water
528	31/03/2020	?	Multiple targets	Researchers from Mimecast discover a new campaign spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files.	Malware	Y Multiple Industries	CC	>1	Mimecast, LimeRAT, Excel
529	31/03/2020	?	Single Individuals	Researchers from Cofense discover a new evasive phishing campaign exploiting the COVID-19 fear.	Account Hijacking	X Individual	CC	>1	Cofense, COVID-19, Coronavirus
530	16/03/2020	?	Avalon Health Care Management	Avalon Health Care Management notifies 14,500 patients of a phishing incident occurred on March 16, 2020.	Account Hijacking	Q Human health and social work activities	CC	US	Avalon Health Care Management
531	26/03/2020	Bassterlord	Indian State Tax Office	A hacker having the handle “Bassterlord”, claims to have Admin access to an Indian State Tax office’s network on a Russian hacking forum,	Unknown	O Public administration and defence, compulsory social security	CC	IN	Bassterlord
532	26/03/2020	?	Meadville Medical Center	Meadville Medical Center is hit with a malware attack.	Malware	Q Human health and social work activities	CC	US	Meadville Medical Center
533	27/03/2020	?	SBTech	SBTech is hit with a ransomware infection	Malware	R Arts entertainment and recreation	CC	MA	SBTech, ransomware
534	27/03/2020	?	Brandywine Urology Consultants	Brandywine Urology Consultants notify about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27.	Malware	Q Human health and social work activities	CC	US	Brandywine Urology Consultants, ransomware
535	30/03/2020	Maze	BetUS	Online gambling operator BetUS is the latest target of the Maze ransomware gang.	Malware	R Arts entertainment and recreation	CC	CW	BetUS, Maze, ransomware
536	31/03/2020	Nefilim	Cosan	The Nefilim Ransomware operators leak the data of Cosan, a Brazilian conglomerate producer of bioethanol, sugar and energy.	Malware	C Manufacturing	CC	BR	Nefilim, Cosan, ransomware
537	31/03/2020	?	Android users	Researchers from Bitdefender discover versions of the Android Zoom video-conferencing application repackaged with malware.	Malware	X Individual	CC	>1	Bitdefender, Android, Zoom
538	08/04/2020	?	Vulnerable IoT devices	Researchers from Bitdefender discover Dark_Nexus, a destructive new botnet that compromises vulnerable IoT devices to carry out DDoS attacks.	Vulnerability	Y Multiple Industries	CC	>1	Bitdefender, Dark_Nexus
539	08/04/2020	?	Bisq	Cryptocurrency exchange Bisq halts trading following a cyberattack leading to the theft of $250,000 worth of virtual currency from users.	Vulnerability	V Fintech	CC	N/A	Bisq, Crypto
540	08/04/2020	?	Cisco Webex users	Researchers from Cofense discover a new phishing campaign using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials.	Account Hijacking	X Individual	CC	>1	Cofense, Cisco Webex, COVID-19, Coronavirus
541	08/04/2020	?	Multiple targets	Microsoft warns that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses via phishing attacks.	Account Hijacking	Y Multiple Industries	CC	>1	Microsoft, Coronavirus, COVID-19
542	09/04/2020	?	Government of North Rhine-Westphalia	The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros through a phishing operation mimicking a website built to distribute COVID-19 aid.	Account Hijacking	O Public administration and defence, compulsory social security	CC	DE	North Rhine-Westphalia, COVID-19
543	09/04/2020	?	Android users	Check Point’s researchers discover 16 different malicious apps masquerading as legitimate coronavirus apps, which contain a range of malware aimed at stealing users’ sensitive information or generating fraudulent revenues.	Malware	X Individual	CC	>1	Check Point, coronavirus, COVID-19, Android
544	09/04/2020	?	E-Commerce sites powered by WordPress	Researchers from Sucuri discover a dedicated Javascript skimmer targeting WordPress e-commerce sites powered by WooCommerce.	Malicious Script Injection	Y Multiple Industries	CC	>1	Sucuri, Javascript, WooCommerce
545	09/04/2020	?	Single Individuals	A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam.	Malicious Spam	X Individual	CC	>1	Extortion
546	09/04/2020	?	Single Individuals	Researchers from Inky discover a phishing campaign trying to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump.	Account Hijacking	X Individual	CC	US	Inky, White House, Mike Pence, Coronavirus, COVID-19
547	09/04/2020	?	DESMI	DESMI, a global company specialized in the development and manufacture of pump solutions, discloses a cyber attack.	Malware	C Manufacturing	CC	DK	DESMI, ransomware
548	09/04/2020	?	Several Iranian sites including Niazpardaz[.]ir, Arzi24[.]com	Someone is selling personal details of 45,000 Iranians on the dark web.	Unknown	X Individual	CC	IR	Niazpardaz[.]ir, Arzi24[.]com
549	10/04/2020	?	Mediterranean Shipping Co (MSC)	Mediterranean Shipping Co., the world’s second largest container line, says it has been hit by a network outage. Few days later the company confirms a malware cyber attack.	Malware	H Transportation and storage	CC	CH	Mediterranean Shipping Co, (MSC)
550	10/04/2020	Protag	Quidd	Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums.	Unknown	R Arts entertainment and recreation	CC	US	Quidd
551	10/04/2020	Nefilim	MAS Holdings	The Nefilim ransomware group operators leak the data of MAS Holdings.	Malware	C Manufacturing	CC	LK	Nefilim, Mas Holdings, ransomware
552	10/04/2020	?	Single Individuals	Researchers from IntSights discover a database available on an underground forum in the dark web containing more than 2,300 compromised Zoom credentials.	Credential Stuffing	X Individual	CC	>1	IntSights, Zoom
553	10/04/2020	?	Saint Francis Ministries	An unauthorized party gained entry into an employee’s email account at Saint Francis Ministries, accessing sensitive personal identifying information, as well as financial and protected health data between Dec. 13 and 20 of 2019.	Account Hijacking	S Other service activities	CC	US	Saint Francis Ministries
554	10/04/2020	?	Single Individuals	Researchers from Sophos reveal a surge in sextortion emails.	Malicious Spam	X Individual	CC	>1	Sophos, Sextortion
555	10/04/2020	?	115 million Pakistani mobile users	Researchers from Rewterz discover a data dump of 115 million Pakistani mobile users for sale on the dark web today. The cyber criminal behind this data breach demands 300 BTC ($2.1 million USD) for the data.	Unknown	X Individual	CC	PK	Rewterz, Pakistan
556	11/04/2020	?	Monte dei Paschi	Hackers accessed the mailboxes of some employees at Italian state-owned bank Monte dei Paschi and send emails to clients. The attack occurred on March 30.	Account Hijacking	K Financial and insurance activities	CC	IT	Monte dei Paschi
557	11/04/2020	?	Lafayette Regional Rehabilitation Hospital	Lafayette Regional Rehabilitation Hospital suffers a second phishing attack in few months.	Account Hijacking	Q Human health and social work activities	CC	US	Lafayette Regional Rehabilitation Hospital
558	12/04/2020	?	Single Individuals	A malware distributor has decided to play a nasty prank by locking victim's computers, and blaming the infection on two well-known and respected security researchers.	Malware	X Individual	CC	>1	Ransomware
559	12/04/2020	?	New York State	New York State officials are investigating a breach of the state government computer network. The attack, discovered in late January, is believed to have originated outside of the United States.	Vulnerability	O Public administration and defence, compulsory social security	CE	US	New York State
560	12/04/2020	?	Doctors based in the US	A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States.	Unknown	Q Human health and social work activities	CC	US
561	13/04/2020	?	Single Individuals	Researchers from Cyble discover over 500,000 Zoom accounts sold on the dark web and hacker forums.	Credential Stuffing	X Individual	CC	>1	Cyble, 500,000, Zoom
562	13/04/2020	?	Hartford HealthCare	Hartford HealthCare releases a statement warning patients about a phishing incident that took place between February 13 and February 14 this year.	Account Hijacking	Q Human health and social work activities	CC	US	Hartford HealthCare
563	13/04/2020	?	Government agencies involved in the procurement of personal protective equipment and other supplies	The FBI issues a warning of BEC scams against government agencies involved in the procurement of personal protective equipment and other supplies, during the COVID-19 Pandemic.	Business Email Compromise	O Public administration and defence, compulsory social security	CC	US	FBI, COVID-19, Coronavirus
564	13/04/2020	?	Accounts of banking customers in Spain	Researchers from Kaspersky warn of a remote overlay malware attack carried out via a malware called Grandoreiro, which leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain.	Malware	K Financial and insurance activities	CC	ES	Kaspersky, Grandoreiro, Chrome
565	13/04/2020	?	Doctors Community Medical Center	Doctors Community Medical Center notifies an unreported number of patients whose protected health information was potentially compromised by a phishing incident discovered in January.	Account Hijacking	Q Human health and social work activities	CC	US	Doctors Community Medical Center
566	14/04/2020	Ragnar Locker	Energias de Portugal (EDP)	Attackers using the Ragnar Locker ransomware encrypt the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).	Malware	D Electricity gas steam and air conditioning supply	CC	PT	Energias de Portugal (EDP),
567	14/04/2020	?	Chrome Users	Google removes 49 malicious Chrome browser extensions from its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The applications were discovered by MyCrypto and PhishFort.	Malicious Browser Extension	X Individual	CC	>1	Google, Chrome, MyCrypto, PhishFort, crypto
568	14/04/2020	?	Single Individuals	Researchers at White Ops reveal the details of ICEBUCKET, a massive online fraud operation that for the past few months has been mimicking smart TVs to gain profits from online ads.	Server-Side Ad Insertion (SSAI) Hijacking	X Individual	CC	>1	White Ops, ICEBUCKET, Smart TVs
569	14/04/2020	?	Canadian government healthcare organization	Researchers from Palo Alto discover a ransomware attack against a Canadian government healthcare organization exploiting the COVID-19 pandemic.	Malware	Q Human health and social work activities	CC	CA	Palo Alto Networks, ransomware, COVID-19, Coronavirus
570	14/04/2020	?	Canadian medical research facility	Researchers from Palo Alto discover a ransomware attack against a Canadian medical research facility exploiting the COVID-19 pandemic.	Malware	Q Human health and social work activities	CC	CA	Palo Alto Networks, ransomware, COVID-19, Coronavirus
571	14/04/2020	?	Medical organizations and medical research facilities located in Japan and Canada	Researchers from Palo Alto discover a separate campaign targeting various organizations, including medical organizations and medical research facilities located in Japan and Canada, with the AgentTesla malware.	Malware	Q Human health and social work activities	CC	CA JP	Palo Alto, AgentTesla, COVID-19, Coronavirus
572	14/04/2020	?	GitHub users	GitHub users are targeted by a Sawfish phishing campaign designed to steal their GitHub login credentials and time-based one-time password (TOTP) codes.	Account Hijacking	Y Multiple Industries	CC	>1	GitHub, Sawfish
573	14/04/2020	?	Individuals in the US	Researchers from Fortinet discover a new variant of the NetWire RAT delivered via IRS-themed phishing emails.	Malware	X Individual	CC	US	Fortinet, NetWire, IRS, COVID-19, Coronavirus
574	14/04/2020	TA505	Multiple targets	Researchers from IBM X-Force reveal that the TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns spreading the persistent SDBbot RAT.	Malware	Y Multiple Industries	CC	>1	IBM X-Force, TA505, SDBbot
575	14/04/2020	?	Two Manitoba law firms	Two Manitoba law firms are hit with a ransomware attack.	Malware	M Professional scientific and technical activities	CC	CA	Manitoba, ransomware
576	14/04/2020	?	Users in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.	Researchers at Trend Micro discover a potential cyberespionage campaign, named Project Spy, that infects Android and iOS devices with spyware in disguise of a fake COVID-19 app.	Malware	Y Multiple Industries	CE	>1	Trend Micro, Project Spy, COVID-19
577	15/04/2020	Syrian Electronic Army (SEA)	Single Individuals in Syria	Researchers at Lookout discover a COVID-19 Themed Spyware targeting Syrian citizens.	Malware	X Individual	CE	SY	Lookout, COVID-19, Coronavirus
578	15/04/2020	International Union of Virtual Media (IUVM) (linked to Iran)	Social Network users	Researchers from Graphika discover an Iranian-linked group spreading disinformation about Coronavirus on Facebook, Instagram, and Twitter.	Fake Social Network accounts/groups/pages	X Individual	CW	>1	Graphika, Iran, COVID-19, Coronavirus, Facebook, Instagram, Twitter, International Union of Virtual Media, IUVM
579	15/04/2020	Satan	Mercantile Communications Pvt Ltd	A group of hackers manage to gain access to the .np domain of Mercantile Communications Pvt Ltd.	DNS Hijacking	J Information and communication	CC	NP	Mercantile Communications Pvt Ltd, Satan
580	15/04/2020	?	Valorant players	Soon after the game Valorant entered closed beta, malware samples are released that targets users who are trying to play the game or get beta keys.	Malware	R Arts entertainment and recreation	CC	>1	Valorant
581	15/04/2020	?	Single Individuals	Researchers from Trustwave detect a peak of BEC scams leveraging COVID-19	Business Email Compromise	X Individual	CC	US	Trustwave, COVID-19, Coromnavirus
582	15/04/2020	?	Wappalyzer	Tech company Wappalyzer discloses a security incident after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000. The incident took place on January 20.	Misconfiguration	M Professional scientific and technical activities	CC	AU	Wappalyzer
583	15/04/2020	?	Customers of the main Portuguese banks	A new Android Trojan-Banker targets customers of the main Portuguese banks.	Malware	K Financial and insurance activities	CC	PT	Android, Trojan-Banker
584	15/04/2020	?	Single Individuals	Researchers from Mimecast discover a flight refund scam exploiting the COVID-19 outbreak.	Account Hijacking	X Individual	CC	>1	Mimecast, COVID-19, Coronavirus
585	15/04/2020	Hidden Cobra	US and western financial institutions	The Department of Home Security issues a warning that hackers from North Korea are launching new attacks against US and western financial institutions.	Targeted Attack	K Financial and insurance activities	CC	>1	DHS, Department of Homeland Security, DHS, Hidden Cobra, CISA
586	15/04/2020	?	Applications Software Technologies	Applications Software Technologies reveals to have discovered on March 9 that an unauthorized party had accessed the company by obtaining access to a company email account.	Account Hijacking	M Professional scientific and technical activities	CC	US	Applications Software Technologies
587	15/04/2020	?	EA Sports	EA Sports is hit by a DDoS attack	DDoS	R Arts entertainment and recreation	CC	US	EA Sports
588	15/04/2020	?	South African Department for Women, Youth, and Persons with Disabilities	The South African Department for Women, Youth, and Persons with Disabilities is the latest victim of a Zoom bombing attack.	Zoom bombing	O Public administration and defence, compulsory social security	CC	ZA	South African Department for Women, Youth, and Persons with Disabilities, Zoom
589	03/04/2020	?	Vulnerable ZyXEL routers	Researchers from Palo Alto Networks discover a new variant of the Hoaxcalls botnet, spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month.	Vulnerability	Y Multiple Industries	CC	>1	Palo Alto Networks, Hoaxcalls, ZyXEL, Grandstream, DrayTek
590	15/04/2020	?	Vulnerable Wordpress servers	Researchers from Sucuri reveal that attackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts.	Vulnerability	Y Multiple Industries	CC	>1	Sucuri, WordPress, OneTone
591	15/04/2020	?	Vulnerable IoT devices	Researchers at NetLab 360 discover Moobot, a new botnet family based on Mirai, which targets internet of things (IoT) devices.	Malware	Y Multiple Industries	CC	>1	NetLab 360, Moobot, Mirai
592	16/04/2020	Foreign government hackers	Companies conducting research into treatments for COVID-19	The FBI reveals that foreign government hackers have broken into companies conducting research into treatments for COVID-19.	Targeted Attack	Q Human health and social work activities	CE	US	FBI, COVID-19
593	16/04/2020	?	Azerbaijan government and utility companies	Researchers from Cisco Talos publish an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) targeting both the Azerbaijan government and utility companies, and exploits the COVID-19 outbreak.	Targeted Attack	O Public administration and defence, compulsory social security	CE	AZ	Cisco Talos, PoetRAT, COVID-19
594	16/04/2020	?	Ruby Users	Security researchers from ReversingLabs discover 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users' clipboards.	Malware	Y Multiple Industries	CC	>1	ReversingLabs, RubyGems, Ruby
595	16/04/2020	?	Single Individuals	Researchers from Avast discover a malvertising campaign taking advantage of COVID-19, targeting Internet Explorer users via the Fallout Exploit Kit, to steal their information via the Kpot v2.0 information stealer.	Malvertising	X Individual	CC	>1	Avast, COVID-19, Internet Explorer, Fallout Exploit Kit, Kpot v2.0
596	17/04/2020	?	Aptoide	A hacker leaks the details of 20 million users of Aptoide, a third-party app store for Android applications.	SQL Injection	J Information and communication	CC	PT	Aptoide, Android
597	17/04/2020	Trickbot	Multiple targets	Researchers from Microsoft's Security Intelligence team say that the operation behind Trickbot over the past few days sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, with the aim of installing Trickbot malware via unique "macro-laced" malicious document attachments inside the message.	Malware	Y Multiple Industries	CC	>1	Microsoft, Trickbot, COVID-19, Coronavirus
598	17/04/2020	Clop	ExecuPharm	U.S. pharmaceutical giant ExecuPharm has its data leaked after it refuses to pay the ransom.	Malware	Q Human health and social work activities	CC	US	ExecuPharm, Clop
599	17/04/2020	?	Organizations in Italy	Researchers from Cybaze-Yoroi ZLab discover a new variant of Ursnif targeting organizations in Italy.	Malware	Y Multiple Industries	CC	IT	Cybaze-Yoroi ZLab, Ursnif
600	17/04/2020	?	PrimoHoagies	PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020.	Malicious Script Injection	I Accommodation and food service activities	CC	US	PrimoHoagies
601	17/04/2020	?	Banking users	Researchers from Trustwave discover a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The campaign attempts to dupe users with themes ranging from fake invoices to COVID-19 related lures and distributes the Gozi banking trojan.	Malware	K Financial and insurance activities	CC	>1	Trustwave, Excel, COVID-19, Gozi
602	17/04/2020	?	Aurora Medical Center Bay Area	Aurora Medical Center Bay Area notifies to have been hit with a phishing attack occurred on January 2020.	Account Hijacking	Q Human health and social work activities	CC	US	Aurora Medical Center Bay Area
603	17/04/2020	?	Olean City	Olean City is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Olean City. Ransomware
604	18/04/2020	?	Cognizant	Information technologies services giant Cognizant is hit by the Maze Ransomware.	Malware	M Professional scientific and technical activities	CC	US	Cognizant, Maze
605	18/04/2020	?	Webkinz World,	A hacker leaks the usernames and passwords of nearly 23 million players of Webkinz World, an online children's game managed by Canadian toy company Ganz.	SQL Injection	R Arts entertainment and recreation	CC	CA	Webkinz World, Ganz
606	19/04/2020	?	Uniswap	Hackers try to attack the Uniswap cryptocurrency exchange but the attack is unsuccessful.	Vulnerability	V Fintech	CC	US	Uniswap, Crypto
607	19/04/2020	?	Lendf.me	The same hackers steal more than $25 million in cryptocurrency from the Lendf.me lending platform but they need to return the money after they are caught.	Vulnerability	V Fintech	CC	N/A	Lendf.me, crypto
608	19/04/2020	?	Facebook users	Researchers from Cyble discover a threat actor selling a database with 267 million Facebook profiles for £500 on the dark web and through hacking forums.	Misconfiguration	X Individual	CC	>1	Cyble, Facebook
609	19/04/2020	?	UniCredit	Researchers from Tesly reveal that data on about 3,000 UniCredit SpA employees was put up for sale on cybercrime forums after an SQL Injection attack.	SQL Injection	K Financial and insurance activities	CC	IT	UniCredit
610	19/04/2020	?	Energy, manufacturing, and business services in the United States	Researchers from Proofpoint discover a new campaign designed to steal user credentials via a lure that claims to welcome users to their new Zoom account.	Account Hijacking	Y Multiple Industries	CC	US	Proofpoint, Zoom, COVID-19
611	19/04/2020	TA4562	Manufacturing industrial, marketing/advertising, technology, IT and construction companies	Researchers from Proofpoint discover a campaign distributing the ServLoader and NetSupport remote access Trojans (RATs) via fake Zoom meetings cancellations.	Malware	Y Multiple Industries	CC	>1	Proofpoint, Zoom, COVID-19, TA4562
612	19/04/2020	?	Danish Agro	Danish Agro is hit with a ransomware attack.	Malware	S Other service activities	CC	DK	Danish Agro, ransomware
613	20/04/2020	Winnti (aka APT41, BARIUM, Blackfly).	Gravity	Researchers from QuoIntelligence (QuoINT) reveal that attackers from Winnti (aka APT41, BARIUM, Blackfly attempted to breach the internal network of Gravity, the South Korean gaming company behind the popular Ragnarok Online Massive Multiplayer Online Role-Playing Game.	Targeted Attack	R Arts entertainment and recreation	CE	KR	QuoIntelligence, QuoINT, Winnti, APT41, BARIUM, Blackfly, Gravity, Ragnarok
614	20/04/2020	?	Believr	Hackers infiltrate a Zoom meeting of a virtual church service hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr.	Zoom Bombing	S Other service activities	CC	US	Zoom, Believr
615	20/04/2020	?	Chartered Institute for Securities and Investments (CISI)	The Chartered Institute for Securities and Investments (CISI) confirms that some of its members may have had their financial information stolen after “malicious code” was inserted on its website.	Malicious Script Injection	S Other service activities	CC	UK	Chartered Institute for Securities and Investments, CISI
616	20/04/2020	?	Brandywine Counseling and Community Services	Brandywine Counseling and Community Services notifies patients of a ransomware incident occurred on February 2020.	Malware	Q Human health and social work activities	CC	US	Brandywine Counseling and Community Services, ransomware
617	21/04/2020	?	Nintendo users	Nintendo users report that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. Few days after the company confirms the compromise of 160,000 accounts after the attackers exploited its Nintendo Network ID (NNID) login system.	Account Hijacking	R Arts entertainment and recreation	CC	JP	Nintendo, Nintendo Network ID, NNID
618	21/04/2020	?	China's Uyghur minority	Security firm Volexity discovers Insomnia, a new iOS exploit used to spy on China's Uyghur minority.	Targeted Attack	X Individual	CE	CN	Volexity, Insomnia, iOS, Uyghur
619	21/04/2020	?	Zoom users in corporate environments	Researchers from Abnormal Security discover a new phishing campaign targeting Zoom users, using fake Zoom meeting notifications to warn victims that their contracts will either be suspended or terminated.	Account Hijacking	Y Multiple Industries	CC	>1	Abnormal Security, Zoom, COVID-19
620	21/04/2020	DoppelPaymer	City of Torrance	The City of Torrance of the Los Angeles metropolitan area is hit by the DoppelPaymer Ransomware.	Malware	O Public administration and defence, compulsory social security	CC	US	The City of Torrance, DoppelPaymer
621	21/04/2020	?	US healthcare providers	The FBI warns of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.	Malware	Q Human health and social work activities	CC	US	FBI, COVID-19
622	21/04/2020	?	Single Individuals	A fake WiFi hacking program is used to distribute CoronaLocker, a new Coronavirus-themed malware that tries to lock the victim out of Windows while making some very annoying sounds.	Malware	X Individual	CC	>1	CoronaLocker, COVID-19
623	21/04/2020	?	Oil and gas industries in multiple countries	Researchers from Bitdefender discover a new campaign targeting the oil and gas industry sector with highly targeted spearphishing campaigns impersonating shipment companies and engineering contractors while attempting to infect their targets with Agent Tesla info-stealer malware payloads.	Targeted Attack	D Electricity gas steam and air conditioning supply	CE	>1	Bitdefender, Agent Tesla
624	21/04/2020	?	Parkview Medical Center	Parkview Medical Center is hit with a ransomware attack.	Malware	Q Human health and social work activities	CC	US	Parkview Medical Center, ransomware
625	21/04/2020	?	Single Individuals	Researchers from ZeroFOX discover a massive scam campaign circulating via WhatsApp.	Account Hijacking	X Individual	CC	>1	ZeroFOX, WhatsApp, COVID-19
626	21/04/2020	?	Whisky Auctioneer	An online auction of rare whiskies is postponed indefinitely following a DDoS attack.	DDoS	R Arts entertainment and recreation	CC	US	Whisky Auctioneer
627	21/04/2020	?	Banking users in Spain, Portugal, Brazil and other parts of Latin America	Researchers from IBM X-Force uncover Banking.BR, a new Android banking trojan targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America.	Malware	K Financial and insurance activities	CC	>1	BM X-Force, Banking.BR
628	22/04/2020	State-sponsored actor	Multiple targets	Researchers from ZecOps discover two zero-day vulnerabilities affecting iPhone and iPad devices, used on a series of ongoing remote attacks targeting iOS users since at least January 2018.	Targeted Attack	Y Multiple Industries	CE	>1	ZecOps, iPhone, iPad
629	22/04/2020	?	Valve	The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked	Unknown	R Arts entertainment and recreation	CC	US	Valve
630	22/04/2020	Government-backed attackers	US government workers	Google's Threat Analysis Group (TAG) reveals that one group has started using free meals and coupons supposedly from fast-food franchises to lure US government workers into exposing their Gmail credentials.	Account Hijacking	O Public administration and defence, compulsory social security	CE	US	Google's Threat Analysis Group, TAG, Gmail
631	22/04/2020	Tag Barnakle	Vulnerable AD servers	Researchers from Confiant identify Tag Barnakle, a group that has been compromising advertising networks running old versions of the Revive open-source ad server to redirect victims to malware.	Malvertising	Y Multiple Industries	CC	>1	Confiant, Tag Barnakle, Revive
632	22/04/2020	?	Multiple targets	A new phishing campaign is underway that targets employees with fake customer complaints that install a new backdoor used to compromise a network.	Account Hijacking	Y Multiple Industries	CC	>1	Phishing
633	22/04/2020	?	SIngle Individuals	Researchers from Sophos reveal the details of a massive sextortion campaign netting nearly $500K in five months.	Malicious Spam	X Individual	CC	>1	Sophos
634	23/04/2020	Jerusalem Electronic Army (J.E.Army)	Water supply and treatment facilities in Israel	The Israeli National Cyber-Directorate (INCD) warns that hackers have targeted its water supply and treatment facilities. The agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems.	Unknown	E Water supply, sewerage waste management, and remediation activities	CE	IL	Jerusalem Electronic Army, J.E.Army, Israeli National Cyber-Directorate, INCD
635	23/04/2020	Ocean Lotus AKA APT32	Wuhan government and Chinese Ministry of Emergency Management	Researchers from FireEye believe that hacking group Ocean Lotus, also known as APT32 and linked to the Vietnamese government, was involved in a spear phishing campaign targeting members of the Wuhan government and Chinese Ministry of Emergency Management in search of information related to the coronavirus pandemic.	Targeted Attack	Y Multiple Industries	CE	CN	FireEye, Ocean Lotus, APT32, Wuhan, COVID-19, Coronavirus
636	23/04/2020	?	GoDaddy	GoDaddy notifies some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH.	Account Hijacking	J Information and communication	CC	US	GoDaddy
637	23/04/2020	?	US Universities	Researchers at Proofpoint discover a new campaign targeting Faculty and students at several U.S. colleges and universities with Hupigon RAT.	Malware	P Education	CC	US	Hupigon RAT
638	23/04/2020	Sodinokibi	SeaChange	SeaChange is hit with the Sodinokibi ransomware.	Malware	J Information and communication	CC	US	SeaChange, Sodinokibi, ransomware
639	23/04/2020	?	Multiple targets	The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) issue a joint report warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells.	Web Shells	Y Multiple Industries	CC	US AU	National Security Agency, NSA, Australian Signals Directorate, ASD
640	23/04/2020	?	Multiple targets	Researchers from Cofense discover a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service.	Account Hijacking	Y Multiple Industries	CC	>1	Cofense, Skype, COVID-19
641	23/04/2020	?	Organizations in both public and private sectors, including financial institutions.	Researchers from ESET discover a previously undocumented botnet called VictoryGate, active since at least May 2019, and composed mainly of devices in Peru. The main activity of the botnet is mining Monero cryptocurrency.	Malware	Y Multiple Industries	CC	PE	ESET, VictoryGate, Crypto, Monero
642	23/04/2020	Florentine Banker	Israeli and UK financial firms	Researchers from Check Point reveal the details of Florentine Banker, a cybercriminal group launching advanced business email compromise (BEC) attacks on leading Israeli and UK financial firms, stealing $1.3 million dollars in just four separate transactions.	Business Email Compromise	K Financial and insurance activities	CC	IL UK	Florentine Banker, Check Point
643	24/04/2020	?	Small business owners	Researchers from Abnormal Security discover a new phishing campaign targeting users of US Payroll Protection Program loans for small businesses.	Account Hijacking	Y Multiple Industries	CC	US	Abnormal Security, US Payroll Protection
644	24/04/2020	?	Multiple targets	A new phishing campaign delivers a new stealthy malware called BazarBackdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.	Account Hijacking	Y Multiple Industries	CC	>1	BazarBackdoor, TrickBot
645	24/04/2020	?	US and South Korean financial organizations and banks	Researchers at Group-IB discover that the details on roughly 400,000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker's Stash.	Unknown	K Financial and insurance activities	CC	US KR	Group-IB, Joker's Stash
646	24/04/2020	?	Single Individuals	Researchers from Inky discover a new campaign, sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.	Account Hijacking	X Individual	CC	US	Inky, U.S. Federal Reserve, COVID-19
647	24/04/2020	?	Single Individuals	Hackers setup a fake NHS site, claiming to provide COVID-19 updates, aimed to distribute malware.	Malware	X Individual	CC	US	NHS, COVID-19
648	24/04/2020	?	Illinois Valley Community College	Illinois Valley Community College is hit with a ransomware attack.	Malware	P Education	CC	US	Illinois Valley Community College, ransomware
649	25/04/2020	Asnarök	Vulnerable Sophos XG Firewalls	Cyber-security firm Sophos publishes an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product, being abused in the wild by hackers. The malware is dubbed Asnarök.	SQL Injection	Y Multiple Industries	CC	>1	Sophos, XG, Asnarök
650	25/04/2020	THE0TIME	Huiying Medical Technology	Research from Cyble identify a threat actor attempting to sell Huiying Medical Technology’s source code for AI-assisted COVID-19 detection and experimental data.	Unknown	C Manufacturing	CC	CN	Cyble, Huiying Medical Technology, COVID-19, THE0TIME
651	26/04/2020	?	Robert Dyas	Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March.	Malicious Script Injection	G Wholesale and retail trade	CC	UK	Robert Dyas
652	27/04/2020	?	Multiple targets	Researchers from Kaspersky discover a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL.	Account Hijacking	Y Multiple Industries	CC	>1	Kaspersky, COVID-19, FedEx, UPS, DHL
653	27/04/2020	?	Lumberton Township Public Schools in Burlington County	Lumberton Township Public Schools in Burlington County announces it will temporarily stop using Zoom after a hacker reportedly streamed pornography and used racist language during a lesson for middle school students.	Zoom Bombing	P Education	CC	US	Lumberton Township Public Schools, Burlington County, Zoom
654	27/04/2020	Sodinokibi AKA Revil	CivicSmart	CivicSmart, a vendor of smart parking meters, is hit with a Sodinokibi ransomware attack.	Malware	M Professional scientific and technical activities	CC	US	Sodinokibi, Revil, CivicSmart, Ransomware
655	28/04/2020	Light	Zaha Hadid Architects	A group of hackers breaches the network of Zaha Hadid Architects, one of the world's leading architectural firms. The attackers threaten to release sensitive information on the dark web unless the company pays a ransom demand.	Malware	M Professional scientific and technical activities	CC	UK	Zaha Hadid Architects, Light, ransomware
656	28/04/2020	?	Android users	Researchers from Check Point discover a new version of the Lucy malware going mobile, encrypting data and asking for a ransom threatening FBI action.	Malware	X Individual	CC	>1	Check Point, Lucy, FBI, ransomware, Android
657	28/04/2020	?	Single Individuals	Microsoft Security Intelligence Team uncovers a number of fake movie torrents carrying malicious software that attempts to hijack a user’s machine to generate cryptocurrency.	Malware	X Individual	CC	>1	Microsoft, torrent
658	28/04/2020	?	Vulnerable Wordpress servers	Researchers from Wordfence detect a peak of attacks targeting more than 900,000 Wordpress servers exploiting vulnerable plugins.	Vulnerability	Y Multiple Industries	CC	>1	Wordfence, Wordpress
659	28/04/2020	Ocean Lotus AKA APT32?	Android devices in countries including India, Vietnam, Bangladesh, and Indonesia.	Researchers from Kaspersky warn of PhantomLance, an ongoing spying campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.	Malware	X Individual	CE	>1	Kaspersky, PhantomLance, Google Play, Android
660	28/04/2020	Outlaw Hacking Group	Multiple targets in Europe	Researchers from Cybaze-Yoroi ZLab uncover a new botnet that is targeting European organizations.	Malware	Y Multiple Industries	CC	>1	Cybaze-Yoroi ZLab, Outlaw
661	28/04/2020	?	Banking users especially in Brazil, Mexico, Spain and Peru	Researchers from ESET discover a new campaign using the Grandoreiro banking trojan, and exploiting the COVID-19 crisis to attack users especially in Brazil, Mexico, Spain and Peru.	Malware	K Financial and insurance activities	CC	>1	ESET, Grandoreiro, COVID-19
662	28/04/2020	?	Organizations in Healthcare	Researchers from Microsoft warn of a wave of ransomware attacks with multiple payloads, targeting organizations in Healthcare.	Malware	Q Human health and social work activities	CC	>1	Microsoft, ransomware, COVID-19
663	28/04/2020	?	Zoom users	Researchers at IntSights discover multiple Zoom databases on underground forums.	Credential stuffing	Y Multiple Industries	CC	>1	IntSights, Zoom
664	29/04/2020	?	High-profile Estonian individuals	The Estonian Internal Security Service (KaPo) reveal that state-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee.	Vulnerability	O Public administration and defence, compulsory social security	CE	EE	KaPo, Mail.ee.
665	29/04/2020	?	Chegg	Chegg confirms its third data breach in the past three years: hackers stole 700 current and former employee records, including their names and Social Security numbers.	Unknown	M Professional scientific and technical activities	CC	US	Chegg
666	29/04/2020	?	Single Individuals	Researchers at TrendMicro uncover a new cyber-criminal campaign attempting to exploit the COVID-19 pandemic to trick remote workers into installing RevCode WebMonitor RAT in disguise of a fake Zoom installer.	Malware	X Individual	CC	>1	TrendMicro, COVID-19, Coronavirus, RevCode, Zoom
667	29/04/2020	?	Multiple targets	Researchers from Kaspersky reveal a spike in brute-force attacks targeting RDP endpoints after the beginning of the COVID-19 pandemic.	Brute-force	Y Multiple Industries	CC	>1	Kaspersky, RDP, COVID-19, Coronavirus
668	29/04/2020	?	UseNeXT and Usenet.nl	UseNeXT and Usenet.nl, two companies that provide Usenet services, disclose security breaches today, blaming the breaches on "a security vulnerability at a partner company."	Unknown	J Information and communication	CC	DE NL	UseNeXT, Usenet.nl, Usenet
669	29/04/2020	?	Undisclosed Multinational conglomerate	Researchers from Check Point reveal that attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company’s compromised Mobile Device Manager (MDM) server.	Malware	Z Unknown	CC	N/A	Check Point, Android, Cerberus, Ransomware
670	29/04/2020	Aggah	Multiple targets	Researchers from Cisco Talos reveal the details of an updated Aggah campaign distributing a cocktail of malware strains: Agent Tesla, njRAT and Nanocore RAT.	Malware	Y Multiple Industries	CC	>1	Cisco Talos, Aggah, Agent Tesla, njRAT, Nanocore RAT
671	29/04/2020	?	PaperlessPay Corporation	PaperlessPay Corporation, an e-pay vendor, discovers to have been hacked in February 2019, putting at risk the identity of multiple customers.	SQL Injection	M Professional scientific and technical activities	CC	US	PaperlessPay Corporation
672	30/04/2020	PerSwaysion	High-ranking executives at more than 150 companies	Cyber-security firm Group-IB reveal the detail of PerSwaysion, a cybercrime group operating since mid-2019, able to breach the email accounts of high-ranking executives at more than 150 companies.	Account Hijacking	Y Multiple Industries	CE	>1	Group-IB, PerSwaysion
673	30/04/2020	?	Vulnerable WebLogic servers	Oracle publishes an urgent security alert, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. The company says it received reports of attempts to exploit CVE-2020-2883.	Vulnerability	Y Multiple Industries	CC	>1	Oracle, WebLogic, CVE-2020-2883.
674	30/04/2020	?	Banks and financial services across Europe	Researchers from Cybereason reveal the details of EventBot, a new Android malware targeting banks, financial services across Europe	Malware	K Financial and insurance activities	CC	>1	Cybereason, EventBot, Android
675	30/04/2020	?	Multiple targets	Researchers from IBM X-Force uncover a new Trickbot campaign targeting email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA).	Malware	K Financial and insurance activities	CC	US	Researchers from IBM X-Force, Trickbot, U.S. Department of Labor, DoL, Family and Medical Leave Act, FMLA, COVID-19
676	30/04/2020	Netwalker	NWT Power Corporation	NWT Power Corporation (Northwest Territories Power Corporation) confirms to have been hit with a Netwalker ransomware attack	Malware	D Electricity gas steam and air conditioning supply	CC	CA	NWT Power Corporation, Northwest Territories Power Corporation
677	30/04/2020	LockBit	Multiple countries including the US, the UK, France, Germany, Ukraine, China, India, and Indonesia.	Researchers from McAfee and Northwave Intelligent Security Operations discover a new ransomware called LockBit, able to self-spread inside the victim's network.	Malware	Y Multiple Industries	CC	>1	McAfee, Northwave Intelligent Security Operations, ransomware, LockBit
678	30/04/2020	?	Multiple targets	Researchers from Barracuda Networks observe a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages.	Account Hijacking	Y Multiple Industries	CC	>1	Barracuda Networks, reCAPTCHA, Microsoft
679	30/04/2020	?	Warwick University	The Warwick University reveals to have been breached last year (and tried to cover the breach).	Malware	P Education	CC	UK	Warwick University
680	30/04/2020	?	SWPS University of Humanities and Social Sciences (‘SWPS University’)	The Polish University of Humanities and Social Sciences is hit with a ransomware attack.	Malware	P Education	CC	PL	SWPS, University of Humanities and Social Sciences , ransomware
681	27/04/2020	?	Aeries Student Information System	Multiple school districts are impacted by a breach occurred to Aeries Student Information System, occurred in November 2019.	Unknown	M Professional scientific and technical activities	CC	US	Aeries Student Information System
682	18/04/2020	?	Etana Custody	Etana Custody states that its “client user interface was accessed by an unauthorized external party”	Unknown	V Fintech	CC	US	Etana Custody, Crypto
683	01/05/2020	Maze	Banco BCR	Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data.	Malware	K Financial and insurance activities	CC	CR	Maze, Banco BCR, ransomware
684	01/05/2020	?	Multiple organizations	Researchers from Abnormal Security discover a malicious campaign impersonating notifications from Microsoft Teams.	Account Hijacking	O Public administration and defence, compulsory social security	CC	>1	Microsoft Teams, Abnormal Security, COVID-19
685	01/05/2020	?	Single Individuals	A new phishing campaign is distributing a combination of malware: a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.	Malware	X Individual	CC	>1	LokiBot, Jigsaw, Ransomware
686	01/05/2020	Maze	Nashville Plastic Surgery Institute,	Nashville Plastic Surgery Institute, dba Maxwell Aesthetics, is hit by a Maze ransomware attack.	Malware	Q Human health and social work activities	CC	US	Nashville Plastic Surgery Institute, Maxwell Aesthetics, Maze, ransomware
687	01/05/2020	Maze	Plastic Surgery Center Dr. Kristin Tarbet’s	Plastic Surgery Center Dr. Kristin Tarbet’s is hit by a Maze ransomware attack.	Malware	Q Human health and social work activities	CC	US	Plastic Surgery Center Dr. Kristin Tarbet’s, Maze, Ransomware
688	01/05/2020	Sodinokibi (AKA REvil)	MJ Payne	MJ Payne, a London accountancy firm, suffers a REvil ransomware attack.	Malware	K Financial and insurance activities	CC	UK	MJ Payne, REvil ransomware, Sodinokibi
689	02/05/2020	?	LineageOS	Hackers breach the main infrastructure of the LineageOS‌ Android, causing a full outage. The attackers exploited a high-severity vulnerability in the open source “Salt” management framework that was disclosed to the public on April 30.	Vulnerability	M Professional scientific and technical activities	CC	N/A	LineageOS, Salt, CVE-2020-11651, CVE-2020-11652
690	02/05/2020	?	PeroxyChem	PeroxyChem is hit by a Maze ransomware attack.	Malware	M Professional scientific and technical activities	CC	US	PeroxyChem, Maze, ransomware
691	03/05/2020	Shiny Hunters	Tokopedia	A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online.	SQL Injection	G Wholesale and retail trade	CC	ID	Tokopedia, Shiny Hunters
692	03/05/2020	Shiny Hunters	Unacademy	Online learning platform Unacademy suffers a data breach after a hacker gains access to their database and starts selling the account information for close to 22 million users.	Unknown	P Education	CC	IN	Unacademy, Shiny Hunters
693	03/05/2020	?	Naughty Dog	A security flaw in patches from game developer Naughty Dog give hackers access to unreleased content from the upcoming The Last of Us Part II that was stored in an Amazon S3 bucket.	Misconfiguration	R Arts entertainment and recreation	CC	US	Naughty Dog, The Last of Us, Amazon S3
694	03/05/2020	?	Ghost	The blogging platform Ghost is compromised exploiting the Salt vulnerability. The attackers install a cryptominer.	Vulnerability	J Information and communication	CC	US	Ghost, Salt, CVE-2020-11651, CVE-2020-11652
695	03/05/2020	?	Digicert	Digicert is compromised as a consequence of the Salt vulnerability.	Vulnerability	M Professional scientific and technical activities	CC	US	Digicert, Salt, CVE-2020-11651, CVE-2020-11652
696	03/05/2020	?	Xen Orchestra	Xen Orchestra, a platform that provides tools to administrate Citrix Hypervisor is also compromised via the Salt vulnerability.	Vulnerability	M Professional scientific and technical activities	CC	US	Xen Orchestra, Salt, CVE-2020-11651, CVE-2020-11652
697	03/05/2020	Sodinokibi (AKA REvil)	Harvest Sherwood Food Distributors	Food supplier Harvest Sherwood Food Distributors is hit by a REvil ransomware attack.	Malware	I Accommodation and food service activities	CC	US	Harvest Sherwood Food Distributors, Sodinokibi, Revil, ransomware
698	03/05/2020	?	Florida Gulf Coast University	A virtual ceremony by Florida Gulf Coast University is disrupted by a DDOS attack.	DDoS	P Education	CC	US	Florida Gulf Coast University
699	03/05/2020	?	Dakota Carrier Network	Dakota Carrier Network, a consortium of 14 independent broadband companies, is hit by the Maze ransomware.	Malware	M Professional scientific and technical activities	CC	US	Dakota Carrier Network, Maze, Ransomware
700	04/05/2020	?	Single individuals in France	A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.	Malware	X Individual	CC	FR	VCrypt, ransomware
701	04/05/2020	State-sponsored hackers from Russia, Iran, and China	UK universities and scientific facilities	The UK's National Cyber Security Centre (NCSC) warns that the country's universities and scientific facilities are being subject to a wave of hacking attempts conducted by other countries in the quest for coronavirus research.	Targeted Attack	P Education	CE	UK	National Cyber Security Centre, NCSC, Russia, Iran, China
702	04/05/2020	?	Financial Organizations	The US Financial Industry Regulatory Authority (FINRA) issues a cyber-security alert warning member organizations of "a widespread, ongoing phishing campaign." aimed at stealing Microsoft Office and SharePoint account passwords from its member organizations.	Account Hijacking	K Financial and insurance activities	CC	US	Financial Industry Regulatory Authority, FINRA, Microsoft Office, SharePoint
703	04/05/2020	?	Companies across different industries	Microsoft warns of multiple malspam campaigns carrying malicious disk image files aimed to distribute the REMCOS remote access tool, using the COVID-19 lure.	Malicious Spam	Y Multiple Industries	CC	>1	REMCOS, COVID-19
704	04/05/2020	?	Tarkett	French flooring company Tarkett reveals that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result:	Malware	C Manufacturing	CC	FR	Tarkett
705	04/05/2020	?	Android users in Ukraine, Russia, Kazakhstan, Turkmenistan	Researchers from Bitdefender discover an existing version of the Android device screen-locking malware SLocker, repackaged in the form of a mobile coronavirus app	Malware	X Individual	CC	>1	COVID-19, Android, Bitdefender, SLocker
706	04/05/2020	?	Bukapalak	The data of 13 million users of the e-commerce platform Bukapalak are posted on a dark web forum, despite the company denies the breach.	Unknown	G Wholesale and retail trade	CC	ID	Bukapalak
707	04/05/2020	?	York University	York University suffers a "serious" cyber attack.	Unknown	P Education	CC	CA	York University
708	04/05/2020	?	CPC Corp.,	Oil refiner Taiwan's CPC Corp., suffers a ransomware attack.	Malware	D Electricity gas steam and air conditioning supply	CC	TW	CPC Corp.,
709	05/05/2020	?	Individuals in UK	Researchers from Cofense discover a new spear-phishing campaign targeting executives and others in attempt to steal login credentials and bank account details by posing as their smartphone provider EE.	Account Hijacking	X Individual	CC	UK	Cofense, EE
710	05/05/2020	Government-backed hacking group	Organizations involved in international COVID-19 responses, healthcare, and essential services	A joint advisory by cyber-security agencies from the US (CISA) and the UK (NCSC) reveal that organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups	Password-spraying	Q Human health and social work activities	CE	>1	CISA, NCSC, COVID-19
711	05/05/2020	?	Single Individuals	Researchers from Malwarebytes reveal that hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon.	Malicious Script Injection	X Individual	CC	>1	Malwarebytes, JavaScript, Magecart
712	05/05/2020	?	Multiple organizations	Researchers from Abnormal Security discover a highly convincing series of phishing attacks, using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users' account credentials.	Account Hijacking	Y Multiple Industries	CC	>1	Abnormal Security, Cisco Webex
713	05/05/2020	?	Mercedes-Benz Instagram account	Unknown hackers post swastikas on Mercedes-Benz Instagram account.	Account Hijacking	C Manufacturing	CC	DE	Mercedes-Benz, Instagram
714	05/05/2020	?	Algolia	Search service Algolia says it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure.	Vulnerability	M Professional scientific and technical activities	CC	US	Algolia, CVE-2020-11651, CVE-2020-11652
715	05/05/2020	?	Linux-based servers and smart IoT devices	Security researchers discover Kaiji, another strain of malware specifically built to infect Linux-based servers and smart IoT devices to launch DDoS attacks.	Malware	Y Multiple Industries	CC	>1	Kaiji
716	05/05/2020	?	BJC HealthCare	BJC HealthCare warns patients that their information may have been exposed after it discovered someone gained unauthorized access to three employee email accounts on March 6.	Account Hijacking	Q Human health and social work activities	CC	US	BJC HealthCare
717	05/05/2020	?	Formosa Petrochemical Corp.,	Formosa Petrochemical Corp., is hit by a malware attack.	Malware	D Electricity gas steam and air conditioning supply	CC	TW	Formosa Petrochemical Corp.,
718	06/05/2020	Snake	Fresenius	Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services is hit in a Snake ransomware cyber attack on its technology systems.	Malware	Q Human health and social work activities	CC	DE	Fresenius, Snake, Ransomware
719	06/05/2020	Shiny Hunters	Microsoft	A hacker dubbed Shiny Hunters claims to have stolen over 500GB of data from Microsoft's private GitHub repositories	Unknown	M Professional scientific and technical activities	CC	US	Shiny Hunters, Microsoft, GitHub
720	06/05/2020	?	Vulnerable Wordpress sites	Researchers from Wordfence reveal that hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins to remotely execute arbitrary code and fully compromise unpatched targets.	Vulnerability	Y Multiple Industries	CC	>1	Wordfence, Wordpress, Elementor Pro, Ultimate Addons for Elementor
721	06/05/2020	Lazarus group	Multiple organizations	Researchers from Malwarebytes reveal that hackers have hidden malware in MinaOTP, a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group.	Targeted Attack	Y Multiple Industries	CE	>1	Malwarebytes, MinaOTP, 2FA, Dacls, North Korea, Lazarus group
722	06/05/2020	?	Multiple E-Commerce servers	The FBI warns about attacks on Magento online stores via an old plugin vulnerability (CVE-2017-7391, a vulnerability in MAGMI, Magento Mass Import).	Vulnerability	G Wholesale and retail trade	CC	>1	FBI, Magento, CVE-2017-7391, MAGMI, Magento Mass Import
723	06/05/2020	Nefilim	Toll Group	For the second time in three months, Toll Group becomes the victim of a ransomware attack.	Malware	M Professional scientific and technical activities	CC	AU	Toll Group, Nefilim, ransomware
724	06/05/2020	?	44 million Pakistani mobile subscribers	The details of 44 million Pakistani mobile subscribers are leaked online.	Unknown	X Individual	CC	PK	Pakistan
725	06/05/2020	?	Chrome users	11 new fake crypto-wallet extensions add-ons are discovered in the Chrome Web store.	Malicious browser extension	X Individual	CC	>1	Chrome, Crypto
726	06/05/2020	?	Single Individuals in the US	Researchers from Secureworks Counter Threat Unit (CTU) observe an increase in tax identity theft aimed at fraudulently obtaining stimulus checks.	Account Hijacking	X Individual	CC	US	Secureworks Counter Threat Unit, CTU
727	06/05/2020	?	Multiple organizations	Researches from Prevailion discover a new variant of the EVILNUM malware.	Malware	Y Multiple Industries	CC	>1	Researches from Prevailion discover a new variant of the EVILNUM malware.
728	07/05/2020	Silver Terrier	Multiple organizations	Researchers from Palo Alto Networks reveal the details of a new series of attacks from Silver Terrier, targeting multiple organizations involved with the COVID-19 response.	Business Email Compromise	Y Multiple Industries	CC	>1	Silver Terrier, Palo Alto Networks, COVID-19
729	07/05/2020	Naikon APT	Several national government entities in the Asia Pacific (APAC) region	Researchers from Check Point discover new evidence of an ongoing cyber espionage operation against several national government entities in the Asia Pacific (APAC) region, using a new backdoor named Aria-body.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	Check Point, Aria-body, Naikon APT
730	07/05/2020	?	Ruhr University Bochum (RUB)	The Ruhr University Bochum (RUB) announces that it was forced to shut down large parts of its central IT infrastructure, after a ransomware attack that took place between May 6 and May 7.	Malware	P Education	CC	DE	Ruhr University Bochum, RUB, ransomware
731	07/05/2020	DonJuji	MobiFriends	The personal details of 3,688,060 users registered on the MobiFriends dating app are posted online and available for download. The data was obtained in a security breach that took place in January 2019	Unknown	R Arts entertainment and recreation	CC	ES	MobiFriends, DonJuji
732	07/05/2020	?	Web applications built on the ASP.NET	Researchers at security firm Red Canary uncover a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework.	Vulnerability	Y Multiple Industries	CC	>1	Red Canary, Monero, Blue Mockingbird, CVE-2019-18935, ASP.NET, Crypto
733	07/05/2020	?	Fitness class	A Zoom hacker scares a group of about 60 children taking part in a fitness class, streaming a child sex abuse footage.	Zoom bombing	R Arts entertainment and recreation	CC	UK	Zoom
734	07/05/2020	Maze	Sparboe Companies	The threat group MAZE publishes what it claims is data stolen from Sparboe Companies, a Minnesota egg supplier during a ransomware attack.	Malware	I Accommodation and food service activities	CC	US	Sparboe Companies, Maze
735	07/05/2020	?	Giannis Antetokounmpo's Twitter account	NBA Milwaukee Bucks' player Giannis Antetokounmpo's Twitter account is hacked.	Account Hijacking	X Individual	CC	US	Giannis Antetokounmpo, Twitter, Milwaukee Bucks
736	07/05/2020	?	StorEnvy	The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online.	Unknown	G Wholesale and retail trade	CC	US	StorEnvy
737	08/05/2020	Sodinokibi (AKA REvil)	Grubman Shire Meiselas & Sacks (GSMLaw)	The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from Grubman Shire Meiselas & Sacks, a prominent entertainment and law firm that counts dozens of international stars as their clients, including Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others.	Malware	N Administrative and support service activities	CC	US	Sodinokibi, REvil. ransomware, Grubman Shire Meiselas & Sacks, GSMLaw, Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross
738	08/05/2020	Attackers linked to Iran	Gilead Sciences	Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, as the company races to deploy a treatment for the COVID-19 virus.	Targeted Attack	M Professional scientific and technical activities	CC	>1	Iran, Gilead Sciences Inc, COVID-19
739	08/05/2020	Shiny Hunters	HomeChef	A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale in the dark web.	Unknown	I Accommodation and food service activities	CC	US	HomeChef, Shiny Hunters
740	08/05/2020	Shiny Hunters	ChatBooks	A database with 15 million records belonging to ChatBooks, a photo print service, is put on sale in the dark web.	Unknown	M Professional scientific and technical activities	CC	US	ChatBooks, Shiny Hunters
741	08/05/2020	Shiny Hunters	Chronicle.com	Chronicle.com, a news source for higher education, is the latest victim to have a database dumped from the Shiny Hunters collective (3 million records).	Unknown	J Information and communication	CC	US	Chronicle.com, Shiny Hunters
742	08/05/2020	?	Texas Office of Court Administration (OCA)	The Texas Office of Court Administration (OCA) is hit by ransomware.	Malware	O Public administration and defence, compulsory social security	CC	US	Texas Office of Court Administration, Ransomware
743	08/05/2020	?	Multiple organizations	Researchers from Abnormal Security discover a new phishing campaign exploiting the DocuSign platform.	Account Hijacking	Y Multiple Industries	CC	>1	Abnormal Security, DocuSign
744	08/05/2020	?	City Index	Financial trading provider City Index informs users of a breach of their personal data, after its network was accessed by an unauthorized third party on April 14.	Unknown	K Financial and insurance activities	CC	UK	City Index
745	09/05/2020	?	Stadler	International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data.	Malware	C Manufacturing	CC	CH	Stadler
746	09/05/2020	Shiny Hunters	Bhinneka	Bhinneka has 1.2 million records dumped by Shiny Hunters.	Unknown	G Wholesale and retail trade	CC	ID	Bhinneka, Shiny Hunters
747	09/05/2020	Shiny Hunters	Minted	Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by Shiny Hunters.	Unknown	R Arts entertainment and recreation	CC	US	Minted, Shiny Hunters
748	09/05/2020	Shiny Hunters	Styleshare	Styleshare, an online platform that allows users to share and receive updates on fashion and beauty, is breached by Shiny Hunters. 6 million records are leaked.	Unknown	J Information and communication	CC	KR	Styleshare, Shiny Hunters
749	09/05/2020	Shiny Hunters	Ggumim	Ggumim suffers 2 million records leaked by Shiny Hunters.	Unknown	Z Unknown	CC	KR	Shiny Hunters, Ggumim
750	09/05/2020	Shiny Hunters	Mindful	2 Million accounts from Mindful are leaked by the Shiny Hunters.	Unknown	Q Human health and social work activities	CC	US	Shiny Hunters, Mindful
751	09/05/2020	Shiny Hunters	Star Tribune	1 Million accounts from the Star Tribune are leaked by the Shiny Hunters.	Unknown	J Information and communication	CC	US	Shiny Hunters, Star Tribune
752	09/05/2020	Shiny Hunters	Zoosk	The Shiny Hunters leak 30 million accounts from Zoosk.	Unknown	S Other service activities	CC	>1	Shiny Hunters, Zoosk
753	09/05/2020	?	U.S. Marshals Service	A data breach at the U.S. Marshals Service exposes the personal information of current and former prisoners (387,000 individuals are affected). The breach occurred on December 2019.	Unknown	O Public administration and defence, compulsory social security	CC	US	U.S. Marshals Service
754	10/05/2020	?	Port of Bandar Abbas	Iranian officials say that hackers damaged a small number of computers in a cyber-attack against the port of Bandar Abbas, the country's largest port in the Strait of Hormuz.	Unknown	H Transportation and storage	CW	IR	Bandar Abbas, Strait of Hormuz
755	10/05/2020	?	MyBudget	MyBudget, one of Australia's largest debt-management services is taken down by malware.	Malware	K Financial and insurance activities	CC	AU	MyBudget
756	11/05/2020	Maze	Pitney Bowes	Pitney Bowes suffers a cyber attack for the second time in few months. The attackers are detected but manage to steal some files.	Malware	M Professional scientific and technical activities	CC	US	Pitney Bowes, Maze, Ransomware
757	11/05/2020	ProLock	Diebold Nixdorf	Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffers a ProLock ransomware attack that disrupts some operations.	Malware	C Manufacturing	CC	US	Diebold Nixdorf, ProLock, ransomware
758	11/05/2020	?	WeLeakData.com	The database for the defunct hacker forum and data breach marketplace WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site.	Unknown	S Other service activities	CC	N/A	WeLeakData.com
759	11/05/2020	?	Banking users in Brazil	Researchers from Cisco Talos discover a new variant of the Astaroth malware using YouTube as its command and control infrastructure.	Malware	K Financial and insurance activities	CC	BR	Cisco Talos, Astaroth
760	11/05/2020	?	Banking users	Researchers from IBM X-Force reveal that the Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams.	Malware	K Financial and insurance activities	CC	>1	IBM X-Force, Zeus Sphinx, COVID-19
761	11/05/2020	?	Portuguese Banking users	A new campaign targets Portuguese Banking users with the Lampion malware, impersonating an invoice from a Bank transaction, an invoice from Vodafone Group, and emergency funds provided by the Portuguese Government to help the COVID-19 fight.	Malware	K Financial and insurance activities	CC	PT	Lampion, Vodafone Group, COVID-19
762	11/05/2020	?	Multiple organizations	Researchers from Abnormal Security revel the details of a new attack impersonating a notification from Zoom in order to steal Microsoft credentials of employees.	Account Hijacking	Y Multiple Industries	CC	>1	Abnormal Security, Zoom, Microsoft
763	12/05/2020	?	Magellan Health Inc	Magellan Health Inc announces that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.	Malware	Q Human health and social work activities	CC	US	Magellan Health Inc, ransomware
764	12/05/2020	HIDDEN COBRA AKA Lazarus Group	US Companies	The US government (FBI, CISA, and DoD) releases information on three new malware variants (COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH) used in malicious cyber activity campaigns by the North Korean government-backed hacker group tracked as HIDDEN COBRA.	Targeted Attack	Y Multiple Industries	CE	US	(FBI, CISA, DoD, COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH, HIDDEN COBRA, Lazarus Group
765	12/05/2020	Magecart	>1000 websites	Security researcher Max Kersten collects in a span of a few weeks over 1,000 domains infected with payment card skimmers.	Malicious Script Injection	Y Multiple Industries	CC	>1	Max Kersten, Magecart
766	12/05/2020	?	ESET	ESET fends off a DDoS attack facilitated by "Updates for Android", a malicious news app hosted in the Google Play Store and downloaded 50,000 times.	DDoS	M Professional scientific and technical activities	CC	SK	ESET, Updates for Android, Google Play Store, Android
767	12/05/2020	?	Nikkei Inc.,	Nikkei Inc., announces that personal information on a total of 12,514 people had been leaked after a computer used by a group company employee was infected with a virus in an apparent cyberattack.	Malware	J Information and communication	CC	JP	Nikkei Inc.
768	12/05/2020	Nefilim	W&T Offshore	The hackers behind the Nefilim malware say they have stolen over 800 gigabytes of personnel and financial data from W&T Offshore Inc.,	Malware	D Electricity gas steam and air conditioning supply	CC	US	W&T Offshore, Nefilim
769	13/05/2020	Threat actors affiliated to the People’s Republic of China	US health care, pharmaceutical, and research industry sectors.	The US government (FBI, CISA, and DoD) reveals that Threat actors affiliated to the People’s Republic of China (PRC) are attempting to compromise and collect COVID-19 information from organizations in the US health care, pharmaceutical, and research industry sectors.	Targeted Attack	Q Human health and social work activities	CE	US	FBI, CISA, DoD, People’s Republic of China, PRC, COVID-19
770	13/05/2020	?	Supercomputers across UK, Germany, Switzerland and Spain	Multiple supercomputers across Europe are infected with cryptocurrency mining malware and shut down to investigate the intrusions.	Malware	P Education	CC	>1	Supercomputers
771	13/05/2020	?	Multiple organizations	Microsoft discovers a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan.	Malware	Y Multiple Industries	CC	>1	Microsoft, COVID-19, LokiBot
772	13/05/2020	?	Multiple organizations	Researchers from ESET discover a new malware toolkit, dubbed Ramsay, able to collect sensitive files from systems isolated from the internet.	Malware	Y Multiple Industries	CC	>1	ESET, Ramsay
773	13/05/2020	?	Interserve	Interserve, a contractor for the Britain’s Ministry of Defence suffers a security breach, after hackers break into a database and steal up to 100,000 of past and current employees details.	Unknown	M Professional scientific and technical activities	CC	UK	Interserve, Ministry of Defence
774	13/05/2020	?	Bam Construct	Bam Construct is hit by a malware.	Malware	M Professional scientific and technical activities	CC	UK	Bam Construct
775	13/05/2020	Russia	German Chancellor Angela Merkel	German Chancellor Angela Merkel reveals that Russia was targeting her in hacking attacks, saying she had concrete proof of the "outrageous" spying attempts.	Targeted Attack	O Public administration and defence, compulsory social security	CE	DE	Angela Merkel, Russia
776	13/05/2020	?	Single Individuals	Researchers from Sophos discover a new phishing campaign using a well-crafted fake DHL delivery notification,	Account Hijacking	X Individual	CC	>1	Sophos, DHL
777	13/05/2020	?	Wright County	Wright County notifies residents of a phishing attack occurred on January 31, 2019.	Account Hijacking	O Public administration and defence, compulsory social security	CC	US	Wright County
778	13/05/2020	AKO	North Shore Pain Management	North Shore Pain Management has 4 GB of data leaked by the AKO ransomware gang.	Malware	Q Human health and social work activities	CC	US	North Shore Pain Management, AKO, ransomware
779	14/05/2020	?	Norfund	Fraudsters running business email compromise scams were able to swindle Norfund, Norway’s state investment fund, out of $10 million.	Business Email Compromise	K Financial and insurance activities	CC	NO	Norfund
780	14/05/2020	?	Multiple organizations	Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Office 365 sign-in pages.	Account Hijacking	Y Multiple Industries	CC	>1	Microsoft, Azure AD, Office 365
781	14/05/2020	Turla APT?	European diplomatic entities	Researchers from Kaspersky discover a new COMpfun remote access trojan (RAT) variant controlled using uncommon HTTP status codes, used in attacks targeting European diplomatic entities.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	Kaspersky, COMpfun, Turla
782	14/05/2020	RATicate	Industrial companies	Researchers from Sophos identifies RATicate, a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.	Targeted Attack	Y Multiple Industries	CE	>1	Sophos, RATicate
783	14/05/2020	?	Multiple organizations	A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury.	Malware	Y Multiple Industries	CC	US	Adwind, U.S. Department of the Treasury, COVID-19
784	14/05/2020	APT from China	Government entities, telecommunications firms, and the gas industry	A joint report issued by ESET and Avast reveal the details of Mikroceen, a backdoor used in attacks against public and private entities in central Asia since 2017.	Targeted Attack	Y Multiple Industries	CE	>1	ESET, Avast, China, Mikroceen
785	14/05/2020	?	Elexon	Elexon, a middleman in the UK power grid network, reports that it fell victim to a cyber-attack (probably malware).	Malware	D Electricity gas steam and air conditioning supply	CC	UK	Elexon, ransomware
786	14/05/2020	?	Service NSW	Service NSW reveals to have fallen victim to a phishing attack occurred on April 22.	Account Hijacking	O Public administration and defence, compulsory social security	CC	AU	Service NSW
787	14/05/2020	?	Multiple Organizations	Researchers from Palo Alto Networks Unit 42 observe both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8.	Vulnerability	Y Multiple Industries	CC	>1	Palo Alto Networks, Unit 42, Mirai, Hoaxcalls, Symantec
788	14/05/2020	?	Multiple organizations	Researchers from Armorblox reveal the details of a phishing campaign exploiting Symantec URL Protection to evade detection.	Account Hijacking	Y Multiple Industries	CC	>1	Armorblox, Symantec
789	14/05/2020	?	Saint Paulus Lutheran Church	Saint Paulus Lutheran Church sues video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse.	Zoom bombing	S Other service activities	CC	US	Saint Paulus Lutheran Church, Zoom
790	14/05/2020	?	Des Moines City Council	A Des Moines civil rights meeting is abandoned after being Zoombombed.	Zoom bombing	O Public administration and defence, compulsory social security	CC	US	Des Moines City Council, Zoom
791	15/05/2020	?	Online Shops	Researchers at Sucuri discover a new WordPress malware used to scan and identify WooCommerce online shops to be targeted in future Magecart attacks.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Sucuri, WordPress, WooCommerce, Magecart
792	15/05/2020	?	Texas Department of Transportation (TxDOT)	A new ransomware attack hits the network of the state’s Department of Transportation (TxDOT).	Malware	O Public administration and defence, compulsory social security	CC	US	Texas Department of Transportation, TxDOT
793	15/05/2020	?	Car owners in Moscow	A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum.	Unknown	X Individual	CC	RU	Russia, Car owners
794	15/05/2020	?	BlueScope	BlueScope confirms it was the victim of a cyber incident.	Unknown	C Manufacturing	CC	AU	BlueScope
795	15/05/2020	Tropic Trooper, AKA KeyBoy	Taiwanese and Philippine military	Researchers from Trend Micro reveal the details of a campaign targeting the air-gapped networks of the Taiwanese and the Philippine military via the USBferry malware.	Targeted Attack	O Public administration and defence, compulsory social security	CE	TW PH	Trend Micro, USBferry, Tropic Trooper, KeyBoy
796	04/05/2020	?	Healthcare, government entities, financial institutions, and retail	The FBI issues a security alert about a new ransomware strain named ProLock, deployed in intrusions at healthcare, government entities, financial institutions, and retail.	Malware	Y Multiple Industries	CC	US	FBI, ProLock, ransomware
797	08/05/2020	?	Nipissing First Nation	Nipissing First Nation is hit by a ransomware attack.	Malware	U Activities of extraterritorial organizations and bodies	CC	CA	Nipissing First Nation, ransomware
798	10/05/2020	Powerful Greek Army	North Macedonia’s Ministry of Economy and Finance	A Greek group called Powerful Greek Army leaks dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica	Unknown	O Public administration and defence, compulsory social security	H	MK	Powerful Greek Army, North Macedonia’s Ministry of Economy and Finance, Strumica
799	11/05/2020	?	Bernards Township	Bernards Township is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Bernards Township, ransomware
800	14/05/2020	?	BlockFi	Crypto lending provider BlockFi reports that it suffered a data breach after, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees.	Account Hijacking	V Fintech	CC	US	BlockFi, Crypto
801	14/05/2020	?	Single Individuals in the US	Researchers from the advocacy group Abuse.ch discover a COVID-19-related malspam campaign that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials using a remote access trojan.	Account Hijacking	X Individual	CC	US	COVID-19, Abuse.ch, U.S. Treasury Department
802	14/05/2020	?	9 million customers of the CDEK Express transportation service	Data belonging to nine million customers of the CDEK Express transportation service was is up for sale on the Web for 70 thousand rubles ($950).	Unknown	H Transportation and storage	CC	RU	CDEK Express
803	14/05/2020	?	Covve	Covve, the popular address book app, is identified as the source of a data breach that exposed the details of nearly 23 million individuals.	Unknown	J Information and communication	CC	CY	Covve
804	18/05/2020	?	Undisclosed Target	Researchers from Cofense discover a phishing tactic that leverages the OAuth2 framework and OpenID Connect (OIDC) protocol to access user data.	Account Hijacking	Z Unknown	CC	N/A	Cofense, OAuth2, OpenID Connect
805	18/05/2020	NetWalker	Multiple organizations	Researchers at Trend Micro discover a new fileless version of the NetWalker ransomware.	Malware	Y Multiple Industries	CC	>1	Trend Micro, NetWalker, Ransomware
806	19/05/2020	?	EasyJet	EasyJet admits that a "highly sophisticated cyber-attack" has affected approximately nine million customers. Email addresses and travel details have also been stolen and 2,208 customers had also their credit and debit card details "accessed". The attack was discovered on January.	Targeted Attack	H Transportation and storage	CC	UK	EasyJet
807	19/05/2020	?	Multiple organizations	Microsoft's Security Intelligence team warns of a "massive" COVID-19 themed phishing campaign that attempts to install NetSupport Manager, a remote access tool, by tricking users into opening email attachments containing malicious Excel 4.0 macros.	Malicious Spam	Y Multiple Industries	CC	>1	Microsoft, COVID-19, NetSupport Manager, Excel
808	19/05/2020	?	Banking users	Researchers from Malwarebytes and HYAS reveal the details of Silent Night, a botnet distributed via the RIG exploit kit and COVID-19 spam.	Malware	K Financial and insurance activities	CC	>1	Malwarebytes, HYAS, Silent Night, RIG exploit kit, COVID-19
809	19/05/2020	?	Thai users of Whatsapp, Facebook Messenger	Researches from Cisco Talos reveal the details of WolfRAT, a new Trojan targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform.	Malware	X Individual	CC	TH	Cisco Talos, WolfRAT, Whatsapp, Facebook Messenger
810	19/05/2020	Scattered Canary	Single Individuals	Researchers from Agari discover Scattered Canary, a group of business email compromise (BEC) Nigerian scammers targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act.	Business Email Compromise	X Individual	CC	US	Agari, Scattered Canary, BEC, COVID-19, CARES Act
811	19/05/2020	?	Undisclosed Target	Researchers from Abnormal Security reveal the detail of a new campaign impersonating the collaboration software provider, LogMeIn.	Account Hijacking	Z Unknown	CC	N/A	Abnormal Security, LogMeIn
812	20/05/2020	Winnti Group	Massively multiplayer online (MMO) game developers located in South Korea and Taiwan	Cybersecurity firm ESET releases a report on the Winnti APT group, using PipeMon, a new, modular malware on the systems of several massively multiplayer online (MMO) game developers located in South Korea and Taiwan.	Targeted Attack	R Arts entertainment and recreation	CE	KR TW	ESET, Winnti, PipeMon
813	20/05/2020	ShinyHunters	Wishbone	ShinyHunters puts up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll.	Unknown	M Professional scientific and technical activities	CC	US	ShinyHunters, Wishbone
814	20/05/2020	?	Banking users in the U.S., Canada, Germany, Poland, and Australia	Researchers from Proofpoint reveal the details of a new version of the ZLoader banking malware seen in more than 100 email campaigns since the beginning of the year.	Malware	K Financial and insurance activities	CC	>1	Proofpoint, ZLoader
815	20/05/2020	CyberWare	Scam companies	A group of hackers calling themselves CyberWare starts targeting scam companies with ransomware and DDoS attacks.	Malware	S Other service activities	CC	N/A	CyberWare
816	20/05/2020	?	Multiple organizations	The FBI issues a security alert about Zoom-bombing.	Zoom bombing	Y Multiple Industries	CC	US	FBI, Zoom bombing
817	21/05/2020	?	Multiple organizations	Researchers from Sophos reveal the details of RagnarLocker, a new ransomware installing virtual machines to avoid detection.	Malware	Y Multiple Industries	CC	>1	Sophos, RagnarLocker, ransomware
818	21/05/2020	Hackers of Savior	2000 Israeli websites	More than 2000 Israeli websites are defaced to show an anti-Israeli message and with malicious code seeking permission to access visitors' webcams. Most of the websites were hosted on uPress, a local Israeli WordPress hosting service.	Defacement	Y Multiple Industries	H	IL	uPress, Hackers of Savior
819	21/05/2020	Ke3chang (AKA APT15, Vixen Panda, Playful Dragon, and Royal APT)	Multiple organizations	Researchers from Intezer discover a new operation from the Ke3chang APT, using a new malware dubbed Ketrum.	Targeted Attack	Y Multiple Industries	CE	>1	Intezer, Ke3chang APT, Ketrum, APT15, Vixen Panda, Playful Dragon, Royal APT
820	21/05/2020	?	Multiple organizations	Researchers from Armorblox discover a new campaign in disguise of the Supreme Court, using a CAPTCHA page to evade security controls on Office 365.	Account Hijacking	Y Multiple Industries	CC	>1	Armorblox, Supreme Court, CAPTCHA, Office 365
821	21/05/2020	Chafer APT	Governments in Kuwait and Saudi Arabia	Researchers from BitDefender reveal the details of the Iran-linked Chafer APT group, targeting governments in Kuwait and Saudi Arabia	Targeted Attack	O Public administration and defence, compulsory social security	CE	KW SA	Chafer APT, Iran, BitDefender
822	21/05/2020	?	Multiple organizations	Researchers from Trustwave uncover a new phishing campaigns, taking advantage of “the reputation and services” of the Google Cloud’s Firebase mobile and web application development platform.	Account Hijacking	Y Multiple Industries	CC	>1	Trustwave, Google Cloud, Firebase
823	22/05/2020	LulzSecITA	San Raffaele Hospital	Hackers from LulzSecITA leak sensitive data from the San Raffaele Hospital in Milan. Data includes personal details of patients, doctors, nurses, and various employees. The breach occurred two months ago.	SQL Injection	Q Human health and social work activities	H	IT	LulzSecITA, San Raffaele
824	22/05/2020	ShinyHunters	Mathway	ShinyHunters breaches Mathway, a popular math solving application, stealing more than 25 million emails and passwords.	Unknown	M Professional scientific and technical activities	CC	US	ShinyHunters, Mathway
825	22/05/2020	?	Multiple organizations	Researchers from Sentinel One discover a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers.	Malware	Y Multiple Industries	CC	>1	Sentinel One, Sarwent, RDP, Remote Desktop Protocol
826	22/05/2020	?	2 million Indonesians	A threat actor shares the 2014 voter information for close to 2 million Indonesians on a hacker forum.	Unknown	X Individual	CC	ID	Indonesia
827	22/05/2020	?	EduCBA	Online education site EduCBA starts notifying customers that they are resetting their passwords after suffering a data breach.	Unknown	P Education	CC	IN	EduCBA
828	22/05/2020	?	Italian companies operating in the manufacturing sector.	Researchers from ZLab discover a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector.	Targeted Attack	C Manufacturing	CE	IT	ZLab
829	23/05/2020	?	Unknown resume aggregator	Researchers from Cyble discover a dump containing 29.1M Indian jobseekers personal details, offered for free in the hacking underground.	Unknown	M Professional scientific and technical activities	CC	IN	Cyble
830	23/05/2020	?	Multiple organizations	Researchers from Malwarebytes and HYAS publish a new report related to a new botnet, derived from Zeus, dubbed Silent Night Zeus.	Malware	Y Multiple Industries	CC	>1	Malwarebytes, HYAS, Zeus, Silent Night Zeus.
831	23/05/2020	DoubleGun	Multiple organizations in China	Researchers from NetLab 360 dismantle the infrastructure built by the DoubleGun Group, which had amassed hundreds of thousands of bots controlled via public cloud services, including Alibaba and Baidu Tieba.	Malware	Y Multiple Industries	CC	CN	NetLab 360, DoubleGun Group, Alibaba, Baidu Tieba
832	24/05/2020	?	Multiple Crypto wallets	The hacker that breached the Ethereum.org forum is allegedly selling the databases of several popular crypto hard wallets, including: Ledger, Trezor, and KeepKey.	Account Hijacking	V Fintech	CC	>1	Ethereum.org, Ledger, Trezor, KeepKey, Crypto
833	24/05/2020	?	Discord users	A new version of the AnarchyGrabber Discord malware is released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.	Malware	X Individual	CC	>1	AnarchyGrabber, Discord
834	24/05/2020	?	Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online	Researchers from Cyble discover the databases of three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online	Unknown	S Other service activities	CC	N/A	Nulled.ch, Sinfulsite.com, suxx.to, Cyble
835	25/05/2020	[F]Unicorn	Single individuals in Italy	The Agency for Digital Italy (AgID) discovers a new ransomware threat called [F]Unicorn, encrypting computers in Italy by tricking victims into downloading a fake COVID-19 contact tracing app.	Malware	X Individual	CC	IT	Agency for Digital Italy (AgID), [F]Unicorn, COVID-19
836	25/05/2020	?	More than two dozen SQL databases	More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website (over 1.5 million rows).	Unknown	Y Multiple Industries	CC	>1	SQL
837	26/05/2020	Turla	Three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe	Security researchers from ESET have discovered new attacks carried out by Turla via the ComRAT backdoor, taking place in January 2020. The attacks targeted three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	ESET, Turla
838	26/05/2020	?	Arbonne International	Arbonne International exposes the personal information and credentials of thousands after its internal systems were breached by an unauthorized party.	Account Hijacking	M Professional scientific and technical activities	CC	US	Arbonne International
839	26/05/2020	?	Banking users in Portugal	A new version of the Grandoreiro malware is discovered In Portugal.	Malware	K Financial and insurance activities	CC	PT	Grandoreiro
840	27/05/2020	NetWalker	City of Weiz	The Austrian City of Weiz is hit by the NetWalker Ransomware.	Malware	O Public administration and defence, compulsory social security	CC	AT	City of Weiz, ransomware, NetWalker
841	27/05/2020	PonyFinal	Multiple Organizations	Microsoft's security team issues an advisory warning organizations around the globe to deploy protections against PonyFinal a new strain of ransomware that has been in the wild over the past two months.	Malware	Y Multiple Industries	CC	>1	Microsoft, PonyFinal
842	27/05/2020	?	LiveJournal	Blogging platform LiveJournal appears to have suffered a security breach in 2014, and multiple hackers are selling the company's user database on the dark web and on hacking forums (26 million users).	Unknown	J Information and communication	CC	RU	LiveJournal
843	27/05/2020	?	Undisclosed Target	Researchers from Abnormal Security reveal the details of a new campaign impersonating AWS notifications.	Account Hijacking	Z Unknown	CC	N/A	AWS, Abnormal Security
844	27/05/2020	?	47.5 million Indian Truecaller users	Researchers from Cyble discover the data of 47.5 million Indian users, apparently leaked on the dark web allegedly originated from the famous caller-ID app, Truecaller.	Unknown	X Individual	CC	IN	Cyble, Truecaller
845	27/05/2020	"Hack-for-hire" groups operating in India	Employees at financial services, consulting and healthcare firms around the world	"Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from employees at financial services, consulting and healthcare firms around the world, according to Google's Threat Analysis Group.	Account Hijacking	Y Multiple Industries	CC	>1	Google's Threat Analysis Group
846	28/05/2020	?	Cisco Systems	Cisco discloses a security breach that impacted a small part of its backend infrastructure: hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers:	Vulnerability	J Information and communication	CC	US	Cisco Systems, Salt, CVE-2020-11651, CVE-2020-11652
847	28/05/2020	?	NTT	Nippon Telegraph & Telephone (NTT discloses a security breach. Hackers gained access to its internal network from Singapore and stole information on 621 customers from its communications subsidiary, NTT Communications.	Targeted Attack	J Information and communication	CE	JP	NTT, NTT Communications
848	28/05/2020	?	Github users	GitHub issues a security alert warning about Octopus Scanner, a new malware strain that's been spreading on its site via 26 boobytrapped Java projects.	Malware	Y Multiple Industries	CC	>1	GitHub, Octopus Scanner
849	28/05/2020	Sandworm AKA BlackEnergy	Multiple organizations	The US National Security Agency (NSA publishes a security alert warning of a new wave of cyberattacks against Exim email servers, exploiting CVE-2019-10149, conducted by Sandworm.	Targeted Attack	Y Multiple Industries	CE	US	US National Security Agency, NSA, Exim, CVE-2019-10149, Sandworm, BlackEnergy
850	28/05/2020	?	Multiple organizations	Researchers from Cybereason discover a new variant of the Valak malware targeting Microsoft Exchange.	Malware	Y Multiple Industries	CC	>1	Valak, Cybereason, Microsoft Exchange
851	28/05/2020	Netwalker	Michigan State University	The operators of the NetWalker (Mailto) ransomware announce that they've infected the network of Michigan State University	Malware	P Education	CC	US	NetWalker, Mailto, ransomware, Michigan State University
852	28/05/2020	?	Multiple organizations	Researchers at Palo Alto reveal the details of a new version of the Trickbot malware, providing a better method of evading detection.	Malware	Y Multiple Industries	CC	>1	Palo Alto Networks, Unit 42, Trickbot
853	28/05/2020	?	Valorant Players	Researchers from Dr.Web discover fake Android and iOS Valorant apps, promoting scams.	Malware	R Arts entertainment and recreation	CC	>1	Valorant, Dr.Web, iOS, Android
854	28/05/2020	?	Undisclosed Target	Researchers from Abnormal Security reveal the details of a new campaign impersonating the World Health Organization.	Account Hijacking	Z Unknown	CC	N/A	COVID-19, Abnormal Security, WHO, World Health organization
855	28/05/2020	?	City government systems in Minneapolis	City government systems in Minneapolis are taken down by a DDoS attack.	DDoS	O Public administration and defence, compulsory social security	H	US	Minneapolis
856	28/05/2020	?	Single Individuals in India	Security researchers from SonicWall discover fake malicious versions of Aarogya Setu, the Indian government’s coronavirus contact tracing mobile application.	Malware	X Individual	CC	IN	SonicWall, Aarogya Setu, COVID-19
857	29/05/2020	?	Amtrak	The National Railroad Passenger Corporation (Amtrak) discloses a data breach that may have resulted in the compromise of customer personally identifiable information (PII). The data breach was discovered on April 16, 2020 and was carried out via compromised credentials.	Account Hijacking	H Transportation and storage	CC	US	Amtrak
858	29/05/2020	?	Organizations in Japan, Italy, Germany and the UK	Researchers from Kaspersky identify a series of attacks on organizations in Japan, Italy, Germany and the UK. Up to 50% of the attackers’ targets are organizations in various industrial sectors.	Targeted Attack	M Professional scientific and technical activities	CC	>1	Kaspersky
859	29/05/2020	?	Multiple organizations	Researchers at ZLab discover a new campaign using COVID-19 lures (FMLA: Family and Medical Leave Act) to spread Himera and Absent-Loader.	Malware	Y Multiple Industries	CC	>1	ZLab, COVID-19, FMLA, Family and Medical Leave Act, Himera, Absent-Loader.
860	29/05/2020	Toogod	Department of Household Registration (Taiwan)	Researchers from Cyble discover in the dark web a database containing details of over 20 Million Taiwanese citizens.	Unknown	O Public administration and defence, compulsory social security	CC	TW	Cyble, Department of Household Registration, Toogod
861	30/05/2020	?	Emirates customers	Emirates airline warned passengers about the latest phishing email scam warning that flights have been cancelled because of COVID-19.	Account Hijacking	H Transportation and storage	CC	UAE	Emirates
862	30/05/2020	?	Unpatched Wordpress sites	Researchers from Wordfence reveal that Hackers launched a massive campaign against WordPress websites, attacking old vulnerabilities in unpatched plugins to download configuration files.	Vulnerability	Y Multiple Industries	CC	>1	Wordfence, Wordpress
863	30/05/2020	Anonymous	Minneapolis Police Department	Anonymous takes down the Minneapolis Police Department website in retaliation for the murder of George Floyd.	DDoS	O Public administration and defence, compulsory social security	H	US	Anonymous, Minneapolis Police Department, George Floyd
864	30/05/2020	?	Single individuals in Italy	Researchers from D3Lab uncover a new COVID-19-themed phishing campaign targeting the users of the Italian National Institute for Social Security (INPS) and exploiting the COVID-19 measures.	Account Hijacking	X Individual	CC	IT	D3Lab, COVID-19, INPS
865	30/05/2020	Sekhmet	Excis	Sekhmet ransomware operators claim to have hit an international IT firm, Excis.	Malware	M Professional scientific and technical activities	CC	UK	Excis, Sekhmet, ransomware
866	31/05/2020	?	Coincheck	Japanese cryptocurrency exchange Coincheck says hackers took control over its account at Oname.com, a local domain registrar and hijacked one of its domain names, which they later used to contact some of its customers.	Account Hijacking	V Fintech	CC	JP	Coincheck, Oname.com, Crypto
867	14/05/2020	?	Genworth Financial	Fortune 500 insurance holding company Genworth Financial discloses a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The breach was discovered by Genworth on April 20.	Account Hijacking	K Financial and insurance activities	CC	US	Genworth Financial
868	22/05/2020	?	Everett & Hurite Ophthalmic Association	Everett & Hurite Ophthalmic Association notifies 34,113 patients of a phishing attack occurred between February and March 2020.	Account Hijacking	Q Human health and social work activities	CC	US	Everett & Hurite Ophthalmic Association
869	01/06/2020	?	Kent Commercial Services	Kent Commercial Services reveal to have been hit with a ransomware attack on April 2. The attackers demanded 800,000 GBP.	Malware	N Administrative and support service activities	CC	UK	Kent Commercial Services, ransomware
870	01/06/2020	?	Multiple organizations	Researchers from Panda Security uncover BazarBackdoor, a new malware sharing code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks.	Malware	Y Multiple Industries	CC	>1	Panda Security, BazarBackdoor, TrickBot
871	02/06/2020	?	Minnesota Senate	The Minnesota Senate’s servers are hacked, and the attackers are able to access a file of passwords used by senators and staff, Senate officials.	Unknown	O Public administration and defence, compulsory social security	CC	US	Minnesota Senate
872	02/06/2020	?	Kentucky Employees’ Health Plan (KEHP)	Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) are victims of two connected data breaches that took place in late April and mid-May.	Account Hijacking	Q Human health and social work activities	CC	US	Kentucky Employees’ Health Plan, KEHP
873	02/06/2020	Sodinokibi AKA REvil	Agromart Group	The gang behind the Sodinokibi ransomware puts on sale on an auction site the data stolen for Agromart Group.	Malware	M Professional scientific and technical activities	CC	CA	Sodinokibi, Agromart Group, ransomware
874	03/06/2020	Cycldek, Conimes, or Goblin Panda	Large organizations and government institutions in Vietnam	Researchers from Kaspersky reveal the details of USBCulprit, a malware used by a group known as Cycldek, Conimes, or Goblin Panda, designed for compromising air-gapped devices via USB.	Targeted Attack	O Public administration and defence, compulsory social security	CE	VN	Kaspersky, USBCulprit, Cycldek, Conimes, Goblin Panda
875	03/06/2020	Netwalker	Columbia College of Chicago	The Netwalker Ransomware operators claim to have successfully attacked the Columbia College of Chicago, stole unencrypted data, and encrypted their computers.	Malware	P Education	CC	US	Columbia College of Chicago, Netwalker, Ransomware
876	03/06/2020	Netwalker	University of California San Francisco (UCSF)	The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stole unencrypted data, and encrypted their computers.	Malware	P Education	CC	US	University of California San Francisco, UCSF, Netwalker, Ransomware
877	03/06/2020	?	Microsoft Office 365 customers	Researchers from Abnormal Security discover a new phishing campaign targeting Microsoft Office 365 customers, using bait messages camouflaged as notifications sent by their organization to update the VPN configuration.	Account Hijacking	Y Multiple Industries	CC	>1	Abnormal Security, Microsoft Office 365, VPN, COVID-19
878	03/06/2020	?	San Francisco Employees’ Retirement System (SFERS)	The San Francisco Employees’ Retirement System (SFERS) suffers a data breach after an unauthorized person gains access to a database hosted in a test environment. The breach occurred on February 2020.	Unknown	S Other service activities	CC	US	San Francisco Employees’ Retirement System, SFERS
879	03/06/2020	DoppelPaymer	Digital Management Inc. (DMI)	The DoppelPaymer ransomware gang says it successfully breached the network of Digital Management Inc. (DMI), a managed IT and cyber-security services on demand, NASA contractor.	Malware	M Professional scientific and technical activities	CC	US	DoppelPaymer, ransomware, Digital Management Inc., DMI, NASA
880	03/06/2020	Maze	Westech International	The threat actors behind the Maze ransomware steal and leak the data of Westech International, a US military contractor.	Malware	C Manufacturing	CC	US	Westech International, Maze, Ransomware
881	03/06/2020	?	Viva Republica Inc.	Viva Republica Inc., a fintech firm, has its Toss platform hacked suffering a loss worth 9.4 million won ($7,853).	Unknown	V Fintech	CC	KR	Viva Republica Inc., Toss
882	03/06/2020	?	Duluth School District	The Duluth School District reveals the details of a security breach involving 14 student accounts.	Account Hijacking	P Education	CC	US	Duluth School District
883	03/06/2020	?	Anti-racism organizations	Cloudflare reveals a 1,120 fold soar of cyber-attacks against anti-racism organizations in the wake of the death of George Floyd.	DDoS	U Activities of extraterritorial organizations and bodies	CC	>1	Cloudflare, George Floyd
884	04/06/2020	China and Iran APT Groups	Trump and Biden presidential campaigns	Researchers from Google’s Threat Analysis Group say they’ve identified efforts by at least two nation state-backed hackers against the Trump and Biden presidential campaigns.	Targeted Attack	O Public administration and defence, compulsory social security	CE	US	Google, Threat Analysis Group, TAG, Trump, Biden
885	04/06/2020	Maze	Conduent	The Maze Ransomware operators claim to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.	Malware	M Professional scientific and technical activities	CC	US	Conduent, Maze, Ransomware
886	04/06/2020	?	Chartered Professional Accountants of Canada (CPA)	Chartered Professional Accountants of Canada (CPA) disclose a cyberattack against their website that allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.	Unknown	S Other service activities	CC	CA	Chartered Professional Accountants of Canada, CPA
887	04/06/2020	Tycoon	Small to medium size organizations in the software and education industries	Researchers from Blackberry and KPMG discover Tycoon, a new human-operated ransomware strain deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.	Malware	Y Multiple Industries	CC	>1	Blackberry, KPMG, Tycoon, ransomware
888	04/06/2020	?	Multiple organizations	Researchers from Akamai discover Stealthworker a piece of malware attempting brute-force attacks against cPanel.	Brute-Force	Y Multiple Industries	CC	>1	Akamai, cPanel, Stealthworker
889	04/06/2020	?	Hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services and more	Researchers from Ironscale discover a massive phishing campaign sending fake email notifications for voice messages.	Account Hijacking	Y Multiple Industries	CC	>1	Ironscale
890	04/06/2020	?	Banking users	Researchers from Check Point discover a new malware campaign, spoofing job seekers and delivering Zloader via emails with file attachments that claim to be curriculum vitae (CV).	Malware	K Financial and insurance activities	CC	US	Check Point, Zloader
891	04/06/2020	Higaisa	Multiple organizations	Researchers from Malwarebytes discover a new campaign from a Korea-linked APT known as Higaisa, using LNK files.	Targeted Attack	Y Multiple Industries	CE	>1	Malwarebytes, Higaisa, LNK
892	04/06/2020	?	Android users	Researchers from Trend Micro reveal that a couple of Android barcode reader apps, downloaded more than 1 million times, were found to contain ad fraud malware (AndroidOS_HiddenAd.HRXJA).	Malware	X Individual	CC	>1	Trend Micro, Android, AndroidOS_HiddenAd.HRXJA
893	04/06/2020	?	San Beda University (SBU)	An unidentified hacker infiltrates the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online.	Unknown	P Education	CC	PH	San Beda University, SBU
894	05/06/2020	Maze	VT San Antonio Aerospace	The Maze Ransomware gang breach and successfully encrypt the systems of VT San Antonio Aerospace. They also steal and leak unencrypted files. The attack occurred in April 2020.	Malware	M Professional scientific and technical activities	CC	US	VT San Antonio Aerospace, Maze, Ransomware
895	05/06/2020	"John Wick" and "Korean Hackers"	ZEE5	A hacker identifying themselves as "John Wick" and "Korean Hackers" claim to have breached the systems for Indian video on demand giant ZEE5 and are threatening to sell the database on criminal markets.	Unknown	J Information and communication	CC	IN	John Wick, Korean Hackers, ZEE5
896	05/06/2020	?	Fitness Depot	Canadian retailer Fitness Depot announces customers that their personal and financial information was stolen following a breach that affected the company's e-commerce platform last month.	Malicious Script Injection	G Wholesale and retail trade	CC	CA	Fitness Depot, Magecart
897	05/06/2020	Kupidon	Multiple organizations	A new ransomware dubbed Kupidon targets not only corporate networks, but also home user's personal data.	Malware	Y Multiple Industries	CC	>1	Kupidon, Ransomware
898	05/06/2020	eCh0raix	QNAP storage devices	The threat actors behind the eCh0raix Ransomware launch a brand new campaign targeting QNAP storage devices.	Malware	Y Multiple Industries	CC	>1	eCh0raix, Ransomware, QNAP
899	05/06/2020	?	City of Florence	The city of Florence, Alabama, is hit by the DoppelPaymer ransomware.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Florence, Alabama
900	05/06/2020	Maze	ST Engineering	The threat actors behind the Maze ransomware steal and leak the data of ST Engineering.	Malware	C Manufacturing	CC	SG	Maze, ransomware, ST Engineering.
901	05/06/2020	?	University of Utah	University of Utah notifies its patients after a phishing incident compromised employee email accounts between April 6 and May 22.	Account Hijacking	Q Human health and social work activities	CC	US	University of Utah
902	05/06/2020	?	Multiple organizations	Researchers from Yoroi ZLab reveal the details of a Netwire campaign targeting Italian-speakers.	Targeted Attack	Y Multiple Industries	CE	IT	Yoroi ZLab, Netwire
903	05/06/2020	?	Multiple organizations	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are trying to exploit the SMBGhost vulnerability (CVE-2020-0796).	Vulnerability	Y Multiple Industries	CC	US	U.S. Cybersecurity and Infrastructure Security Agency, CISA, SMBGhost, CVE-2020-0796
904	06/06/2020	?	Single Individuals	A fake decryptor for the STOP Djvu Ransomware is being distributed. Instead of getting their files back for free, they are infected with another ransomware, Zorab.	Malware	X Individual	CC	>1	STOP Djvu, Ransomware, Zorab
905	07/06/2020	EKANS (SNAKE)	Enel Group	The Enel Group is hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network,	Malware	D Electricity gas steam and air conditioning supply	CC	IT	Enel Group, SNAKE, EKANS, ransomware
906	07/06/2020	?	University of the Philippines Cebu	Unknown attackers break into the evaluation portal of the University of the Philippines Cebu.	Unknown	P Education	CC	PH	University of the Philippines Cebu
907	07/06/2020	?	Hockley Medical Practice	Hockley Medical Practice have their records of nearly 9,000 patients hacked.	Unknown	Q Human health and social work activities	CC	UK	Hockley Medical Practice
908	08/06/2020	EKANS (SNAKE)	Honda	Computer networks in Europe and Japan from car manufacturer giant Honda are also affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.	Malware	C Manufacturing	CC	JP	Honda, SNAKE, EKANS
909	08/06/2020	Russia?	German multinational corporation	Researchers at IBM X-Force uncover a COVID-19 related phishing campaign targeting a German multinational corporation, associated with a German government-private sector task force to procure personal protective equipment. The threat actors behind this campaign targeted more than 100 high ranking executives within this organization and its third-party ecosystem (approximately 40 organizations).	Targeted Attack	C Manufacturing	CE	DE	IBM X-Force, COVID-19
910	08/06/2020	DoppelPaymer	Avon	Cosmetics giant Avon discloses a security incident allegedly due to the DoppelPaymer ransomware.	Malware	C Manufacturing	CC	UK	Avon, DoppelPaymer, ransomware
911	08/06/2020	?	Greenworks	Researchers at RapidSpike discover that payment card data from customers of Greenworks hardware tools website is being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection.	Malicious Script Injection	G Wholesale and retail trade	CC	US	Greenworks, RapidSpike, Magecart
912	08/06/2020	?	Bitcoin users	Scammers hijack three YouTube channels (Juice TV, Right Human, and MaximSakulevich) to display bitcoin scams impersonating Elon Musk's SpaceX channel, stealing nearly $150,000 in bitcoins in two days.	Account Hijacking	X Individual	CC	>1	YouTube, Juice TV, Right Human, MaximSakulevich, Elon Musk, SpaceX
913	08/06/2020	TA410	U.S. energy providers	Researchers from Proofpoint discover a new spear-phishing campaign targeting U.S. energy providers via FlowCloud, a new remote access trojan (RAT) capable of providing attackers with full control over infected systems.	Targeted Attack	D Electricity gas steam and air conditioning supply	CE	US	Proofpoint, FlowCloud
914	08/06/2020	Avaddon	Single Individuals	Researchers from Appriver discover a new Avaddon Ransomware campaign targeting users worldwide.	Malware	X Individual	CC	>1	Appriver, Avaddon, Ransomware
915	09/06/2020	Dark Basin	Environmental advocacy groups, journalists, and others	A joint report by Citizen Labs and the University of Toronto reveals the details of a Dark Basin, a massive hack-for-hire operation targeting especially climate-change organizations who were campaigning against Exxon Mobil.	Targeted Attack	U Activities of extraterritorial organizations and bodies	CE	>1	Dark Basin, Exxon Mobil, Citizen Lab, University of Toronto
916	09/06/2020	?	Lion	Australian beverage giant Lion is hit by a Ransomware attack.	Malware	I Accommodation and food service activities	CC	AU	Lion, Ransomware
917	09/06/2020	?	Multiple organizations	Security researchers from RiskIQ discover a new wave of attacks relying on Magecart and malicious redirector code lurking in misconfigured S3 buckets.	Misconfiguration	Y Multiple Industries	CC	>1	RiskIQ, Magecart, S3
918	09/06/2020	R3dr0x	Bharat Earth Movers Limited (BEML).	Researchers from Cyble report that a threat actor is offering in a dark web black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML)	Unknown	C Manufacturing	H	IN	Cyble, R3dr0x, Bharat Earth Movers Limited, BEML
919	09/06/2020	?	Vulnerable Microsoft SQL Servers	Researchers from Sophos reveal that the operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Servers using brute-force methods in order to mine cryptocurrency.	Brute-Force	Y Multiple Industries	CC	>1	Sophos, Kingminer, Microsoft SQL Servers, Crypto
920	09/06/2020	?	Slovak government	Slovak authorities arrest four suspects as part of an investigation into a series of suspicious devices found connected to the government's official IT network.	Wiretapping	O Public administration and defence, compulsory social security	CC	SK	Slovakia
921	10/06/2020	Maze	MaxLinear	U.S. system-on-chip (SOC) maker company MaxLinear discloses that some of its computing systems were encrypted by Maze Ransomware operators. The attack was discovered on May 24.	Malware	C Manufacturing	CC	US	MaxLinear, Ransomware, Maze
922	10/06/2020	?	Single Individuals	A recent phishing email campaign discovered by Abuse.ch asks to vote anonymously about Black Lives Matter to spread the TrickBot information-stealing malware.	Malware	X Individual	CC	>1	Abuse.ch, Black Lives Matter, TrickBot
923	10/06/2020	?	Small businesses in the UK	Researchers from Abnormal Security discover a new phishing campaign targeting business owners with Microsoft Office 365, and using bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government.	Account Hijacking	Y Multiple Industries	CC	UK	Abnormal Security, Microsoft Office 365, Small Business Grants Fund, SGF, COVID-19
924	10/06/2020	?	Multiple organizations	Researchers from Recorded Future discover a new Ransomware-as-a-service, dubbed Thanos, with high evasion capabilities.	Malware	Y Multiple Industries	CC	>1	Thanos, Recorded Future, Ransomware
925	10/06/2020	?	Microsoft	Microsoft reveals that attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented them.	Misconfiguration	M Professional scientific and technical activities	CC	US	Microsoft, Azure
926	10/06/2020	?	Single Individuals	Researchers from Google report an increase in the number of COVID-19 related scams.	Account Hijacking	X Individual	CC	IN	Google, India, COVID-19
927	10/06/2020	?	Small businesses in the UK	Researchers from Google discover a new campaign targeting small businesses in the UK, designed to look like legitimate Small Business Grants Fund (SGF) messages.	Account Hijacking	Y Multiple Industries	CC	UK	Google, Small Business Grants Fund, SGF
928	10/06/2020	?	Single Individuals	Researchers from Google discover a phishing campaign themed with streaming services, targeting Brazilian users.	Account Hijacking	X Individual	CC	BR	Google, Brazil
929	10/06/2020	?	Single Individuals in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.	Researchers from Anomali identify 12 fake COVID-19 contact tracing apps targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore.	Malware	X Individual	CC	>1	Anomali, Armenia, India, Brazil, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.
930	10/06/2020	?	City of Keizer	The city of Keizer is hit with a ransomware attack, and is able to restore the data, paying the perpetrators a $48,000 ransom.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Keizer, ransomware
931	11/06/2020	?	City of Knoxville	The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Knoxville, ransomware
932	11/06/2020	?	Customers of 36 US financial institutions	Security researchers at F5 Labs discover ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions.	Malware	K Financial and insurance activities	CC	US	F5 Labs, Qbot
933	11/06/2020	?	TAIT Towers	TAIT Towers, one of the world's leading live event solutions providers, discloses a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees.	Account Hijacking	C Manufacturing	CC	US	TAIT Towers
934	11/06/2020	Gamaredon (Primitive Bear)	Ukrainian institutions	Researchers from ESET discover new recent campaigns by Gamaredon (Primitive Bear) containing a Visual Basic for Applications (VBA) project (.OTM file) targeting Microsoft Outlook email client with malicious macro scripts.	Targeted Attack	O Public administration and defence, compulsory social security	CE	UA	ESET, Gamaredon, Primitive Bear, VBA, Microsoft Outlook
935	11/06/2020	China, Russia, and Turkey	Twitter users	Twitter discloses three new state-linked operations on its platform this year. As a result of its investigation, it bans and removes 32,242 accounts operated out of China, Russia, and Turkey, pushing local political agendas and narratives, and associated with state-sponsored entities.	Fake Social Network accounts/groups/pages	O Public administration and defence, compulsory social security	CC	>1	Twitter, China, Russia, Turkey
936	11/06/2020	?	A1 Telekom	A1 Telekom, the largest internet service provider in Austria, admits a malware security breach from December 2019 to May 2020.	Malware	J Information and communication	CC	AT	A1 Telekom
937	11/06/2020	Earth Empusa, AKA POISON CARP/Evil Eye,	Uyghurs minority	Researchers from Trend Micro reveal that the Earth Empusa threat group (aka POISON CARP/Evil Eye) is targeting the Uyghurs minority with a new Android spyware dubbed ActionSpy.	Targeted Attack	X Individual	CE	N/A	Trend Micro, Earth Empusa, POISON CARP/Evil Eye, Uyghurs, Android, ActionSpy
938	11/06/2020	?	Infinity Diagnostics Center	Infinity Diagnostics Center Instagram account is compromised by an unknown hacker. After gaining access, the threat actor uploads multiple stories designed to paint the business as racist.	Account Hijacking	Q Human health and social work activities	CC	US	Infinity Diagnostics Center
939	11/06/2020	?	eHealth Saskatchewan	eHealth Saskatchewan admits to have suffered a ransomware attack on December 20.	Malware	Q Human health and social work activities	CC	CA	eHealth Saskatchewan, ransomware
940	11/06/2020	Sodinokibi AKA REvil	Activewear	Activewear reveals to have suffered a Sodinokibi ransomware attack back in May 2020.	Malware	G Wholesale and retail trade	CC	AU	Activewear, Sodinokibi, REvil, ransomware
941	12/06/2020	?	University of Missouri Health Care (MU Health Care)	University of Missouri Health Care (MU Health Care) discloses a breach that occurred in September 2019, when the email accounts of some students was been accessed without authorization.	Account Hijacking	Q Human health and social work activities	CC	US	University of Missouri Health Care, MU Health Care
942	12/06/2020	?	Portuguese users	A new malware called TroyStealer targets Portuguese users.	Malware	X Individual	CC	PT	TroyStealer
943	12/06/2020	?	NHS	The NHS confirms that 113 internal email accounts were compromised and used to send malicious spam between May 30 and June 1 2020.	Account Hijacking	Q Human health and social work activities	CC	UK	NHS
944	12/06/2020	m1x	puebla.gob.mx	A Russian hacker named m1x breaches a Mexican government web portal (puebla.gob.mx) and three days later once the government refused to pay a ransom, publicly-releases some 14,000 Mexican taxpayer ID numbers.	Unknown	O Public administration and defence, compulsory social security	CC	MX	m1x, puebla.gob.mx
945	12/06/2020	?	Electronic Waveform Lab, Inc.	Electronic Waveform Lab, Inc. reveals it suffered a ransomware attack on April 11, 2020.	Malware	C Manufacturing	CC	US	Electronic Waveform Lab, Inc., ransomware
946	12/06/2020	?	Cano Health	Cano Health warns its patients of a phishing attack involving three employees, discovered on April 2020 and occurred on May 2018.	Account Hijacking	Q Human health and social work activities	CC	US	Cano Health
947	12/06/2020	?	www.indianblooddonors.com	A data leak that contains sensitive information of 12,472 Indian blood donors is posted on two forums.	Unknown	Q Human health and social work activities	CC	IN	www.indianblooddonors.com
948	13/06/2020	Black Kingdom	Multiple organizations	Researchers from REDTEAM.PL reveal that operators of Black Kingdom ransomware target enterprises with unpatched Pulse Secure VPN software or initial access on the network, exploiting CVE-2019-11510.	Vulnerability	Y Multiple Industries	CC	>1	REDTEAM.PL, Black Kingdom, Pulse Secure, CVE-2019-11510, ransomware
949	13/06/2020	?	Rangely District Hospital (RDH)	Rangely District Hospital (RDH) reveals to have been hit by a ransomware attack on April 2020.	Malware	Q Human health and social work activities	CC	US	Rangely District Hospital, RDH, ransomware
950	13/06/2020	?	3,500 Armenian citizens	Azerbaijani hackers publish the data of about 3,500 Armenian citizens (people infected with COVID-19 and their contacts).	Unknown	X Individual	CC	AM	Azerbaijan, Armenia, COVID-19
951	14/06/2020	Maze	Threadstone Advisors LLP	The Maze ransomware gang hits Threadstone Advisors LLP, a US corporate advisory firm specialized in M&A.	Malware	K Financial and insurance activities	CC	US	Maze, Threadstone Advisors LLP
952	14/06/2020	?	Sapiens International	Israeli software company Sapiens International falls victim to a ransomware attack, paying $250,000 in Bitcoin to hackers	Malware	M Professional scientific and technical activities	CC	IL	Sapiens International, Ransomware
953	14/06/2020	?	Bitcoin users	For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages, to steal bitcoins.	Account Hijacking	V Fintech	CC	>1	Privnotes.com, privnote.com, bitcoin, crypto
954	14/06/2020	Anonymous USA (@AnonOpUSA)	Atlanta Police Department	The Anonymous claim to have taken down the website of the Atlanta Police Department (atlantapd.org).	DDoS	O Public administration and defence, compulsory social security	H	US	Anonymous, Anonymous USA, @AnonOpUSA, Atlanta Police Department, atlantapd.org
955	15/06/2020	?	Foodora	The details of 727,000 Foodora accounts in 14 countries are leaked online.	Unknown	I Accommodation and food service activities	CC	DE	Foodora
956	15/06/2020	?	Geox	Geox, the Italian shoe maker is hit with a ransomware attack.	Malware	C Manufacturing	CC	IT	Geox, Ransomware
957	15/06/2020	?	Claire's	Researchers from Sansec reveal that the websites for U.S. based jewelry and accessory giant Claire's, and its subsidiary Icing, were compromised in April via a Magecart attack.	Malicious Script Injection	G Wholesale and retail trade	CC	US	Claire's, Magecart, Sansec
958	15/06/2020	?	Single Individuals	A new campaign starts to push fake data breach notifications for big company names that really suffered a breach, to distribute malware and scams.	Malware	Y Multiple Industries	CC	>1	Breach
959	15/06/2020	?	Single Individuals	Nine human rights activists, journalists, academics and lawyers in India have been targeted by a “coordinated” spyware operation, according to an investigation by Amnesty International and the Citizen Lab.	Targeted Attack	X Individual	CE	IN	Amnesty International, Citizen Lab
960	15/06/2020	?	Intersport	The website of Intersport, one of Europe's largest sporting goods retail chain, is hit by a Magecart attack.	Malicious Script Injection	G Wholesale and retail trade	CC	CH	Intersport, Magecart
961	15/06/2020	?	Apple Mac Users	Researchers at Intego warn Apple Mac users of a new malware in disguise of an installer for Adobe Flash Player (a variant of OSX/Shlayer and OSX/Bundlore), distributed via Google search results.	Malware	X Individual	CC	>1	Apple, Mac, Adobe Flash Player, OSX/Shlayer, OSX/Bundlore, Intego, Google
962	15/06/2020	Vendetta	Multiple organizations	Researchers from ElevenPaths reveal the details of Vendetta, a threat actor targeting technological, business and government sectors that handle sensitive information	Targeted Attack	Y Multiple Industries	CE	>1	ElevenPaths, Vendetta
963	08/06/2020	?	Preen.Me	Researchers from Risk Based Security reveal that personal data of an estimated 350,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me.	Unknown	M Professional scientific and technical activities	CC	IL	Preen.Me, Risk Based Security
964	09/06/2020	?	South Africa’s Life Healthcare	South Africa’s Life Healthcare says its southern African operation is hit by a cyber attack affecting its admissions systems, business processing systems and email servers.	Unknown	Q Human health and social work activities	CC	ZA	Life Healthcare
965	10/06/2020	?	Multiple organizations	Researchers from Cofense discover a massive keylogger distribution campaign dubbed Mass Logger.	Malware	Y Multiple Industries	CC	>1	Cofense, Mass Logger
966	11/06/2020	?	University of the Philippines Visayas	The University of the Philippines Visayas confirmed on its official Facebook page that its website, upv.edu.ph, was defaced on Thursday, June 11.	Defacement	P Education	CC	PH	University of the Philippines Visayas, upv.edu.ph
967	16/06/2020	?	Countries across Europe and North America	Social media research group Graphika publishes a report unmasking a new Russian information operation codenamed Secondary Infektion, active since 2014, relying on fake news articles, fake leaks, and forged documents to generate political scandals in countries across Europe and North America.	Fake Social Network accounts/groups/pages	O Public administration and defence, compulsory social security	CW	>1	Graphika, Russia, Secondary Infektion
968	16/06/2020	?	Single Individuals	Researchers from Morphisec discover a new campaign exploiting a DLL hijacking vulnerability in Apple’s Push Service (APSDaemon) to install a cryptocurrency miner and avoid detection.	Malware	X Individual	CC	>1	Morphisec, Apple’s Push Service, APSDaemon, crypto
969	16/06/2020	?	Multiple organizations in New Zealand	The New Zealand's national computer emergency response team warns of a crime gang seeking "ransomware attack opportunities" against NZ organizations that use unpatched or poorly secured Citrix remote-access technology.	Misconfiguration	Y Multiple Industries	CC	NZ	New Zealand's national computer emergency response team, Citrix ransomware
970	16/06/2020	China	India	China launches DDOS attacks against information websites and the country’s financial payments system, amid growing tensions over border disputes in the Kashmir region.	DDoS	O Public administration and defence, compulsory social security	CW	IN	China, India
971	17/06/2020	?	Amazon	Amazon reveals that its AWS Shield service mitigated the largest DDoS attack ever recorded, stopping a 2.3 Tbps attack in mid-February this year.	DDoS	M Professional scientific and technical activities	CC	US	Amazon
972	17/06/2020	Lazarus Group	European aerospace and military companies	Security researchers from ESET disclose a new operation orchestrated by the Lazarus Group codenamed "Operation In(ter)ception," targeting victims for both cyber-espionage and financial theft.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	ESET, Lazarus Group, Operation In(ter)ception, North Korea
973	17/06/2020	Sodinokibi (AKA REvil)	Light S.A.	Sodinokibi ransomware (aka REvil) operators breach the Brazilian-based electrical energy company Light S.A. and demanding a $14 million worth ransom.	Malware	D Electricity gas steam and air conditioning supply	CC	BR	Sodinokibi, REvil, Light S.A.
974	17/06/2020	?	Russian Organizations	Researchers from Palo Alto Unit 42 discover a new malware, dubbed AcidBox, employed in targeted attacks against Russian organizations, and that leverages an exploit previously associated with the Russian-linked Turla APT group.	Targeted Attack	Z Unknown	CE	RU	Palo Alto Unit 42, AcidBox, Turla
975	17/06/2020	?	Unnamed Web host	An unnamed webhost was is hit with one of the largest DDoS attacks ever registered by Akamai (1.44 terabit-per-second)	DDoS	Z Unknown	CC	N/A	Akamai, DDoS
976	17/06/2020	?	City of Lexington	A Zoom meeting regarding issues surrounding police discipline is interrupted by callers shouting racist and homophobic remarks.	Zoom bombing	O Public administration and defence, compulsory social security	CC	US	Lexington, Zoom
977	17/06/2020	?	Cebu Normal University (CNU)	Subdomains of the Cebu Normal University (CNU) website, particularly the Library and Journal for Higher Education (JHE), are hacked by unknown entities.	Unknown	P Education	CC	PH	Cebu Normal University, CNU
978	17/06/2020	Pinoy Grayhats	Far Eastern University (FEU)	1,000 student accounts from the Far Eastern University (FEU) are made public, with details such as names, student numbers, and passwords exposed.	Unknown	P Education	CC	PH	Far Eastern University, FEU, Pinoy Grayhats
979	18/06/2020	InvisiMole and Gamaredon	High-profile organizations in Eastern Europe	Researchers from ESET discover a new campaign carried out by the InvisiMole group in cooperation with Gamaredon (two groups linked to Russia).	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	ESET, InvisiMole, Gamaredon, Russia
980	18/06/2020	?	Android users	Researchers at Awake Security reveal that a newly discovered spyware attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser. Google immediately removes 70 of the malicious extensions	Malware	X Individual	CC	>1	Google, Android, Awake Security
981	18/06/2020	Holmium AKA APT33, StoneDrill and Elfin	Aerospace, defence, chemical, mining, and petrochemical companies	Researchers from Microsoft reveal the details of a new campaign by Holmium, a group targeting exposed Exchange servers.	Account Hijacking	Y Multiple Industries	CE	>1	Microsoft, Holmium, APT33, StoneDrill, Elfin
982	18/06/2020	?	Wells Fargo customers	Researchers from Abnormal Security discover a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites.	Account Hijacking	K Financial and insurance activities	CC	US	Abnormal Security, Wells Fargo
983	18/06/2020	?	European, Asian, and Middle Eastern targets	Researchers from Check Point discover a phishing campaign abusing an Adobe Campaign redirection mechanism, and using a Samsung domain to redirect victims to an O365 themed phishing website. The attackers also hijacked an Oxford email server to deliver the malicious emails.	Account Hijacking	Y Multiple Industries	CC	>1	Check Point, Adobe Campaign, Samsung, Office 365, Oxford
984	18/06/2020	?	Bank of America customers	Researchers from Armorblox discover a phishing campaign against Bank of America customers able to bypass security filters.	Account Hijacking	K Financial and insurance activities	CC	US	Armorblox, Bank of America
985	18/06/2020	?	Banking users	Researchers from Juniper discover a new version of the IcedID banking trojan employed in COVID-19 themed attacks exploiting FMLA.	Malware	K Financial and insurance activities	CC	US	Juniper, IcedID, COVID-19, FMLA
986	18/06/2020	?	Lion	Australian beverage giant Lion is hit by a second cyber attack.	Unknown	I Accommodation and food service activities	CC	AU	Lion
987	18/06/2020	?	RBX.Place	Hackers steal data from RBX.Place, a grey marketplace where players of the massively popular online game Roblox can sell in-game items for real money.	Unknown	S Other service activities	CC	N/A	RBX.Place
988	19/06/2020	China?	Australian Organizations	Australian Prime Minister Scott Morrison calls a press conference to reveal that Australian organizations (government and private sector) are currently being targeted by a sophisticated state-based cyber actor. Fingers are pointed to China.	Targeted Attack	O Public administration and defence, compulsory social security	CE	AU	Scott Morrison, China
989	19/06/2020	Anonymous	US Police	A leak-focused activist group known as Distributed Denial of Secrets publishes BlueLeaks, a 269-gigabyte collection of police data, allegedly received from the Anonymous collective, which includes emails, audio, video, and intelligence documents, with more than a million files in total.	Unknown	O Public administration and defence, compulsory social security	H	US	Distributed Denial of Secrets, BlueLeaks, Anonymous
990	19/06/2020	NetWalker	Crozer-Keystone Health System	Crozer-Keystone Health System suffers a ransomware attack by the NetWalker ransomware gang. The gang auctions the stolen data through its darknet website.	Malware	Q Human health and social work activities	CC	US	Crozer-Keystone Health System, NetWalker
991	19/06/2020	?	Blaze Angel Roberts Instagram account	Popular Australian surfer Blaze Angel Roberts has her Instagram account hacked, posting sexually explicit images.	Account Hijacking	X Individual	CC	AU	Blaze Angel Roberts, Instagram
992	19/06/2020	?	Bitcoin users	A new bitcoin scam allows attackers to steal more than $2 million in two months from Elon Musk's name. The trick involves the use of Bitcoin vanity addresses in order to give the scam more credibility.	Bitcoin vanity addresses	X Individual	CC	>1	Bitcoin, Elon Musk, Crypto
993	19/06/2020	?	Mid-Michigan College	An attacker breaks into the Mid-Michigan College’s email system, compromising the accounts of 10 employees and compromising personal data of potentially up to 16,000 people.	Account Hijacking	P Education	CC	US	Mid-Michigan College
994	19/06/2020	?	Florida Orthopedic Institute	The Florida Orthopedic Institute warns of a ransomware attack suffered on April 9.	Malware	Q Human health and social work activities	CC	US	Florida Orthopedic Institute, Ransomware
995	19/06/2020	?	Multiple organizations	Multiple ConnectWise have their customers hit with ransomware through a software flaw.	Malware	Y Multiple Industries	CC	>1	ConnectWise, ransomware
996	20/06/2020	?	Discord users	A new malware dubbed NitroHack is distributed in disguise of the premium Discord Nitro service.	Malware	X Individual	CC	>1	Discord, NitroHack
997	20/06/2020	?	Tallapoosa County Probate Office	Tallapoosa County Probate Office is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Tallapoosa County Probate Office
998	21/06/2020	?	Over 230.000 Indonesian COVID-19 patient	Security researchers from Cyble discover over 230.000 Indonesian COVID-19 patients records leaked in the darknet.	Unknown	Z Unknown	CC	ID	Cyble, COVID-19
999	21/06/2020	?	University of California, Davis	A racist cyberattack email is delivered to thousands of University of California, Davis email accounts, prompting the university to block most of the emails, officials said Tuesday.	Malicious Spam	P Education	CC	US	University of California, Davis
1.000	22/06/2020	CLOP	Indiabulls Group	Indian conglomerate Indiabulls Group is allegedly hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data.	Malware	M Professional scientific and technical activities	CC	IN	Indiabulls Group, CLOP, ransomware
1.001	22/06/2020	?	Misconfigured Docker clusters	Security researchers from Trend Micro discover what appears to be the first organized and persistent series of attacks against Docker servers that infect misconfigured clusters with DDoS malware (XORDDoS AKA Backdoor.Linux.XORDDOS.AE and Kaiji DDoS AKA DDoS.Linux.KAIJI.A).	Misconfiguration	Y Multiple Industries	CC	>1	Trend Micro, Docker, DDoS, XORDDoS, Backdoor.Linux.XORDDOS.AE, Kaiji DDoS, DDoS.Linux.KAIJI.A
1.002	22/06/2020	?	Several dozen e-commerce sites using Google Analytics.	Researchers from Sansec reveals they discovered a Magecart campaign using Google Analytics to bypass Content Security Policies.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Sansec, Google Analytics, Content Security Policies, Magecart
1.003	22/06/2020	?	Undisclosed technology company	Researchers from Darktrace discover a phishing campaign spoofing QuickBooks, a product commonly being used in advance of the July 15 tax deadline.	Account Hijacking	Z Unknown	CC	US	Darktrace, QuickBooks
1.004	22/06/2020	?	Stalker Online	More than one million players of the video game Stalker Online are at risk after a database containing over 1.2 million user records is being sold on hacking forums. Separately, another database which is said to contain more than 136,000 records from the game’s forums are also being offered for sale.	Unknown	R Arts entertainment and recreation	CC	RU	Stalker Online
1.005	22/06/2020	?	Government and military orgs in South Asia	Researchers from Cisco Talos discover a military-themed malware campaign targeting military and government organizations in South Asia, using the Cobalt Strike toolset, and distributing a RAT via the IndigoDrop malware dropper.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	Cisco Talos, Cobalt Strike, IndigoDrop
1.006	22/06/2020	?	Mid-level employees across Austria, Switzerland and Germany	Researchers from Proofpoint discover a campaign spreading the Hakbit ransomware using malicious Microsoft Excel attachments and the GuLoader dropper.	Malware	Y Multiple Industries	CC	>1	Proofpoint, Hakbit, ransomware, GuLoader
1.007	22/06/2020	UK Police	Encrochat	The encrypted chat Encrochat shuts down after a police hack.	Unknown	M Professional scientific and technical activities	N/A	N/A	Encrochat
1.008	22/06/2020	?	Iowa State University	Iowa State University officials announce hat nearly 4,900 Iowa State University-affiliated email accounts were the recipients of a racist cyberattack from an email sender claiming to be Equity Prime Mortgage.	Malicious Spam	P Education	CC	US	Iowa State University
1.009	22/06/2020	?	CHI St. Luke’s Health-Memorial Lufkin	CHI St. Luke’s Health-Memorial Lufkin notifies of a phishing incident occurred on April 23, 2020.	Account Hijacking	P Education	CC	US	CHI St. Luke’s Health-Memorial Lufkin
1.010	23/06/2020	?	K12 Schools	The US Federal Bureau of Investigation sends out a security alert to K12 schools about the increase in ransomware attacks during the COVID-19 pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.	Malware	P Education	CC	US	FBI, K12, Ransomware, COVID-19
1.011	23/06/2020	Evil Corp	Multiple organizations	Researchers from Fox-IT reveal that the malicious actor Evil Corp is now deploying the WastedLocker ransomware.	Malware	Y Multiple Industries	CC	>1	Fox-IT, Evil Corp, WastedLocker
1.012	23/06/2020	Sodinokibi (AKA REvil)	Multiple organizations	Researchers from Symantec discover a new variant of the Sodinokibi ransomware scanning networks for PoS systems.	Malware	Y Multiple Industries	CC	>1	Symantec, Sodinokibi, REvil, ransomware
1.013	23/06/2020	?	Choice Health Management Services	Choice Health Management Services notifies an unspecified number of individuals of a phishing attack occurred in late 2019.	Account Hijacking	M Professional scientific and technical activities	CC	US	Choice Health Management Services
1.014	24/06/2020	?	Five cryptocurrency exchanges in United States, Japan, and the Middle East	Researchers from ClearSky reveal the details of CryptoCore, an organized hacker group believed to be operating out of Eastern Europe, which has stolen around $200 million from online cryptocurrency exchanges	Account Hijacking	V Fintech	CC	>1	ClearSky, CryptoCore, Crypto
1.015	24/06/2020	?	Multiple organizations	Researchers from Sophos reveal the details of Glupteba, an evasive malware that creates a backdoor providing full access to compromised Windows machines, while adding them to a growing botnet.	Malware	Y Multiple Industries	CC	>1	Sophos, Glupteba
1.016	24/06/2020	?	Multiple organizations	Researchers from Palo Alto Unit 42 reveal the details of a new variant of Lucifer, a powerful cryptojacking and DDoS malware exploiting severe vulnerabilities in order to infect Windows machines.	Malware	Y Multiple Industries	CC	>1	Lucifer, Palo Alto Unit 42
1.017	24/06/2020	?	Android users in Canada	Researchers from ESET discover a malicious Android app in disguise of Canada's official COVID-19 tracing app, but hiding the CryCryptor ransomware.	Malware	X Individual	CC	CA	ESET, Android, COVID-19, CryCryptor ransomware
1.018	24/06/2020	KelvinSecurity	Frost & Sullivan	U.S. business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet is sold on a hacker forum.	Misconfiguration	M Professional scientific and technical activities	CC	US	Frost & Sullivan, KelvinSecurity
1.019	25/06/2020	Maze	LG Electronics	Maze ransomware operators claim on their website that they breached and locked the network of the South Korean multinational LG Electronics.	Malware	C Manufacturing	CC	KR	Maze, LG Electronics, ransomware
1.020	25/06/2020	Maze	Xerox Corporation	Maze ransomware operators update their list of victims adding Xerox Corporation.	Malware	C Manufacturing	CC	US	Maze, Xerox Corporation, ransomware
1.021	25/06/2020	?	Multiple e-commerce sites	Researchers from Malwarebytes discover a new Magecart campaign hiding the credit card skimmer inside images.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Malwarebyes, Magecart,
1.022	25/06/2020	?	Undisclosed bank in Europe	Akamai reveals that a bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that peaked a record 809 million packets per second (PPS).	DDoS	K Financial and insurance activities	CC	N/A	Akamai, DDoS
1.023	25/06/2020	?	Vulnerable Microsoft Exchange servers	Microsoft warns organizations of a spike of attacks against Microsoft Exchange servers trying to exploit CVE-2020-0688	Vulnerability	Y Multiple Industries	CE	>1	Microsoft, Microsoft Exchange, CVE-2020-0688
1.024	25/06/2020	Chinese Bank	UK-based technology/software vendor and a major financial institution	Researchers from Trustwave reveal that a Chinese bank has forced at least two western companies to install a tax software infected with the GoldenSpy malware on their systems.	Malware	K Financial and insurance activities	CE	N/A	Trustwave, China, GoldenSpy
1.025	25/06/2020	?	Multiple organizations	Researchers from Check Point detect a new campaign distributing phishing emails and malicious files disguised as COVID-19 training materials.	Account Hijacking	Y Multiple Industries	CC	>1	Check Point, COVID-19
1.026	25/06/2020	DarkCrewFriends	Vulnerable CMS servers	A report from Check Point reveals that the hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet.	Vulnerability	Y Multiple Industries	CC	>1	Check Point, DarkCrewFriends
1.027	25/06/2020	?	Windows and Linux machines	Researchers from Barracuda Networks discover a new variant of the cryptominer malware known as Golang, targeting both Windows and Linux machines.	Malware	Y Multiple Industries	CC	>1	Barracuda Networks, Golang, Crypto
1.028	26/06/2020	Anonymous Brazil	Senior Brazilian government officials including president Jair Bolsonaro.	The Brazilian federal investigates the leak of personal details of senior government officials including president Jair Bolsonaro.	Unknown	O Public administration and defence, compulsory social security	H	BR	Anonymous, Jair Bolsonaro.
1.029	26/06/2020	?	E27	Media firm E27 is hacked, and attackers ask for a small "donation" to provide information on the vulnerabilities used in the attack.	Unknown	J Information and communication	CC	SG	E27
1.030	26/06/2020	Ransom X	Government agencies and enterprises	A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises.	Malware	Y Multiple Industries	CC	>1	Ransom X, Malware, Ransomware
1.031	26/06/2020	?	France Télévisions	The France Télévisions group announces it was the victim of a cyber attack that targeted one of its broadcasting sites.	Unknown	J Information and communication	CC	FR	France Télévisions
1.032	26/06/2020	?	Eight cities across three states in the United States	Researchers from Trend Micro reveal that eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. The sites all appear to have been built using Click2Gov.	Malicious Script Injection	O Public administration and defence, compulsory social security	CC	US	Trend Micro, Click2Gov, Magecart
1.033	28/06/2020	?	Israel Philharmonic Orchestra	The online Israel Philharmonic Orchestra concert, hosted by Helen Mirren, was disrupted by cyberattackers.	DDoS	R Arts entertainment and recreation	CC	IL	Israel Philharmonic Orchestra
1.034	28/06/2020	?	National Highway Authority of India (NHAI)	The National Highway Authority of India (NHAI) is attacked by a malware.	Malware	O Public administration and defence, compulsory social security	CC	IN	National Highway Authority of India, NHAI
1.035	29/06/2020	?	Efun	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	R Arts entertainment and recreation	CC	CN
1.036	29/06/2020	?	Fluke	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	C Manufacturing	CC	US
1.037	29/06/2020	?	Footters	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	J Information and communication	CC	ES
1.038	29/06/2020	?	JamesDelivery	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	I Accommodation and food service activities	CC	BR
1.039	29/06/2020	?	KitchHike	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	I Accommodation and food service activities	CC	JP
1.040	29/06/2020	?	KreditPlus	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	K Financial and insurance activities	CC	ID
1.041	29/06/2020	?	Playwings	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	R Arts entertainment and recreation	CC	KR
1.042	29/06/2020	?	Revelo	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	C Manufacturing	CC	CA
1.043	29/06/2020	?	Yotepresto	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	K Financial and insurance activities	CC	MX	DarkThrone, Efun, Fluke, Footters, JamesDelivery, KitchHike, KreditPlus, Playwings, Revelo Yotepresto
1.044	29/06/2020	?	DarkThrone	A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).	Unknown	R Arts entertainment and recreation	CC	US
1.045	29/06/2020	Promethium AKA StrongPity APT	Political targets in multiple targets.	In separate reports, researchers from Cisco Talos and BitDefender reveal new campaigns from the Promethium, AKA StrongPity APT.	Targeted Attack	O Public administration and defence, compulsory social security	CE	>1	Cisco Talos, BitDefender, Promethium, StrongPity
1.046	29/06/2020	Cl0ud SecuritY	Old LenovoEMC NAS devices	A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.	Misconfiguration	Y Multiple Industries	CC	>1	Cl0ud SecuritY, LenovoEMC
1.047	29/06/2020	?	Bloggers and website owners	Researchers from Sophos discover a new phishing campaign targeting bloggers and website owners with emails pretending to be from their hosting provider who wants to upgrade their domain to use secure DNS (DNSSEC).	Account Hijacking	X Individual	CC	>1	Sophos, DNSSEC
1.048	29/06/2020	?	945 websites	Researchers from Lucy Security discover a collection of SQL databases for sale on the Dark Web. The archived files were stolen from 945 websites around the world.	SQL Injection	Y Multiple Industries	CC	>1	Lucy Security
1.049	29/06/2020	?	City of Duncannon	Duncannon reveals to have been hit with a ransomware attack in April, which left many municipal computer systems inoperable and caused the borough to pay out more than $40,000 to the hackers to restore systems.	Malware	O Public administration and defence, compulsory social security	CC	US	Duncannon, ransomware
1.050	30/06/2020	Evil Corp	Dozens of US newspaper websites	Researchers from Symantec reveal that the Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms with the WastedLocker ransomware.	Malware	J Information and communication	CC	US	Symantec, Evil Corp, WastedLocker, SocGholish, ransomware
1.051	30/06/2020	?	Roblox players	Hackers use leaked credentials on pastebin to deface Roblox profiles to support Donald Trump in the forthcoming US presidential election.	Account Hijacking	R Arts entertainment and recreation	CC	US	Roblox, Donald Trump
1.052	30/06/2020	?	MacOS users	Multiple security researchers discover a new ransomware strain targeting macOS users, called OSX.ThiefQuest (or EvilQuest). The malware also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts.	Malware	X Individual	CC	>1	MacOS, OSX.ThiefQuest, EvilQuest
1.053	30/06/2020	?	Android users	Google removes 25 Android applications from the Google Play Store that were caught stealing Facebook credentials.	Malware	X Individual	CC	>1	Google, Android, Google Play Store, Facebook
1.054	30/06/2020	?	Users from multiple countries	Researchers from Group-IB discover thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam.	Unknown	X Individual	CC	>1	Group-IB, crypto
1.055	30/06/2020	?	Self-employed people in the UK	A new campaign targets the passport details of self-employed people, along with other information including personal and bank details, exploiting COVID-19-related HMRC phishing scams.	Account Hijacking	X Individual	CC	UK	COVID-19, HMRC
1.056	12/06/2020	?	Managed Service Providers in the US	The US Secret Service (GIOC -- Global Investigations Operations Center) sends out a security alert to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs).	>1	M Professional scientific and technical activities	CC	US	US Secret Service, GIOC, Global Investigations Operations Center, MSP
1.057	26/06/2020	Maze	Benefit Recovery Specialists, Inc. (BRSI)	Benefit Recovery Specialists, Inc. (BRSI) discovers a data breach after detecting malware on its systems. The malware, discovered on April 2020, may have allowed unauthorized individuals to obtain the information of 274,837 people.	Malware	M Professional scientific and technical activities	CC	US	Benefit Recovery Specialists, Inc., BRSI, ransomware
1.058	27/06/2020	Kerala Cyber Hackers	Delhi State Health Mission	Hackers from the Kerala Cyber Hackers Group obtain COVID-19 patient database in protest at treatment of Indian health workers.	Unknown	O Public administration and defence, compulsory social security	H	IN	Delhi State Health Mission, Kerala Cyber Hackers, COVID-19
1.059	30/06/2020	Homeland Cheetahs	Nuclear site at Natanz	A group of dissidents within Iran's military and security forces takes credit for a cyber attack causing an incident at the Natanz nuclear facility.	Unknown	D Electricity gas steam and air conditioning supply	CW	IR	Homeland Cheetahs, Natanz
1.060	30/06/2020	?	City of Palm Bay	The City of Palm Bay leadership reveals a possible security breach involving the Click2Gov online payment platform.	Malicious Script Injection	O Public administration and defence, compulsory social security	CC	US	City of Palm Bay, Click2Gov
1.061	30/06/2020	?	Central California Alliance for Health	The Central California Alliance for Health announces that a recent cybersecurity breach may have compromised the personal health information of a limited number of its members.	Account Hijacking	Q Human health and social work activities	CC	US	Central California Alliance for Health
1.062	17/05/2020	?	M.J. Brunner	M.J. Brunner is hit with a Maze ransomware attack.	Malware	M Professional scientific and technical activities	CC	US	M.J. Brunner, Maze, Ransomware
1.063	29/06/2020	?	New Mexico State University Foundation	New Mexico State University Foundation is another victim of the Blackbaud hack.	Malware	P Education	CC	US	New Mexico State University Foundation, Blackbaud, ransomware
1.064	01/07/2020	?	22,900 MongoDB databases	A hacker uploads ransom notes on 22,900 MongoDB databases left exposed online without a password, wiping their content, asking for a 0.015 bitcoin (~$140) payment. and threatening to leak their data and then contact the victim's local GDPR enforcement authority.	Misconfiguration	Y Multiple Industries	CC	EU	MongoDB, GDPR
1.065	01/07/2020	Roaming Mantis	Android users in China, Taiwan, France, Switzerland, Germany, UK, US and other	Researchers from Cybereason discover a campaign distributing the FakeSpy Android malware via a phishing message for a missed package from a local postal or delivery service.	Malware	X Individual	CC	>1	Cybereason, FakeSpy, Android
1.066	01/07/2020	?	Multiple organizations	The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn enterprises of cyberattacks launched from the Tor network.	N/A	Y Multiple Industries	CC	US	Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, Tor
1.067	01/07/2020	NetWalker	Trinity Metro	The cybercriminals behind NetWalker publish online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs.	Malware	H Transportation and storage	CC	US	NetWalker, Trinity Metro
1.068	01/07/2020	China	Uyghur ethnic minority	Researchers from Lookout discover four Android surveillance tools, named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle, elements of campaigns originating in China, and primarily targeting the Uyghur ethnic minority.	Targeted Attack	X Individual	CE	CN	Lookout, Android, SilkBean, DoubleAgent, CarbonSteal, GoldenEagle, Uyghur
1.069	01/07/2020	?	Multiple organizations	Researchers from CenturyLink discover a comeback of the point-of-sale (POS) malware called Alina, using a new trick for stealing credit- and debit-card data: Domain Name System (DNS) tunneling.	Malware	Y Multiple Industries	CC	>1	CenturyLink, Alina, DNS tunneling
1.070	01/07/2020	?	Financial, Manufacturing, Healthcare and Insurance Firms	Researchers from Cisco Talos discover a new campaign carried out by the group behind the Valak malware, targeting Financial, Manufacturing, Healthcare and Insurance Firms.	Malware	Y Multiple Industries	CC	>1	Cisco Talos, Valak
1.071	02/07/2020	?	Undisclosed company	Researchers from Abnormal Security discover a new campaign impersonating a Twitter security notification email, to lure the victims towards a phishing page.	Account Hijacking	Z Unknown	CC	N/A	Abnormal Security, Twitter
1.072	02/07/2020	?	Russia’s Ministry of Foreign Affairs	Unknown hackers hijack the Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data.	Account Hijacking	O Public administration and defence, compulsory social security	CC	RU	Russia’s Ministry of Foreign Affairs, Twitter
1.073	02/07/2020	KelvinSecurity Team	BMW car owners in the U.K.	A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum.	Unknown	C Manufacturing	CC	UK	BMW, KelvinSecurity Team
1.074	02/07/2020	?	Heartland Farm Mutual	A phishing attack at Heartland Farm Mutual, a Canadian insurance firm, may have exposed the personal data of clients, the company warns.	Account Hijacking	K Financial and insurance activities	CC	CA	Heartland Farm Mutual
1.075	02/07/2020	?	CNY Works	The names and Social Security numbers of 56,000 people who used CNY Works employment services are exposed in a ransomware discovered in December 2019.	Malware	S Other service activities	CC	US	CNY Works, ransomware
1.076	03/07/2020	Avaddon	Organizations in Italy	Researchers from Microsoft discover a new Avaddon ransomware campaign focused primarily against organizations in Italy.	Malware	Y Multiple Industries	CC	IT	Microsoft, Avaddon, ransomware
1.077	03/07/2020	Try2Cry	Multiple targets	Researchers from G DATA discover Try2Cry, a new ransomware with a worm-like behavior to infect other systems.	Malware	Y Multiple Industries	CC	>1	G DATA, Try2Cry
1.078	03/07/2020	?	Kingston’s Royal Military College	Kingston’s Royal Military College is one of four military training schools in Canada targeted in a ransomware attack.	Malware	P Education	CC	CA	Kingston’s Royal Military College, ransomware
1.079	03/07/2020	?	Swvl	Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, becomes aware of “unauthorized access to its IT infrastructure”.	Unknown	H Transportation and storage	CC	EG	Swvl
1.080	03/07/2020	?	MyGov accounts	Logins for more than 3600 MyGov accounts are for sale on the dark web.	Unknown	X Individual	CC	AU	MyGov
1.081	04/07/2020	Nefilim	Orange	Orange is hit with a ransomware attack through the "Orange Business Solutions" division.	Malware	J Information and communication	CC	FR	Orange, Orange Business Solutions, ransomware, Nefilim
1.082	04/07/2020	?	Multiple organizations	Researchers from NCC Group reveal that hackers have started launching attacks against F5 BIG-IP networking devices.	Vulnerability	Y Multiple Industries	CC	>1	NCC Group, F5, BIG-IP, CVE-2020-5902
1.083	04/07/2020	Sodinokibi (AKA REvil)	Sheriff's Office for Cooke County, Texas	The Sheriff's Office for Cooke County is hit by a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Sodinokibi, REvil, Sheriff's Office for Cooke County
1.084	05/07/2020	?	Xchanging	Global IT services and solutions provider DXC Technology announces over the weekend a ransomware attack on systems from its Xchanging subsidiary.	Malware	M Professional scientific and technical activities	CC	US	DXC Technology, Xchanging
1.085	05/07/2020	?	Atadan Egemen Koyuncu	The personal information of 10,000 patients is compromised after a medical study in Turkey suffers a cyber attack.	Unknown	Q Human health and social work activities	CC	TR	Atadan Egemen Koyuncu
1.086	05/07/2020	?	Multiple targets	Researchers from ProofPoint reveal that the criminals behind the Purple Fox fileless downloader malware recently upgraded their operation, targeting two new vulnerabilities (CVE-2020-0674 and CVE-2019-1458).	Malware	Y Multiple Industries	CC	>1	ProofPoint, Purple Fox, (CVE-2020-0674, CVE-2019-1458
1.087	06/07/2020	Lazarus Group AKA Hidden Cobra	Multiple online stores	Researchers from Sansec reveal that North Korea's state-sponsored hacking crews are breaking into online stores for Magecart attacks.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Sansec, Magecart, Lazarus Group, Hidden Cobra
1.088	06/07/2020	Sheriff	eToro	Using the alias “Sheriff,” a threat actor advertises an auction for 62,000 accounts belonging to users of the eToro social trading platform.	Unknown	K Financial and insurance activities	CC	IL	eToro, Sheriff
1.089	06/07/2020	?	Multiple cryptocurrency exchanges and online trading platforms	Another threat actor puts on sale a list of accounts belonging to payment/money transfer systems, cryptocurrency exchange and online trading platforms, including Advcash, Azimo, Binance, Bitcan, Coinmama, Coinsbank, Neteller, OKPAY, Payoneer, Paypal, Skrill, Yandex Money, Webmoney, Qiwi, along with many others.	Unknown	K Financial and insurance activities	CC	>1	Advcash, Azimo, Binance, Bitcan, Coinmama, Coinsbank, Neteller, OKPAY, Payoneer, Paypal, Skrill, Yandex Money, Webmoney, Qiwi
1.090	06/07/2020	?	Bank users in Portugal	A new release of the Lampion trojan banker targets uses in Portugal.	Malware	K Financial and insurance activities	CC	PT	Lampion
1.091	06/07/2020	?	Multiple online stores	Researchers from Malwarebytes identify a new card skimmer campaign targeting ASP.NET sites and exploiting CVE-2017-9248.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Malwarebytes, ASP.NET, CVE-2017-9248, Magecart
1.092	06/07/2020	?	Hapvida	Brazilian health insurer Hapvida reveals to have suffered a cyber attack potentially involving access to the personal information of its customers.	Unknown	K Financial and insurance activities	CC	BR	Hapvida
1.093	06/07/2020	?	Bcycle	BCycle, a bicycle sharing service, suffered a malware attack in April and launches an investigation, according to a company letter. The stolen information may have included names, credit card numbers and addresses.	Malware	H Transportation and storage	CC	US	Bcycle
1.094	07/07/2020	Keeper	More than 570 e-commerce sites	Researchers from Gemini Advisory reveal the details of Keeper, a group responsible for compromising more than 570 e-commerce websites with Magecart Attacks.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Gemini Advisory. Keeper, Magecart
1.095	07/07/2020	Cosmic Lynx	Multiple organizations worldwide	Researchers from Agari reveal the details of Cosmic Lynx, a BEC campaign targeting individuals in 200 companies across 46 countries.	Business Email Compromise	Y Multiple Industries	CC	>1	Agari, Cosmic Lynx
1.096	07/07/2020	C-Data?	Users of C-Data devices	Two security researchers discover severe vulnerabilities and what appears to be intentional backdoors in the firmware of devices from popular Chinese vendor C-Data.	Malware	Y Multiple Industries	CE	>1	C-Data
1.097	07/07/2020	?	Multiple targets	Mozilla temporarily suspends the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators.	Malware	Y Multiple Industries	CC	>1	Mozilla, Firefox Send
1.098	07/07/2020	?	Spanish-speaking Android users	Security researchers from Avast discover the Cerberus banking Trojan disguised as a legitimate currency app on Google Play.	Malware	X Individual	CC	>1	Avast, Cerberus, Google Play, Android
1.099	07/07/2020	?	Undisclosed company	Researchers at Abnormal Security uncover a campaign aiming to steal Office 365 user credentials using SurveyMonkey as cover.	Account Hijacking	Z Unknown	CC	N/A	Abnormal Security, Office 365, SurveyMonkey
1.100	07/07/2020	?	Chilton County	Chilton County shuts down after being targeted by a suspected ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Chilton County, ransomware
1.101	07/07/2020	?	Single individuals	More than 240 website subdomains belonging to organizations large and small, including household names, are hijacked to redirect users to malware, X-rated material, online gambling, and other unexpected content.	Misconfiguration	Y Multiple Industries	CC	>1	Azure
1.102	08/07/2020	?	Android users	Researchers from Malwarebytes discover pre-installed malware on a budget Android phone ANS (American Network Solutions) UL40 handset connected to Assurance Wireless by Virgin Mobile.	Malware	X Individual	CC	US	Malwarebytes, Android, ANS, American Network Solutions, UL40, Assurance Wireless, Virgin Mobile
1.103	08/07/2020	?	Multiple targets	Researchers from Carbon Black discover Conti, a ransomware strain using up to 32 simultaneous CPU threads to encrypt files on infected computers for blazing-fast encryption speeds.	Malware	X Individual	CC	>1	Carbon Black, Conti, ransomware
1.104	08/07/2020	?	Undisclosed company	Researchers from Abnormal Security discover a new phishing campaign using fake Zoom notifications to steal Office 365 logins.	Account Hijacking	Z Unknown	CC	N/A	Abnormal Security, Zoom, Office 365
1.105	08/07/2020	?	Office 365 Users	Microsoft issues a warning for Office 365 phishing attacks carried out via malicious OAuth apps.	Account Hijacking	Y Multiple Industries	CC	>1	Office 365, Oauth
1.106	08/07/2020	?	Comtrend routers	Researchers at Trend Micro discover a new version of the Mirai IoT botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.	Vulnerability	Y Multiple Industries	CC	>1	Trend Micro, Mirai, CVE-2020-10173, Comtrend
1.107	08/07/2020	?	Impact Guru	Researchers from Cyble identify a threat actor claiming to be in possession of more than 500,000 confidential data records of Impact Guru, a crowdfunding platform.	Misconfiguration	S Other service activities	CC	IN	Cyble, Impact Guru
1.108	08/07/2020	?	Multiple targets	Researchers from Wordfence reveal that a vulnerability on the Adning Advertising plugin for WordPress is currently under attack.	Vulnerability	Y Multiple Industries	CC	>1	Wordfence, Adning Advertising, WordPress
1.109	09/07/2020	?	Android users	Researchers from Check Point discover a new version of the Joker malware in Google Play	Malware	X Individual	CC	US	Check Point, Joker. Google Play
1.110	09/07/2020	?	Vulnerable Citrix Systems	Researchers from the SANS Institute reveal that threat actor are scanning the internet for two recently-discovered Citrix vulnerabilities (CVE-2020-8195, CVE-2020-8196)	Vulnerability	Y Multiple Industries	CC	>1	SANS, Citrix, CVE-2020-8195, CVE-2020-8196
1.111	09/07/2020	?	Religare Health Insurance	Researchers from Cyble discover 5 M records from Religare Health Insurance up for sale in the dark web.	Unknown	Q Human health and social work activities	CC	IN	Cyble, Religare Health Insurance
1.112	09/07/2020	?	Cloudflare	Cloudflare reveals that on June 21 it detected and mitigated a packet-based volumetric DDoS attack that peaked at 754 million packets-per-second.	DDoS	M Professional scientific and technical activities	CC	US	Cloudflare
1.113	09/07/2020	?	HSBC customers in the U.K.	People in the UK are targeted by a new phishing scam designed to trick victims into handing over details of their HSBC bank account.	Account Hijacking	K Financial and insurance activities	CC	UK	HSBC
1.114	09/07/2020	?	Indian Users	A fake TikTok app targets Indian users.	Malware	X Individual	CC	IN	TikTok
1.115	09/07/2020	?	Single individuals	Researchers from Kaspersky discover over 1000 inactive websites compromised to redirect visitors to unwanted URLs, many of which are malicious and distribute the Shlayer trojan.	Malvertising	X Individual	CC	>1	Kaspersky, Shlayer
1.116	10/07/2020	Magadimarus	LiveAuctioneers	LiveAuctioneers discloses a data breach after a well-known data breach broker begins selling 3.4 million stolen user records on a hacker forum.	Unknown	S Other service activities	CC	US	LiveAuctioneers, Magadimarus
1.117	10/07/2020	LulzSecurityITA	ENAC (Ente Nazionale Aviazione Civile), Italian Agency for the Civil Aviation	The Italian Agency for the Civil Aviation is hit with a cyber attack.	Unknown	O Public administration and defence, compulsory social security	H	IT	ENAC, LulzSecurityITA
1.118	10/07/2020	Netwalker	Alfanar	Researchers from Cyble discover internal data from Alfanar leaked from the Netwalker ransomware operators.	Malware	C Manufacturing	CC	SA	Alfanar, Cyble, Netwalker, ransomware
1.119	10/07/2020	?	Temple Sinai	A malicious hacker disrupts a Jewish congregation's virtual prayer service to display symbols synonymous with anti-Semitism.	Zoom bombing	S Other service activities	CC	US	Temple Sinai, Zoom
1.120	10/07/2020	?	Vancouver Coastal Health	Vancouver Coastal Health reveals to have suffered a ransomware attack on May 21.	Malware	Q Human health and social work activities	CC	CA	Vancouver Coastal Health, ransomware
1.121	10/07/2020	?	SEC registrants and service providers to SEC registrants.	The SEC’s Office of Compliance Inspections and Examinations (OCIE) issues a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants.	Malware	K Financial and insurance activities	CC	US	SEC, Office of Compliance Inspections and Examinations, OCIE, ransomware
1.122	11/07/2020	?	Cashaa	U.K.-based cryptocurrency exchange Cashaa reports that hackers stole more than 336 Bitcoin (BTC) and ceases all the crypto-related transactions.	Unknown	V Fintech	CC	UK	Cashaa
1.123	11/07/2020	?	Dunzo	Indian delivery service Dunzo said it suffers a data breach that left customer data including email IDs and phone numbers exposed, after attackers accessed one of its databases.	Unknown	I Accommodation and food service activities	CC	IN	Dunzo
1.124	12/07/2020	AgeLocker	Multiple organizations	A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files.	Malware	Y Multiple Industries	CC	>1	AgeLocker, Google, ransomware
1.125	12/07/2020	?	Multiple organizations	A new password-stealing trojan spam campaign adds an anti-sandbox evasion check.	Malware	Y Multiple Industries	CC	>1	Any.Run
1.126	12/07/2020	?	45 million travelers to Thailand and Malaysia from multiple countries	Researchers from Cyble discover the availability on the dark web of records of over 45 million travelers to Thailand and Malaysia from multiple countries.	Unknown	Z Unknown	CC	>1	Cyble, Thailand, Malaysia
1.127	12/07/2020	?	40,000 US citizens	Security researchers at Cyble discover the availability on the dark web of personal details of approximately 40,000 US citizens along with their social security numbers (SSNs).	Unknown	Z Unknown	CC	US	Cyble
1.128	13/07/2020	?	Argenta	Antwerp-based savings bank Argenta shuts down 143 ATM machines after falling victim to what is believed to be Belgium’s first jackpotting attacks.	Jackpotting	K Financial and insurance activities	CC	BE	Argenta
1.129	13/07/2020	NightLion	DataViper	A hacker going by the handle of NightLion claims to have breached the backend servers belonging to DataViper, a cyber security firm, and dumps 8,225 databases.	Unknown	M Professional scientific and technical activities	CC	US	NightLion, DataViper,
1.130	14/07/2020	Shiny Hunters	Wattpad	An allegedly stolen Wattpad database containing 270 million records is being sold in private sales for over $100,000 and offered for free on hacker forums.	Unknown	J Information and communication	CC	CA	Wattpad, Shiny Hunters
1.131	14/07/2020	BadPatch?	Users in Palestine	Researchers from ESET discover Welcome Chat, a chat application for Android with spying capabilities.	Targeted Attack	X Individual	CE	PS	ESET, Welcome Chat, Android, BadPatch
1.132	14/07/2020	Maze	Collabera	Collabera discloses a ransomware attack occurred on June, 8.	Malware	M Professional scientific and technical activities	CC	US	Collabera, ransomware, Maze
1.133	14/07/2020	LulzSecurityITA	Milan Linate and Malpensa Airports	Hackers from the LulzSecurityITA collective dump the list of 23 databases from the Airports of Milan Linate and Milan Malpensa, allegedly accessed.	Unknown	H Transportation and storage	H	IT	Milan, Linate, Malpensa, LulzSecurityITA
1.134	14/07/2020	?	Senior Catalonian Politicians	Roger Torrent, the speaker of Catalan parliament, and at least two other pro-independence supporters, have reportedly been told their phones were targeted last year using the ‘Pegasus’ spyware.	Targeted Attack	X Individual	CE	ES	Roger Torrent, Catalan parliament, Pegasus
1.135	14/07/2020	Jamescarter	UK ticketing provider	Security researchers from KELA discover a database containing millions of emails and usernames up for sale on the dark web, linked to a well-known UK ticketing provider.	Unknown	R Arts entertainment and recreation	CC	UK	Jamescarter, KELA
1.136	14/07/2020	?	Banking customers worldwide	Researchers from Kaspersky reveal that the "Tetrade", a set of four Brazilian banking trojans (Guildma, Javali, Melcoz, Grandoreiro) is now spreading globally.	Malware	K Financial and insurance activities	CC	>1	Kaspersky, Tetrade, Guildma, Javali, Melcoz, Grandoreiro
1.137	14/07/2020	RATicate	Industrial companies	Researchers from Sophos discover another campaign carried out by the RATIcate group, using the CloudEye tool	Targeted Attack	Y Multiple Industries	CE	>1	RATIcate. CloudEye
1.138	15/07/2020	CIA	Targets in Iran, Russia, China, and North Korea	A new report reveals that the Central Intelligence Agency conducted a series of covert cyber operations against Iran and other targets, including Russia, China, and North Korea.	Targeted Attack	O Public administration and defence, compulsory social security	CW	>1	CIA, Central Intelligence Agency, Russia, China, North Korea
1.139	15/07/2020	?	Citrix third-party	An actor sells what they claim to be a database with information on 2,000,000 Citrix customers on the dark web. An official statement by the company reveals that the database has ben obtained from a third-party.	Unknown	Z Unknown	CC	N/A	Citrix
1.140	15/07/2020	Graham Ivan Clark	Twitter	A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, are hijacked to promote a bitcoin scam. The author of the hack is arrested by the FBI two weeks later.	Account Hijacking	S Other service activities	CC	US	Twitter, Bill Gates, Elon Musk, Apple, bitcoin, Graham Ivan Clark
1.141	15/07/2020	?	Banks across Europe	ATM maker Diebold Nixdorf warns banks of a new type of ATM "black box" attack that was recently spotted used across Europe.	ATM "Black Box"	K Financial and insurance activities	CC	EU	Diebold Nixdorf, ATM, Black Box
1.142	15/07/2020	Mustang Panda	Hong Kong Catholic Church	China's government hackers have targeted members of the Hong Kong Catholic Church in a series of spear-phishing operations traced back to May this year.	Targeted Attack	S Other service activities	CE	HK	Mustang Panda, China, Catholic Church, Hong Kong
1.143	15/07/2020	Ghost Squad	European Space Agency (ESA)	Hackers from the Ghost Squad deface a domain of the European Space Agency (ESA): business.esa.int.	Defacement	U Activities of extraterritorial organizations and bodies	H	EU	Ghost Squad, European Space Agency, ESA, business.esa.int.
1.144	15/07/2020	?	Blackbaud	Blackbaud, a cloud software provider specializing in fundraising suites for charities and educational institutions, discloses a ransomware attack occurred on May, 2020.	Malware	M Professional scientific and technical activities	CC	US	Blackbaud, ransomware
1.145	15/07/2020	?	Single individuals in the UK	The Cofense Phishing Defense Center observes a new email-based phishing scam that aims to harvest Her Majesties Revenue and Customs (HMRC) credentials and sensitive personal information by preying on UK workers who are expecting COVID-19 tax relief grants.	Account Hijacking	X Individual	CC	US	Cofense, PDC, Her Majesties Revenue and Customs, HMRC, COVID-19
1.146	15/07/2020	?	Misconfigured Docker servers	Researchers from Aqua Security discover a new campaign exploits misconfigured Docker API ports in order to infect victims with a resource-hijacking cryptominer.	Misconfiguration	Y Multiple Industries	CC	>1	Aqua Security, Docker
1.147	15/07/2020	?	Multiple targets	Researchers from Bad Packets report that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability, tracked as CVE-2020-6287.	Vulnerability	Y Multiple Industries	CC	>1	CVE-2020-6287, SAP
1.148	15/07/2020	?	Tax Collector’s Office for Polk County	Tax Collector’s Office for Polk County blames malware found on an employee's computer for a data breach that affected around 450,000 residents of Polk County. The breach occurred in June.	Malware	O Public administration and defence, compulsory social security	CC	US	Tax Collector’s Office for Polk County
1.149	15/07/2020	?	Air travelers in the US	The Federal Bureau of Investigation issues a warning to air travelers to be wary of bogus US airport websites when booking flights online.	Account Hijacking	H Transportation and storage	CC	US	FBI
1.150	15/07/2020	?	Gravitas	An Auckland research firm, Gravitas, suffers a hack and loses the information provided by the NZ Police. As a consequence the police decides to close the contract.	Unknown	M Professional scientific and technical activities	CC	NZ	Gravitas
1.151	16/07/2020	APT29 (AKA Cozy Bear, The Dukes, and Yttrium)	Organizations involved in coronavirus vaccine development in Canada, UK, and the US	The National Cyber Security Centre (NCSC) in UK, warns of an ongoing campaign, carried out by Russian malicious actors, targeting organizations involved in coronavirus vaccine development.	Targeted Attack	Q Human health and social work activities	CE	>1	National Cyber Security Centre, NCSC, APT29, Cozy Bear, The Dukes, Yttrium, COVID-19
1.152	16/07/2020	?	Android users	Researchers from ThreatFabric discover a new Android banking trojan dubbed BlackRock.	Malware	K Financial and insurance activities	CC	>1	ThreatFabric, Android, BlackRock
1.153	16/07/2020	?	Apple macOS users	Researchers from ESET reveal that Apple macOS users are targeted in a fresh campaign aiming to pilfer cryptocurrency from their wallets via the Gmera trojan.	Malware	V Fintech	CC	>1	ESET, Apple macOS, Gmera, crypto
1.154	16/07/2020	?	Targets across the US and Europe in the professional, healthcare, IT, manufacturing, logistics, and travel sector	Researchers from Cybereason discover a new backdoor, dubbed Bazar, linked to the threat actors behind Trickbot.	Malware	Y Multiple Industries	CC	>1	Cybereason, Bazar, Trickbot
1.155	17/07/2020	?	Multiple targets	Emotet, 2019's most active cybercrime operation and malware botnet, returns to life with new attacks.	Malicious Spam	Y Multiple Industries	CC	>1	Emotet
1.156	17/07/2020	Netwalker	Lorien Health Services	Lorien Health Services announces that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident.	Malware	Q Human health and social work activities	CC	US	Lorien Health Services, Netwalker, ransomware
1.157	17/07/2020	?	Agricultural water pumps in upper Galilee	Local news outlet in Israel report that the agricultural water pumps in upper Galilee were hit by a cyber attack back in June	Unknown	E Water supply, sewerage waste management, and remediation activities	CW	IL	Agricultural water pumps in upper Galilee
1.158	17/07/2020	?	Water pumps in the province of Mateh Yehuda	Also the agricultural water pumps in upper Galilee were hit by a cyber attack back in June.	Unknown	E Water supply, sewerage waste management, and remediation activities	CW	IL	Water pumps in the province of Mateh Yehuda
1.159	17/07/2020	?	Office 365 Users	Researchers from Abnormal Security discover two phishing campaigns using the bait of an Office 365 subscription renewal.	Account Hijacking	Y Multiple Industries	CC	>1	Abnormal Security, Microsoft Office 365
1.160	18/07/2020	REvil AKA Sodinokibi	Telecom Argentina	The REvil ransomware gang infects the internal network of Telecom Argentina, and asks for a $7.5 million ransom demand to unlock encrypted files.	Malware	J Information and communication	CC	AR	REvil, Sodinokibi, Telecom Argentina, ransomware
1.161	18/07/2020	?	Multiple targets	A new phishing campaign uses a trio of enterprise cloud services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud.	Account Hijacking	Y Multiple Industries	CC	>1	Microsoft Azure, Microsoft Dynamics, IBM Cloud
1.162	19/07/2020	?	GEDMatch	More than a million DNA profiles are available to search on GEDMatch after the genealogy portal is hacked.	Account Hijacking	S Other service activities	CC	US	GEDMatch
1.163	20/07/2020	?	Multiple financial targets	After awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on infected Windows computers.	Malware	K Financial and insurance activities	CC	>1	Emotet, TrickBot
1.164	20/07/2020	?	UK Consumers	UK consumers are targeted by a new phishing scam falsely purporting to be from UK supermarket Tesco.	Account Hijacking	X Individual	CC	UK	Tesco
1.165	20/07/2020	?	Single Individuals	Researchers from Area 1 Security discover an email phishing campaign impersonating the Bill & Melinda Gates Foundation with messages demanding Bitcoin being sent out.	Account Hijacking	X Individual	CC	>1	Area 1 Security, Bill & Melinda Gates Foundation, Bitcoin
1.166	20/07/2020	?	University of Utah Health	University of Utah Health notifies 10,000 patients after it suffered a phishing attack.	Account Hijacking	Q Human health and social work activities	CC	US	University of Utah Health
1.167	21/07/2020	?	Multiple financial targets	Researchers tracking Emotet botnet notice that, after the comeback, the malware is starting to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload.	Malware	K Financial and insurance activities	CC	>1	Emotet, QakBot, TrickBot
1.168	21/07/2020	?	DeepSource	DeepSource resets the user logins after an employee falls for the Sawfish phishing campaign.	Account Hijacking	M Professional scientific and technical activities	CC	US	DeepSource, Sawfish
1.169	21/07/2020	?	Multiple targets	Researchers from Check Point discover a new phishing campaign using Google Cloud Services to steal Office 365 logins.	Account Hijacking	Y Multiple Industries	CC	>1	Check Point, Google Cloud Services, Office 365
1.170	21/07/2020	?	MyHeritage	MyHeritage, a genealogy website based in Israel, announces that some of its users had been subjected to a phishing attack to obtain their log-in details for the site, apparently targeting email addresses obtained in the attack on GEDmatch just two days before.	Account Hijacking	S Other service activities	CC	IL	MyHeritage, GEDMatch
1.171	21/07/2020	?	Multiple targets	The FBI sends out an alert warning about the discovery of new network protocols abused to launch large-scale distributed denial of service (DDoS) attacks. The list includes CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software.	DDoS	Y Multiple Industries	CC	US	FBI, DDoS, CoAP, Constrained Application Protocol, WS-DD, Web Services Dynamic Discovery, ARMS, Apple Remote Management Service,Jenkins
1.172	21/07/2020	Suspected Chinese APT	Political entities and individuals in India and Hong Kong.	Researchers from Malwarebytes discover an uptick in the spread of a new MgBot malware variant across India and Hong Kong by a suspected Chinese advanced persistent threat (APT) group.	Targeted Attack	O Public administration and defence, compulsory social security	CE	IN HK	Malwarebytes, MgBot, India, Hong Kong, China
1.173	21/07/2020	?	UFO VPN	UFO VPN database is destroyed by a 'meow' attack.	Misconfiguration	M Professional scientific and technical activities	CC	HK	UFO VPN, meow
1.174	22/07/2020	?	Unsecured databases	Hundreds of unsecured databases exposed on the public web are the target of an automated 'meow' attack that destroys data without any explanation.	Misconfiguration	Y Multiple Industries	CC	>1	meow
1.175	22/07/2020	?	Twilio	Twilio discloses that its TaskRouter JS SDK was compromised by attackers after they gained access to one of its misconfigured Amazon AWS S3 buckets which left the SDK's path publicly readable and writable for roughly five years, since 2015.	Misconfiguration	J Information and communication	CC	US	Twilio, TaskRouter JS SDK, Amazon, AWS, S3
1.176	22/07/2020	?	Multiple organizations	Research from Cisco Talos reveal the details of Prometei, a new cryptojacking botnet spreading across compromised networks via multiple methods including the EternalBlue exploit for Windows SMB. The s goal is to mine Monero (XMR) cryptocurrency.	Malware	Y Multiple Industries	CC	>1	Cisco Talos, Prometei, EternalBlue, SMB, Monero, XMR, crypto
1.177	22/07/2020	The Lazarus Group AKA HIDDEN COBRA	Corporate entities from multiple countries	Researches from Kaspersky reveal the details of MATA, a recently discovered malware framework used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft.	Malware	Y Multiple Industries	CC	>1	Kaspersky, MATA, The Lazarus Group. HIDDEN COBRA
1.178	22/07/2020	OilRig APT	A telecom company in the Middle East	Researchers from Palo Alto Networks discover a series of cyberattacks on a telecom company in the Middle East signaling the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT.	Targeted Attack	J Information and communication	CE	N/A	Palo Alto Networks, OilRig APT
1.179	22/07/2020	?	SUNY Erie Community College	About 50 computers at SUNY Erie Community College are disabled by a malware attack.	Malware	P Education	CC	US	SUNY Erie Community College
1.180	23/07/2020	REvil AKA Sodinokibi	Administrador de Infraestructuras Ferroviarias (ADIF)	Administrador de Infraestructuras Ferroviarias (ADIF), a Spanish state-owned railway infrastructure manager is hit by REvil ransomware operators.	Malware	H Transportation and storage	CC	ES	REvil, Sodinokibi, Administrador de Infraestructuras Ferroviarias, ADIF
1.181	23/07/2020	?	Sports organizations and teams, including Premier League football clubs	The UK National Cyber Security Centre (NCSC) highlight the increasing risks posed by ransomware attacks, phishing campaigns, and Business Email Compromise (BEC) fraud schemes targeting sports organizations and teams, including Premier League football clubs.	>1	R Arts entertainment and recreation	CC	UK	UK National Cyber Security Centre, NCSC, Business Email Compromise, BEC, Premier League
1.182	23/07/2020	?	University of York	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.183	23/07/2020	?	CouchSurfing	CouchSurfing, an online service that lets users find free lodgings, investigates a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums.	Unknown	I Accommodation and food service activities	CC	US	CouchSurfing
1.184	23/07/2020	China	US companies in the healthcare, chemical, and finance sectors	The Federal Bureau of Investigation issues an alert to inform organizations in the United States of the risk associated with the use of Chinese tax software.	Malware	Y Multiple Industries	CE	US	FBI, China, GoldenSpy
1.185	23/07/2020	?	Critical infrastructure across the U.S	The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of cyber attacks targeting critical infrastructure across the U.S.	>1	D Electricity gas steam and air conditioning supply	CC	US	National Security Agency, NSA, Cybersecurity and Infrastructure Security Agency, CISA
1.186	23/07/2020	?	Instacart	Online shopping service Instacart says reused passwords are to blame for a recent spate of account breaches, which saw personal data belonging to hundreds of thousands of Instacart customers stolen and put up for sale on the dark web.	Password-spraying	I Accommodation and food service activities	CC	US	Instacart
1.187	23/07/2020	?	?	Researchers from White Ops expose Chartreuse Blur. a malicious cyber-operation involving 29 fraudulent photo-editing apps downloaded 3.5 million times.	Malware	X Individual	CC	>1	White Ops, Chartreuse Blur
1.188	23/07/2020	?	Oxford Brookes University	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.189	23/07/2020	?	Loughborough University	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.190	23/07/2020	?	University of Leeds	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.191	23/07/2020	?	University of London	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.192	23/07/2020	?	University of Reading	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.193	23/07/2020	?	University College Oxford	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.194	23/07/2020	?	Ambrose University in Alberta	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.195	23/07/2020	?	Canada Human Rights Watch	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.196	23/07/2020	?	Young Minds, Rhode Island School of Design	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.197	23/07/2020	?	University of Exeter	At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.	Malware	P Education	CC	UK	University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.198	24/07/2020	WastedLocker	Garmin	Garmin is hit by a WastedLocker ransomware attack.	Malware	C Manufacturing	CC	US	Garmin, WastedLocker, ransomware
1.199	24/07/2020	APT28 AKA Fancy Bear	US Government and Energy Targets	From December 2018 until at least May of this year, APT28 AKA Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May.	Targeted Attack	O Public administration and defence, compulsory social security	CE	US	APT28, Fancy Bear, FBI
1.200	24/07/2020	APT28 AKA Fancy Bear	US Government and Energy Targets	From December 2018 until at least May of this year, APT28 AKA Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May.	Targeted Attack	D Electricity gas steam and air conditioning supply	CE	US
1.201	24/07/2020	?	Multiple organizations	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) publishes a warning confirming the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices.	Vulnerability	Y Multiple Industries	CC	>1	Cybersecurity and Infrastructure Security Agency, CISA, RCE, CVE-2020-5902,F5, Big-IP
1.202	24/07/2020	?	Multiple targets	Cisco fixes a high severity and actively exploited vulnerability affecting the web services interface of two of its firewall products (CVE-2020-3452).	Vulnerability	Y Multiple Industries	CC	>1	Cisco, CVE-2020-3452
1.203	24/07/2020	?	Emotet botnet	Someone is taking fun at the Emotet botnet and disrupting its operations by hacking into the malware's distribution sites and replacing malicious payloads with memes and GIFs.	Account Hijacking	S Other service activities	H	N/A	Emotet
1.204	24/07/2020	?	Aberystwyth University	The Aberystwyth University is an additional university hit with ransomware after the Blackbaud hack.	Malware	P Education	CC	UK	Aberystwyth University, Blackbaud
1.205	24/07/2020	?	Sheldon Independent School District	Sheldon Independent School District notifies current and former staff and students of an unauthorized access on its network occurred on June 15, 2020.	Unknown	P Education	CC	US	Sheldon Independent School District
1.206	25/07/2020	RagnarLocker	Carlson Wagonlit Travel (CWT)	US corporate travel management firm Carlson Wagonlit Travel (CWT) suffers an intrusion and it is believed to have paid a $4.5m ransom to get its data back.	Malware	H Transportation and storage	CC	US	Carlson Wagonlit Travel, CWT, RagnarLocker, ransomware
1.207	25/07/2020	?	Beaumont Health	Beaumont Health, Michigan's largest healthcare provider warns around 6,000 patients that their data may have been exposed following a phishing attack occurred between January 3, 2020, and January 29, 2020.	Account Hijacking	Q Human health and social work activities	CC	US	Beaumont Health, Michigan
1.208	26/07/2020	?	Waydev	Hackers use a blind SQL injection vulnerability to gain access to its database, from where they stole GitHub and GitLab OAuth tokens from other companies.	SQL Injection	M Professional scientific and technical activities	CC	US	GitHub, GitLab, OAuth, Waydev
1.209	26/07/2020	?	Dave.com	Loan app Dave.com has 7.5 million records leaked, blaming the breach to the OAuth tokens stolen by the attackers from Waydev.	OAuth token hijacking	K Financial and insurance activities	CC	US	Dave.com, Waydev
1.210	26/07/2020	?	Flood.io	Software testing service Flood.io suffers a breach blamed to the OAuth tokens stolen by the attackers from Waydev.	OAuth token hijacking	M Professional scientific and technical activities	CC	AU	Flood.io, Waydev
1.211	27/07/2020	ShinyHunters	Promo.com	Promo.com, an Israeli-based marketing video creation site, discloses a data breach after a database containing 22 million user records is leaked for free on a hacker forum.	Unknown	M Professional scientific and technical activities	CC	US	Promo.com, ShinyHunters
1.212	27/07/2020	ShinyHunters	Drizly	ShinyHunters leaks the database of Drizly, containing approximately 2.5 million records	Unknown	I Accommodation and food service activities	CC	IT	ShinyHunters, Drizly
1.213	27/07/2020	Ensiko	Systems running PHP	Researchers from Trend Micro discover Ensiko, a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers.	Malware	Y Multiple Industries	CC	>1	Trend Micro, Ensiko, ransomware, PHP
1.214	27/07/2020	?	Office 365 Users	Researchers from Abnormal Security discover a new campaign targeting Microsoft Office 365 users, and making use of bait messages camouflaged as automated SharePoint notifications to steal their accounts.	Account Hijacking	Y Multiple Industries	CC	>1	Abnormal Security, Microsoft Office 365, SharePoint
1.215	27/07/2020	?	Sheffield Hallam University	The Sheffield Hallam University confirms that it is dealing with a data breach linked to the software provider Blackbaud.	Unknown	P Education	CC	UK	Sheffield Hallam University, Blackbaud
1.216	27/07/2020	?	Users in the UK	Users in UK are warned not to fall for yet another COVID-related lure after warnings of a new phishing campaign, this time promising the recipient a government-funded tax cut.	Account Hijacking	X Individual	CC	UK	COVID-19
1.217	28/07/2020	Netwalker	U.S. and foreign government organizations	The FBI issues a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations.	Malware	O Public administration and defence, compulsory social security	CC	>1	FBI, Netwalker, ransomware
1.218	28/07/2020	The Lazarus Group AKA HIDDEN COBRA	Multiple Enterprise Targets	Researchers from Kaspersky reveal that North Korean-backed hackers from the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets.	Malware	Y Multiple Industries	CC	>1	The Lazarus Group, Kaspersky, VHD, ransomware, HIDDEN COBRA
1.219	28/07/2020	?	Misconfigured cloud-based docker instances	Researchers from Intezer Labs reveal the details of Doki, a malware part of the Ngrok Cryptominer Botnet targeting misconfigured cloud-based docker instances running on Linux.	Misconfiguration	Y Multiple Industries	CC	>1	Intezer Labs, Doki, Ngrok, Crypto, Linux
1.220	28/07/2020	Nefilim	Dresdner Kühlanlagenbau GmbH (DKA)	The Nefilim ransomware operation begins to publish unencrypted files stolen from a Dussmann Group subsidiary, Dresdner Kühlanlagenbau GmbH (DKA), during a recent attack.	Malware	S Other service activities	CC	DE	Nefilim, ransomware, Dussmann Group, Dresdner Kühlanlagenbau GmbH, DKA
1.221	28/07/2020	?	Netflix users	Researchers from Armorblox discover a phishing campaign targeting Netflix users and using CAPTCHA to avoid detection.	Account Hijacking	R Arts entertainment and recreation	CC	>1	Armorblox, Netflix, CAPTCHA
1.222	28/07/2020	?	Rhode Island College Foundation	Rhode Island College Foundation is another victim of the Blackbaud ransomware attack.	Malware	P Education	CC	US	Rhode Island College Foundation, Blackbaud, ransomware
1.223	28/07/2020	?	Providence Children’s Museum	Even the Rhode Island College Foundation is a victim of the Blackbaud hack	Malware	R Arts entertainment and recreation	CC	US	Providence Children’s Museum, Blackbaud, ransomware
1.224	29/07/2020	Hidden Cobra	U.S. defense and aerospace contractors	Researchers from McAfee reveal the details of Operation North Star, a long-lasting spear-phishing campaign targeting U.S. defense and aerospace contractors between early April and mid-June 2020.	Targeted Attack	C Manufacturing	CE	US	McAfee, Operation North Star, Hidden Cobra
1.225	29/07/2020	Deceptikons	Law firms and fintech companies in Europe and Middle East.	Researchers from Kaspersky discover a new hacker-for-hire mercenary group codenamed Deceptikons, and active for almost a decade.	Targeted Attack	K Financial and insurance activities	CE	>1	Kaspersky, Deceptikons
1.226	29/07/2020	Deceptikons	Law firms and fintech companies in Europe and Middle East.	Researchers from Kaspersky discover a new hacker-for-hire mercenary group codenamed Deceptikons, and active for almost a decade.	Targeted Attack	V Fintech	CE	>1	Kaspersky, Deceptikons
1.227	29/07/2020	ShinyHunters	Havenly	Havenly, discloses a data breach that impacted 1.3 million users.	Unknown	G Wholesale and retail trade	CC	US	Havenly, ShinyHunters
1.228	29/07/2020	China?	Vatican and the Holy See’s Study Mission to China’	Researchers from Recorded Future reveal that the Vatican’s computer networks have allegedly been infiltrated by Chinese hackers in the run up to sensitive talks between the Catholic Church and Beijing focusing on the religion’s status in China.	Targeted Attack	O Public administration and defence, compulsory social security	CE	VA	Recorded Future, Vatican and the Holy See’s Study Mission to China’
1.229	29/07/2020	?	European Bank for Reconstruction and Development (EBRD) Twitter account	The European Bank for Reconstruction and Development (EBRD) Twitter account is hijacked.	Account Hijacking	U Activities of extraterritorial organizations and bodies	CC	EU	European Bank for Reconstruction and Development, EBRD
1.230	29/07/2020	?	Ledger	Crypto-wallet firm Ledger reveals a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands after the vulnerability was exploited in June 25, 2020.	Vulnerability	V Fintech	CC	FR	Ledger
1.231	29/07/2020	?	Athens ISD	Athens ISD pays a $50,000 ransom for school data that was taken in a ransomware attack.	Malware	P Education	CC	US	Athens ISD, ransomware
1.232	29/07/2020	?	Las Cruces Middle School	Las Cruces Middle School suffers a Zoom bombing attack.	Zoom bombing	P Education	CC	US	Las Cruces Middle School, Zoom bombing
1.233	30/07/2020	ShinyHunters	Appen.com	ShinyHunters leaks the databases of 18 startups.	Unknown	M Professional scientific and technical activities	CC	US	ShinyHunters, Appen.com, Indabamusic.com, Ivoy.mx, Proctoru.com, Rewards1.com, Vakinha.com.br
1.234	30/07/2020	ShinyHunters	Indabamusic.com	ShinyHunters leaks the databases of 18 startups.	Unknown	R Arts entertainment and recreation	CC	US
1.235	30/07/2020	ShinyHunters	Ivoy.mx	ShinyHunters leaks the databases of 18 startups.	Unknown	M Professional scientific and technical activities	CC	MX
1.236	30/07/2020	ShinyHunters	Proctoru.com	ShinyHunters leaks the databases of 18 startups.	Unknown	M Professional scientific and technical activities	CC	US
1.237	30/07/2020	ShinyHunters	Rewards1.com	ShinyHunters leaks the databases of 18 startups.	Unknown	R Arts entertainment and recreation	CC	US
1.238	30/07/2020	ShinyHunters	Vakinha.com.br	ShinyHunters leaks the databases of 18 startups.	Unknown	S Other service activities	CC	BR
1.239	30/07/2020	ShinyHunters	Scentbird	Shentbird discloses the security breach after ShinyHunters leak their database.	Unknown	G Wholesale and retail trade	CC	US	Scentbird, ShinyHunters
1.240	30/07/2020	?	Multiple organizations	Researchers from Cofense discover an Office 365 phishing campaign abusing Google Ads to bypass secure email gateways, redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials.	Account Hijacking	Y Multiple Industries	CC	>1	Cofense, Office 365, Google Ads
1.241	30/07/2020	?	High-impact targets with valuable financial information.	Researchers from Intezer Labs reveal that the TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.	Malware	Y Multiple Industries	CC	>1	Intezer Labs, TrickBot, Anchor, Linux
1.242	30/07/2020	Russia?	Audiences in Lithuania, Latvia, and Poland	Researchers from FireEye discover Ghostwriter, a widespread long-lasting influence campaign using compromised websites to discredit the NATO.	Vulnerability	O Public administration and defence, compulsory social security	CW	>1	FireEye, NATO, Ghostwriter, Russia
1.243	31/07/2020	?	Zello	The push-to-talk app, Zello, discloses a data breach that revealed user's email addresses and hashed passwords after discovering unauthorized activity on their systems on July 8, 2020.	Unknown	J Information and communication	CC	US	Zello
1.244	31/07/2020	?	Pivot Technology Solutions	Managed service provider Pivot Technology Solutions discloses that it was the victim of a failed ransomware attack that resulted in sensitive information being accessed by the hackers. The incident occurred last month.	Malware	M Professional scientific and technical activities	CC	CA	Pivot Technology Solutions, ransomware
1.245	31/07/2020	?	Multiple government websites	In an ongoing blackhat SEO campaign, scammers use open redirects found on government websites to redirect visitors to pornography sites.	Malicious SEO redirection	X Individual	CC	US	SEO
1.246	31/07/2020	?	2gether	2gether reveals a cyberattack in which roughly €1.2 million in cryptocurrency has been stolen from cryptocurrency investment accounts.	Unknown	V Fintech	CC	ES	2gether
1.247	31/07/2020	?	Elkins Rehabilitation & Care Center	Elkins Rehabilitation & Care Center notifies residents and employees of a phishing attack discovered in February 2019.	Account Hijacking	Q Human health and social work activities	CC	US	Elkins Rehabilitation & Care Center, ERCC
1.248	21/07/2020	?	Pepperstone	Pepperstone sends out an email to clients, alerting them of a data security incident in which third parties are reaching out to the broker’s clients and falsely claiming to be Pepperstone.	Unknown	K Financial and insurance activities	CC	AU	Pepperstone
1.249	27/07/2020	?	City of Lafayette	The City of Lafayette suffers a ransomware attack that impact the phone services, email, and online payment reservation systems. The city is forced to pay $45,000.	Malware	O Public administration and defence, compulsory social security	CC	US	City of Lafayette, ransomware
1.250	29/07/2020	?	iVoy	Delivery startup, iVoy, experiences a data breach, over 127,000 accounts exposed.	Unknown	H Transportation and storage	CC	MX	iVoy
1.251	30/07/2020	Maze	Canon	Canon suffers a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.	Malware	C Manufacturing	CC	JP	Canon, Ransomware, Maze
1.252	30/07/2020	RansomEXX	Konica Minolta	Konica Minolta is hit with a RansomEXX ransomware attack	Malware	C Manufacturing	CC	JP	Konica Minolta, RansomEXX, ransomware
1.253	30/07/2020	?	British Dental Association	The British Dental Association notifies its members of a breach occurred on July 30.	Unknown	S Other service activities	CC	UK	British Dental Association
1.254	02/08/2020	?	Telstra	Telstra is hit with a DDoS attack	DDoS	J Information and communication	CC	AU	Telstra
1.255	02/08/2020	Indian Hackers	Dawn News Channel	One of the leading Pakistan News Channels, Dawn, was reportedly targeted by Indian hackers.	Unknown	J Information and communication	H	PK	Pakistan, India
1.256	02/08/2020	?	Hudson Independent School District	Hudson ISD’s website is down after a cyber attack affected the website’s host.	Unknown	P Education	CC	US	Hudson Independent School District
1.257	03/08/2020	Chinese state-sponsored hackers	US private entities	Three agencies of the US government CISA, CyberCom, and FBI) publish a joint alert about new versions of Taidoor (AKA Taurus RAT), a malware family previously associated with Chinese state-sponsored hackers.	Targeted Attack	Y Multiple Industries	CE	US	CISA, CyberCom, FBI, Taidoor, Taurus RAT, China
1.258	03/08/2020	Russian Hackers	Liam Fox	A personal email account belonging to Liam Fox, the former UK trade minister, is repeatedly hacked into by Russian attackers who stole classified documents relating to US-UK trade talks.	Targeted Attack	O Public administration and defence, compulsory social security	CE	UK	Liam Fox, Russia
1.259	03/08/2020	?	Multiple targets	The FBI warns private industry partners of increased security risks because of devices still running Windows 7, after observing some attacks.	>1	Y Multiple Industries	CC	US	FBI, Windows 7
1.260	03/08/2020	Maze	Regis	Regis, an aged-care operator is hit by a Maze ransomware attack.	Malware	Q Human health and social work activities	CC	AU	Regis, Raze, Ransomware
1.261	03/08/2020	Netwalker	Forsee Power	Netwalker ransomware operators leak the data of Forsee Power, a well-known player in the electromobility market.	Malware	C Manufacturing	CC	FR	Netwalker, ransomware, Forsee Power
1.262	03/08/2020	?	Single Individuals in U.K.	Hundreds of Britons are targeted by a free TV license SMS phishing campaign.	Account Hijacking	X Individual	CC	UK	TV
1.263	03/08/2020	?	Tacoma Public Schools	Tacoma Public Schools email is hacked and sends out phishing emails.	Account Hijacking	P Education	CC	US	Tacoma Public Schools
1.264	04/08/2020	?	Multiple targets	A hacker publishes a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.	Vulnerability	Y Multiple Industries	CC	>1	CVE-2019-11510, Pulse Secure
1.265	04/08/2020	?	SMB in the U.S.	A report from Interpol reveals that American medium-sized companies are actively targeted by LockBit ransomware.	Malware	Y Multiple Industries	CC	US	LockBit, ransomware
1.266	04/08/2020	?	Chrome users	Researchers from Adguard reveal that more than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.	Malicious Browser Extension	X Individual	CC	>1	Adguard, Chrome
1.267	04/08/2020	?	UberEats	Security researchers from Cyble discover user records of American online food ordering and delivery platform UberEats on the DarkWeb.	Unknown	I Accommodation and food service activities	CC	US	Cyble, UberEats
1.268	04/08/2020	?	Multiple targets	Researchers from INKY discover a phishing campaign in several countries designed to extract credentials from users via fake Zoom invites.	Account Hijacking	Y Multiple Industries	CC	>1	INKY, Zoom
1.269	05/08/2020	?	Hillsborough County	A court hearing held via Zoom for the US teenager accused of masterminding the Twitter hack is interrupted with rap music and porn.	Zoom bombing	O Public administration and defence, compulsory social security	CC	US	Zoom, Twitter, Hillsborough County
1.270	05/08/2020	?	Pace Center for Girls	Pace Center for Girls issues a warning to its supporters after the organization discovers some of its data was affected by the security breach at Blackbaud.	Malware	Q Human health and social work activities	CC	US	Pace Center for Girls, Blackbaud, ransomware
1.271	05/08/2020	?	Hancock County school district	Hancock County school district is hit by a cyber attack, affecting the internet connectivity	Unknown	P Education	CC	US	Hancock County school district
1.272	06/08/2020	China, Russia, Iran, and Tunisia	Multiple countries	In its TAG bulletin, Google reveals it took down ten influence operation campaigns in Q2 2020, traced back to China, Russia, Iran, and Tunisia.	Fake Social Network accounts/groups/pages	O Public administration and defence, compulsory social security	CW	>1	TAG bulletin, Google, China, Russia, Iran, Tunisia
1.273	06/08/2020	?	Intel	Classified and confidential documents from Intel, allegedly resulting from a breach, are uploaded to a public file sharing service.	Misconfiguration	C Manufacturing	CC	US	Intel
1.274	06/08/2020	Water Nue	More than 1,000 companies in the U.S. and Canada	Researchers from Trend Micro discover Water Nue, a series of business email compromise campaigns targeting executives of more than 1,000 companies, most recently in the US and Canada.	Business Email Compromise	Y Multiple Industries	CC	US CA	Trend Micro, Water Nue
1.275	06/08/2020	Chimera	Taiwan semiconductor vendors	Researchers from CyCraft Technology reveal the details of Operation Skeleton, a series of targeted attacks against Taiwan semiconductor vendors.	Targeted Attack	C Manufacturing	CE	TW	CyCraft Technology, Operation Skeleton, Chimera
1.276	06/08/2020	?	Firefox users	Firefox fixes a bug abused in the wild by tech support scammers to create artificial mouse cursors and prevent users from easily leaving malicious sites.	Evil cursor	X Individual	CC	>1	Firefox
1.277	06/08/2020	Magecart Group 8	Multiple Targets	Researchers from Malwarebytes discover a new credit card skimming campaign making use of homoglyph techniques, connected to an existing Magecart threat group.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Malwarebytes, homoglyph, Magecart, Magecart Group 8
1.278	06/08/2020	Interactive Data	?	Interactive Data, a data broker, is hacked and fuels fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts	Unknown	M Professional scientific and technical activities	CC	US	Interactive Data, COVID-19
1.279	06/08/2020	?	Imperial Valley College	Imperial Valley College is hit with a Ransomware Attack	Malware	P Education	CC	US	Imperial Valley College
1.280	06/08/2020	?	Scholarship America	Scholarship America discloses a phishing attack.	Account Hijacking	Q Human health and social work activities	CC	US	Scholarship America
1.281	07/08/2020	DoppelPaymer	Boyce Technologies	The DoppelPaymer ransomware gang hits ventilator manufacturer Boyce Technologies amid the COVID-19 pandemic.	Malware	C Manufacturing	CC	US	Boyce Technologies, ransomware,
1.282	07/08/2020	?	Reddit users	Multiple Reddit subreddits are defaced, with the attackers posting pro-Trump messages and changing the communities' themes to show content supporting Trump's 2020 campaign.	Account Hijacking	Y Multiple Industries	H	US	Reddit, Trump
1.283	07/08/2020	?	Britain's National Trust	Britain's National Trust warns volunteers of a data breach linked to the cyber-attack on US cloud computing and software provider Blackbaud in May.	Malware	Q Human health and social work activities	CC	UK	Britain's National Trust, Blackbaud, ransomware
1.284	08/08/2020	Fox Kitten (AKA Parisite)	Fortune 500 firms, government agencies, and banks.	The FBI warns of Iranian hackers actively attempting to exploit CVE-2020-5902 affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks.	Vulnerability	Y Multiple Industries	CC	US	FBI, CVE-2020-5902, F5 Big-IP, ADC, Fox Kitten, Parisite
1.285	08/08/2020	?	cPanel users	A phishing scam is targeting cPanel users with a fake security advisory alerting them of critical vulnerabilities in their web hosting management panel.	Account Hijacking	Y Multiple Industries	CC	>1	cPanel
1.286	08/08/2020	?	Southeastern Pennsylvania Transportation Authority	The Southeastern Pennsylvania Transportation Authority is hit with a malware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Southeastern Pennsylvania Transportation Authority
1.287	09/08/2020	?	Defcon.org	The defcon.org forum is attacked with CVE-2019-16759 (targeting vBulletin), three hours after it is disclosed.	Vulnerability	S Other service activities	CC	US	Defcon.org, CVE-2019-16759, vBulletin
1.288	09/08/2020	?	Users accessing cryptocurrency-related sites	A report reveals that a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser.	SSL Stripping	V Fintech	CC	>1	Tor
1.289	09/08/2020	Nefilim	SPIE group	Nefilim ransomware operators leak the date of SPIE group, an independent European leader in multi-technical services	Malware	M Professional scientific and technical activities	CC	FR	Nefilim, ransomware, SPIE
1.290	10/08/2020	?	utahgunexchange.com	A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum.	Misconfiguration	S Other service activities	CC	>1	utahgunexchange.com
1.291	10/08/2020	?	muleyfreak.com	A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum.	Misconfiguration	S Other service activities	CC	>1	muleyfreak.com
1.292	10/08/2020	?	deepjunglekratom.com	A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum.	Misconfiguration	S Other service activities	CC	>1	deepjunglekratom.com
1.293	10/08/2020	?	Michigan State University (MSU)	Michigan State University (MSU) discloses that attackers were able to steal credit card and personal information from roughly 2,600 users of its shop.msu.edu online store. The attacked lasted between Oct. 19, 2019 and June 26, 2020	Malicious Script Injection	P Education	CC	US	Michigan State University, MSU, Magecart
1.294	10/08/2020	Avaddon	Undisclosed Construction company	The gang behind the Avaddon ransomware launches a data leak site to extort victims and published the data of a construction company.	Malware	C Manufacturing	CC	N/A	Avaddon, ransomware
1.295	10/08/2020	?	Single Individuals	Researchers from Cyble discover a large scale hacking campaign targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams.	Malware	Y Multiple Industries	CC	>1	Cyble
1.296	10/08/2020	?	Multiple targets	Researchers from SentinelOne discover new variants of the popular Agent Tesla Trojan that include new modules to steal credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.	Malware	Y Multiple Industries	CC	>1	SentinelOne, Agent Tesla
1.297	10/08/2020	?	US Small businesses	Researchers from Proofpoint reveal the details of a wave of phishing attacks impersonating the US Small Business Administration (SBA).	Account Hijacking	Y Multiple Industries	CC	US	Proofpoint, US Small Business Administration, SBA
1.298	10/08/2020	Pysa (AKA Mespinoza)	Piedmont Orthopedics/OrthoAtlanta	Piedmont Orthopedics/OrthoAtlanta is hit with a Pysa (AKA Mespinoza) ransomware attack. The threat actors leak the data.	Malware	Q Human health and social work activities	CC	US	Piedmont Orthopedics/OrthoAtlanta, Pysa, Mespinoza, ransomware
1.299	10/08/2020	Netwalker	The Center for Fertility and Gynecology	The Center for Fertility and Gynecology is yet another victim of the Netwalker ransomware gang.	Malware	Q Human health and social work activities	CC	US	Center for Fertility and Gynecology, Netwalker ransomware
1.300	10/08/2020	Netwalker	Olympia House Rehab	The Olympia House Rehab is hit with a Netwalker ransomware attack.	Malware	Q Human health and social work activities	CC	US	Olympia House Rehab, Netwalker, ransomware
1.301	10/08/2020	?	Premier Health	Premier Health discloses a phishing attack occurred on June 8.	Account Hijacking	Q Human health and social work activities	CC	US	Premier Health
1.302	10/08/2020	?	Bexar County	A Bexar County court hearing is Zoom bombed.	Zoom bombing	O Public administration and defence, compulsory social security	CC	US	Bexar County, Zoom
1.303	10/08/2020	?	Clayton County School	Clayton County School is zoom bombed.	Zoom bombing	P Education	CC	US	Clayton County School, Zoom
1.304	10/08/2020	?	Buffalo and Erie County Public Library	The Buffalo and Erie County Public Library discloses to have been hit by hackers earlier this year.	Unknown	P Education	CC	US	Buffalo and Erie County Public Library
1.305	10/08/2020	?	Virtu Financial	High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in Ma	Business Email Compromise	K Financial and insurance activities	CC	US	Virtu Financial
1.306	11/08/2020	?	SANS Institute	The SANS cybersecurity training organization has suffered a data breach after one of their employees fell victim to a phishing attack.	Account Hijacking	P Education	CC	UK	SANS Institute
1.307	11/08/2020	bcorp33	Multiple targets	Researchers from Shadow Intelligence expose bcorp33, a threat actors selling access to high-profile targets exploiting CVE-2019-11510 (Pulse Secure) and CVE-2020-5902 (F5).	Vulnerability	Y Multiple Industries	CC	>1	Shadow Intelligence, bcorp33, CVE-2019-11510, CVE-2020-5902
1.308	11/08/2020	?	Multiple targets	Microsoft addresses 120 vulnerabilities with its August 2020 Patch Tuesday updates, including two vulnerabilities, CVE-2020-1464 and CVE-2020-1380, actively exploited in attacks.	Vulnerability	Y Multiple Industries	CC	>1	Microsoft, CVE-2020-1464 , CVE-2020-1380
1.309	11/08/2020	?	Single Individuals	Researchers from Check Point reveal the details of multiple phishing campaigns exploiting the promise of a COVID-19 vaccine.	Account Hijacking	X Individual	CC	>1	COVID-19, Check Point
1.310	11/08/2020	?	FHN	Illinois healthcare system FHN notifies patients of a phishing attack that took place in February and was discovered in April.	Account Hijacking	Q Human health and social work activities	CC	US	FHN
1.311	11/08/2020	?	Adit	An unsecured database with 3.1 million patients' details is exposed by a medical software company and subsequently destroyed by a "meow" attack.	Misconfiguration	M Professional scientific and technical activities	CC	US	Adit, meow
1.312	12/08/2020	The Lazarus Group AKA Hidden Cobra AKA APT37	Israeli Defense Industry	Researchers from ClearSky reveal that hackers from North Korea were able to steal sensitive information from dozens of companies in the defense sector. The campaign is dubbed Dreamjob.	Targeted Attack	O Public administration and defence, compulsory social security	CE	IL	ClearSky, North Korea, The Lazarus Group, Hidden Cobra, APT37
1.313	12/08/2020	?	Various government organization in the U.S.	The U.S. Cybersecurity and Infrastructure Security Agency (CISA) releases an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts.	Account Hijacking	O Public administration and defence, compulsory social security	CC	US	The U.S. Cybersecurity and Infrastructure Security Agency, CISA, COVID-19
1.314	12/08/2020	DarkHotel?	Undisclosed South Korean Company	Researchers from Kaspersky reveal the details of "Operation PowerFall,” an attack occurred in May, relying on two unknown vulnerabilities back then: CVE-2020-1380 and CVE-2020-0986.	Targeted Attack	Z Unknown	CE	KR	Kaspersky, Operation PowerFall, CVE-2020-1380, CVE-2020-0986, DarkHotel
1.315	12/08/2020	India	Pakistan	An alleged cyber attack by Indian intelligence agencies is identified by the Pakistani intelligence.	Unknown	O Public administration and defence, compulsory social security	CE	PK	India, Pakistan
1.316	12/08/2020	?	NHS	A report reveals that NHS staff were hit with a wave of malicious email attacks at the height of the COVID-19 pandemic, with doctors, nurses and other key workers reporting over 40,000 spam and phishing attacks between March and the first half of July.	Account Hijacking	O Public administration and defence, compulsory social security	CC	UK	NHS, COVID-19
1.317	12/08/2020	?	Flintshire Council	Personal information of people who left comments about local planning issues on Flintshire council's website is hacked.	Unknown	O Public administration and defence, compulsory social security	CC	UK	Flintshire Council
1.318	12/08/2020	?	Multiple targets	Researchers from Juniper discover a new phishing campaign targeting business customers with a new version of the IceID malware using password protection, among other techniques, to avoid detection.	Malware	Y Multiple Industries	CC	>1	Juniper, IcedID
1.319	13/08/2020	Russian Intelligence Directorate (GRU)	Multiple targets	The NSA and FBI warn about espionage operations from the Russian Intelligence Directorate (GRU) using a previously undisclosed Linux malware toolset called Drovorub.	Targeted Attack	Y Multiple Industries	CE	US	NSA, FBI, Russian Intelligence Directorate, GRU, Linux, Drovorub
1.320	13/08/2020	RedCurl	Multiple targets	Researchers from Group-IB reveal the details of RedCurl, a cyber espionage group conducting carefully planned attacks against victims in a wide geography to steal confidential corporate documents.	Targeted Attack	Y Multiple Industries	CE	>1	Group-IB, RedCurl
1.321	13/08/2020	?	Banking users in multiple countries	Researchers from ESET reveal the details of Mekotio, a banking trojan targeting users in multiple countries (including Mexico, Brazil, Chile, Spain, Peru, and Portugal).	Malware	K Financial and insurance activities	CC	>1	ESET, Mekotio, Mexico, Brazil, Chile, Spain, Peru, Portugal
1.322	13/08/2020	?	U.S. Financial Industry Regulatory Authority (FINRA) members	The U.S. Financial Industry Regulatory Authority (FINRA) warns its members that a copycat site is impersonating them and potentially being used in phishing attacks.	Account Hijacking	K Financial and insurance activities	CC	US	U.S. Financial Industry Regulatory Authority, FINRA
1.323	13/08/2020	?	Nykaa	Nykaa, an Indian retail seller of beauty, wellness and fashion, loses Rs 62 lakh (around USD 85,000) after the email of an Italian supplier is spoofed.	Business Email Compromise	G Wholesale and retail trade	CC	IN	Nykaa
1.324	13/08/2020	CactusPete (AKA Karma Panda or Tonto Team)	Financial and military organizations in Eastern Europe	Researchers from Kaspersky discover a new campaign carried out by Cactus Pete, an APT linked to the Chinese military.	Targeted Attack	Y Multiple Industries	CE	>1	Kaspersky, Cactus Pete, Karma Panda, Tonto Team
1.325	13/08/2020	?	Bletchley Park Trust	The Bletchley Park Trust is another victim hit in Blackbaud breach.	Malware	R Arts entertainment and recreation	CC	UK	Bletchley Park Trust, ransomware, Blackbaud
1.326	13/08/2020	?	Harvard University	Even the Harvard University might have compromised by the Blackbaud breach.	Malware	P Education	CC	US	Harvard University, ransomware, Blackbaud
1.327	13/08/2020	?	Verizon customers	Researchers from Armorblox discover a new phishing campaign targeting Verizon customers to steal user credentials, passwords and personal details.	Account Hijacking	J Information and communication	CC	US	Armorblox, Verizon
1.328	13/08/2020	?	FuhrparkService (BWFU)	Unknown hackers infiltrate the FuhrparkService (BWFU) transport fleet, Germany's state-owned vehicle fleet, which provides chauffeurs for parliamentarians and is run by the Bundeswehr military.	Unknown	O Public administration and defence, compulsory social security	CC	DE	FuhrparkService, BWFU
1.329	14/08/2020	Defray	R1 RCM Inc	R1 RCM Inc., one of the US largest medical debt collection companies, is hit in a ransomware attack.	Malware	Q Human health and social work activities	CC	US	R1 RCM Inc, Defray, ransomware
1.330	14/08/2020	?	U.S. Businesses	The Emotet malware has begun to spam COVID-19 related emails to U.S. businesses	Malware	Y Multiple Industries	CC	US	Emotet
1.331	14/08/2020	?	Multiple Targets	Researchers from Menlo Security reveal the details of Duri, a new attack campaign using a combination of HTML smuggling techniques and data blobs to evade detection and download malware.	Malware	Y Multiple Industries	CC	>1	Menlo Security, Duri, HTML smuggling
1.332	14/08/2020	?	Multiple targets	Researchers from Trend Micro discover XCSSET, a malware family exploiting Xcode projects to spread a form of Mac malware specializing in the compromise of Safari and other browsers.	Targeted Attack	Y Multiple Industries	CE	>1	Trend Micro, XCSSET, Xcode, Mac
1.333	14/08/2020	Hackers from North Korea	Multiple targets	The US Cybersecurity and Infrastructure Security Agency (CISA) publishes an alert on a new wave of attacks delivering the KONNI remote access Trojan (RAT).	Targeted Attack	Y Multiple Industries	CE	US	US Cybersecurity and Infrastructure Security Agency, CISA, KONNI
1.334	14/08/2020	?	ASDA Supermarket shoppers in the UK	ASDA Supermarket shoppers in the UK are targeted by a phishing scam run via Facebook and Twitter.	Account Hijacking	G Wholesale and retail trade	CC	UK	ASDA
1.335	14/08/2020	?	Gwinnet County High School	Gwinnet County High School is zoom bombed.	Zoom bombing	P Education	CC	US	Gwinnet County High School
1.336	14/08/2020	?	Oklahoma State Board of Education	Oklahoma State Board of Education is zoom bombed.	Zoom bombing	P Education	CC	US	Oklahoma State Board of Education, Zoom
1.337	15/08/2020	?	Carnival Corporation	Cruise line operator Carnival Corporation discloses that one of their brands suffered a ransomware attack.	Malware	R Arts entertainment and recreation	CC	US/UK	Carnival Corporation, ransomware
1.338	15/08/2020	?	GCKey	Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits are breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is a critical single sign-on (SSO) system used by the public to access multiple Canadian government services.	Credential Stuffing	O Public administration and defence, compulsory social security	CC	CA	COVID-19, GCKey
1.339	15/08/2020	Sodinokibi (AKA REvil)	Brown-Forman	Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffers a ransomware attack. The intruders allegedly copied 1TB of confidential data.	Malware	I Accommodation and food service activities	CC	US	Sodinokibi, Revil, Brown-Forman
1.340	15/08/2020	?	Customers of Ritz Hotel in London	Diners at the luxury Ritz hotel in London are targeted by "extremely convincing" scammers who posed as hotel staff to steal payment card details. The scammers were able to obtain the victims' reservation details.	Unknown	I Accommodation and food service activities	CC	UK	Ritz Hotel
1.341	15/08/2020	?	Rochester City School District	Rochester City School District is zoom bombed.	Zoom bombing	P Education	CC	US	Rochester City School District, Zoom
1.342	02/08/2020	Maze	Ventura Orthopedics	The Maze ransomware operators add Ventura Orthopedics to their leak site	Malware	Q Human health and social work activities	CC	US	Ventura Orthopedics, Maze, Ransomware
1.343	03/08/2020	Maze	United Memorial Medical Center (UMMC)	The Maze ransomware team adds the United Memorial Medical Center (UMMC) to their leak site.	Malware	Q Human health and social work activities	CC	US	Maze, ransomware, United Memorial Medical Center, UMMC
1.344	03/08/2020	?	Kent State University	Kent State University is among the victims of the Blackbaud ransomware attack.	Malware	P Education	CC	US	Kent State University, Blackbaud, ransomware
1.345	05/08/2020	?	Isetan Mitsukoshi Co.	Isetan Mitsukoshi Co. announces that that, along with its subsidiary MI Card Co., it suffered a data breach affecting approximately 19,000 customers as a result of unauthorized access	Unknown	G Wholesale and retail trade	CC	JP	Isetan Mitsukoshi Co., MI Card Co.
1.346	06/08/2020	?	Cuyahoga Community College Foundation	The Cuyahoga Community College Foundation notifies to be among the organizations affected by the Blackbaud ransomware attack.	Malware	P Education	CC	US	Cuyahoga Community College Foundation, Blackbaud, ransomware
1.347	10/08/2020	DarkSide	Multiple targets	A new ransomware operation named DarkSide begins to attack organizations with customized attacks that have already earned them million-dollar payouts.	Malware	Y Multiple Industries	CC	>1	DarkSide, Ransomware
1.348	10/08/2020	?	Bletchley Park	Bletchley Park joins the list of the victims of the Blackbaud ransomware attack.	Malware	R Arts entertainment and recreation	CC	UK	Bletchley Park, Blackbaud ransomware
1.349	12/08/2020	?	Luminate Education Group (LEG)	Luminate Education Group (LEG) is hit by a cyber attack, affecting Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College and University Centre Leeds.	Unknown	P Education	CC	UK	Luminate Education Group, LEG, Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College, University Centre Leeds
1.350	12/08/2020	?	RailYatri	An unsecured server of the Indian ticket platform RailYatri exposes the personal information of over 700,000 passengers and is wiped out by a Meow attack.	Misconfiguration	H Transportation and storage	CC	IN	RailYatri, Meow
1.351	15/08/2020	?	Ponca City Schools	Ponca City Schools is the target of ransomware attack.	Malware	P Education	CC	US	Ponca City Schools, ransomware
1.352	16/08/2020	?	600+ organizations worldwide	Vairav Technology uncovers a Microsoft Office 365 phishing campaign targeting more than 600 organizations worldwide.	Account Hijacking	Y Multiple Industries	CC	>1	Vairav Technology, Microsoft Office 365
1.353	17/08/2020	?	Momentum Metropolitan	Financial services group Momentum Metropolitan warns that a third party unlawfully accessed a limited portion of data of a subsidiary of the group.	Unknown	K Financial and insurance activities	CC	ZA	Momentum Metropolitan
1.354	17/08/2020	?	Financial Service Providers	Researchers from Akamai discover a group, using the names Fancy Bear and Armada Collective, launching DDoS attacks against some of the world's biggest financial service providers, including Moneygram and Braintree.	DDoS	K Financial and insurance activities	CC	>1	Akamai, Fancy Bear, Armada Collective, Moneygram, Braintree
1.355	17/08/2020	?	Single individuals	The Criminal Investigation Department (CID) of the West Bengal police warns citizens of fake oximeter apps on mobile phones, leading to phishing attacks and theft of personal data	Account Hijacking	X Individual	CC	IN	Criminal Investigation Department, CID, West Bengal, COVID-19
1.356	17/08/2020	?	East Anglia's Children's Hospices (EACH)	East Anglia's Children's Hospices (EACH) joins the victims of the Blackbaud ransomware cyber attack.	Malware	Q Human health and social work activities	CC	UK	East Anglia's Children's Hospices, EACH, Blackbaud, Ransomware
1.357	17/08/2020	?	Baugo Community Schools	Baugo Community Schools is hit by an unspecified cyber attack via its ISP.	Unknown	P Education	CC	US	Baugo Community Schools
1.358	18/08/2020	TeamTNT	Multiple targets	Researchers from Cado Security discover a cybercrime group known as TeamTNT, using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.	Malware	Y Multiple Industries	CC	>1	Cado Security, TeamTNT, AWS, Docker, Kubernetes
1.359	18/08/2020	HIDDEN COBRA AKA The Lazarus Group AKA APT38	Unnamed organization in the cryptocurrency vertical	Researchers from F-Secure Labs discover a targeted attack against an organization in the cryptocurrency vertical, attributed to the Lazarus Group.	Targeted Attack	V Fintech	CC	N/A	HIDDEN COBRA, The Lazarus Group, F-Secure
1.360	18/08/2020	?	Cleveland Museum of Natural History	Even the Cleveland Museum of Natural History is affected by the Blackbaud ransomware breach.	Malware	R Arts entertainment and recreation	CC	US	Cleveland Museum of Natural History, Blackbaud, ransomware
1.361	19/08/2020	?	Multiple targets	Researchers from Netscout discover a new version of the Lucifer cryptomining DDoS malware, targeting Linux systems.	Malware	Y Multiple Industries	CC	>1	Netscout, Lucifer, Linux
1.362	19/08/2020	HIDDEN COBRA AKA The Lazarus Group AKA APT38	US government contractors	The FBI and CISA issue a joint advisory exposing information on BLINDINGCAN, a RAT malware used by North Korean hackers in attacks targeting government contractors.	Targeted Attack	O Public administration and defence, compulsory social security	CE	US	FBI, CISA, BLINDINGCAN, HIDDEN COBRA, The Lazarus Group, APT38
1.363	19/08/2020	?	Multiple targets	Researchers from Guardicore reveal the details of FritzFrog, a sophisticated botnet campaign attacking SSH servers around the world, since at least January 2020.	Brute-force	Y Multiple Industries	CC	>1	Guardicore, FritzFrog, SSH
1.364	19/08/2020	?	TFI International	The four Canadian courier divisions of TFI International (Canpar Express, ICS Courier, Loomis Express and TForce Integrated Solutions) are hit with a ransomware attack.	Malware	H Transportation and storage	CC	CA	TFI International, Canpar Express, ICS Courier, Loomis Express, TForce Integrated Solutions, ransomware
1.365	19/08/2020	Blacktech AKA Taidoor	Taiwan Government	The Taiwan Investigation Bureau’s Cyber Security Investigation Office reveals that Chinese hackers have hacked 6000 Taiwan Government email accounts belonging at least 10 Taiwan agencies.	Targeted Attack	O Public administration and defence, compulsory social security	CE	TW	The Taiwan Investigation Bureau’s Cyber Security Investigation Office, Blacktech, Taidoor
1.366	19/08/2020	?	Samaritan Medical Center	After three weeks the Samaritan Medical Center restores from a malware attack.	Malware	Q Human health and social work activities	CC	US	Samaritan Medical Center
1.367	19/08/2020	?	The Donkey Sanctuary	Hackers may have seized childrens' personal details after targeting the Donkey Sanctuary, as a consequence of the Blackbaud breach.	Malware	Q Human health and social work activities	CC	UK	The Donkey Sanctuary, Blackbaud, ransomware
1.368	19/08/2020	?	Lee County High School	Students who logged on to a virtual Spanish class via Google Meet are shown racist, violent and pornographic content by an unknown person who gained access to the lesson.	Account Hijacking	P Education	CC	US	Lee County High School
1.369	19/08/2020	?	Multiple targets	A group of cyber criminals targets organizations via a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.	Account Hijacking	Y Multiple Industries	CC	US	VPN, vishing, COVID-19
1.370	20/08/2020	CCP Unmasked	Knowlesys	A group of hackers says they have obtained internal files from three Chinese social media monitoring companies.	Unknown	M Professional scientific and technical activities	H	CN	Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked
1.371	20/08/2020	CCP Unmasked	Yunrun Big Data Service	A group of hackers says they have obtained internal files from three Chinese social media monitoring companies.	Unknown	M Professional scientific and technical activities	H	CN	Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked
1.372	20/08/2020	CCP Unmasked	OneSight	A group of hackers says they have obtained internal files from three Chinese social media monitoring companies.	Unknown	M Professional scientific and technical activities	H	CN	Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked
1.373	20/08/2020	?	University of Utah	The University of Utah reveals to have paid a $457,000 ransomware to prevent threat actors from releasing files stolen during a ransomware attack.	Malware	P Education	CC	US	University of Utah, Ransomware
1.374	20/08/2020	APT from South Korea?	Unnamed architecture firm	Researchers from Bitdefender reveal that an advanced hackers-for-hire group has compromised computers of an architecture firm via a malicious plugin for the Autodesk 3ds Max software.	Malicous Autodesk plugin	M Professional scientific and technical activities	CE	N/A	Bitdefender, Autodesk 3ds Max
1.375	20/08/2020	?	Multiple targets	The FBI and CISA issue a joint advisory warning teleworkers of an ongoing vishing campaign targeting entities from multiple US industry sectors.	Account Hijacking	Y Multiple Industries	CC	US	FBI, CISA, vishing
1.376	20/08/2020	Transparent Tribe	Multiple countries, mainly India and Afghanistan	Researchers from Kaspersky reveal a new operation by the Transparent Tribe APT.	Targeted Attack	Y Multiple Industries	CE	>1	Kaspersky, Transparent Tribe, India, Afghanistan
1.377	20/08/2020	?	SnapFulfil	A UK warehouse management software company, SnapFulfil, is hit by ransomware	Malware	M Professional scientific and technical activities	CC	UK	SnapFulfil, ransomware
1.378	20/08/2020	Maze	SK hynix	South Korean semiconductor manufacturer SK hynix is hit with a Maze ransomware attack.	Malware	C Manufacturing	CC	KR	SK hynix, Maze, ransomware
1.379	21/08/2020	?	Freepik	Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website.	SQL Injection	S Other service activities	CC	ES	Freepik, Flaticon
1.380	21/08/2020	?	U.S. Financial Industry Regulatory Authority (FINRA) members	The U.S. Financial Industry Regulatory Authority (FINRA) issues a new regulatory notice warning members of threat actors using registered brokers' info to create phishing websites.	Account Hijacking	K Financial and insurance activities	CC	US	U.S. Financial Industry Regulatory Authority, FINRA
1.381	21/08/2020	Maze	Hoa Sen Group	The Maze ransomware operators claim to have breached the steel sheet giant Hoa Sen Group.	Malware	C Manufacturing	CC	VN	Maze, ransomware, Hoa Sen Group
1.382	21/08/2020	?	Spanish users	Researchers from ESET reveal that the operators behind the Grandoreiro banking trojan, have been using emails posing as the Agencia Tributaria to trick Spanish victims into installing the malware.	Malware	X Individual	CC	ES	ESET, Grandoreiro, Agencia Tributaria
1.383	21/08/2020	?	Food Bank of Central & Eastern North Carolina	The Food Bank of Central & Eastern North Carolina reveals it was a victim in the Blackbaud data breach.	Malware	Q Human health and social work activities	CC	US	Food Bank of Central & Eastern North Carolina, Ransomware, Blackbaud
1.384	21/08/2020	?	Planned Parenthood	Even Planned Parenthood is hit with the Blackbaud breach.	Malware	Q Human health and social work activities	CC	US	Planned Parenthood, Blackbaud, Ransomware
1.385	21/08/2020	?	Myerscough College	Myerscough College is hit with a cyber attack.	Unknown	P Education	CC	UK	Myerscough College
1.386	21/08/2020	?	Millbrook Magnet High School	The virtual lessons via Google Meet on Millbrook Magnet High School are disrupted by an intruder.	Account Hijacking	P Education	CC	US	Millbrook Magnet High School, Google Meet
1.387	21/08/2020	?	Oberlin Magnet Middle School	Even the virtual lessons via Google Meet on Oberlin Magnet Middle School are disrupted by an intruder.	Account Hijacking	P Education	CC	US	Oberlin Magnet Middle School, Google Meet
1.388	21/08/2020	?	Multiple targets	Researchers from Mitiga discover a Community Amazon Machine Image infected with malware.	Malware	Y Multiple Industries	CC	>1	Amazon Machine Image, Mitiga
1.389	21/08/2020	?	Multiple MSPs	Researchers from Huntress Labs discover a malware campaign targeting MSPs and using multiple strategies to go undetected.	Malware	M Professional scientific and technical activities	CC	>1	Huntress Labs
1.390	21/08/2020	?	Mental Health Partners	Mental Health Partners notified clients and employees about an employee email account compromise discovered in late March.	Account Hijacking	Q Human health and social work activities	CC	US	Mental Health Partners
1.391	21/08/2020	?	Multiple targets	Researchers from Sophos discover a new phishing campaign pretending to delivery a mail issue notification and delivering the malicious payload from Azure.	Account Hijacking	Y Multiple Industries	CC	>1	Sophos, Azure
1.392	22/08/2020	?	Tempo.co	Tempo.co, a news site that criticized the local government for the strategy adopted against the pandemic is defaced.	Defacement	J Information and communication	CC	ID	Tempo.co
1.393	22/08/2020	?	Center for Indonesia’s Strategic Development Initiatives (CISDI)	The Center for Indonesia’s Strategic Development Initiatives (CISDI), also known to be critical of the Indonesian government’s coronavirus policies, is defaced.	Defacement	Q Human health and social work activities	CC	ID	Center for Indonesia’s Strategic Development Initiatives, CISDI
1.394	22/08/2020	?	Twitter account of Pandu Riono	The Twitter account of Pandu Riono, an epidemiologist at the University of Indonesia (UI), also critical against the Indonesian government, is hijacked.	Account Hijacking	X Individual	CC	ID	Twitter, Pandu Riono
1.395	23/08/2020	?	Gosnell School District	The Gosnell School District is hit with a ransomware attack.	Malware	P Education	CC	US	Gosnell School District, ransomware
1.396	23/08/2020	?	Rialto Unified School District	Even the Rialto Unified School District is hit with a ransomware attack.	Malware	P Education	CC	US	Rialto Unified School District, ransomware
1.397	24/08/2020	Iranian hackers	Multiple targets	Researchers from Group-IB expose a low-skilled group of Iranian hackers exploiting exposed RDP servers to deploy the Dharma ransomware.	Malware	Y Multiple Industries	CC	>1	Group-IB, Iran, RDP, Dharma, Ransomware
1.398	24/08/2020	SunCrypt	Haywood County School district	The SunCrypt Ransomware shuts down the Haywood County School district.	Malware	P Education	CC	US	SunCrypt, Ransomware, Haywood County School district.
1.399	24/08/2020	?	Empire Market	The dark web site Empire Market is hit by a prolonged DDoS attack, before its admins decide to abruptly leave the business.	DDoS	S Other service activities	CC	N/A	Empire Market
1.400	24/08/2020	?	Vulnerable WordPress servers	Researchers from WebARX reveal that hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated XSS vulnerabilities in the Discount Rules for WooCommerce WordPress, a plugin with more than 30,000 installations.	Vulnerability	Y Multiple Industries	CC	>1	WebARX, Discount Rules for WooCommerce, WordPress
1.401	24/08/2020	?	iOS users	Security firm Snyk claims to have found malicious code inside SourMint, a Chinese iOS SDK by Mintegral, used by more than 1,200 iOS applications, all collectively downloaded more than 300 million times per month.	Malware	X Individual	CC	>1	Snyk, Mintegral, iOS, SourMint
1.402	24/08/2020	DeathStalker	Organizations in the financial sector	Researchers from Kaspersky reveal the details of a hack-for-hire group, tracked as DeathStalker, targeting organizations in the financial sector since 2012.	Targeted Attack	K Financial and insurance activities	CC	>1	Kaspersky, DeathStalker
1.403	24/08/2020	?	Multiple targets	Researchers from KnowBe4 discover a wave of phishing campaigns exploiting AWS to deliver the Malicous payload.	Account Hijacking	Y Multiple Industries	CC	>1	KnowBe4, AWS
1.404	24/08/2020	?	Transsion Tecno W2 handsets mainly in Egypt, Ethiopia, South Africa, Cameroon, Ghana	Researchers from Secure-D Lab discover a new Chinese handset with pre-installed Triada malware.	Malware	X Individual	CE	>1	Secure-D Lab, Transsion Tecno W2, Egypt, Ethiopia, South Africa, Cameroon, Ghana, Triada
1.405	24/08/2020	?	Rialto Unified School District	Rialto Unified School District is affected by malware	Malware	P Education	CC	US	Rialto Unified School District
1.406	24/08/2020	?	Holden Forests and Gardens	Holden Forests and Gardens reveals to have been affected by the Blackbaud ransomware attack.	Malware	Q Human health and social work activities	CC	US	Holden Forests and Gardens, Blackbaud, ransomware
1.407	25/08/2020	?	New Zealand’s stock exchange (NZX)	New Zealand’s stock exchange (NZX) is hit by DDoS attacks in the last two days.	DDoS	K Financial and insurance activities	CC	NZ	New Zealand’s stock exchange, NZX
1.408	25/08/2020	?	38 Japanese companies including Sumitomo Forestry Co. and Hitachi Chemical Co.	38 Japanese companies have authentication information to access their virtual private networks stolen and leaked.	Vulnerability	Y Multiple Industries	CC	JP	Sumitomo Forestry Co.. Hitachi Chemical Co., CVE-2019-11510
1.409	25/08/2020	DarkSide	Brookfield Residential	Brookfield Residential is one of the first victims of the new DarkSide Ransomware.	Malware	L Real estate activities	CC	CA	Brookfield Residential, DarkSide, Ransomware
1.410	25/08/2020	?	Multiple targets	Researchers from Sophos discover a new version of the Lemon_Duck cryptominer updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances.	Malware	Y Multiple Industries	CC	>1	Sophos, Lemon_Duck, crypto, Linux, SSH, SMBGhost, Windows, Redis, Hadoop
1.411	25/08/2020	?	Multiple targets	Researchers from Armorblox detect a phishing campaign delivering the phishing page from Box.	Account Hijacking	Y Multiple Industries	CC	>1	Armorblox, Box
1.412	25/08/2020	?	Crypto currency traders	Researchers from Abnormal Security reveal that Cyber-criminals have been impersonating the well-known Bitcoin BTC ERA trading platform in order to infect users of the online currency with malware.	Malware	V Fintech	CC	>1	Abnormal Security, Bitcoin BTC ERA
1.413	25/08/2020	?	North Okanagan Pediatric Clinic	The North Okanagan Pediatric Clinic reveals to have been hacked in late May 2020.	Unknown	Q Human health and social work activities	CC	US	North Okanagan Pediatric Clinic
1.414	26/08/2020	BeagleBoyz	Several international banks	A joint advisory issued by several U.S. Government agencies reveals that North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks. The campaign is called "Fast Cash"	Malware	K Financial and insurance activities	CC	>1	BeagleBoyz, North Korea, Fast Cash
1.415	26/08/2020	China	Twitter users	Social media research group Graphika identifies Dracula, a Twitter botnet of around 3,000 bots that pushed pro-Chinese political spam, echoing official messaging released through state propaganda accounts.	Fake Social Network accounts/groups/pages	X Individual	CW	>1	Graphika, Dracula, Twitter, China
1.416	26/08/2020	?	Multiple targets	Microsoft warns of a recently uncovered piece of malware, tracked as Anubis, designed to steal information from infected systems.	Malware	Y Multiple Industries	CC	>1	Microsoft, Anubis
1.417	26/08/2020	China?	US organizations doing business in China	The FBI and CISA issue another warning to organizations doing business in China after reports of a potentially widespread attempt to remotely target them with powerful malware hidden in tax software.	Malware	Y Multiple Industries	CE	US	FBI, CISA, China, GoldenHelper
1.418	26/08/2020	?	MetroHealth Foundation	The MetroHealth Foundation is among the victims of the Blackbaud ransomware attack.	Malware	Q Human health and social work activities	CC	US	MetroHealth Foundation, Blackbaud, ransomware
1.419	27/08/2020	Netwalker	Argentina's official immigration agency, Dirección Nacional de Migraciones,	Argentina's official immigration agency, Dirección Nacional de Migraciones, suffers a Netwalker ransomware attack that temporarily halts border crossing into and out of the country.	Malware	O Public administration and defence, compulsory social security	CC	AR	Dirección Nacional de Migraciones, Ransomware, Netwalker
1.420	27/08/2020	Charming Kitten, AKA APT35, NewsBeef, Newscaster, or Ajax	Academia experts, human rights activists, and journalists specialized in Iranian affairs	Researchers from ClearSky reveal that Iranian government hackers have impersonated journalists to reach out to targets via LinkedIn, and set up WhatsApp calls to win their trust, before sharing links to phishing pages and malware-infected files.	Targeted Attack	X Individual	CE	>1	ClearSky, Iran, LinkedIn, WhatsApp, Charming Kitten, APT35, NewsBeef, Newscaster, Ajax
1.421	27/08/2020	?	Multiple targets	Researchers from Check Point discover a new Qbot campaign, stealing full email threads to use in reply-chain.	Malware	Y Multiple Industries	CC	>1	Check Point, Qbot
1.422	27/08/2020	?	Data#3	Australian IT vendor Data#3 notifies to have experienced what it dubbed as a "cyber incident".	Unknown	J Information and communication	CC	AU	Data#3
1.423	27/08/2020	REvil AKA Sodinokibi	Valley Health Systems	REvil ransomware operators claim to have breached Valley Health Systems.	Malware	Q Human health and social work activities	CC	US	REvil, Sodinokibi, Ransomware, Valley Health Systems
1.424	27/08/2020	?	Misconfigured Docker containers	Researchers from Palo Alto Networks reveal the details of Cetus, a new Docker cryptojacking worm mining for Monero.	Misconfiguration	Y Multiple Industries	CC	>1	Palo Alto Networks, Cetus
1.425	27/08/2020	?	NCR Corporation	NCR Corporation confirms that it found malware-infected computers in an isolated non-production lab environment outside of the U.S., but claims its clients were never at risk of a secondary infection.	Malware	C Manufacturing	CC	US	NCR Corporation
1.426	27/08/2020	DoppelPaymer	Amphastar Pharmaceuticals	Amphastar Pharmaceuticals reveals to have been hit with a DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21.	Malware	C Manufacturing	CC	US	Amphastar Pharmaceuticals, DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21.
1.427	27/08/2020	?	Clark County School District	The Clark County School District notifies parents after a "data security incident".	Unknown	P Education	CC	US	Clark County School District
1.428	27/08/2020	?	Single individuals	Researchers at Area 1 Security discover a global phishing campaign that purports to offer information about surgical masks and other protective equipment for the COVID-19 pandemic, infecting victims' devices with the AgentTesla RAT.	Account Hijacking	X Individual	CC	>1	Area 1 Security, COVID-19, AgentTesla
1.429	28/08/2020	UltraRank	700 websites and more than a dozen third-party service providers	Security researchers from Group-IB reveal the details of UltraRank, a cybercriminal group specialized in infecting online shops to steal payment card data, responsible for compromising almost 700 websites and more than a dozen third-party service providers.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Group-IB, UltraRank
1.430	28/08/2020	?	"Fall Guys: Ultimate Knockout" players	The npm security team removes a malicious JavaScript library, named "fallguys", from the npm portal, designed to steal sensitive files from an infected users' browser and Discord application.	Malware	X Individual	CC	>1	JavaScript, npm, fallguys, Discord
1.431	28/08/2020	?	Several ISPs across Europe	More than a dozen ISPs across Europe report DDoS attacks targeting their DNS infrastructure. The list includes Belgium's EDP, France's Bouygues Télécom, FDN, K-net, SFR, and the Netherlands' Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl.	DDoS	J Information and communication	CC	>1	DNS, EDP, Bouygues Télécom, FDN, K-net, SFR, Caiway, Delta, FreedomNet, Online.nl, Signet, Tweak.nl.
1.432	28/08/2020	?	SIngle individuals	The Irish Department of Social Protection warns against “sophisticated” phishing scams.	Account Hijacking	X Individual	CC	IE	Department of Social Protection
1.433	28/08/2020	?	Multiple targets	Email service provider Sendgrid suffers an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.	Account Hijacking	Y Multiple Industries	CC	>1	Sendgrid
1.434	28/08/2020	?	Turkish Instagram users	Researchers from Trend Micro reveal that Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials.	Account Hijacking	X Individual	CC	TR	Trend Micro, Instagram
1.435	28/08/2020	?	PULAU Corporation	Defense supplier PULAU Corporation notifies their employees about an intrusion and unauthorized access into parts of their network between June 11 and June 29.	Unknown	C Manufacturing	CC	US	PULAU Corporation
1.436	28/08/2020	?	Rocky Mount	Rocky Mount is hit with a ransomware attack.	Malware	O Public administration and defence, compulsory social security	CC	US	Rocky Mount, Ransomware
1.437	28/08/2020	?	Selma Unified School District	Selma Unified School District is hit with a ransomware attack.	Malware	P Education	CC	US	Selma Unified School District, ransomware
1.438	29/08/2020	?	Utah Pathology Services	Utah Pathology Services notifying more than 110,000 patients of a data breach when the personal information of certain individuals was accessible to an unauthorized party:	Unknown	Q Human health and social work activities	CC	US	Utah Pathology Services
1.439	30/08/2020	John Wick?	PayTM Group	PayTM Group suffers a breach after hackers from John Wick access its internal database.	Vulnerability	K Financial and insurance activities	CC	>1	PayTM Group, John Wick
1.440	30/08/2020	?	Android users	Google removes 56 Android applications from the official Google Play Store that the company says were part of Terracotta, an ad fraud botnet discovered by White Ops.	Malware	X Individual	CC	>1	Android, Google Play Store, Terracotta, White Ops
1.441	30/08/2020	?	Unknown Bitcoin user	A user loses 1400 Bitcoin ($16 million worth) via a fake bitcoin wallet.	Malware	K Financial and insurance activities	CC	N/A	Bitcoin
1.442	30/08/2020	?	Greenville Technical College	Greenville Technical College acknowledges to have been hit with a ransomware attack, while the threat actors claim to have successfully exfiltrated personal information of staff and students.	Malware	P Education	CC	US	Greenville Technical College
1.443	31/08/2020	Pioneer Kitten	Multiple targets	Researchers from Crowdstrike reveal that a group of Iranian hackers tracked as Pioneer Kitten is selling corporate-network credentials on hacker forums. The credentials have been obtained from vulnerable VPN devices.	Vulnerability	Y Multiple Industries	CE	>1	Crowdstrike, Pioneer Kitten Pulse Secure, F5, Citrix
1.444	31/08/2020	?	Multiple targets	Cisco warns that threat actors are trying to exploit two high severity memory exhaustion denial-of-service (DoS) vulnerabilities in the company's Cisco IOS XR software that runs on carrier-grade routers.	Vulnerability	Y Multiple Industries	CC	>1	Cisco, CVE-2020-3566, CVE-2020-3569
1.445	31/08/2020	?	American Payroll Association (APA)	The American Payroll Association (APA) discloses a data breach affecting members and customers after attackers successfully planted a web skimmer on the organization's website login and online store checkout pages.	Malicious Script Injection	S Other service activities	CC	US	American Payroll Association, APA, Magecart
1.446	31/08/2020	?	Multiple e-commerce targets	Visa issues a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Visa, JavaScript, Baka
1.447	31/08/2020	?	MacOS users	Security researchers discover that the authors of the Shlayer malware have been able to bypass the Apple's automated notarizing process.	Malware	X Individual	CC	>1	Shlayer, Apple, MacOS
1.448	31/08/2020	?	Vulnerable QNAP devices	Researchers from Qihoo 360 reveal that hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a RCE vulnerability to implant backdoor.	Vulnerability	Y Multiple Industries	CC	>1	Qihoo 360, QNAP, RCE
1.449	31/08/2020	?	Android users	Researchers at Pradeo discover six new Android apps infected with Joker malware,	Malware	X Individual	CC	>1	Pradeo, Android, Joker
1.450	31/08/2020	?	Multiple targets	Researchers from KnowBe4 discover a wave of phishing campaigns exploiting Slack to deliver phishing pages.	Account Hijacking	Y Multiple Industries	CC	>1	KnowBe4, Slack
1.451	31/08/2020	?	Atrium Health	Atrium Health joins the list of the victims of the Blackbaud ransomware attack.	Malware	Q Human health and social work activities	CC	US	Atrium Health, Blackbaud, ransomware
1.452	17/07/2020	?	Somerset Berkley Regional High School	Somerset Berkley Regional High School is hit with a ransomware attack	Malware	P Education	CC	US	Somerset Berkley Regional High School, ransomware
1.453	30/08/2020	DoppelPaymer	Newcastle University	The Newcastle University is hit with a DoppelPaymer ransomware attack.	Malware	P Education	CC	UK	Newcastle University, DoppelPaymer, ransomware
1.454	31/08/2020	?	Multiple targets	Visa issues a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Visa, JavaScript, Baka
1.455	31/08/2020	?	Northumbria University	Northumbria University is also hit with a ransomware attack.	Malware	P Education	CC	UK	Northumbria University, ransomware
1.456	28/08/2020	Kimsuky	28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.	Kimsuky, a hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.	Targeted Attack	U Activities of extraterritorial organizations and bodies	CE	N/A	Kimsuky, United Nations
1.457	31/08/2020	?	Anglicare Sidney	Anglicare Sydney is hit with a ransomware attack and 17GB of its data is transmitted “to a remote location”.	Malware	Q Human health and social work activities	CC	AU	Anglicare Sidney, ransomware
1.458	01/09/2020	Russia?	Norwegian Parliament (Stortinget)	Attackers compromise a limited number of email accounts of Norwegian Parliament (Stortinget) representatives and employees. Fingers are pointed to Russia	Targeted Attack	O Public administration and defence, compulsory social security	CE	NO	Norwegian Parliament, Stortinget, Russia
1.459	01/09/2020	RansomExx AKA Defray	SoftServe	Ukrainian software developer and IT services provider SoftServe suffers a RansomExx ransomware attack	Malware	M Professional scientific and technical activities	CC	UA	SoftServe, RansomExx, Defray
1.460	01/09/2020	ProLock	Multiple targets	The FBI issues a second warning to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims' systems.	Malware	Y Multiple Industries	CC	US	FBI, ProLock, ransomware
1.461	01/09/2020	?	Warner Music Group (WMG)	Warner Music Group (WMG) discloses a data breach affecting customers' personal and financial information after several of its US-based e-commerce stores were hacked in April 2020 in what looks like a Magecart attack.	Malicious Script Injection	R Arts entertainment and recreation	CC	US	Warner Music Group, WMG, Magecart
1.462	01/09/2020	?	Vulnerable Wordpress sites	Researchers from Wordfence reveal that hackers are actively exploiting a critical RCE vulnerability that allows to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.	Vulnerability	Y Multiple Industries	CC	>1	Wordfence, File Manager
1.463	01/09/2020	?	Multiple targets	Researchers from Malwarebytes analyze a new credit card skimmer exfiltrating data via Telegram.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	Malwarebytes, Telegram, Magecart
1.464	01/09/2020	Epic Manchego	Companies all over the world	Researchers from NVISO Labs reveal the details of Epic Manchego, a malware gang, active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document.	Malware	Y Multiple Industries	CC	>1	NVISO Labs, Epic Manchego, Excel
1.465	01/09/2020	Russia?	Facebook and Twitter users	Facebook and Twitter remove social media accounts for a news organization going by the name of PeaceData, which they linked to Russia's state propaganda efforts.	Fake Social Network accounts/groups/pages	X Individual	CW	>1	Facebook, Twitter, PeaceData, Russia
1.466	01/09/2020	?	Catholic Health	Catholic Health joins the list of the entities hit with the Blackbaud breach.	Malware	Q Human health and social work activities	CC	US	Catholic Health, Blackbaud, ransomware
1.467	01/09/2020	?	Roswell Park Alliance Foundation	Even the Roswell Park Alliance Foundation is hit by the Blackbaud breach.	Malware	Q Human health and social work activities	CC	US	Roswell Park Alliance Foundation, Blackbaud, ransomware
1.468	01/09/2020	?	Several million American voters	A database containing several million American voters’ personal information appears on the Russian dark web.	Unknown	Z Unknown	CC	US	American voters
1.469	01/09/2020	?	Bykea	Unidentified hackers successfully infiltrate and delete the entire database of Bykea, a Pakistan-based vehicle for hire and delivery company.	Unknown	H Transportation and storage	CC	PK	Bykea
1.470	01/09/2020	?	Georgian Ministry of Health	Hackers break into the Georgian Ministry of Health to steal data on the Russian nerve agent Novichok	Targeted Attack	O Public administration and defence, compulsory social security	CE	GE	Georgian Ministry of Health
1.471	01/09/2020	?	Canadian Ministry of Justice	The Canadian Ministry of Justice is hit with an Emotet attack.	Malware	O Public administration and defence, compulsory social security	CC	CA	Canadian Ministry of Justice, Emotet
1.472	01/09/2020	?	Mansfield City Schools	The Mansfield City Schools District is hit with a cyber attack.	Unknown	P Education	CC	US	Mansfield City Schools
1.473	01/09/2020	?	St. Louis County	The St. Louis County website goes down without notice after a cyber attack.	Unknown	O Public administration and defence, compulsory social security	CC	US	St. Louis County
1.474	02/09/2020	?	Cryptocurrency users in the Czech Republic and Slovakia	Researchers from ESET discover KryptoCibule, a new malware family focused on getting as much cryptocurrency as possible from its victims.	Malware	V Fintech	CC	>1	ESET, KryptoCibule, Crypto
1.475	02/09/2020	?	Multiple targets	Researchers from Tencent discover MrbMiner, a malware targeting vulnerable exposed Microsoft MSSQL servers.	Malware	Y Multiple Industries	CC	>1	Tencent, MrbMiner, Microsoft MSSQL
1.476	02/09/2020	?	K7Maths	A leak from K7Maths, an online service providing school e-learning solutions, causes the compromise of the personal details of more than one million students, teachers, and staff.	Misconfiguration	P Education	CC	AU	K7Maths
1.477	02/09/2020	?	Hartford School District	The Hartford School District in Connecticut postpones the first day of school after a ransomware attack.	Malware	P Education	CC	US	Hartford School District, ransomware
1.478	02/09/2020	Belarusians government?	Belarusians attending anti-government protests	Google removes from the Play Sore NEXTA LIVE, an Android used to collect personal information from Belarusians attending anti-government protests.	Malware	X Individual	CE	BY	Google, Play Sore NEXTA LIVE, Android
1.479	02/09/2020	?	Meteorological Service of New Zealand (Metservice)	The Meteorological Service of New Zealand (Metservice) is hit with a DDoS attack.	DDoS	O Public administration and defence, compulsory social security	CC	NZ	Meteorological Service of New Zealand, Metservice
1.480	02/09/2020	TA413	European diplomatic entities and the Tibetan community	Researchers from Proofpoint reveal the details of a new campaign targeting European diplomatic entities and the Tibetan community with the Sepulcher malware.	Targeted Attack	Y Multiple Industries	CE	>1	TA413, Sepulcher, Proofpoint
1.481	02/09/2020	?	Jewish Federation of Greater Washington	The Jewish Federation of Greater Washington reports a hack that stole $7.5 million from its endowment fund and funneled the money into international accounts.	Account Hijacking	S Other service activities	CC	US	Jewish Federation of Greater Washington
1.482	02/09/2020	?	Multiple targets	Researchers from RiskIQ reveal the details of Inter, a Magecart Skimming Tool affecting more than 1,500 Sites.	Malicious Script Injection	G Wholesale and retail trade	CC	>1	RiskIQ, Inter, Magecart
1.483	02/09/2020	?	Multiple targets	Researchers from Sophos discover a new phishing campaign using Sharepoint and OneNote to avoid detection.	Account Hijacking	Y Multiple Industries	CC	>1	Sophos, Sharepoint, OneNote
1.484	03/09/2020	John Wick	Twitter account of Indian Prime Minister Narendra Modi	The Twitter account of Indian Prime Minister Narendra Modi is hacked.	Account Hijacking	X Individual	CC	IN	Twitter, Narendra Modi, John Wick
1.485	03/09/2020	Evilnum	Financial tech organizations	Researchers from Cybereason unveil the latest campaign by Evilnum, using a Python RAT dubbed PyVil RAT.	Targeted Attack	K Financial and insurance activities	CC	>1	Cybereason, Evilnum, Python, PyVil RAT
1.486	03/09/2020	John Wick	India's CNN-News18	A hacking group claims to have breached India's CNN-News18 news site to use it to refute claims that they hacked PayTM Mall	Unknown	J Information and communication	CC	IN	John Wick, CNN-News18
1.487	03/09/2020	?	Maynooth University	Maynooth University is hit with a ransomware attack.	Malware	P Education	CC	IE	Maynooth University, ransomware
1.488	03/09/2020	?	Multiple targets	Researchers from Cofense discover a new phishing campaign, using the company's home page to disguise the attack and trick potential victims into providing login credentials.	Account Hijacking	Y Multiple Industries	CC	>1	Cofense
1.489	03/09/2020	Salfram	Multiple targets	Researchers from Cisco Talos discover multiple "Salfram" campaigns use, distributing multiple payloads, including ZLoader, SmokeLoader, and AveMaria.	Malware	Y Multiple Industries	CC	>1	Cisco Talos, Salfram, ZLoader, SmokeLoader, AveMaria
1.490	03/09/2020	?	Sverdlovsk Regional Clinical Center	The Sverdlovsk Regional Clinical Center suffers a ransomware attack.	Malware	Q Human health and social work activities	CC	RU	Sverdlovsk Regional Clinical Center, ransomware
1.491	03/09/2020	?	Roper St. Francis Healthcare	Roper St. Francis Healthcare notifies 6,000 patients of a phishing incident.	Account Hijacking	Q Human health and social work activities	CC	US	Roper St. Francis Healthcare
1.492	03/09/2020	?	Oregon State University	Oregon State University announces that personal information of some students and faculty may have been exposed during a recent IT security incident.	Unknown	P Education	CC	US	Oregon State University
1.493	04/09/2020	?	Lloyds Bank customers	Lloyds Bank customers are targeted by a sophisticated email and SMS messaging phishing campaign.	Account Hijacking	K Financial and insurance activities	CC	UK	Lloyds Bank
1.494	04/09/2020	?	Essex Region Conservation Authority (ERCA)	The Essex Region Conservation Authority (ERCA) loses $300,00 to a phishing scam	Account Hijacking	O Public administration and defence, compulsory social security	CC	CA	Essex Region Conservation Authority, ERCA
1.495	04/09/2020	?	University Tor Vergata	The University Tor Vergata in Rome is hit with a ransomware attack.	Malware	P Education	CC	IT	The University Tor Vergata, ransomware
1.496	04/09/2020	?	Cygilant	Cygilant, a threat detection cybersecurity company, confirms a ransomware attack.	Malware	M Professional scientific and technical activities	CC	US	Cygilant, ransomware
1.497	04/09/2020	?	University of Missouri	Even the personal information from donors to the University of Missouri's four campuses was stolen during the Blackbaud data breach.	Malware	P Education	CC	US	University of Missouri, Blackbaud
1.498	06/09/2020	Netwalker	Equinix	Data center and colocation giant Equinix is hit with a Netwalker ransomware attack. Threat actors demand $4.5 million for a decryptor and to prevent the release of stolen data.	Malware	M Professional scientific and technical activities	CC	US	Equinix, Netwalker, ransomware
1.499	06/09/2020	?	Tower Semiconductors	Tower Semiconductors is hit with a ransomware attack.	Malware	C Manufacturing	CC	IL	Tower Semiconductors, ransomware
1.500	07/09/2020	Sodinokibi (AKA REvil)	Banco Estado	Banco Estado, one of Chile's three biggest banks, is forced to shut down all branches following a ransomware attack that took place over the weekend.	Malware	K Financial and insurance activities	CC	CL	Banco Estado, ransomware, Sodinokibi, Revil
1.501	07/09/2020	Netwalker	K-Electric	K-Electric, the sole electricity provider for Karachi, Pakistan, suffers a Netwalker ransomware attack that leads to the disruption of billing and online services.	Malware	D Electricity gas steam and air conditioning supply	CC	PK	K-Electric, Netwalker, ransomware
1.502	07/09/2020	?	Private sector and public administration entities	The French national cyber-security agency publishes an alert warning of a surge in Emotet attacks targeting the private sector and public administration entities throughout the country.	Malware	Y Multiple Industries	CC	FR	Emotet
1.503	07/09/2020	?	Entities in Japan	Even the cyber-security agency from Japan publishes an alert warning about an uptick in Emotet attacks.	Malware	Y Multiple Industries	CC	JP	Emotet
1.504	07/09/2020	?	Entities in New Zealand	And finally, even the cyber-security agency from New Zealand publishes an alert warning about an uptick in Emotet attacks.	Malware	Y Multiple Industries	CC	NZ	Emotet
1.505	08/09/2020	TeamTNT	Undisclosed Target	Researchers from Intezer discover a new operation by TeamTNT, abusing Weave Scope, a trusted tool which gives the user full access to their cloud environment.	Misconfiguration	Z Unknown	CC	N/A	Intezer. TeamTNT, Weave Scope
1.506	08/09/2020	?	NorthShore Health System	NorthShore Health System says the personal information of 348,000 people was compromised in the Blackbaud breach.	Malware	Q Human health and social work activities	CC	US	NorthShore Health System, Blackbaud, ransomware
1.507	08/09/2020	?	Single Individuals	Researchers from Zscaler discover a new Android spyware campaign pushing a fake “Pro” version of the TikTok app.	Malware	X Individual	CC	US	Zscaler, Android, TikTok
1.508	08/09/2020	?	College of Nurses of Ontario (CNO)	The College of Nurses of Ontario suffers a ransomware attack.	Malware	Q Human health and social work activities	CC	CA	College of Nurses of Ontario, ransomware, CNO
1.509	08/09/2020	Maze	Toledo Public Schools	The Toledo Public Schools district is hit with a Maze ransomware attack.	Malware	P Education	CC	US	The Toledo Public Schools, Maze, ransomware
1.510	08/09/2020	?	Somerset Hills School District	The Somerset Hills School District is hit with a ransomware attack.	Malware	P Education	CC	US	The Somerset Hills School District, ransomware
1.511	08/09/2020	?	Roper St. Francis Healthcare	Roper St. Francis Healthcare notifies 93,000 involved in the Blackbaud ransomware incident.	Malware	Q Human health and social work activities	CC	US	Roper St. Francis Healthcare, Blackbaud, ransomware
1.512	08/09/2020	?	Pickens County School District	The Pickens County School District is hit with a DDoS attack.	DDoS	P Education	CC	US	Pickens County School District
1.513	09/09/2020	?	Development Bank of Seychelles (DBS)	The Development Bank of Seychelles (DBS) is hit by ransomware	Malware	K Financial and insurance activities	CC	SC	Development Bank of Seychelles, ransomware
1.514	09/09/2020	?	ETERBASE	ETERBASE, a Bratislava-based cryptocurrency exchange, discloses a security breach. The exchange says hackers breached its internal network and stole cryptocurrency funds wo