As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.
As always, be aware that the sample refers exclusively to the attacks included in my timelines, available from public sources such as blogs and news sites. Obviously the sample cannot be complete, but only aims to provide an high level overview of the threat landscape.
And please support my work, sharing the content and following me on Twitter and Linkedin for the latest updates.
ID
Date
Author
Target
Description
Attack
Target Class
Attack Class
Country
Link
Tags
1
02/01/2020
Chuckling Squad
Adam Sandler's Twitter account
Adam Sandler's Twitter account is hacked and used to post offensive messages against Mariah Carey, President Obama, and President Trump.
Account Hijacking
R Arts entertainment and recreation
CC
US
Adam Sandler, Twitter, Mariah Carey, President Obama, President Trump, Chuckling Squad
2
02/01/2020
?
Klamath County Veterans Service Office
Klamath County Veterans Service Office notifies a phishing attack occurred on September 19, 2019
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Klamath County Veterans Service Office
3
03/01/2020
?
Alomere Health
The personal and medical information of 49,351 patients is exposed following a security incident involving two employees' email accounts.
Account Hijacking
Q Human health and social work activities
CC
US
Alomere Health
4
03/01/2020
?
Contra Costa County Library System
The Contra Costa County Library System is hit by ransomware
Malware
O Public administration and defence, compulsory social security
CC
US
The Contra Costa County Library System, ransomware
5
03/01/2020
?
Native American Rehabilitation Association
Native American Rehabilitation Association announces that it experienced an Emotet attack on November 4-5, 2019.
Malware
Q Human health and social work activities
CC
US
Native American Rehabilitation Association, Emotet
6
04/01/2020
?
Austria's foreign ministry
Austria's foreign ministry is targeted by a cyber-attack that is suspected to have been conducted by a foreign country.
Targeted attack
O Public administration and defence, compulsory social security
CE
AT
Austria
7
04/01/2020
Iran cyber security group hackers
U.S. Federal Depository Library Program
The homepage for the U.S. Federal Depository Library Program is briefly altered to show a pro-Iranian message and an image of bloodied Donald Trump being punched in the face.
Defacement
O Public administration and defence, compulsory social security
CW
US
FDLP, U.S. Federal Depository Library Program, Iran, Iran cyber security group hackers
8
04/01/2020
Shield Iran
Sierra Leone Commercial Bank (slcb.com)
For the same reason, a group of Iranian hackers dubbed "Shield Iran" defaces the Sierra Leone Commercial Bank
Defacement
K Financial and insurance activities
CW
SL
Shield Iran, Sierra Leone Commercial Bank, slcb.com
9
04/01/2020
?
Multiple targets
Researchers from Fortinet report that a ransomware strain known as DeathRansom, once considered a joke, is now capable of encrypting files using a solid encryption scheme.
Malware
Y Multiple Industries
CC
>1
Fortinet, ransomware, DeathRansom
10
04/01/2020
?
Saskatchewan’s eHealth
Hackers make through the first level of security for Saskatchewan’s eHealth records system, locking the government out of some systems and asking for a ransom.
Unknown
Q Human health and social work activities
CC
US
Saskatchewan’s eHealth
11
06/01/2020
Iranian Hacker
Texas Department of Agriculture
The Texas Department of Agriculture is hit with a cyberattack that defaces its website with an image of Gen. Qassem Soleimani, the top Iranian commander who was killed in a U.S. strike the previous week.
Defacement
O Public administration and defence, compulsory social security
CW
US
Texas Department of Agriculture, Qassem Soleimani, Iranian Hacker
12
06/01/2020
SideWinder APT Group
Military entities
Researchers from Trend Micro discover the first example of a malicious app in the Google Play Market, exploiting the recently patched CVE-2019-2215 zero-day vulnerability.
Targeted attack
O Public administration and defence, compulsory social security
CE
>1
Trend Micro, Google Play Market, CVE-2019-2215
13
06/01/2020
?
Canyon
Canyon announces it was struck by a "massive cyber attack" over the Christmas break by a "professionally organized group".
Unknown
C Manufacturing
CC
DE
Canyon
14
06/01/2020
?
Focus Camera
Researchers from Juniper Threat Labs reveal that the website of popular photography and imaging retailer Focus Camera got hacked late in December 2019 by MageCart attackers to inject malicious code that stole customer payment card details.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Focus Camera, Magecart, Juniper Threat Labs
15
06/01/2020
?
Single Individuals
Researchers from Fortinet discover a new campaign of the "Predator the Thief" malware.
Malware
X Individual
CC
>1
Fortinet, Predator the Thief
16
06/01/2020
?
Multiple targets
UK Security Researcher Kevin Beaumont warns that the attackers behind REvil ransomware (AKA Sodinokibi) are now targeting unpatched Pulse Secure VPN servers
Vulnerability
Y Multiple Industries
CC
>1
Kevin Beaumont, Revil, Sodinokibi, Pulse Secure, CVE-2019-11510
17
06/01/2020
?
Pittsburg Unified School District
Students in the Pittsburg Unified School District of Pennsylvania are left without internet access as the result of a ransomware attack.
Malware
P Education
CC
US
Pittsburg Unified School District
18
06/01/2020
?
Hamden Schools
Public schools in Hamden are taken down by a malware attack.
Malware
P Education
CC
US
Hamden Schools
19
06/01/2020
?
Wallace State Community College
The Wallace State Community College is hit by a cyber attack.
Malware
P Education
CC
US
Wallace State Community College
20
07/01/2020
?
City of Las Vegas
The City of Las Vegas is hit by a cyber attack via a malicious email.
Targeted attack
O Public administration and defence, compulsory social security
N/A
US
City of Las Vegas
21
07/01/2020
?
Unpatched routers (D-Link, Netgear, and Linksys)
Researchers from BitDefender reveal the details of LiquorBot, a cryptomining botnet attacking unpatched routers since at least May 2019
A new phishing campaign tries to take advantage of the Iran cyber attack scare.
Account Hijacking
X Individual
CC
>1
Iran
23
07/01/2020
Master X
Multiple targets
Researchers from AppRiver reveal that a hacker with the handle “Master X” is leveraging a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” to deliver either the Lokibot info stealer or Azorult remote access trojan.
Malware
Y Multiple Industries
CC
>1
AppRiver, Master X, Drake, Lokibot, Azorult
24
07/01/2020
?
Enloe Medical Center
Enloe Medical Center is hit by a ransomware attack that causes the hospital to reschedule some elective procedures.
Malware
Q Human health and social work activities
CC
US
Enloe Medical Center, ransomware
25
07/01/2020
?
City of Bend
The City of Bend is the latest victim of the Click2Gov breach.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
City of Bend
26
08/01/2020
?
US financial entity
The FBI says that unidentified threat actors have used the CVE-2019-11510 Pulse Secure VPN flaw "to exploit a notable US financial entity’s research network since August 2019.
Vulnerability
K Financial and insurance activities
CC
US
FBI, CVE-2019-11510, Pulse Secure VPN
27
08/01/2020
?
US municipal government
The FBI says that also a US municipal government was breached via the CVE-2019-11510 Pulse Secure VPN flaw.
Vulnerability
O Public administration and defence, compulsory social security
CC
US
FBI, CVE-2019-11510, Pulse Secure VPN
28
08/01/2020
?
Well-known personalities in Korea
A recent report from South Korean media claims that Samsung Galaxy smartphones of many well-known personalities in Korea were hacked. According to the report, the hacker extorts cash from its victims. If the victim fails to pay the ransom, the hacker threatens to disclose all data.
Account Hijacking
X Individual
CC
KR
Samsung, South Korea
29
08/01/2020
?
Multiple targets
Security researchers observe ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers vulnerable to attacks exploiting CVE-2019-19781.
A new ransomware called Snake emerges in the threat landscape.
Malware
Y Multiple Industries
CC
>1
Snake, Ransomware
31
08/01/2020
Lazarus Group
Cryptocurrency businesses
Researchers from Kaspersky reveal the details of a new wave of attacks linked to Operation AppleJeus, and targeting cryptocurrency business in multiple countries including UK, Poland, Russia and China.
Targeted attack
V Fintech
CC
>1
Kaspersky, Operation AppleJeus, Lazarus Group
32
08/01/2020
?
Firefox users
Mozilla warns Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users. The vulnerability is indexed as CVE-2019-17026.
Targeted attack
X Individual
CC
>1
Mozilla, Firefox
33
09/01/2020
Iranian state-sponsored hackers
Bapco
Multiple sources reveal that Iranian state-sponsored hackers have deployed Dustman, a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company. The attack occurred on December 29, 2019.
Malware
D Electricity gas steam and air conditioning supply
CW
BH
Dustman, Bapco, Iran
34
09/01/2020
?
Albany International Airport
Albany International Airport's staff announces that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas.
Malware
H Transportation and storage
CC
US
Albany International Airport, Ransomware, Sodinokibi
35
09/01/2020
Magnallium AKA APT33, Refined Kitten, or Elfin
American Electric Utilities
Researchers from Dragos reveal that a state-sponsored group affiliated to Iran called Magnallium has been probing American electric utilities for the past year.
Password-spraying
D Electricity gas steam and air conditioning supply
The same report details the activities of three additional groups targeting the American Electric Utilities.
Targeted attack
D Electricity gas steam and air conditioning supply
CW
US
Xenotyme, Dymalloy, Electrum, Dragos
37
09/01/2020
?
Android users
Google reveals to have removed roughly 1,700 applications infected with the Joker Android malware (also known as Bread) since the company started tracking it in early 2017.
Malware
X Individual
CC
>1
Android, Bread, Joker, Google
38
09/01/2020
?
Multiple targets
A new ransomware dubbed Ako emerges in the threat landscape.
Malware
Y Multiple Industries
CC
>1
Ako, Ransomware
39
09/01/2020
?
Multiple targets
Researchers at Sentinel One reveal that the Russian-speaking cybercriminals behind the TrickBot malware have developed a stealthy backdoor dubbed “PowerTrick,” in order to infiltrate high-value targets.
Malware
Y Multiple Industries
CC
>1
Sentinel One, TrickBot, PowerTrick
40
09/01/2020
?
City of Dunwoody
The City of Dunwoody reveals to have been hit by a cyber attack during the Christmas Eve.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Dunwoody
41
09/01/2020
?
btyDental
btyDental notifies patients after suffering a ransomware attack discovered on November 2019.
Malware
Q Human health and social work activities
CC
US
btyDental, ransomware
42
09/01/2020
?
Bartlett Public Library District
The Bartlett Public Library District’s computer systems recovers from a ransomware attack occurred on Saturday, November 30.
Malware
O Public administration and defence, compulsory social security
CC
US
Bartlett Public Library District, ransomware
43
09/01/2020
?
City of Dawson Creek
The City of Dawson Creek says its computer systems were hacked in an apparent ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
CA
Dawson Creek, Ransomware
44
10/01/2020
?
Manor Independent School District
Manor Independent School District announces that email scammers had fleeced the District out of $2.3 million.
Business Email Compromise
P Education
CC
US
Manor Independent School District
45
10/01/2020
?
European websites for Perricone MD
Researchers from RapidSpike reveal that multiple european websites for the Perricone MD anti-aging skin-care brand have been compromised with scripts that steal customer payment card info when making a purchase.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Perricone MD, RapidSpike, Magecart
46
10/01/2020
?
Multiple targets in the US
The US Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations to patch their Pulse Secure VPN servers as a defense against ongoing attacks trying to exploit the CVE-2019-11510 remote code execution (RCE) vulnerability.
Vulnerability
Y Multiple Industries
CC
>1
US Cybersecurity and Infrastructure Security Agency, CISA, CVE-2019-11510, RCE
47
10/01/2020
?
Website collecting donations for the victims of the Australia bushfires
Researchers from Malwarebytes discover that attackers compromised a website collecting donations for the victims of the Australia bushfires and injected ATMZOW, a malicious script that steals the payment information of the donors.
Malicious Script Injection
Q Human health and social work activities
CC
AU
Magecart, Malwarebytes, ATMZOW
48
10/01/2020
?
Single Individuals
A malicious ad campaign is underway in Google Search results that leads users to fake Amazon support sites and tech support scams.
Search Engine Poisoning
X Individual
CC
>1
Google Search, Amazon
49
10/01/2020
?
High-profile Facebook pages
Facebook addresses a security issue that exposed page admin accounts, after the bug was exploited in attacks in the wild against several high-profile pages.
Vulnerability
X Individual
CC
>1
Facebook
50
10/01/2020
?
Android users
Researchers from Malwarebytes discover that the UMX U686CL, an Android phone subsidized by the US government for low-income users comes preinstalled with malware (Android/Trojan.HiddenAds.WRACT).
The popular Boing Boing blog is hacked by an unknown party who plants malicious code into the site’s WordPress theme. Users visiting the site from desktop computers are redirected to a fake download page for an Adobe Flash update.
Account Hijacking
J Information and communication
CC
US
Boing Boing, Adobe Flash
52
10/01/2020
?
The Center for Facial Restoration
The Center for Facial Restoration reveals to have been victim of hack back in November 2019, with the attackers threatening to release the patients' data.
Unknown
Q Human health and social work activities
CC
US
The Center for Facial Restoration
53
10/01/2020
?
Los Angeles County
Los Angeles County confirms it was the target of a phishing attack last month, which staff detected and contained before it exposed any county resident data.
Account Hijacking
P Education
CC
US
Los Angeles County
54
11/01/2020
?
Android users
Researchers from Kaspersky reveal that an Android malware, dubbed Trojan-Dropper.AndroidOS.Shopper.a, camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more.
Malware
X Individual
CC
>1
Kaspersky, Android, Trojan-Dropper.AndroidOS.Shopper.a, Google Play Protect
55
13/01/2020
?
Multiple targets
Researchers from Cofense reveal that after almost a three-week holiday vacation, the Emotet trojan is back and targeting the over eighty countries with malicious spam campaigns.
Malicious Spam
X Individual
CC
>1
Cofense, Emotet
56
13/01/2020
?
UNIX Systems
The security team at npm takes down a malicious package, discovered by the Microsoft Vulnerability Research team and named 1337qq-js, caught stealing sensitive information from UNIX systems.
Malware
Y Multiple Industries
CC
>1
npm, Microsoft Vulnerability Research team, 1337qq-js,UNIX
57
13/01/2020
?
Android users
An Android banking Trojan dubbed Faketoken has recently been observed by security researchers from Kaspersky while draining its victims' accounts to fuel offensive mass text campaigns targeting mobile devices from all over the world.
Malware
K Financial and insurance activities
CC
>1
Android, Faketoken, Kaspersky
58
13/01/2020
?
Account receivable specialists
Researchers from Agari discover a new group called Ancient Tortoise targeting accounts receivable specialists tricking them into sending over aging reports and thus collecting info on customers they can scam in later attack stages.
Business Email Compromise
K Financial and insurance activities
CC
>1
Agari, Ancient Tortoise
59
13/01/2020
?
Company in the medical tech sector
Researchers from Guardicore reveal the details of an attack targeting a company in the medical tech sector via a malware hiding its modules in WAV audio files and spreading to vulnerable Windows 7 machines on the network via EternalBlue.
Malware
C Manufacturing
CC
N/A
Guardicore, WAV, EternalBlue, Crypto
60
14/01/2020
Fancy Bear AKA APT28
Burisma
Researchers from Area 1 reveal that Russian spies from GRU are suspected of trying to hack into Burisma, the Ukrainian gas company with whom Hunter Biden worked.
Targeted attack
D Electricity gas steam and air conditioning supply
CE
UA
Area 1, Burisma, GRU, Hunter Biden, Russia, APT28, Fancy Bear
61
14/01/2020
Omnichorus
LimeLeads
49 million user records extracted from a misconfigured Elasticsearch database by US data broker LimeLeads are put up for sale online.
Misconfiguration
M Professional scientific and technical activities
CC
US
Elasticsearch, LimeLeads, Omnichorus
62
14/01/2020
?
Single Individuals
The cybercrime group behind Satan ransomware and other malware seems to be involved in the development of a new ransomware named 5ss5c.
Malware
X Individual
CC
>1
Satan, ransomware, 5ss5c
63
14/01/2020
?
Single Individuals
Researchers from Bitdefender discover 17 Google Play apps that, once installed, start hiding their presence on the user’s device and constantly display aggressive ads.
Malware
X Individual
CC
>1
Bitdefender, Google Play
64
14/01/2020
?
New Mexico Public Regulation Commission
The New Mexico Public Regulation Commission is "hacked by an outside source"
Unknown
O Public administration and defence, compulsory social security
CC
US
New Mexico Public Regulation Commission
65
15/01/2020
?
United Nations
The United Nations is hit by a cyberattack through the malware Emotet.
Malware
U Activities of extraterritorial organizations and bodies
CC
N/A
United Nations,Emotet
66
15/01/2020
?
P&N Bank
P&N Bank in Western Australia informs its customers that hackers may have accessed personal information stored on its systems following a cyber attack on December 12, during an upgrade at a third-party hosting company.
Unknown
K Financial and insurance activities
CC
AU
P&N Bank
67
15/01/2020
?
PlanetDrugsDirect
Canadian online pharmacy PlanetDrugsDirect emails customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. 400,000 individuals are potentially compromised.
Unknown
Q Human health and social work activities
CC
CA
PlanetDrugsDirect
68
15/01/2020
?
Single Individuals
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more.
Malware
X Individual
CC
>1
Oski
69
06/01/2020
?
Twitter account of former Australian cricket coach Darren Lehmann
The Twitter account of former Australian cricket coach Darren Lehmann is hacked by a Donald Trump supporter.
Account Hijacking
X Individual
H
AU
Twitter, Darren Lehmann, Donald Trump
70
08/01/2020
?
Kuwait State News Agency
Kuwait state news agency says its Twitter was hacked to spread misinformation about US withdrawal.
Account Hijacking
J Information and communication
H
KW
Kuwait State News Agency
71
10/01/2020
?
PIH Health
PIH Health notifies almost 200,000 patients whose protected health information was in employee email accounts that were compromised.
Account Hijacking
Q Human health and social work activities
CC
US
PIH Health
72
10/01/2020
?
Panama-Buena Vista Union School
Panama-Buena Vista Union School District is hit with a ransomware attack.
Malware
P Education
CC
US
Panama-Buena Vista Union School, ransomware
73
10/01/2020
Anonymous Iran
City of Ozark
Hackers from Anonymous Iran claim to have defaced the website of city of Ozark.
Defacement
O Public administration and defence, compulsory social security
H
US
Anonymous Iran, City of Ozark
74
13/01/2020
?
St. Louis Community College
More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing scam.
Account Hijacking
P Education
CC
US
St. Louis Community College
75
15/01/2020
?
Town of Colonie
The Albany County town of Colonie is hit by a cyber-attack that takes the town's computer system and email offline.
Unknown
O Public administration and defence, compulsory social security
CC
US
Town of Colonie
76
16/01/2020
?
Vulnerable Citrix Systems
Researchers from FireEye discover a malicious actor deploying a previously-unseen payload called NOTROBIN on vulnerable Citrix Systems. The actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts, establishing a backdoor for subsequent campaigns.
Vulnerability
Y Multiple Industries
CC
>1
FireEye, NOTROBIN, Citrix, CVE-2019-19781
77
16/01/2020
TA542
Pharmaceutical companies in the US, Canada and Mexico
Researchers from Proofpoint discover a new Emotet campaign targeting pharmaceutical companies in the US, Canada and Mexico
Malware
M Professional scientific and technical activities
CC
US
CA
MX
Proofpoint, Emotet
78
16/01/2020
?
Targets in Middle East
Researchers from Cisco Talos discover a new campaign selectively attacking targets in Middle East via a Remote Access Trojan (RAT), dubbed JhoneRAT, and abusing cloud services.
Targeted attack
Y Multiple Industries
CE
>1
Cisco Talos, RAT, JhoneRAT
79
16/01/2020
?
Multiple targets
Researchers from Zscaler discover a new version of the FTCODE ransomware with password-stealing capabilities.
Malware
Y Multiple Industries
CC
>1
Zscaler, FTCODE, ransomware
80
16/01/2020
?
Rudolf and Stephanie Hospital in Benešov
The Rudolf and Stephanie Hospital in Benešov is hit with a Ryuk ransomware attack.
Malware
Q Human health and social work activities
CC
CZ
The Rudolf and Stephanie Hospital, Benešov, Ryuk, Ransomware
81
16/01/2020
?
Georgia election server (Center for Election Systems at Kennesaw State University)
Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock.
Vulnerability
O Public administration and defence, compulsory social security
CC
US
Georgia, Shellshock, Center for Election Systems at Kennesaw State University
82
16/01/2020
?
US Government and Military
A new research from Cisco Talos discover a new Emotet campaign affecting the United States of America's government and military.
Malware
O Public administration and defence, compulsory social security
CC
US
Talos, Emotet
83
16/01/2020
?
City of Detroit
The City of Detroit officials warn data breach exposed city workers and residents after several email accounts were compromised.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
City of Detroit
84
17/01/2020
?
Multiple targets
Microsoft publishes a security advisory containing mitigation measures for CVE-2020-0674, an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.
Targeted attack
Y Multiple Industries
N/A
>1
Microsoft, CVE-2020-0674
85
17/01/2020
Phoenix’s Helmets (Anka Neferler Tim)
Several Greek government websites
Several Greek government websites are taken down by Turkish hackers. Targets include the Greek Parliament, the Foreign Affairs Ministry, the Athens Stock Exchange, the National Intelligence Service (EYP) and the Finance Ministry.
DDoS
O Public administration and defence, compulsory social security
H
GR
Phoenix’s Helmets, Anka Neferler Tim
86
17/01/2020
?
ADP Users
In proximity of the tax season, cybercriminals launch a phishing campaign targeting some ADP users.
Account Hijacking
X Individual
CC
US
ADP
87
17/01/2020
?
Sunset Cardiology
Sunset Cardiology is hit with a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Sunset Cardiology, Maze, ransomware
88
18/01/2020
?
Temple Har Shalom Synagogue
The Temple Har Shalom Synagogue is hit with a Sodinokibi Ransomware attack.
Malware
U Activities of extraterritorial organizations and bodies
CC
US
Temple Har Shalom Synagogue, Sodinokibi, Ransomware
89
18/01/2020
Anonymous Greece
Top Channel 24 TV
Anonymous Greece responds to the ongoing attacks of Turkish hackers by attacking the Turkish channel Top Channel 24 TV.
DDoS
J Information and communication
H
TR
Anonymous Greece, Top Channel 24 TV
90
18/01/2020
?
New Orleans Ernest N. Morial Convention Center
The New Orleans Ernest N. Morial Convention Center is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
New Orleans, Ernest N. Morial Convention Center, ransomware
91
18/01/2020
?
Adventist Health
Adventist Health notifies 2,653 patients after suffering a phishing incident.
Account Hijacking
Q Human health and social work activities
CC
US
Adventist Health
92
19/01/2020
?
Single Individuals
A new sextortion scam leverages the insecurity of connected devices to trick the victims.
Malicious Spam
X Individual
CC
>1
Sextortion
93
19/01/2020
?
Multiple targets
A hacker publishes a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.
Misconfiguration
Y Multiple Industries
CC
>1
Telnet, IoT
94
19/01/2020
?
Kamaru Usman Twitter account
UFC champion Kamaru Usman says his Twitter account was hacked, after series of explicit tweets against Conor McGregor
Account Hijacking
X Individual
CC
US
UFC, Kamaru Usman, Twitter, Conor McGregor
95
19/01/2020
?
Oman United Insurance
Oman United Insurance, one among the largest insurers in the country discloses a “ransomware attack” on the company’s data centre early this month.
Malware
K Financial and insurance activities
CC
OM
Oman United Insurance, ransomware
96
20/01/2020
Tick (China)
Mitsubishi Electric
Mitsubishi Electric discloses a security breach that might have caused the leak of personal and confidential corporate information. The breach was detected on June 28, 2019.
Targeted attack
C Manufacturing
CE
JP
Mitsubishi Electric, Tick
97
20/01/2020
?
Hanna Andersson
US children's apparel maker and online retailer Hanna Andersson discloses that its online purchasing platform was hacked and malicious code was deployed to steal customers' payment info for almost two months.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Hanna Andersson, Magecart
98
21/01/2020
Saudi Arabia
Jeff Bezos
An investigation reveals that Jeff Bezos' phone exfiltrated a massive amounts of personal information after receiving a WhatsApp-attached video file sent by the future king of Saudi Arabia, Prince Mohammed bin Salman on May 1, 2018.
Targeted attack
X Individual
CE
US
Jeff Bezos, WhatsApp, Prince Mohammed bin Salman
99
21/01/2020
?
Volusia County Public Library (VCPL
600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches from Daytona Beach, Florida, following a cyberattack that started around 7 AM on January 9
Unknown
O Public administration and defence, compulsory social security
CC
US
Volusia County Public Library, VCPL
100
21/01/2020
?
Vulnerable Wordpress sites
Researchers from Sucuri reveal that over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites. The campaign was possible because of two vulnerable plugins ("CP Contact Form with PayPal" and "Simple Fields").
Vulnerability
Y Multiple Industries
CC
>1
Sucuri, Wordpress, "CP Contact Form with PayPal", "Simple Fields"
101
21/01/2020
?
100 UPS Store Locations
Sensitive personal and financial information of UPS Store customers is exposed in a phishing incident affecting roughly 100 local store locations between September 29, 2019, and January 13, 2020.
Account Hijacking
G Wholesale and retail trade
CC
US
UPS Store
102
21/01/2020
Threat Actors from Iran
Multiple targets in the US
The FBI Cyber Division issues a flash security alert related to the recent defacement attacks operated by Iranian threat actors.
Defacement
Y Multiple Industries
CW
US
FBI, Iran
103
21/01/2020
?
Single Individuals
Researchers from Malwarebytes reveal the details of a large high-profile malvertising campaign distributing browser lockers.
Malvertising
X Individual
CC
>1
Malwarebytes
104
21/01/2020
?
Citibank customers
Researchers discover q new Citibank phishing scam that utilizes a convincing domain name, TLS certs, and even requests OTP codes that could easily trick their victims.
Account Hijacking
K Financial and insurance activities
CC
US
Citibank
105
21/01/2020
?
Multiple targets
Researchers from Microsoft discover a new version of the sLoad malware downloader, dubbed Starslord.
Malware
Y Multiple Industries
CC
>1
Microsoft, sLoad, Starslord
106
21/01/2020
?
PayPal customers
Researchers from ZeroFOX discover a new version of the 16Shop phishing campaign targeting PayPal customers.
Account Hijacking
G Wholesale and retail trade
CC
>1
ZeroFOX, 16Shop, PayPal
107
21/01/2020
?
Vulnerable internet routers running the Tomato firmware
Researchers from Palo Alto Networks reveal that internet routers running the Tomato alternative firmware are under active attack by the Muhstik botnet, searching for devices using default credentials.
Misconfiguration
Y Multiple Industries
CC
>1
Palo alto Networks, Muhstik, Tomato
108
21/01/2020
?
Multiple targets
Researchers from Cisco Talos discover a new large-scale cryptomining campaign, dubbed Vivin, acting since more than two years.
Malware
Y Multiple Industries
CC
>1
Cisco Talos, Vivin, Crypto
109
22/01/2020
?
Tillamook County
Tillamook County is hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Tillamook County, ransomware
110
22/01/2020
?
Greenville Water
Greenville Water is hit by a cyber attack.
Unknown
E Water supply, sewerage waste management, and remediation activities
CC
US
Greenville Water
111
22/01/2020
?
FedEx customers
FedEx warns of a new text message phishing scam that at first glance looks to be about a FedEx package delivery.
Account Hijacking
X Individual
CC
US
FedEx
112
22/01/2020
?
Android users
Researchers from Dr.Web discover a new campaign targeting Android users via the Android.Xiny mobile trojan.
Malware
X Individual
CC
>1
Dr.Web, Android, Android.Xiny
113
23/01/2020
?
Gedia Automotive Group
Parts manufacturer Gedia Automotive Group shuts down its network after being hit with a Sodinokibi ransomware attack.
Malware
C Manufacturing
CC
DE
Gedia Automotive Group, ransomware, Sodinokibi
114
23/01/2020
?
Sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics
The sites belonging to a reseller of tickets for Euro Cup and the Tokyo Summer Olympics (olympictickets2020[.]com), are the victims of a magecart attack.
Malicious Script Injection
R Arts entertainment and recreation
CC
N/A
Magecart, Euro Cup, Tokyo Summer Olympics, olympictickets2020[.]com
115
23/01/2020
APT33?
European energy sector organization
Researchers from Recorded Future discover a cyber espionage campaign with suspected ties to Iran, targeting the European energy sector in a reconnaissance campaign via the PupyRAT software.
Targeted attack
D Electricity gas steam and air conditioning supply
CE
EU
APT33, PupyRAT, Recorded Future
116
23/01/2020
?
Bitcoin Gold
Bitcoin Gold experiences a 51% attack. A total amount of over $70,000 is double-spent
51% Attack
V Fintech
CC
N/A
Bitcoin Gold
117
23/01/2020
?
Ben Gurion International Airport
As Israel hosted dozens of world leaders last week for the World Holocaust Forum, the country’s cyber defense system fended off hundreds of cyberattacks targeting the country’s international airport and the planes of the world leaders.
>1
H Transportation and storage
>1
IL
Ben Gurion International Airport
118
24/01/2020
?
City of Potsdam
The City of Potsdam severs the administration servers' Internet connection following a ransomware attack carried out exploiting the CVE-2019-1978 vulnerability.
Malware
O Public administration and defence, compulsory social security
CC
DE
City of Potsdam, ransomware, CVE-2019-1978
119
24/01/2020
Konni Group
U.S. government agency
Researchers at Palo Alto Networks' Unit 42 discover a new campaign dubbed "Fractured Statue", carried out via a malware called CARROTBALL, used in targeted attacks, against a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.
Targeted attack
O Public administration and defence, compulsory social security
CE
US
Palo Alto Networks, Unit 42, CARROTBALL, North Korea, Konni Group, Fractured Statue
120
24/01/2020
?
Targets in the government, military, and financial sector
A new version of the Ryuk Stealer malware is discovered. This version allows to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.
Malware
Y Multiple Industries
CC
>1
Ryuk, ransomware
121
24/01/2020
Turkish hackers
Several Government websites in Greece
A new DDoS attack hits the official state websites of the Greek prime minister, the national police and fire service and other ministries.
DDoS
O Public administration and defence, compulsory social security
H
GR
Turkey, Greece
122
24/01/2020
?
Tampa Bay Times
The Tampa Bay Times suffers a Ryuk ransomware attack.
Malware
J Information and communication
CC
US
Tampa Bay Times, Malware
123
26/01/2020
?
Bird Construction
Bird Construction acknowledges to have been recently hit with a Maze ransomware attack.
Malware
M Professional scientific and technical activities
CC
CA
Bird Construction, Maze, ransomware
124
26/01/2020
?
SuperCasino
The online gambling platform SuperCasino experiences a data breach that exposes sensitive information belonging to its customers.
Unknown
R Arts entertainment and recreation
CC
MT
SuperCasino
125
27/01/2020
State-sponsored Turkish hackers
At least 30 organizations
Turkish hackers allegedly acting in the interest of the Turkish government are believed to have attacked at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups
DNS hijacking
Y Multiple Industries
CE
>1
Turkey
126
27/01/2020
OurMine
Twitter accounts of over a dozen popular American football teams, the NFL, the UFC, and ESPN.
The OurMine collective hacks hijacks the Twitter accounts of over a dozen popular American football teams, including the San Francisco 49ers and Kansas City Chiefs, who competed in the Super Bowl Final, the NFL, the UFC, and ESPN.
Account Hijacking
R Arts entertainment and recreation
CC
US
OurMine, Twitter, San Francisco 49ers, Kansas City Chiefs, Super Bowl, NFL, UFC, ESPN
127
27/01/2020
Aggah
Some Italian companies operating in the Retail sector
Researchers from Yoroi-Cybaze ZLab discover a new attack attempts directed to some Italian companies operating in the Retail sector linked to Aggah campaign.
Targeted attack
G Wholesale and retail trade
CC
IT
Aggah, Yoroi-Cybaze Zlab
128
27/01/2020
?
Royal Yachting Association
The Royal Yachting Association (RYA) forces a password reset for all online users after warning that some that their data may have been compromised by a third party.
Unknown
S Other service activities
CC
US
Royal Yachting Association
129
28/01/2020
?
Vulnerable Citrix ADC servers
A new ransomware called Ragnarok is detected being used in targeted attacks against unpatched Citrix ADC servers vulnerable to the CVE-2019-19781 exploit.
Malware
Y Multiple Industries
CC
>1
Ragnarok, Citrix, CVE-2019-19781, Ransomware
130
28/01/2020
?
Red Kite Community Housing
Red Kite Community Housing announces to have fallen victim to a cyber-scam in which criminals posed as genuine service providers to steal a staggering £932,000.
Domain Spoofing
S Other service activities
CC
UK
Red Kite Community Housing
131
28/01/2020
?
Tissue Regenix Group PLC
Tissue Regenix Group PLC says that its computer systems and a third-party IT service provider in the United States were accessed without authorization.
Unknown
C Manufacturing
CC
US
Tissue Regenix Group PLC
132
28/01/2020
?
Personal Touch Home Care of Greater Portsmouth.
Personal Touch Home Care of Greater Portsmouth notifies a Maze ransomware attack occurred on December 1, 2019.
Malware
S Other service activities
CC
US
Personal Touch Home Care of Greater Portsmouth, Maze, Ransomware
133
29/01/2020
?
United Nations
A leaked report reveals that the European network of the United Nations were compromised during the Summer of 2019
Targeted attack
U Activities of extraterritorial organizations and bodies
CE
N/A
United Nations
134
29/01/2020
?
Electronic Warfare Associates (EWA)
Electronic Warfare Associates (EWA), a 40-year-old electronics company and a well-known US government contractor, is hit with the Ryuk ransomware.
A new campaign is discovered distributing the Emotet malware in Japan, and leveraging the scare of Coronavirus.
Malicious Spam
X Individual
CC
JP
Emotet, Coronavirus
136
29/01/2020
?
Multiple targets
The attackers behind the Maze ransomware publish a list of 25 victims with small data sets leaked as a proof of the hack.
Malware
Y Multiple Industries
CC
>1
Maze
137
29/01/2020
?
LiveRamp
Facebook reveals that back in October, hackers commandeered the personal account of a LiveRamp employee and used it to gain access to the company's Business Manager account -- allowing them to run ads using other people's money.
Account Hijacking
M Professional scientific and technical activities
CC
US
Facebook, LiveRamp
138
30/01/2020
NEC
NEC confirms to have been hit with a cyberattack since 2018 that resulted in unauthorized access to its internal network and the exposure of 28,000 files.
Targeted attack
C Manufacturing
CE
JP
NEC
139
30/01/2020
APT34 AKA Oilrig (Iran government-backed)
US Government workers
Researchers from Intezer Lab reveal the details of a spear-phishing campaign, mimicking Westat surveys, a well-known US government contractor that has managed and administered surveys to more than 80 federal agencies, since at least 16 years.
Targeted attack
O Public administration and defence, compulsory social security
CE
US
APT34, Oilrig, Iran, Intezer Lab, Westat
140
30/01/2020
TA505
Multiple targets
Researchers from Microsoft and Prevailion reveal a new campaign by TA505, weaponizing Excel documents.
Targeted attack
Y Multiple Industries
CC
>1
Microsoft, Prevailion, TA 505, Excel
141
30/01/2020
?
Undisclosed Canadian Insurance company
A Canadian insurance company paid nearly $1 million USD (about $1.3 million CAD) following a ransomware attack.
Malware
K Financial and insurance activities
CC
CA
Ransomware
142
30/01/2020
?
Users in the US
Multiple Coronavirus Phishing Campaigns are discovered, actively targeting US users.
Account Hijacking
X Individual
CC
US
Coronavirus
143
30/01/2020
?
Single Individuals
Researchers discover a new phishing campaign distributing malware, pretending to be from the Spamhaus Project.
Malicious Spam
X Individual
CC
>1
Spamhaus
144
30/01/2020
?
Rijksmuseum Twenthe
Hackers posing as a veteran London art dealer trick Rijksmuseum Twenthe, a Dutch museum, buying a John Constable painting into paying 2.4 million pounds ($3.1 million) to a fraudulent bank account.
Business Email Compromise
S Other service activities
CC
NL
Rijksmuseum Twenthe, John Constable
145
30/01/2020
?
UK Taxpayers
Cybersecurity company Mimecast discover an uptick in scams using the promise of tax refunds as a way to entice the victims into giving up private information including their name, address, phone number and card details.
Account Hijacking
X Individual
CC
UK
Mimecast, HMRC
146
30/01/2020
?
Multiple targets
Researchers from Lastline discover a large-scale spam campaign spreading info-stealing malware (Agent Tesla and LokiBot) and using advanced obfuscation techniques.
Malicious Spam
Y Multiple Industries
CC
>1
Lastline, Agent Tesla, LokiBot
147
31/01/2020
?
Bouygues Construction
French construction giant Bouygues Construction shut down their computer network to avoid having all of their data encrypted by the Maze Ransomware.
Malware
M Professional scientific and technical activities
CC
FR
Bouygues Construction, Maze, Ransomware
148
31/01/2020
?
Hong Kong Universities
Researchers from ESET discover a new campaign of the Winnti group targeting some Hong Kong universities via the ShadowPad backdoor.
Targeted attack
P Education
CE
HK
ESET, Winnti. Hong Kong, ShadowPad
149
31/01/2020
?
TVEyes
TVEyes, a broadcast television search engine used by political campaigns to monitor opponents and track ads, is hit with a ransomware attack.
Malware
J Information and communication
CC
US
TVEyes, ransomware
150
31/01/2020
?
Single Individuals
A new extortion campaign leverages the Ashley Madison breach
Malicious Spam
X Individual
CC
>1
Ashley Madison
151
31/01/2020
?
City of Racine
The city of Racine is hit with a ransomware attack that knocks most of its non-emergency computer services offline.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Racine, malware
152
28/01/2020
?
Laurentian Bank
Police investigate after thieves hack three banking machines in the greater Montreal area, making off with an estimated $55,000.
Unknown
K Financial and insurance activities
CC
CA
Laurentian Bank
153
30/01/2020
?
Grundy County Courthouse
The Grundy County Courthouse experiences a "cybersecurity breach".
Unknown
O Public administration and defence, compulsory social security
CC
US
Grundy County Courthouse
154
30/01/2020
?
Mountain View Los Altos High School (MVLA)
Mountain View Los Altos High School is hit with a cyber attack.
Unknown
P Education
CC
US
Mountain View Los Altos High School, MVLA
155
31/01/2020
?
US Department of Defense (DOD)
A security researcher discovers a cryptocurrency-mining botnet inside a web server operated by the US Department of Defense (DOD).
Vulnerability
O Public administration and defence, compulsory social security
CC
US
US Department of Defense, DOD
156
31/01/2020
?
Dundee and Angus College
Dundee and Angus College is apparently hit with a ransomware attack.
Malware
P Education
CC
UK
Dundee and Angus College, Ransomware
157
31/01/2020
?
Everton Fan Services Twitter account
The Everton Fan Services Twitter account is allegedly hacked.
Account Hijacking
R Arts entertainment and recreation
CC
UK
Everton Fan Services, Twitter
158
31/01/2020
?
Fondren Orthopedic Group
Fondren Orthopedic Group notifies patients after a malware incident occurred on November 21, 2019, destroyed patient records.
Malware
Q Human health and social work activities
CC
US
Fondren Orthopedic Group, ransomware
159
31/01/2020
?
Belvidere City Hall
Belvidere City Hall is the victim of a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
US
Belvidere City Hall
160
01/02/2020
?
More than 2,300 Nortek Security & Control (NSC) Linear eMerge E3 building access systems
Researchers from SonicWall reveal that attackers have already compromised more than 2,300 Linear eMerge E3 building access systems exploiting CVE-2019-7256.
Vulnerability
Y Multiple Industries
CC
>1
Nortek Security & Control, NSC, Linear eMerge E3
161
01/02/2020
?
Five U.S. Law Firms
Five U.S. law firms are among the companies and organizations targeted by a new round of ransomware attacks.
Malware
M Professional scientific and technical activities
CC
US
Ransomware
162
01/02/2020
?
Confederation College
Confederation College suffers a malware attack.
Malware
P Education
CC
US
Confederation College
163
03/02/2020
?
Toll Group
Toll Group announces that to have experienced a "cybersecurity incident", and shuts down a number of IT systems at multiple sites across Australia in a bid to resolve the issue. The attack is allegedly caused by the Kokoklock (or Mailto) ransomware.
Malware
M Professional scientific and technical activities
CC
AU
Toll Group, ransomware, Kokoklock, Mailto
164
03/02/2020
?
Multiple targets
Researchers from Dragos reveal the details of EKANS, a new malware strain able to encrypt data and stop applications used in industrial control systems.
Malware
Y Multiple Industries
CC
>1
Dragos, EKANS
165
03/02/2020
?
Government targets in Middle East
Researchers from Palo Alto Networks discover a new wave of campaigns exploiting CVE-2019-0604 against Middle East government targets.
Targeted attack
O Public administration and defence, compulsory social security
CE
>1
Palo Alto Networks
166
03/02/2020
?
Credit Union National Association (CUNA)
Systems of the Credit Union National Association are knocked offline following a “cyber incident.”
Malware
K Financial and insurance activities
CC
US
Credit Union National Association, CUNA, ransomware
167
03/02/2020
?
Twitter users
Twitter discloses a security incident during which third-parties exploited the company's official API to match phone numbers with Twitter usernames.
API Exploit
X Individual
CC
>1
Twitter
168
03/02/2020
?
Multiple targets
Security researchers discover a new wave of domains injected with Magecart skimmers hosted on opendoorcdn[.]com.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
opendoorcdn[.]com, Magecart
169
03/02/2020
?
Business account holders of the larger banks in Brazil
Researchers from IBM X-Force reveal the details of a new campaign of the Camubot malware targeting business account holders of the larger banks in Brazil.
Targeted attack
K Financial and insurance activities
CC
BR
IBM X-Force, Camubot
170
03/02/2020
?
Multiple targets
A new malicious spam campaign distributes the AZORult trojan and uses three levels of encryption to avoid detection.
Malicious Spam
Y Multiple Industries
CC
>1
AZORult
171
04/02/2020
?
Undisclosed state-level voter registration and information site
The US Federal Bureau of Investigation (FBI) warns of a potential DDoS attack that targeted a state-level voter registration and information site.
DDoS
O Public administration and defence, compulsory social security
CC
US
FBI
172
04/02/2020
?
Single Individuals
The Emotet Trojan gets ready for the tax season with a fresh spam campaign pretending to be signed W-9 tax forms.
Malicious Spam
X Individual
CC
>1
Emotet, W-9
173
04/02/2020
?
Customers of financial institutions in multiple countries.
Researchers from Fortinet discover a new Metamorfo variant targeting customers of financial institutions in multiple countries.
Malware
K Financial and insurance activities
CC
>1
Fortinet, Metamorfo
174
04/02/2020
?
Ukrainian ISP
Ukrainian police arrest a 16-year-old from the city of Odessa for attempting to extort a local ISP into sharing data on one of its subscribers.
DDoS
M Professional scientific and technical activities
CC
UA
Ukraine
175
04/02/2020
?
North Miami Beach Police Department
The North Miami Beach Police Department determines to have been impacted by ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
North Miami Beach Police Department
176
04/02/2020
?
Golden Entertainment
Golden Entertainment notifies customers, employees, and vendors of a phishing attack occurred between May and October 2019.
Account Hijacking
R Arts entertainment and recreation
CC
US
Golden Entertainment
177
04/02/2020
?
St. Louis Community College
More than 5,100 St. Louis Community College students and employees have their personal information accessed via a phishing attack discovered on January 13.
Account Hijacking
P Education
CC
US
St. Louis Community College
178
04/02/2020
?
Eastern Virginia Medical School
Eastern Virginia Medical School discloses a phishing attack that could have exposed employees’ personal information, including bank accounts and Social Security numbers.
Account Hijacking
Q Human health and social work activities
CC
US
Eastern Virginia Medical School
179
05/02/2020
?
Credit card holders from India
Researchers from Group-IB discover a database containing over 460,000 payment card records uploaded to Joker's Stash, one of the most popular darknet cardshops.
Unknown
K Financial and insurance activities
CC
IN
Group-IB, Joker's Stash
180
05/02/2020
?
Single Individuals
Researchers from Cybereason discover an active campaign distributing an arsenal of malware that is able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world. The payloads observed in this campaign originated from different accounts in code repository platform Bitbucket, which was abused as part of the attackers delivery infrastructure.
Malware
X Individual
CC
>1
Cybereason, Bitbucket
181
05/02/2020
?
Altsbit
Altsbit announces to have been hit with a devastating hack. Criminals made off with 1,066 Komodo (KMD) tokens and 283,375 Verus (VRSC) "coins" with a combined value of $27,000.
Unknown
V Fintech
CC
IT
Altsbit, Crypto
182
05/02/2020
Charming Kitten
Journalists, political and human rights activists
Researchers from Certfa Lab identify a new series of phishing attacks from Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services, targeting journalists, political and human rights activists.
Account Hijacking
X Individual
CE
>1
Charming Kitten
183
05/02/2020
?
Single Individuals
Another phishing campaign, claiming to be sent from the World Health Organization (WHO), leverages the fear of the Coronavirus.
Account Hijacking
X Individual
CC
>1
World Health Organization, WHO, Coronavirus
184
05/02/2020
APT40
Malaysian government officials
Malaysia's Computer Emergency Response Team (MyCERT) reveal the details of a campaign carried out by APT40, targeting local government officials using malicious documents exploiting CVE-2014-6352 and CVE-2017-0199.
Targeted attack
O Public administration and defence, compulsory social security
Financial services organizations in the United States
Researchers from FireEye continue to observe multiple targeted phishing campaigns designed to download and deploy a backdoor tracked as MINEBRIDGE.
Targeted attack
K Financial and insurance activities
CE
US
FireEye, MINEBRIDGE
186
05/02/2020
Gamaredon
Ukrainian military and security institutions
Researchers from SentinelOne reveal an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December.
Targeted attack
O Public administration and defence, compulsory social security
CE
UA
Gamaredon, SentinelOne, SentinelLabs
187
05/02/2020
?
Mississippi Center for Legal Services and North Mississippi Rural Legal Services
Mississippi Center for Legal Services and North Mississippi Rural Legal Services warn to have been hit with a Ryuk ransomware attack on Christmas Eve.
Malware
K Financial and insurance activities
CC
US
Mississippi Center for Legal Services, North Mississippi Rural Legal Services, ransomware, Ryuk
188
05/02/2020
?
Educational Enrichment Systems
Educational Enrichment Systems discloses a phishing attack occurred between May and July 2019.
Account Hijacking
P Education
CC
US
Educational Enrichment Systems
189
05/02/2020
?
All About Potential Family Chiropractic
All About Potential Family Chiropractic is hit with a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
All About Potential Family Chiropractic, Ransomware, Maze
190
06/02/2020
?
Android users
Researchers from Cofense discover a new phishing campaign targeting Android users, infecting their devices with the Anubis banking Trojan, embedded in more than 250 banking and shopping applications.
Malware
X Individual
CC
>1
Cofense, Android, Anubis
191
06/02/2020
?
Pasco Corporation
Japanese defense contractor Pasco Corporation (Pasco) discloses a security breach that happened in May 2018.
Targeted attack
C Manufacturing
CE
JP
Pasco Corporation
192
06/02/2020
?
Kobe Steel (Kobelco)
Japanese defense contractor Kobe Steel (Kobelco) discloses a security breach that happened in June 2015/August 2016.
Targeted attack
C Manufacturing
CE
JP
Kobe Steel, Kobelco
193
06/02/2020
?
Two undisclosed victims
Researchers from Sophos investigate two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers and install the RobbinHood ransomware. The signed driver is part of a deprecated software package published by Gigabyte, with a known vulnerability tracked as CVE-2018-19320.
Researchers from Kaspersky discover more than 20 phishing websites and 925 malicious files presented disguised as early released copy of the Oscar movies.
Malware
X Individual
CC
>1
Kaspersky, Oscar
195
06/02/2020
?
Banks and financial institutions in the US and the UK
Researchers from Menlo Security reveal the details of a new Emotet campaign targeting banks and financial institutions in the US and the UK.
Malware
K Financial and insurance activities
CC
US
UK
Menlo Security, Emotet
196
06/02/2020
Gorgon Group
Multiple targets
Researchers from Prevailion reveal the details of a new campaign carried out by the Gorgon Group through spoofed login portals.
Account Hijacking
Y Multiple Industries
CC
>1
Gorgon Group, Prevailion
197
06/02/2020
?
Idaho Central Credit Union
Idaho Central Credit Union informs some customers of two data breaches that impacted the financial institution
Account Hijacking
K Financial and insurance activities
CC
US
Idaho Central Credit Union
198
06/02/2020
?
Single Individuals
Researchers from Dr.Web discover a campaign using the CNET website to spread malware through its software download section, via a download link of a popular video player, VSDC.
Malware
X Individual
CC
>1
CNET, VSDC, Dr.Web
199
07/02/2020
?
Multiple targets
Researchers from Binary Defense discover a new variant of Emotet spreading via Wi-Fi networks.
Malware
Y Multiple Industries
CC
>1
Binary Defense, Emotet
200
07/02/2020
OurMine
Facebook's Twitter and Instagram accounts
Hackers from the OurMine collective claim to have taken over Facebook's Twitter and Instagram accounts.
Account Hijacking
M Professional scientific and technical activities
CC
US
OurMine, Facebook, Twitter, Instagram
201
07/02/2020
?
Single Individuals
Security researchers from Kaspersky discover a phishing campaign that poses as an email from the United States’ CDC (Centers of Disease Control).
Account Hijacking
X Individual
CC
US
Kaspersky, Coronavirus, CDC, Centers of Disease Control
202
07/02/2020
?
Rockdale County
Some Rockdale County services are impacted after multiple county servers were are by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Rockdale County
203
07/02/2020
LulzSec ITA
Universities of Basilicata, Napoli and Roma 3
The Italian hacktivist collective LulzSec ITA claims via Twitter to have hacked three Italian universities: Basilicata, Napoli and Roma 3.
SQL Injection
P Education
H
IT
LulzSec ITA, Basilicata, Napoli, Roma 3
204
07/02/2020
?
Allegheny Intermediate Unit school system
The Allegheny Intermediate Unit school system is hit with a ransomware attack.
Malware
P Education
CC
US
Allegheny Intermediate Unit school system, ransomware
205
07/02/2020
?
Shields Health Solutions
Shields Health Solutions notifies its patients after an the email account of an employee is hacked between October 22 and October 24 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Shields Health Solutions
206
08/02/2020
?
Redcar and Cleveland Council
Redcar and Cleveland Council is hit with a ransomware cyber-attack.
Malware
O Public administration and defence, compulsory social security
CC
UK
Redcar and Cleveland Council, ransomware
207
08/02/2020
?
50 sites of three of the world’s largest manufacturers of IoT devices in the Middle East, North America, and Latin America
Researchers from TrapX discover a malware campaign targeting 50 sites of three of the world’s largest manufacturers of IoT devices to install a variant of the Lemon_Duck cryptominer.
Malware
C Manufacturing
CC
>1
TrapX, Lemon_Duck crypto
208
09/02/2020
?
Iran Internet infrastructure
Iran is allegedly hit with a powerful cyber attack able to take down the 25% if its Internet.
DDoS
J Information and communication
CW
IR
Iran
209
10/02/2020
Outlaw
Linux-based enterprise systems
Researchers from Trend Micro reveal a new campaign by the group known as Outlaw. This the time the group infiltrates Linux-based enterprise systems in order to hijack computer power and mine for the privacy coin Monero (XMR).
Malware
Y Multiple Industries
CC
>1
Outlaw, Trend Micro, Crypto, Monero, XMR
210
10/02/2020
?
Havre Public Schools
Havre Public Schools are hit with a ransomware attack.
Malware
P Education
CC
US
Havre Public Schools, ransomware
211
10/02/2020
?
Wilson Elser Moskowitz Edelman & Dicker
The law firm Wilson Elser Moskowitz Edelman & Dicker is hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Wilson Elser Moskowitz Edelman & Dicker, ransomware
212
10/02/2020
?
US Supply chain software providers
The FBI has warns the US private sector about an ongoing hacking campaign that's targeting supply chain software providers with the Kwampirs malware.
Malware
Y Multiple Industries
CC
US
FBI, Kwampirs
213
10/02/2020
?
Managing Service Providers
A new ransomware called Ragnar Locker emerges, specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.
Malware
M Professional scientific and technical activities
CC
>1
Ragnar Locker, Ransomware
214
10/02/2020
?
Single Individuals
Researchers from Kaspersky spot a new malware called KBOT, a virus that spreads by injecting malicious code into Windows executable files, the first "living" virus in recent years spotted in the wild.
Malware
X Individual
CC
>1
KBOT, Kaspersky
215
10/02/2020
?
City of Garrison
The City of Garrison is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Garrison, Malware
216
10/02/2020
?
Vernon Schools
Vernon Schools shut down the internet after suffering a cyber attack.
Unknown
P Education
CC
US
Vernon Schools
217
10/02/2020
?
Industries susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic
Proofpoint researchers uncover new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping, and aim to distribute the AZORult trojan.
Malicious Spam
Y Multiple Industries
CC
>1
Coronavirus, AZORult
218
11/02/2020
?
Nacogdoches Independent School District
A ransomware attack affects some computers at Nacogdoches Independent School District.
Malware
P Education
CC
US
Nacogdoches Independent School District, ransomware
219
11/02/2020
?
College of Family Physicians of Canada
Doctors from the College of Family Physicians of Canada are the targets of a phishing campaign.
Account Hijacking
Q Human health and social work activities
CC
CA
College of Family Physicians of Canada
220
11/02/2020
?
Baker Wotring
The Baker Wotring law firm has its data exposed by the Maze gang, including fee agreements and diaries from personal injury cases.
Malware
M Professional scientific and technical activities
CC
US
Baker Wotring, Maze, ransomware
221
11/02/2020
?
Individuals in the U.S.
The U.S. Federal Trade Commission (FTC) warns about ongoing scam campaigns that make use of the current Coronavirus global scale health crisis to bait potential targets from the United States via phishing emails, text messages, and social media.
Account Hijacking
X Individual
CC
US
U.S. Federal Trade Commission, FTC, Coronavirus
222
11/02/2020
?
American Express and Chase Customers
A clever phishing campaign is underway that pretends to be fraud protection emails from American Express and Chase that ask you to confirm if the listed credit card transactions are legitimate.
Account Hijacking
K Financial and insurance activities
CC
US
American Express, Chase
223
11/02/2020
?
The Pediatric Physicians’ Organization at Children’s (PPOC)
The Pediatric Physicians’ Organization at Children’s (PPOC) is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
US
The Pediatric Physicians’ Organization at Children’s, (PPOC), ransomware
224
11/02/2020
?
Carson City
Carson City is the latest victim of the Click2Gov breach.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
Carson City, Click2Gov
225
11/02/2020
?
Altice USA Inc.
Altice USA Inc. exposes the Social Security numbers, birth dates and other personal information of all 12,000 current employees as well as some former employees and a small number of customers, after a phishing attack in November 2019.
Account Hijacking
J Information and communication
CC
US
Altice USA Inc.
226
12/02/2020
?
Puerto Rico’s government
Puerto Rico’s government loses more than $2.6 million after falling for a Business Email Compromise Scam. The incident occurred on January 17.
Business Email Compromise
O Public administration and defence, compulsory social security
CC
PR
Puerto Rico
227
12/02/2020
?
IOTA Foundation
IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, shuts down its entire network after hackers exploit a vulnerability in the IOTA wallet app to steal user funds.
Vulnerability
V Fintech
CC
DE
IOTA Foundation, Crypto
228
12/02/2020
?
Countries in South America and Central America, as well as the U.S.
Researchers from Cisco Talos discover a new campaign carried out through a new version of Loda, a remote access trojan written in AutoIT
Targeted attack
Y Multiple Industries
CE
>1
Cisco Talos, Loda
229
12/02/2020
?
Single Individuals
Researchers from Emisoft discover a new ransomware strain, dubbed Ransomwared, asking for explicit images are ransom.
Malware
X Individual
CC
>1
Emisoft, ransomware, Ransomwared,
230
12/02/2020
?
Central Kansas Orthopedic Group
Central Kansas Orthopedic Group notifies more than 17,000 patients to have suffered a ransomware attack on January 9, 2019.
Malware
Q Human health and social work activities
CC
US
Central Kansas Orthopedic Group, ransomware
231
12/02/2020
?
Palm Beach county's election office
it is reported that Palm Beach election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections.
Malware
O Public administration and defence, compulsory social security
CC
US
Florida, Ransomware
232
13/02/2020
?
Rutter's
Rutter's discloses that 71 locations were infected with a point-of-sale (POS) malware that was used by attackers to steal customers' credit card information.
Malware
G Wholesale and retail trade
CC
US
Rutter's
233
13/02/2020
?
Nedbank
Nedbank discloses a security incident that impacts the personal details of 1.7 million users. The bank says the breach occurred at Computer Facilities (Pty) Ltd, a South African company the bank was using to send out marketing and promotional campaigns.
Vulnerability
K Financial and insurance activities
CC
ZA
Nedbank
234
13/02/2020
MoleRATs (aka The Gaza Cybergang)
Entities and individuals in the Palestinian territories
Researchers from Cybereason discover two simultaneous campaigns (Spark and Pierogi) targeting entities and individuals in the Palestinian territories.
Targeted attack
X Individual
CE
PS
MoleRATs (aka The Gaza Cybergang)
235
13/02/2020
?
Chrome users
Security researchers discover and take down a malicious campaign dating back to 2017, using up to 500 malicious Chrome extensions.
Malicious Browser Extension
X Individual
CC
>1
Chrome
236
13/02/2020
?
Multiple targets
A remote access Trojan named Parallax is being widely distributed through malicious spam campaigns that when installed allow attackers to gain full control over an infected system.
Malware
Y Multiple Industries
CC
>1
Parallax
237
13/02/2020
?
SIngle Individuals
Researchers from IBM X-Force discover a new Emotet-powered sextortion campaign.
Malicious Spam
X Individual
CC
>1
IBM X-Force, Emotet, Sextortion
238
13/02/2020
?
Relation Insurance
Relation Insurance discloses a phishing attack occurred on August 15, 2019.
Account Hijacking
K Financial and insurance activities
CC
US
Relation Insurance
239
14/02/2020
Hidden Cobra (AKA Lazarus Group)
Targets in the US
Multiple U.S. government agencies warn of a newly intensifying threat from North Korea.
Targeted attack
Y Multiple Industries
CE
US
Hidden Cobra, Lazarus Group
240
14/02/2020
?
Banks in the U.S. and Canada
Researchers from Lookout discover a phishing campaign focused on mobile banking used over 200 pages to impersonate legitimate websites for well-known banks in the U.S. and Canada.
Account Hijacking
K Financial and insurance activities
CC
US
CA
Lookout, US, Canada
241
14/02/2020
?
27 companies
A targeted phishing attack using SLK attachments is underway against twenty-seven companies, with some of them being well-known brands, to gain access to their corporate networks.
Account Hijacking
Y Multiple Industries
CE
>1
Phishing
242
14/02/2020
?
Single Individuals
Researchers from Trend Micro discover a new LokiBot campaign attempting to infect users by impersonating the launcher for Epic Games.
Malware
X Individual
CC
>1
LokiBot, Trend Micro, Epic Games
243
14/02/2020
?
PSL Services
PSL Services notifies its clients of a phishing attack occurred on December 17, 2019.
Account Hijacking
M Professional scientific and technical activities
CC
US
PSL Services
244
14/02/2020
?
Charleston Lube Partners
Charleston Lube Partners reveals to have been hit by a PoS malware between February 14, 2019 and August 19, 2019.
Malware
I Accommodation and food service activities
CC
US
Charleston Lube Partners
245
15/02/2020
?
Port Lavaca
The Port Lavaca City Hall is hit with a Ryuk ransomware attack,
Malware
O Public administration and defence, compulsory social security
CC
US
Port Lavaca, Ryuk, ransomware
246
15/02/2020
OurMine
FC Barcelona Twitter Account
Hackers from the OurMine collective claim to have hijacked the Twitter account of FC Barcelona.
Account Hijacking
R Arts entertainment and recreation
CC
ES
OurMine, FC Barcelona, Twitter
247
15/02/2020
OurMine
The International Olympic Committee Twitter Account
The International Olympic Committee Twitter Account Twitter account is also hacked by OurMine
Account Hijacking
U Activities of extraterritorial organizations and bodies
CC
N/A
OurMine, International Olympic Committee, Twitter
248
15/02/2020
?
Interactive Medical Systems
Wake County notifies that 1,900 employees are affected by a phishing attack to Interactive Medical Systems, a former benefits administrator.
Account Hijacking
M Professional scientific and technical activities
CC
US
Wake County, Interactive Medical Systems
249
13/02/2020
?
Grand Est
The Grand Est region is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Grand Est, ransomware
250
14/02/2020
?
INA Group
A ransomware attack cripples some business operations at INA Group, Croatia's biggest oil company, and its largest petrol station chain.
Malware
D Electricity gas steam and air conditioning supply
CC
HR
INA Group, ransomware
251
14/02/2020
?
BST
A Maze ransomware attack on BST, an accounting firm in December exposes the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm.
Malware
K Financial and insurance activities
CC
US
Maze, BST, Community Care Physicians
252
14/02/2020
?
Tennessee Orthopaedic Alliance
Tennessee Orthopaedic Alliance notifies more than 81,000 patients after discovering two employee email accounts had been compromised on October 18, 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Tennessee Orthopaedic Alliance
253
15/02/2020
?
Neebs Gaming YouTube channel
Neebs Gaming, a highly popular YouTube gaming channel is hacked by unidentified crypto scammers, who change its name and banner to Coinbase Pro to collect Bitcoin from its viewers/subscribers.
Account Hijacking
R Arts entertainment and recreation
CC
US
Neebs Gaming, YouTube, Coinbase Pro, Bitcoin
254
15/02/2020
?
Lodi School District
School officials in Lodi are investigating after student data is breached at two different schools: Bear Creek High and Ronald E. McNair High.
Unknown
P Education
CC
US
Lodi School District
255
16/02/2020
Fox Kitten
Companies from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors
Researchers from ClearSky reveal that Iran's government-backed hacking units have made a top priority last year to exploit VPN bugs to infiltrate and plant backdoors in companies all over the world.
Vulnerability
Y Multiple Industries
CE
>1
ClearSky, Fox Kitten, CVE-2019-11510, CVE-2018-13379, CVE-2019-1579, CVE-2019-19781
256
16/02/2020
APT-C-23
Israel Defense Force (IDF) soldiers
An IDF’s spokesperson reveals that IDF (Israel Defense Force) and ISA (Israel Security Agency AKA “Shin Bet”) conducted a joint operation to take down a Hamas operation targeting IDF soldiers, dubbed ‘Rebound’.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IL
Israel Defense Force, IDF, APT-C-23, ISA, Israel Security Agency
257
16/02/2020
?
Vulnerable Wordpress sites
Researchers from WebARX reveal the details of a currently exploited vulnerability targeting the ThemeGrill Demo Importer plugin that allows the attackers to completely wipe a Wordpress site.
Vulnerability
Y Multiple Industries
CC
>1
WebARX, ThemeGrill Demo Importer, Wordpress
258
16/02/2020
?
Butler County Community College
Butler County Community College is hit with a ransomware attack.
Malware
P Education
CC
US
Butler County Community College, ransomware
259
17/02/2020
?
ISS World
A ransomware attack hits the major facilities company ISS World, which has half a million employees worldwide.
Malware
N Administrative and support service activities
CC
DK
ISS World
260
17/02/2020
?
More than 80 Turkish companies
Check Point researchers discover an evolving, ongoing malspam campaign targeting more than 80 Turkish companies, distributing the Adwind RAT.
Malicious Spam
Y Multiple Industries
CC
TR
Check Point, Adwind RAT
261
17/02/2020
?
Multiple targets
IBM X-Force Threat Intelligence researchers discover a phishing campaign distributing the Lokibot information stealer malware via emails designed to look like they're sent by the Ministry of Health of the People's Republic of China and containing emergency Coronavirus regulations in English.
Malware
Y Multiple Industries
CC
>1
IBM X-Force, Lokibot, Ministry of Health of the People's Republic of China, Coronavirus, COVID-19
262
17/02/2020
?
Single Individuals
The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.
Malicious Spam
X Individual
CC
>1
World Health Organization, WHO, Coronavirus, COVID-19
263
17/02/2020
?
Instagram users in Russia
A large-scale phishing campaign is running on Instagram to bait Russians with a fake presidential decree that promises a lump-sum payment for a citizen to start their own business.
Account Hijacking
X Individual
CC
RU
Instagram
264
17/02/2020
?
Rabun County
The Rabun County is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Rabun County, ransomware
265
17/02/2020
?
East House
East House provide notices of a phishing attack occurred on July 25, 2019.
Account Hijacking
Q Human health and social work activities
CC
US
East House
266
17/02/2020
?
Monroe County Hospital & Clinics
More than 7,000 patients of Monroe County Hospital & Clinics are notified that their personal information may have been leaked in a phishing attack occurred on December 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Monroe County Hospital & Clinics
267
18/02/2020
?
Undisclosed natural gas compression facility
The Cybersecurity and Infrastructure Security Agency (CISA) alerts organizations across all critical U.S. infrastructure sectors about a recent ransomware attack that affected a natural gas compression facility.
Malware
D Electricity gas steam and air conditioning supply
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, ransomware
268
18/02/2020
?
Vulnerable Wordpress sites
Researchers from Wordfence reveal that a zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially fully taking over the vulnerable website.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, ThemeREX Addons, WordPress
269
18/02/2020
?
ProtonVPN users
Researchers from Kaspersky discover a fake ProtonVPN website used since November 2019 to deliver the AZORult information-stealing malware to potential victims in the form of fake ProtonVPN installers.
Malware
X Individual
CC
>1
Kaspersky, ProtonVPN, AZORult
270
18/02/2020
?
Windows users in Italy
Threat actors are distributing the Dharma Ransomware in a new spam campaign targeting Windows users in Italy.
Malware
X Individual
CC
IT
Dharma, Ransomware
271
18/02/2020
?
Government Data Center in Rwanda
A Rwandan data centre that hosts servers related to the country’s government is taken down by hackers.
DDoS
O Public administration and defence, compulsory social security
CC
RW
Rwanda
272
19/02/2020
?
MGM Resorts
The personal details of more than 10.6 million users who stayed at MGM Resorts hotels have been published on a hacking forum this week.
Misconfiguration
I Accommodation and food service activities
CC
US
MGM Resorts
273
19/02/2020
DRBControl
Gambling companies located in Southeast Asia, Europe and the Middle East
Researchers from Trend Micro and Talent-Jump reveal the details of DRBControl, a criminal organization focused on gambling companies.
Targeted Attack
R Arts entertainment and recreation
CC
>1
Trend Micro, Talent-Jump, DRBControl
274
19/02/2020
Exaggerated Lion
Thousands of U.S. companies
Researchers uncover a new business email compromise (BEC) threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams.
Business Email Compromise
Y Multiple Industries
CC
US
Agari, Exaggerated Lion
275
19/02/2020
?
US Taxpayers
Proofpoint researchers detect the first attacks in theme with the tax season carried out via tax-themed emails with malicious attachments, and legitimate tax-focused websites compromised to deliver malware
Malware
X Individual
CC
US
Proofpoint, Tax
276
19/02/2020
?
Swiss companies
Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) warns of ongoing ransomware attacks targeting the systems of Swiss small, medium-sized, and large companies.
Malware
Y Multiple Industries
CC
CH
Switzerland’s Reporting and Analysis Centre for Information Assurance, MELANI, ransomware
277
19/02/2020
?
Multiple targets
Researchers from Prevailion reveal the details of "PHPs Labyrinth", a campaign active since 2017, infecting more than 20,000 WordPress sites via malicious plugins.
Malicious Wordpress Plugin
Y Multiple Industries
CC
>1
Prevailion, PHPs Labyrinth, WordPress
278
19/02/2020
?
Multiple targets
Security researcher Marco Ramilli discover a new batch of e-commerce sites compromised by a Magecart attack.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Marco Ramilli, Magecart.
279
19/02/2020
?
Ministère de l’Éducation et de l’Enseignement Supérieur
The PII of at least 51,400, and possibly as many as 360,000 educators, in Quebec Province are exposed when a malicious actor obtained login credentials to the Ministère de l’Éducation et de l’Enseignement Supérieur network.
Unknown
O Public administration and defence, compulsory social security
CC
CA
Ministère de l’Éducation et de l’Enseignement Supérieur
280
19/02/2020
?
US Bank Customers
Researchers from IBM X-Force discover a new Emotet campaign spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
Malware
K Financial and insurance activities
CC
US
IBM, X-Force, Emotet, TrickBot
281
19/02/2020
?
Maroof International Hospital
Maroof International Hospital is hit with a severe ransomware attack
Malware
Q Human health and social work activities
CC
PK
Maroof International Hospital, ransomware
282
19/02/2020
?
City of Wayne
The city of Wayne is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Wayne, ransomware
283
19/02/2020
?
United Regional Health Care System
United Regional Health Care System discloses an incident that occurred last July when someone accessed an employee email account. 2,000 individuals are affected.
Account Hijacking
P Education
CC
US
United Regional Health Care System
284
20/02/2020
?
Defence Information Systems Agency (DISA)
The U.S. Defence Information Systems Agency reveals that Social Security numbers and other personal data in its network may have been compromised between May and July 2019
Unknown
O Public administration and defence, compulsory social security
CC
US
Defence Information Systems Agency, DISA
285
20/02/2020
?
Targets in Southeast Asia
Researchers from Cisco Talos uncover a new campaign, carried out via a remote access tool dubbed ObliqueRAT, focused on targets in Southeast Asia.
Targeted Attack
Y Multiple Industries
CE
>1
Cisco Talos, ObliqueRAT
286
20/02/2020
?
IIT Madras
IIT Madras is hit with the GlobeImposter ransomware.
Malware
P Education
CC
IN
IIT Madras, GlobeImposter, ransomware
287
20/02/2020
?
Nine websites
Security researchers discover a new batch of nine websites infected with malicious JavaScript that steals payment card info from online shoppers.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Magecart
288
20/02/2020
?
VibrantCare Rehabilitation
VibrantCare Rehabilitation notifies 1,655 patients after an employee’s email account is accessed.
Account Hijacking
Q Human health and social work activities
CC
US
VibrantCare Rehabilitation
289
20/02/2020
?
San Felipe Del Rio CISD
A business email compromise targets the San Felipe Del Rio CISD.
Business Email Compromise
P Education
CC
US
San Felipe Del Rio CISD
290
20/02/2020
?
South Adams Schools district
The South Adams Schools district is hit with a ransomware attack.
Malware
P Education
CC
US
South Adams Schools district, ransomware
291
21/02/2020
?
Android users
Security researchers from Check Point discover a new mobile threat called Haken, hidden in 8 applications.
Malware
X Individual
CC
>1
Check Point, Haken, Joker, Android
292
21/02/2020
Lynx
Slickwraps
Slickwraps suffers a data breach after an individual is able to access their systems and after receiving no response to emails, publicly discloses how the access to the site was gained and the data that was exposed.
Vulnerability
C Manufacturing
CC
US
Lynx, Slickwraps
293
21/02/2020
?
Reading Municipal Light Department (RMLD)
The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announces it was hit by a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
US
Reading Municipal Light Department, RMLD, ransomware
294
21/02/2020
Pakistan?
Indian diplomats and military personnel in some embassies
Researchers from Cybaze-Yoroi ZLab discover that operation Transparent Tribe, allegedly carried out by Pakistan against Indian targets is back after four years.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
Cybaze-Yoroi ZLlab, Operation Transparent Tribe, Pakistan, India
295
21/02/2020
?
Multiple targets
Researchers from Cofense discover an uptick in phishing attempts using a fake and badly created Office 365 credentials update form.
Account Hijacking
Y Multiple Industries
CC
>1
Cofense, Office 365
296
21/02/2020
?
Endeavor Energy Resources
Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack on January 14.
Account Hijacking
D Electricity gas steam and air conditioning supply
CC
US
Endeavor Energy Resources
297
21/02/2020
?
Moses Lake School District
The Moses Lake School District is hit by a ransomware attack.
Malware
P Education
CC
US
Moses Lake School District, ransomware
298
21/02/2020
?
Jackson Public Schools
Jackson Public Schools is hit with a ransomware attack.
Malware
P Education
CC
US
Jackson Public Schools, ransomware
299
22/02/2020
?
Major cryptovalues investor
An unknown investor claims to have lost reported $45 million worth of cryptovalues In a SIM Swapping attack.
Account Hijacking
V Fintech
CC
N/A
SIM Swapping, Crypto
300
22/02/2020
?
Single Individuals
Security research collective MalwareHunterTeam discover a 3-page Coronavirus-themed Microsoft Office document containing malicious macros, pretending to be from the Center for Public Health of the Ministry of Health of Ukraine, and designed to drop a backdoor malware with clipboard stealing, keylogging, and screenshot capabilities.
Malware
X Individual
CC
UA
MalwareHunterTeam, Coronavirus, COVID-19, Center for Public Health of the Ministry of Health of Ukraine
301
23/02/2020
?
Mexico’s economy ministry
Mexico’s economy ministry detects a cyber attack on some of its servers.
Unknown
O Public administration and defence, compulsory social security
CC
MX
Mexico’s economy ministry
302
23/02/2020
?
Prince Edward Island
Prince Edward Island reveals it was hit with a Maze ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
CA
Prince Edward Island, ransomware, Maze
303
23/02/2020
?
Total Quality Logistics (TQL)
Total Quality Logistics confirms it was the victim of a data breach.
Unknown
N Administrative and support service activities
CC
US
Total Quality Logistics, TQL
304
24/02/2020
?
German PayPal users
According to multiple reports, a critical PayPal vulnerability is behind thefts over recent days from numerous German PayPal users (fraudulent transactions with U.S. stores).
Vulnerability
K Financial and insurance activities
CC
DE
PayPal
305
24/02/2020
Magecart 12
40 websites
Security Researcher Max Kersten publishes a list of 40 websites targeted by the Magecart 12 group.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Max Kersten, Magecart 12
306
24/02/2020
?
Ordnance Survey
A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the government-owned mapping agency for Britain. The breach occurred on January this year.
Unknown
O Public administration and defence, compulsory social security
CC
UK
Ordnance Survey
307
24/02/2020
?
Multiple targets
Researchers from MalwareHunterTeam discover Mozart, a malware using DNS to communicate with its command and control and evade detection.
Malware
Y Multiple Industries
CC
>1
MalwareHunterTeam, Mozart, DNS
308
24/02/2020
?
Portuguese Banking users.
A new campaign carried out via the Lampion malware in disguise of a DPD email, is discovered targeting Portuguese users.
Malware
K Financial and insurance activities
CC
PT
Lampion, DPD
309
24/02/2020
?
Pacific Specialty Insurance
Pacific Specialty Insurance notifies plan members of a phishing attack that occurred in March, 2019
Account Hijacking
K Financial and insurance activities
CC
US
Pacific Specialty Insurance
310
24/02/2020
?
Grayson County
Grayson County is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Grayson County
311
24/02/2020
?
Transavia
The data of 80,000 Transavia passengers are compromised after a phishing attack.
Account Hijacking
H Transportation and storage
CC
NL
Transavia
312
24/02/2020
?
Transmit Security
Transmit Security is breached after a security researcher contacts some of its customers and reports unauthorized access to the data.
Unknown
M Professional scientific and technical activities
CC
IL
Transmit Security
313
25/02/2020
?
Multiple targets
Google releases a Chrome update to address three security bugs, including CVE-2020-6418, a zero-day vulnerability actively exploited in the wild.
Vulnerability
Y Multiple Industries
CC
>1
Google, Chrome, CVE-2020-6418
314
25/02/2020
?
La Salle County
La Salle County is hit with a PwndLocker ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
La Salle County, ransomware, PwndLocker
315
25/02/2020
?
Single Individuals
Researchers from Cybaze/Yoroi ZLab discover a new campaign exploiting the Coronavirus theme to distribute the Remcos RAT.
Malware
X Individual
CC
>1
Cybaze/Yoroi ZLab, Remcos, Coronavirus, COVID-19
316
25/02/2020
?
Reprint Mint
Researchers from Sanguine Security reveal that attackers successfully implanted multiple skimmers, for 30 months on Reprint Mint photo store.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Sanguine Security, Reprint Mint
317
25/02/2020
tonyredball
solarsalvador1234
Vulnerable Wordpress sites
Other Cybercriminals are taking advantage of the security flaws reported recently in popular WordPress plugins (ThemeGrill Demo Importer, Profile Builder, and Duplicator).
NRC Health discloses that it was hit by a ransomware attack that took place on February 11.
Malware
M Professional scientific and technical activities
CC
US
NRC Health, ransomware
319
25/02/2020
?
Undisclosed target
Researchers from Sophos reveal the details of Cloud Snooper, a sophisticated malware hiding in the cloud, probably backed by an advanced state sponsored actor.
Unknown
Z Unknown
CE
N/A
Cloud Snooper, Sophos
320
25/02/2020
Overlake Medical Center & Clinics
Overlake Medical Center & Clinics reveals to have been hit by a phishing attack from Dec. 6 to 9, 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Overlake Medical Center & Clinics
321
25/02/2020
?
Advocate Aurora Health
The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign.
Account Hijacking
Q Human health and social work activities
CC
US
Advocate Aurora Health
322
25/02/2020
?
Gadsden Independent School District (GISD)
Gadsden Independent School District (GISD) shuts down its internet and communication systems, after a RYUK ransomware attack.
Malware
P Education
CC
US
Gadsden Independent School District, GISD, ransomware
323
25/02/2020
?
Hutt Valley High School
Hutt Valley High School reveals that it was hit with a cyber attack.
Unknown
P Education
CC
NZ
Hutt Valley High School
324
26/02/2020
?
Clearview AI
Clearview AI discloses to its customers that an intruder “gained unauthorized access” to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted.
Misconfiguration
M Professional scientific and technical activities
CC
US
Clearview AI
325
26/02/2020
?
Bretagne Télécom
Cloud services provider Bretagne Télécom is hacked by the threat actors behind the DoppelPaymer Ransomware using CVE-2019-19781.
Malware
M Professional scientific and technical activities
Rady’s Children’s Hospital notifies patients whose data were accessed via an "open port" on June 2019, and January 2020.
Unknown
Q Human health and social work activities
CC
US
Rady’s Children’s Hospital
331
27/02/2020
?
Barbara Corcoran
Barbara Corcoran, a renowned real-estate broker and business expert, admits she lost $380,000 via a BEC scam.
Business Email Compromise
L Real estate activities
CC
US
Barbara Corcoran
332
27/02/2020
?
Kenneth Cole Productions
The operators behind the Sodinokibi Ransomware (AKA Revil) publish the download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from Kenneth Cole Productions.
Researchers from Malwarebytes and X-Force discover an ongoing malspam campaign using emails disguised as messages from secret lovers to deliver Nemty Ransomware payloads on the computers of potential victims.
Malware
X Individual
CC
>1
Malwarebytes, IBM X-Force, Nemty, Ransomware
334
27/02/2020
?
Multiple targets
Researchers from Palo Alto discover a new phishing campaign installing the NetSupport Manager RAT via a Fake Norton LifeLock document.
Malicious Spam
Y Multiple Industries
CC
>1
Palo Alto, NetSupport Manager RAT, Norton LifeLock
335
27/02/2020
?
BGR.in
tradinggame.au.com
S3 Production
Hackers share three SQL databases from S3 buckets, one dump belonging to the BGR tech news site in India.
Misconfiguration
Y Multiple Industries
CC
>1
BGR.in,
tradinggame.au.com,
S3 Production
336
27/02/2020
?
Democratic National Committee
The Democratic National Committee warns its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least two other campaigns.
Account Hijacking
S Other service activities
CE
US
Democratic National Committee, Bernie Sanders
337
27/02/2020
?
Jordan Health
Jordan Health is hit with a ransomware attack.
Malware
P Education
CC
US
Jordan Health
338
28/02/2020
?
130,000 Asus routers
An unknown criminal manages to breach as many as 130,000 Asus routers, and sells the access to them for few dollars.
Vulnerability
Y Multiple Industries
CC
>1
Asus
339
28/02/2020
?
Multiple targets
Researchers from Morphisec discover a widespread campaign using the remote desktop ActiveX control in Word documents to automatically execute on Windows 10 a malware downloader called Ostap adopted by TrickBot for delivery.
Malware
Y Multiple Industries
CC
>1
Morphisec, ActiveX, Word, Windows 10, TrickBot
340
28/02/2020
?
Vulnerable Wordpress sites
Researchers from Defiant discover that attackers took over tens of thousands of WordPress sites by exploiting multiple zero-days in the following plugins: Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite.
Vulnerability
Y Multiple Industries
CC
>1
Wordpress, Flexible Checkout Fields for WooCommerce, Async JavaScript, 10Web Map Builder for Google Maps, Modern Events Calendar Lite, Defiant
341
28/02/2020
?
Munson Healthcare Group
Munson Healthcare Group discloses that hackers gained access to patient data placed by compromising the email accounts of at least two employees. Patient records were accessed from July 31, 2019, to October 22, 2019, but the breach went undetected until January 16, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Munson Healthcare Group
342
29/02/2020
?
Epiq Global
Legal services giant Epiq Global is hit by a ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Epiq Global, ransomware
343
29/02/2020
?
RailWorks Corporation
RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, discloses a ransomware attack.
Malware
C Manufacturing
CC
US
RailWorks Corporation, ransomware
344
29/02/2020
?
Vulnerable Apache Tomcat servers
Security researchers detect ongoing scans for Apache Tomcat servers unpatched against the Ghostcat (CVE-2020-1938) vulnerability.
Vulnerability
Y Multiple Industries
CC
>1
Apache Tomcat, Ghostcat, CVE-2020-1938
345
29/02/2020
?
Loqbox
Fintech startup Loqbox reveals to have suffered an "attack" which potentially revealed its customers' names, postal addresses, dates of birth, email addresses and phone numbers.
Unknown
V Fintech
CC
UK
Loqbox, Crypto
346
15/02/2020
?
EMCOR Group
EMCOR Group, a Fortune 500 company specialized in engineering and industrial construction services, discloses a Ryuk ransomware incident that took down some of its IT systems.
Malware
C Manufacturing
CC
US
EMCOR Group, Ryuk, ransomware
347
21/02/2020
?
Coinhako
Coinhako is hit by a sophisticated attack.
Unknown
V Fintech
CC
SG
Coinhako, Crypto
348
27/02/2020
?
Okex and Bitfinex
Okex and Bitfinex suffered simultaneous distributed denial of service (DDoS)
DDoS
V Fintech
CC
US
HK
Okex, Bitfinex, Coinhako
349
27/02/2020
Kimsuky
South Korean officials
Researchers from IssueMakersLab reveal that a group of North Korean hackers embedded malware inside documents detailing South Korea's response to the COVID-19 epidemic. The embedded malware is BabyShark a backdoor previously utilized by a North Korean hacker group known as Kimsuky.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
IssueMakersLab, COVID-19, Kimsuky, BabyShark
350
29/02/2020
Digileaker
Digitex
A hacker dubbed Digileaker claims to have stolen the data related to 8,000 Digitex users.
Unknown
V Fintech
CC
SC
Digitex, Digileaker
351
01/03/2020
?
Visser Precision
Visser Precision, parts maker for space and defense contractors confirms a DoppelPaymer ransomware attack.
Malware
C Manufacturing
CC
US
Visser Precision, DoppelPaymer, ransomware
352
01/03/2020
?
Community Development Bank
Community Development Bank becomes the latest victim of the Maze ransomware team.
Malware
K Financial and insurance activities
CC
US
Community Development Bank, Maze, Ransomware
353
02/03/2020
?
City of Novi Sad
The City of Novi Sad in Serbia is hit by the PwndLocker ransomware.
Malware
O Public administration and defence, compulsory social security
CC
RS
Novi Sad, Serbia, PwndLocker, ransomware
354
02/03/2020
?
Spartanburg School District One
Spartanburg School District One is hit with a ransomware attack.
Malware
P Education
CC
US
Spartanburg School District One
355
02/03/2020
APT34
Lebanon Government
Researchers from Cybaze-Yoroi ZLab discover a new campaign targeting the Lebanon government via the Karkoff implant.
Targeted Attack
O Public administration and defence, compulsory social security
CE
LB
Cybaze-Yoroi ZLab, Lebanon, Karkoff
356
02/03/2020
?
Large number of French critical infrastructure firms
A large number of French critical infrastructure firms appear to have been hacked as part of an extended malware campaign.
Malware
D Electricity gas steam and air conditioning supply
CC
FR
France
357
02/03/2020
Egypt?
India?
Saudi Arabia
UAE
Facebook removes hundreds of accounts and pages used in "Operation Red Card", a deceptive campaign that appears to be from Egyptian and Indian marketing firms, to post anti-Saudi and anti-Emirati content.
Fake Social Network accounts/groups/pages
O Public administration and defence, compulsory social security
CW
SA
AE
Operation Red Card, Facebook, India, Egypt
358
02/03/2020
?
Tesco
Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack.
Credential Stuffing
G Wholesale and retail trade
CC
UK
Tesco
359
02/03/2020
?
Android users
Google addresses a high-severity flaw in MediaTek’s Command Queue driver that developers said affects millions of devices, and which has an exploit already circulating in the wild.
Vulnerability
X Individual
CC
>1
Google, Android, Mediatek, CVE-2020-0032
360
03/03/2020
CIA?
Chinese companies and government agencies
The Chinese company Qihoo 360 publishes a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years (from 2008 to 1019).
Targeted Attack
O Public administration and defence, compulsory social security
CE
CN
Qihoo 360, CIA
361
03/03/2020
Molerats (AKA Gaza Hackers Team and Gaza Cybergang)
Eight organizations in six different countries in the government, telecommunications, insurance and retail industries
Researchers from Palo Alto Unit 42 observe multiple instances of phishing attacks likely related to the threat group Molerats targeting eight organizations in six different countries in the government, telecommunications, insurance and retail industries
Targeted Attack
Y Multiple Industries
CE
>1
Molerats, Gaza Hackers Team, Gaza Cybergang, Palo Alto, Unit 42
362
03/03/2020
?
J.Crew
Clothing giant J.Crew says an unknown number of customers had their online accounts accessed “by an unauthorized party" in or around April 2019.
Credential Stuffing
G Wholesale and retail trade
CC
US
J.Crew
363
03/03/2020
Kimsuky
South Korea
Researchers from Cybaze-Yoroi ZLab discover a new campaign by the North Korea-linked APT group, Kimsuky, targeting South Korea.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
Cybaze-Yoroi ZLab, Kimsuky
364
03/03/2020
?
Four Queens Hotel and Casino and Binion’s Casino
Four Queens Hotel and Casino and Binion’s Casino are hit with a ransomware attack.
Malware
R Arts entertainment and recreation
CC
US
Four Queens Hotel and Casino, Binion’s Casino, ransomware
365
04/03/2020
?
T-Mobile
US telecommunications giant T-Mobile discloses a security breach that impacted both its employees and customers alike. The attackers gained access to "certain T-Mobile employee email accounts, some of which contained account information for T-Mobile customers and employees."
Account Hijacking
J Information and communication
CC
US
T-Mobile
366
04/03/2020
?
Australian Defence
The Australian Signals Directorate (ASD reveals that a vulnerability in Citrix, could have been used by malicious actors to access a database of Australian Defence recruitment details.
Vulnerability
O Public administration and defence, compulsory social security
CE
AU
Australian Signals Directorate, ASD, Citrix, Australian Defence, CVE-2019-19781
367
04/03/2020
?
Boots
Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords.
Password-spraying
G Wholesale and retail trade
CC
UK
Boots
368
04/03/2020
?
Single Individuals
Researchers from Fortinet discover a new campaign delivering the Lokibot malware and exploiting the COVID-19 fear.
Malware
X Individual
CC
>1
Fortinet, Lokibot, COVID-19, Coronavirus
369
04/03/2020
?
Single Individuals
Researchers from Cofense discover an additional phishing campaign pushing fake messages from The Centers for Disease Control (CDC) stating that the coronavirus has “officially become airborne” and there “have been confirmed cases of the disease in your location.”
Account Hijacking
X Individual
CC
>1
Cofense, CDC, Coronavirus, COVID-19, The Centers for Disease Control
370
04/03/2020
?
SIngle Individuals
Researchers from Cofense discover a phishing campaign, leveraging OneNote to bypass detection tools and download malware onto victims’ systems.
Account Hijacking
X Individual
CC
>1
Cofense, OneNote
371
05/03/2020
?
Carnival Corp.
Carnival Corp. announces that two of its most popular lines, Holland America and Princess Cruises, were hit by a phishing attack between April 11 and July 23, 2019.
Account Hijacking
R Arts entertainment and recreation
CC
US
Carnival Corp., Holland America, Princess Cruises
372
05/03/2020
?
Communications & Power Industries (CPI)
Communications & Power Industries (CPI) is still down after a ransomware attack suffered in January.
Malware
C Manufacturing
CC
US
Communications & Power Industries, CPI
373
05/03/2020
?
EVRAZ
EVRAZ, one of the world's largest steel manufacturers and mining operations, has its North American activities taken down by a Ryuk ransomware attack.
Malware
C Manufacturing
CC
US
EVRAZ, Ryuk, ransomware
374
05/03/2020
?
Banking users in Italy
Researchers from Sophos discover a new campaign distributing the Trickbot malware in Italy and exploiting the COVID-19 outbreak.
Malware
K Financial and insurance activities
CC
IT
Sophos, Trickbot, COVID-19
375
05/03/2020
?
Multiple targets
Researchers from Kaspersky discover a new campaign inviting victims to install malware in disguise of an expired certificate.
Malware
Y Multiple Industries
CC
>1
Kaspersky
376
05/03/2020
Tonto Team
Multiple targets in Russia, Japan, and South Korea
Researchers from Cisco Talos reveal the detail of a new cyber espionage campaign carried out by the Tonto Team via the Bisonal RAT.
Targeted Attack
Y Multiple Industries
CE
>1
Cisco Talos, Tonto Team, Bisonal RAT
377
05/03/2020
?
Chrome Users
Researchers at MyCrypto discover a malicious Chrome extension able to steal Ledger wallet recovery seeds.
Malicious Browser Extension
V Fintech
CC
>1
MyCrypto, Chrome, Ledger
378
06/03/2020
?
The City of Durham and Durham County
The City of Durham and Durham County are hit by a Ryuk ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Durham, Durham County, Ryuk. Ransomware
379
06/03/2020
?
Trident Crypto Fund
The usernames and passwords of more than a quarter of a million Trident Crypto Fund customers have been stolen and published online.
Unknown
V Fintech
CC
MA
Trident Crypto Fund, Crypto
380
06/03/2020
?
Entercom
US radio giant Entercom reports a data breach that took place in August 2019 after an unauthorized party was able to access database backup files stored in a third-party cloud hosting service and containing Radio.com user credentials.
Unknown
J Information and communication
CC
US
Entercom
381
06/03/2020
?
Koodo Mobile
Telus-owned Koodo Mobile suffers a data breach after their systems were hacked on February 13, 2020, and customer data from August and September 2017 was stolen by the attackers.
Account Hijacking
J Information and communication
CC
CA
Koodo Mobile
382
06/03/2020
?
Multiple targets
The US Federal Bureau of Investigation (FBI) warns private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise (BEC) attacks.
Business Email Compromise
Y Multiple Industries
CC
US
Federal Bureau of Investigation, FBI, Microsoft Office 365, Google G Suite
383
07/03/2020
?
SIngle Individuals
Researchers from MalwareHunterTeam discover another email campaign pretending to be Coronavirus (COVID-19) information from the World Health Organization (WHO), and in reality distributing a malware downloader that installs the FormBook information-stealing Trojan.
Malicious Spam
X Individual
CC
>1
MalwareHunterTeam, Coronavirus, COVID-19, World Health Organization, WHO, FormBook
384
07/03/2020
?
Six Southeast Asian countries, including Malaysia and Singapore
Researchers from Technisanct discover hundreds of thousands of credit card details from at least six Southeast Asian countries, leaked online.
Unknown
K Financial and insurance activities
CC
>1
Malaysia, Singapore, Technisanct
385
08/03/2020
?
Multiple targets
Researchers from Volexity reveal that state-sponsored hacking groups are using a recently disclosed Microsoft Exchange vulnerability (CVE-2020-0688) to attack targets. The same warning is sent also by the NSA.
Vulnerability
Y Multiple Industries
CC
>1
Volexity, Microsoft Exchange, CVE-2020-0688
386
08/03/2020
?
University of Kentucky and UK HealthCare
The University of Kentucky and UK HealthCare discovers that is suffered a malware attack aimed to install cryptominers.
Malware
P Education
CC
US
University of Kentucky and UK HealthCare
387
09/03/2020
?
ENTSO-E
The European Network of Transmission System Operators for Electricity (ENTSO-E), says that its IT network had been compromised in a “cyber intrusion.”
Unknown
D Electricity gas steam and air conditioning supply
N/A
EU
ENTSO-E, European Network of Transmission System Operators for Electricity
388
09/03/2020
?
Russian users
Researchers from MalwareHunterTeam discover a new phishing scam targeting Russian victims, and utilizing a "customer service" chatbot.
Account Hijacking
X Individual
CC
RU
MalwareHunterTeam
389
09/03/2020
?
Single Individuals
Researchers from IBM X-Force Threat Intelligence discover a new sextortion campaign, luring victims with emails promising to give access to the nude extortion pics of a friend's girlfriend, and delivering the Raccoon malware.
Malicious Spam
X Individual
CC
>1
IBM, X-Force, sextortion, Raccoon
390
09/03/2020
?
TrueFire
The popular online guitar tutoring website TrueFire suffers a ‘Magecart‘ attack that might have exposed customers’ personal information and payment card data.
Malicious Script Injection
S Other service activities
CC
US
TrueFire, Magecart
391
09/03/2020
?
Single Individuals
Researchers from security firm Reason discover a fake Coronavirus map, delivering the AZORult trojan.
Malware
X Individual
CC
>1
Reason, COVID019, Coronavirus, AZORult
392
09/03/2020
?
Fort Worth Independent School District
The Fort Worth Independent School District is hit with a ransomware attack,
Malware
P Education
CC
US
Fort Worth Independent School District, ransomware
393
10/03/2020
Mustang Panda
Targets in Vietnam
Vietnamese cyber-security firm VinCSS detects a Chinese state-sponsored group (codenamed Mustang Panda) spreading emails with a RAR file attachment purporting to carry a message about the coronavirus outbreak from the Vietnamese Prime Minister.
Targeted Attack
Y Multiple Industries
CE
VN
VinCSS, Mustang Panda, Coronavirus
394
10/03/2020
?
Multiple targets
Researchers from Cybereason discover a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT.
Malware
Y Multiple Industries
CC
>1
Cybereason, njRAT
395
10/03/2020
?
Undisclosed organization in Asia
Researchers from Lastline discover a new campaign spreading the Paradise ransomware via IQY files.
Malware
Z Unknown
CC
N/A
Lastline, Paradise, ransomware, IQY
396
10/03/2020
?
Undisclosed target
Researchers from Cofense discover a phishing campaigns using YouTube redirects to evade security controls.
Account Hijacking
Z Unknown
CC
N/A
YouTube
397
10/03/2020
?
Multiple targets
Attackers start to exploit a recently discovered vulnerability on ManageEngine Desktop Central.
Vulnerability
Y Multiple Industries
CC
>1
ManageEngine Desktop Central, CVE-2020-10189
398
10/03/2020
?
Wichita State University
Wichita State University notifies 1,762 individuals whose personal information was accessed by hackers between December 3, 2019 and December 5, 2019.
Unknown
P Education
CC
US
Wichita State University
399
10/03/2020
?
Undisclosed company
A global company with an office in Perth is attacked by criminals who demand a $30 million ransom to unlock its computer system in Australia.
Malware
Z Unknown
CC
AU
Perth
400
11/03/2020
?
Champaign-Urbana Public Health District
In the midst of a coronavirus pandemic, the Champaign-Urbana Public Health District is hit with a NetWalker ransomware attack.
Malware
Q Human health and social work activities
CC
US
Champaign-Urbana Public Health District, NetWalker, ransomware
401
11/03/2020
?
Global insurance, healthcare, and pharmaceutical organizations
Researchers from Proofpoint discover a new phishing campaign impersonating Vanderbilt University Medical Center and sending out fake HIV test result emails.
Malicious Spam
Y Multiple Industries
CC
>1
Proofpoint, Vanderbilt University Medical Center, HIV
402
11/03/2020
?
Northeast Radiology
Northeast Radiology announces that on January 11, 2020, unauthorized individuals gained access to Northeast Radiology’s picture archiving and communication system (“PACS”),
Unknown
Q Human health and social work activities
CC
US
Northeast Radiology
403
12/03/2020
?
Facebook Users
Facebook, Twitter and Instagram remove multiple accounts and pages for a coordinated inauthentic behavior on behalf in Ghana and Nigeria on behalf of individuals in Russia, targeting primarily the United States.
Fake Social Network accounts/groups/pages
X Individual
CW
US
Facebook, Instagram, Twitter, Ghana, Nigeria, Russia, United States.
404
12/03/2020
?
Multiple targets
Researchers from MalwareHunterTeam discover a new campaign distributing a malware cocktail consisting of the Coronavirus Ransomware and the Kpot information-stealing Trojan.
Malware
Y Multiple Industries
CC
>1
MalwareHunterTeam, Coronavirus, Kpot
405
12/03/2020
Vicious Panda
Public sector entity of Mongolia
Researchers from Check Point discover a campaign, dubbed Vicious Panda, carried out by a Chinese APT group on a public sector entity of Mongolia, leveraging the coronavirus pandemic.
Targeted Attack
O Public administration and defence, compulsory social security
CE
MN
Check Point, Mongolia, Coronavirus
406
12/03/2020
?
Open Exchange Rates
Open Exchange Rates announces a data breach that exposed the personal information and salted and hashed passwords for customers of its API service. The breach occurred between February 9th, 2020, and March 2nd, 2020.
Account Hijacking
M Professional scientific and technical activities
CC
US
Open Exchange Rates
407
12/03/2020
Turla
Several high-profile Armenian websites
Researchers from ESET discover a watering hole operation targeting several high-profile Armenian websites via a fake Adobe Flash update, delivering two previously undocumented pieces of malware dubbed NetFlash and PyFlash.
Targeted Attack
O Public administration and defence, compulsory social security
CE
AM
ESET, Turla, Adobe Flash, NetFlash, PyFlash
408
12/03/2020
?
Multiple targets
Researchers from IBM X-Force discover a new malware strain dubbed PXJ (AKA XVFXGW).
Malware
Y Multiple Industries
CC
>1
IBM, X-Force, PXJ, XVFXGW
409
13/03/2020
?
The National
The National, a Scottish newspaper, is hit by a DDoS attack.
DDoS
J Information and communication
CC
UK
The National, DDoS
410
13/03/2020
?
Brno University Hospital
The Brno University Hospital, a COVID-19 testing center, is hit by a cyberattack right in the middle of a COVID-19 outbreak.
Malware
Q Human health and social work activities
CC
CZ
Brno University Hospital, COVID-19, Coronavirus
411
13/03/2020
?
Android users
Researchers from Domaintools reveal the details of Covidlock, a ransomware encrypting data on Android devices.
Malware
X Individual
CC
>1
Domaintools, Covidlock, Android
412
13/03/2020
Ancient Tortoise
Multiple targets
Researchers from Agari reveal that the Ancient Tortoise Group is now starting using coronavirus-themed scam emails that take advantage of the COVID-19 global outbreak to convince potential victims to send payments to attacker-controlled accounts.
Business Email Compromise
Y Multiple Industries
CC
>1
Agari, Ancient Tortoise
413
13/03/2020
?
Aerial Direct
Aerial Direct reveals that an unauthorized third party had been able to access customer data on 26 February through an external backup database, which included personal information on both current and expired subscribers from the last six years.
Unknown
J Information and communication
CC
UK
Aerial Direct
414
13/03/2020
?
Healthcare professionals
A new email scam targets healthcare professionals with phishing emails about "coronavirus awareness" - part of a wave of scams capitalizing on the pandemic.
Account Hijacking
Q Human health and social work activities
CC
>1
Coronavirus, COVID-19
415
13/03/2020
?
Randleman Eye Center
Randleman Eye Center discloses a malware attack occurred on January 13.
Malware
Q Human health and social work activities
CC
US
Randleman Eye Center
416
13/03/2020
?
Jay Public School District
The Jay Public School District is hit with a cyber attack.
Unknown
P Education
CC
US
Jay Public School District
417
14/03/2020
?
Facebook Android users
Researchers from Kaspersky discover the CookieThief malware, targeting the Facebook accounts of Android users.
Malware
X Individual
CC
>1
Kaspersky, CookieThief, Facebook, Android
418
14/03/2020
?
Multiple targets
Researchers from MalwareHunterTeam discover a new backdoor malware called BlackWater pretending to be a COVID-19 information while abusing Cloudflare Workers as an interface to the malware's command and control (C2) server.
AffordaCare Urgent Care Clinic is hit by the Maze ransomware team.
Malware
Q Human health and social work activities
CC
US
AffordaCare Urgent Care Clinic, ransomware, Maze
420
14/03/2020
?
Advanced Urgent Care of the Florida Keys
Advanced Urgent Care of the Florida Keys
Malware
Q Human health and social work activities
CC
US
Advanced Urgent Care of the Florida Keys, ransomware, Maze
421
15/03/2020
?
United States Health and Human Services Department
The United States Health and Human Services Department's web site is hit with a DDoS cyber attack in the middle of the Coronavirus outbreak.
DDoS
O Public administration and defence, compulsory social security
CC
US
United States Health and Human Services Department, Coronavirus
422
15/03/2020
?
Townhall of Marseille and the metropolis.
The townhall of Marseille is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
FR
Marseille, ransomware
423
02/03/2020
?
Vijay Sales
A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an “exposed backup server” breached in February 2020.
Misconfiguration
G Wholesale and retail trade
CC
IN
Vijay Sales, AWS
424
02/03/2020
?
GeoCloud
A threat actor posts another database, this time from technology company GeoCloud, leaked through a public Amazon server. The data contains users’ names, email addresses, and passwords as well as the company’s social media keys and company information.
Misconfiguration
S Other service activities
CC
IL
GeoCloud, AWS
425
13/03/2020
?
Norwegian Cruise Line
Researchers from Dynarisk discover a breached database belonging to Norwegian Cruise Line, containing 29,969 records
Unknown
R Arts entertainment and recreation
CC
US
Dynarisk, Norwegian Cruise Line
426
14/03/2020
Maze
Hammersmith Medicines Research (HMR)
Hammersmith Medicines Research (HMR) is hit with a Maze ransomware attack.
Energy, construction, and telecoms in the United States
Researchers from Proofpoint discover a small campaign targeting energy, construction, and telecoms in the United States, using the subject line "coronavirus update disease (COVID-19) your neighbors tested positive" and distributing the Remcos remote control tool.
Malware
Y Multiple Industries
CC
US
Proofpoint, Coronavirus, COVID-19, Remcos
428
14/03/2020
?
Jamaica National Group
Jamaica National Group is hit with a ransomware attack.
Malware
K Financial and insurance activities
CC
JM
Jamaica National Group, ransomware
429
15/03/2020
?
Bluffton Township Fire District
Bluffton Township Fire District is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Bluffton Township Fire District, ransomware
430
16/03/2020
APT36
Indian government
Researchers from Malwarebytes discover a new campaign targeting India of the Pakistan-linked APT36 group exploiting COVID-19 to implant the Crimson RAT.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
APT36, COVID-19, Crimson, Pakistan, India, Malwarebytes
431
16/03/2020
?
Single Individuals
Researchers from ESET discover a massive campaign targeting users in multiple countries carried out via a wave of 2,500 infections of just two strains of malware delivered in COVID-19-themed emails.
Malicious Spam
X Individual
CC
>1
ESET, COVID-19, Coronavirus
432
16/03/2020
TA505
U.S. healthcare, manufacturing, and pharmaceuticals industries.
Researchers from Proofpoint discover a campaign from TA505, using a coronavirus lure as part of a downloader campaign targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries.
Malware
Y Multiple Industries
CC
US
Proofpoint, TA505
433
16/03/2020
?
Single Individuals
Researchers from KnowBe4 discover a new phishing campaign spoofing the CDC and WHO.
Account Hijacking
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19, CDC, WHO
434
16/03/2020
?
Multiple targets in the UK
The National Cyber Security Centre (NCSC) warns that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns.
>1
Y Multiple Industries
CC
UK
National Cyber Security Centre, NCSC, Coronavirus, COVID-19
435
16/03/2020
?
College of DuPage
College of DuPage offers nearly free credit monitoring to over 1,700 current and former employees following a data breach.
Unknown
P Education
CC
US
College of DuPage
436
16/03/2020
?
Android users
Researchers from Kaspersky discover MonitorMinor, a stalkerware able to intercept user data in disguise of a parental control app.
Malware
X Individual
CC
>1
Kaspersky, MonitorMinor, Android
437
17/03/2020
?
Multiple targets in the US
Researchers from Proofpoint discover a medium-sized campaign in the United States primarily targeting the manufacturing industry but also construction, transportation, healthcare, automotive, energy, and aerospace companies. The email spoofs the real address of the head of the World Health Organization (WHO), claims there is a “solution” for “total control”, distributes GuLoader and Agent Tesla, and asks the recipient to “share with all contacts.”
Malware
Y Multiple Industries
CC
US
Proofpoint, World Health Organization, WHO, GuLoader, Agent Tesla, COVID-19, Coronavirus
438
17/03/2020
?
Manufacturing and industrial targets in Spain and Portugal
Researchers from Proofpoint discover a small COVID-19 themed campaign against manufacturing and industrial targets in Spain and Portugal and distributing GuLoader.
Malware
Y Multiple Industries
CC
ES
PT
Proofpoint, COVID-19, Coronavirus, GuLoader
439
17/03/2020
?
Manufacturing, technology, and industrial companies in the Netherlands
Researchers from Proofpoint discover a small campaign in Dutch targeting manufacturing, technology, and industrial companies in the Netherlands, designed to steal banking credentials.
Account Hijacking
Y Multiple Industries
CC
NL
Proofpoint, COVID-19, Coronavirus
440
17/03/2020
?
Italian users
Researchers from Cybaze-Yoroi ZLab intercept a new Ursnif campaign targeting Italian users.
Malware
X Individual
CC
IT
Cybaze-Yoroi Zlab, Ursnif
441
17/03/2020
?
Vimeo users
Video sharing site Vimeo believes a malware infection has targeted some of its user accounts for theft.
Malware
X Individual
CC
>1
Vimeo
442
17/03/2020
?
Town of Houlton Police
The Town of Houlton Police discloses that it suffered a malware attack discovered on October 2019.
Malware
O Public administration and defence, compulsory social security
CC
US
Town of Houlton Police
443
17/03/2020
?
Tandem Diabetes Care
Tandem Diabetes Care notifies 140,781 patients of a phishing incident discovered on January 17, 2020
Account Hijacking
Q Human health and social work activities
CC
US
Tandem Diabetes Care
444
17/03/2020
?
Multiple targets
A new ransomware called Nefilim that shares much of the same code as Nemty starts to become active in the wild and threatens to release stolen data.
Malware
Y Multiple Industries
CC
>1
Ransomware, Nefilim, Nemty
445
18/03/2020
?
Multiple targets
Trend Micro reveals that hackers are actively exploiting two zero-days (CVE-2020-8467 and CVE-2020-8468) in its antivirus products.
Vulnerability
Y Multiple Industries
CC
>1
Trend Micro, CVE-2020-8467, CVE-2020-8468
446
18/03/2020
Molerats group (AKA Gaza CyberGang)
Arabic speakers interested in Palestine’s potential acceptance of the peace plan
Researchers from IBM X-Force reveal the details of the EnigmaSpark campaign, a politically themed campaign opposing to the Middle East Peace Plan.
Targeted Attack
X Individual
CE
PS
IBM X-Force, EnigmaSpark, Middle East
447
18/03/2020
?
Telecommunications providers, universities and financial service
Researchers from Bitdefender discover a new variant of the infamous Trickbot malware targeting telecommunications providers, universities and financial services in a campaign that looks to be going after intellectual property and financial data.
Malware
Y Multiple Industries
CE
>1
Bitdefender, Trickbot
448
18/03/2020
?
NutriBullet
Researchers at RiskIQ identify a cyber-attack against blender vendor NutriBullet that has successfully installed credit card stealing malware on the international nutribullet.com website. Not just once, but three times within three weeks.
Malicious Script Injection
G Wholesale and retail trade
CC
US
RiskIQ, NutriBullet, Magecart
449
18/03/2020
?
Android users in Libya
Researchers from Lookout discover an Android application that appears to be the most recent piece of tooling in a larger mobile surveillance campaign, exploiting COVID-19, operating out of Libya and targeting Libyan individuals.
Targeted Attack
X Individual
CE
LY
Lookout, Android, COVID-19, Libya
450
18/03/2020
?
US retail companies
Researchers from Proofpoint discover a small COVID-19 themed phishing campaign in the United States primarily targeting retail companies and uses concerns about infected staff members to try and lure victims to click.
Account Hijacking
G Wholesale and retail trade
CC
US
Proofpoint, COVID-19, Coronavirus
451
18/03/2020
?
Blizzard
Blizzard is hit with a DDoS attack.
DDoS
R Arts entertainment and recreation
CC
US
Blizzard
452
19/03/2020
?
Keen
Cybercriminals try to disrupt a charity initiative by Keen aimed to deliver shoes to the workers on the front lines and the families at home fighting through the COVID-19 crisis.
DDoS
G Wholesale and retail trade
CC
US
Keen, COVID-19, Coronavirus
453
19/03/2020
?
Brooks International
The Sodinokibi Ransomware operators publish over 12 GB of stolen data allegedly belonging to a company named Brooks International for not paying the ransom.
Malware
M Professional scientific and technical activities
CC
PK
Sodinokibi, ransomware, Brooks International
454
19/03/2020
?
Single Individuals
Researchers from Sophos reveal that sextortion scammers are now attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets".
Malicious Spam
X Individual
CC
>1
COVID-19, Coronavirus
455
19/03/2020
?
Single Individuals
The FBI warns of a significant spike in coronavirus scams targeting three states, with unusually high rates of COVID-19 infection: California, New York and Washington.
Malicious Spam
X Individual
CC
US
FBI, coronavirus, COVID-19, California, New York, Washington
456
19/03/2020
?
Android users
Researchers from Zscaler discover "Corona Safety Mask" an Android worm in disguise of a Coronavirus safety mask.
According to researchers at telecoms security provider AdaptiveMobile, masses of text messages are being sent out to Americans, with offers on masks, survival guides and medically-unsupported COVID-19 treatments like CBD oil.
Malicious Spam
X Individual
CC
US
AdaptiveMobile, COVID-19, CBD oil
458
19/03/2020
?
Single Individuals
Researchers from IBM X-Force discover an ongoing phishing campaign delivering emails posing as official messages from the Director-General of the World Health Organization (WHO), actively spreading HawkEye malware payloads onto the devices of unsuspecting victims.
Malware
X Individual
CC
>1
IBM X-Force, COVID-19, Coronavirus, World Health Organization, WHO, HawkEye
459
19/03/2020
APT28, AKA Fancy Bear, Sednit, and Pawn Storm
Multiple targets
Researchers from Trend Micro reveal that APT28 have continued to scan and probe the internet for vulnerable email servers during 2019.
A new phishing email is trying to take advantage of the Coronavirus pandemic and the race to develop medications by promoting a fake Folding@home app that installs Redline, an information-stealing malware.
Malware
X Individual
CC
>1
COVID-19, Coronavirus, Folding@Home, Redline
461
19/03/2020
?
Takeaway
The German food delivery service Takeaway is hit with a DDoS attack.
DDoS
I Accommodation and food service activities
CC
DE
Takeaway
462
19/03/2020
Mespinoza/Pysa
Local government authorities in France
The France's issues a warning about Mespinoza/Pysa a new ransomware gang that's been recently seen targeting the networks of local government authorities.
Malware
O Public administration and defence, compulsory social security
CC
FR
Mespinoza, Pysa, ransomware
463
19/03/2020
TA505 AKA Evil Corp
Businesses in Germany
Researchers from Prevailion discover a new campaign by the notoriously prolific TA505 cybercrime organization targeting businesses in Germany via their human resources executives.
Malware
Y Multiple Industries
CC
DE
Prevailion, TA505, Evil Corp
464
20/03/2020
?
General Electric (GE) via Canon Business Process Services
General Electric (GE) discloses that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers, Canon Business Process Services. One of their employees' email accounts was breached by an unauthorized party in February.
Account Hijacking
C Manufacturing
CC
US
General Electric, GE, Canon Business Process Services
465
20/03/2020
Digital Revolution
InformInvestGroup CJSC
Russian hacker group Digital Revolution claims to have breached InformInvestGroup CJSC, a contractor for the FSB, Russia's national intelligence service, and discovered details about Fronton, a project intended for hacking Internet of Things (IoT) devices.
Unknown
M Professional scientific and technical activities
CC
RU
Digital Revolution, InformInvestGroup CJSC, FSB, Fronton, IoT
466
20/03/2020
?
Finastra
Finastra, a leading financial technology provider from the UK, announces that it had to take several servers offline following a ransomware attack.
Malware
V Fintech
CC
UK
Finastra, ransomware
467
20/03/2020
?
Single Individuals in the US
FBI's Internet Crime Complaint Center (IC3) warns of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims.
Account Hijacking
X Individual
CC
US
FBI, Internet Crime Complaint Center, IC3
468
20/03/2020
?
Zyxel devices
Mukashi, a new variant of the Mirai malware is targeting a recently uncovered critical vulnerability in Zyxel network-attached storage devices and exploiting them to rope the machines into an IoT botnet.
Vulnerability
Y Multiple Industries
CC
>1
Mukashi, Mirai, Zyxel, CVE-2020-9054
469
20/03/2020
?
University of Utah Health
The University of Utah Health discloses a security breach, due to unauthorized access to some employee email accounts along with the presence of malware on its systems. The intrusion took place between January 7 and February 21, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
University of Utah Health
470
20/03/2020
?
Rotherham Council
Rotherham Council's IT system is compromised by an email with "COVID-19" in the subject field.
Account Hijacking
O Public administration and defence, compulsory social security
CC
UK
Rotherham Council
471
20/03/2020
?
Oregon Department of Human Services
The Oregon Department of Human Services announces that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Oregon Department of Human Services
472
20/03/2020
?
Golden Valley Health Centers
Golden Valley Health Centers notifies patients after an employee email account was compromised on March 3.
Account Hijacking
Q Human health and social work activities
CC
US
Golden Valley Health Centers
473
21/03/2020
?
Multiple targets
Researchers from MalwareHunterTeam detect a new Coronavirus phishing campaign installing the NetWalker ransomware.
Criminals are exploiting critical flaws in IoT devices from Lilin to enslave them in at least three botnets used to carry out DDoS attacks.
Vulnerability
Y Multiple Industries
CC
>1
Lilin
475
21/03/2020
?
Bitcoin users
It turns out that a network of Bitcoin-to-QR-code generators has stolen more than $45,000 from users in the past four weeks.
Account Hijacking
V Fintech
CC
>1
Bitcoin, Crypto, QR-Code gernerator
476
23/03/2020
?
World Health Organization
Reuters reveal that hackers tried to break into the World Health Organization earlier this month
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
INT
Reuters, World Health Organization, WHO
477
23/03/2020
?
Multiple targets
Microsoft issues a warning (ADV200006) that targeted attacks are underway against Windows 10 users, from attackers exploiting a critical vulnerability with no available fix.
Targeted Attack
Y Multiple Industries
CC
>1
Microsoft, ADV200006
478
23/03/2020
?
538 million users of Chinese social network Weibo
The personal details of more than 538 million users of Chinese social network Weibo are currently available for sale online.
Unknown
X Individual
CC
CN
Weibo
479
23/03/2020
?
SIngle Individuals
Researchers from KnowBe4 discover a new phishing campaign repurposing old emails to exploit COVID-19.
Account Hijacking
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19
480
23/03/2020
?
Single Individuals
Researchers from MalwareHunterTeam discover the first MBRLocker variant with a Coronavirus theme.
Researchers from Malwarebytes discover two sites promoting a bogus Corona Antivirus, taking advantage of the current COVID-19 pandemic, to distribute a malicious payload that will infect the target's computer with the BlackNET RAT and add it to a botnet.
Malware
X Individual
CC
>1
Malwarebytes, Coronavirus, COVID-19
482
23/03/2020
?
Single Individuals
An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails.
Malware
X Individual
CC
US
HHS, COVID-19, Coronavirus
483
23/03/2020
?
118 118 Money
118 118 Money writes to personal loans and credit card customers to notify an intrusion.
Unknown
K Financial and insurance activities
CC
UK
118 118 Money
484
23/03/2020
?
LTI Power System
LTI Power System is hit with a ransomware attack.
Malware
C Manufacturing
CC
US
LTI Power System, ransomware
485
24/03/2020
?
Industrial-related entities in the Middle East
Researchers from Kaspersky reveal the details of operation WildPressure, a campaign targeting entities in middle east via the Milum trojan.
Targeted Attack
Y Multiple Industries
CC
>1
Kaspersky, WildPressure, Milum
486
24/03/2020
?
Android users
Researchers from Check Point issue a new warning for a malware family dubbed Tekya, using that same native code subterfuge as a previous malware called Haken to slip the security net.
Malware
X Individual
CC
>1
Check Point, Tekya, Haken
487
24/03/2020
?
Banking users in Spain
Researchers from Kaspersky reveal that the operators of the Ginp mobile banking trojan are now targeting users in Spain with a fake "Coronavirus Finder" app.
Malware
K Financial and insurance activities
CC
ES
Kaspersky, Ginp, Coronavirus Finder
488
24/03/2020
TwoSail Junk
iOS Users in Hong Kong
Researchers from Trend Micro discover a campaign aimed at infecting the iPhones of users in Hong Kong with an iOS backdoor tracked as LightSpy.
Targeted Attack
X Individual
CE
HK
Trend Micro, iPhone, iOS, LightSpy, TwoSail Junk
489
24/03/2020
?
Netflix users
Users are warned about fraudulent messages being shared on social media platforms that Netflix is offering free passes to its platform because of the Coronavirus pandemic.
Account Hijacking
X Individual
CC
>1
Netflix, Coronavirus, COVID-19
490
24/03/2020
?
Bank customers in Germany
Researchers from IBM X-Force discover TrickMo, an Android malware targeting TrickBot victims and designed to bypass MFA to bank customers when they need to authorize a transaction.
Malware
K Financial and insurance activities
CC
DE
IBM X-Force, TrickMo, Android, TrickBot
491
24/03/2020
?
Twitter users
Hackers take over a wave of Twitter accounts to aggressively advertise a website that claims to be selling face masks and toilet paper during the coronavirus pandemic.
Account Hijacking
X Individual
CC
>1
Twitter, coronavirus, COVID-19
492
24/03/2020
?
PropTiger
Private data of more than 2 million users are shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018.
Unknown
L Real estate activities
CC
IN
PropTiger
493
25/03/2020
APT41
Multiple targets
Researchers from FireEye discover a campaign carried out by the Chinese state-sponsored group APT41, using recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe.
Targeted Attack
Y Multiple Industries
CE
>1
FireEye, APT41
494
25/03/2020
?
Tupperware
Researchers from Malwarebytes reveal that hackers have compromised the website of the world-famous Tupperware brand and stolen customers' payment card details at checkout.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Tupperware, Magecart, Malwarebytes
495
25/03/2020
?
Daniel's Hosting
The operator of the biggest free host for dark web sites, Daniel's Hosting, confirms that the service has been shut down following a hack attack that deleted all 7,595 site databases.
Unknown
S Other service activities
CC
DE
Daniel's Hosting
496
25/03/2020
Palesa
AMD
AMD admits that a hacker has stolen files related to some of its graphics products.
Unknown
C Manufacturing
CC
US
AMD, Palesa
497
25/03/2020
?
Linksys Routers
Researchers from Bitdefender reveal the details of a new campaign where the attackers change DNS settings to redirect the victim to a website that claims to be from the World Health Organization, but in reality distributing the Oski infostealer.
Malware
Y Multiple Industries
CC
>1
Bitdefender, World Health Organization, Oski infostealer, Coronavirus, COVID-19
498
25/03/2020
?
Single Individuals
Researchers from 'Doctor Web' issue a warning after discovering thousands of victims have been tricked into downloading a dangerous backdoor that is disguised as an update to Google Chrome.
Malware
X Individual
CC
>1
Doctor Web, Google Chrome
499
25/03/2020
?
Websites using Wordpress
The threat actors behind the WordPress WP-VCD malware start to distribute modified versions of Coronavirus plugins that inject a backdoor into a web site.
Malicious Wordpress Plugin
Y Multiple Industries
CC
>1
WordPress, WP-VCD, Coronavirus, COVID-19
500
25/03/2020
?
Town of Jupiter
The town of Jupiter is hit by a REvil/Sodinokibi ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Jupiter, REvil, Sodinokibi, ransomware
501
26/03/2020
China
North Korea
Researchers at Google's Threat Analysis Group reveal on Thursday that an unnamed group of hackers used five zero-day vulnerabilities, or secret hackable flaws in software, to target North Koreans and North Korea-focused professionals in 2019.
Targeted Attack
O Public administration and defence, compulsory social security
CE
KR
China, North Korea, Google
502
26/03/2020
Maze
Chubb
Chubb, a major cybersecurity insurance provider for businesses hit by data breaches, is hit with a Maze ransomware attack.
Malware
K Financial and insurance activities
CC
CH
Chubb, Maze, ransomware
503
26/03/2020
DoppelPaymer
Kimchuk
Kimchuk, a medical and military electronics maker, is hit by the DoppelPaymer ransomware
Malware
C Manufacturing
CC
US
Kimchuk, DoppelPaymer, ransomware
504
26/03/2020
FIN7
Multiple targets
The FBI warns organizations and security professionals about the tactic adopted by FIN7 to deliver the GRIFFON malware: malicious USB devices acting as a keyboard when plugged into a computer, injecting commands download and executing a JavaScript backdoor associated with this actor.
Targeted Attack
K Financial and insurance activities
CC
US
FIN7, GRIFFON , FBI
505
26/03/2020
Ryuk
US health care provider
A US health care provider is hit with the Ryuk ransomware.
Malware
Q Human health and social work activities
CC
US
Ryuk, ransomware
506
26/03/2020
?
Undisclosed US hospitality provider
Researchers from Trustwave reveal that a US hospitality provider has recently been the target of an incredibly rare BadUSB attack.
Malware
Q Human health and social work activities
CC
US
Trustwave, BadUSB
507
26/03/2020
?
Single Individuals
Researchers from Forcepoint discover a new phishing campaign pretending to be a missed call about a COVID-19 update.
Account Hijacking
X Individual
CC
US
Forcepoint, COVID-19, Coronavirus
508
26/03/2020
?
Single Individuals
Researchers from Forcepoint discover a new spam campaign exploiting COVID-19.
Malicious Spam
X Individual
CC
US
Forcepoint, COVID-19, Coronavirus
509
26/03/2020
?
Single Individuals
Researchers from Forcepoint discover a malicious campaign in Italy, encouraging the opening of an attachment, which it presents to be sent from the World Health Organization (WHO) with information covering all the necessary precautions against Coronavirus infections.
Malware
X Individual
CC
IT
Forcepoint, COVID-19, Coronavirus
510
27/03/2020
Silence and TA505
At least two companies operating in pharmaceutical and manufacturing sectors have been affected
Researchers from Group-IB reveal that at least two companies operating in pharmaceutical and manufacturing sectors have been affected have been affected by successful attacks carried out by Silence and TA505, exploiting CVE-2019-1405 and CVE-2019-1322
Social Bluebook, a Los Angeles-based company that allows advertisers to pay social media “influencers” for posts that promote their products and services, is hacked.
Unknown
J Information and communication
CC
US
Social Bluebook
512
27/03/2020
?
U.S. Small Businesses
Researchers from IBM X-Force reveal that attackers are attempting to deliver Remcos remote access tool payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration (U.S. SBA).
Malware
Y Multiple Industries
CC
US
IBM X-Force, Remcos, U.S. Small Business Administration, U.S. SBA
513
27/03/2020
?
Multiple targets in Australia
The Australian Cyber Security Centre (ACSC) issues a new threat update, seeking to raise awareness around coronavirus-themed malicious cyber activity.
Account Hijacking
Y Multiple Industries
CC
AU
Australian Cyber Security Centre, ACSC, COVID-19, Coronavirus
514
28/03/2020
?
4.9 million Georgian citizens
The personal details for more than 4.9 million Georgians, including deceased citizens, are published on a hacking forum.
Unknown
O Public administration and defence, compulsory social security
CC
GE
Georgia
515
28/03/2020
?
Single Individuals
Researchers from KnowBe4 discover a malicious campaign warning recipients that they've been exposed to the coronavirus through personal contact with a colleague, friend, or family member.
Malicious Spam
X Individual
CC
US
KnowBe4, Coronavirus, COVID-19
516
28/03/2020
Two malicious groups
Multiple targets
Researchers from Qihoo 360 reveal that since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks.
Vulnerability
Y Multiple Industries
CC
>1
Qihoo 360, DrayTek
517
28/03/2020
?
Teaching Council
A phishing incident at the Teaching Council leads to personal information relating to 9,735 teachers being shared.
Account Hijacking
P Education
CC
IE
Teaching Council
518
29/03/2020
Saudi Arabia?
Saudi citizens in the US
Saudi Arabia appears to be exploiting weaknesses in the global mobile telecoms network to track its citizens as they travel around the US.
Vulnerability
X Individual
CE
SA
Saudi Arabia
519
29/03/2020
?
Single Individuals
A new phishing campaign is spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.
Malware
X Individual
CC
>1
COVID-19, Coronavirus
520
30/03/2020
?
Major banks from the US, Canada, and Australia
Researchers from IBM X-Force discover a new phishing campaign exploiting COVID-19 to distribute the Zeus Sphinx trojan.
Malware
K Financial and insurance activities
CC
>1
IBM X-Force, COVID-19, Zeus Sphinx, Coronavirus
521
30/03/2020
?
Multiple targets
FBI warns about Zoom bombing as hijackers take over school and business video conferences.
Misconfiguration
Y Multiple Industries
CC
>1
FBI, Zoom bombing
522
30/03/2020
?
Multiple targets in the US
The FBI issues an alert (the third) about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign.
Targeted Attack
Y Multiple Industries
CE
US
FBI, Kwampirs
523
30/03/2020
?
YouTuber users
A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates.
Account Hijacking
X Individual
CC
>1
YouTube, Ponzi scam, Bill Gates.
524
30/03/2020
?
GoDaddy.com
A spear-phishing hits a customer service employee at GoDaddy.com, the world’s largest domain name registrar. The phisher modifies key customer records, including transaction brokering site escrow.com.
Account Hijacking
J Information and communication
CC
US
GoDaddy.com, escrow.com.
525
30/03/2020
"Samaneye Shekar” meaning “Hunting system”
42 million Iranian citizens
The details of 42 million Iranian citizens, allegedly users of HotGram and Talagram, two local Telegram alternatives, are leaked online.
Unknown
X Individual
CC
IR
HotGram, Talagram, Telegram, Samaneye Shekar, Hunting system
526
31/03/2020
?
Marriott
Marriott confirms a second data breach in three years, this time involving the personal information on 5.2 million guests. The attackers obtained the login details of two employees, and broke in weeks earlier during mid-January. The breach was discovered on February.
Account Hijacking
I Accommodation and food service activities
CC
US
Marriott
527
31/03/2020
?
Specific Asian religious and ethnic group
Researchers from Kaspersky reveal the details of Holy Water, a campaign targeting people in a specific Asian religious and ethnic group.
Targeted Attack
X Individual
CE
>1
Kaspersky, Holy Water
528
31/03/2020
?
Multiple targets
Researchers from Mimecast discover a new campaign spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files.
Malware
Y Multiple Industries
CC
>1
Mimecast, LimeRAT, Excel
529
31/03/2020
?
Single Individuals
Researchers from Cofense discover a new evasive phishing campaign exploiting the COVID-19 fear.
Account Hijacking
X Individual
CC
>1
Cofense, COVID-19, Coronavirus
530
16/03/2020
?
Avalon Health Care Management
Avalon Health Care Management notifies 14,500 patients of a phishing incident occurred on March 16, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Avalon Health Care Management
531
26/03/2020
Bassterlord
Indian State Tax Office
A hacker having the handle “Bassterlord”, claims to have Admin access to an Indian State Tax office’s network on a Russian hacking forum,
Unknown
O Public administration and defence, compulsory social security
CC
IN
Bassterlord
532
26/03/2020
?
Meadville Medical Center
Meadville Medical Center is hit with a malware attack.
Malware
Q Human health and social work activities
CC
US
Meadville Medical Center
533
27/03/2020
?
SBTech
SBTech is hit with a ransomware infection
Malware
R Arts entertainment and recreation
CC
MA
SBTech, ransomware
534
27/03/2020
?
Brandywine Urology Consultants
Brandywine Urology Consultants notify about a ransomware attack. The attack occurred on January 25, and the practice became aware of it on January 27.
Malware
Q Human health and social work activities
CC
US
Brandywine Urology Consultants, ransomware
535
30/03/2020
Maze
BetUS
Online gambling operator BetUS is the latest target of the Maze ransomware gang.
Malware
R Arts entertainment and recreation
CC
CW
BetUS, Maze, ransomware
536
31/03/2020
Nefilim
Cosan
The Nefilim Ransomware operators leak the data of Cosan, a Brazilian conglomerate producer of bioethanol, sugar and energy.
Malware
C Manufacturing
CC
BR
Nefilim, Cosan, ransomware
537
31/03/2020
?
Android users
Researchers from Bitdefender discover versions of the Android Zoom video-conferencing application repackaged with malware.
Malware
X Individual
CC
>1
Bitdefender, Android, Zoom
538
08/04/2020
?
Vulnerable IoT devices
Researchers from Bitdefender discover Dark_Nexus, a destructive new botnet that compromises vulnerable IoT devices to carry out DDoS attacks.
Vulnerability
Y Multiple Industries
CC
>1
Bitdefender, Dark_Nexus
539
08/04/2020
?
Bisq
Cryptocurrency exchange Bisq halts trading following a cyberattack leading to the theft of $250,000 worth of virtual currency from users.
Vulnerability
V Fintech
CC
N/A
Bisq, Crypto
540
08/04/2020
?
Cisco Webex users
Researchers from Cofense discover a new phishing campaign using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials.
Account Hijacking
X Individual
CC
>1
Cofense, Cisco Webex, COVID-19, Coronavirus
541
08/04/2020
?
Multiple targets
Microsoft warns that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses via phishing attacks.
Account Hijacking
Y Multiple Industries
CC
>1
Microsoft, Coronavirus, COVID-19
542
09/04/2020
?
Government of North Rhine-Westphalia
The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros through a phishing operation mimicking a website built to distribute COVID-19 aid.
Account Hijacking
O Public administration and defence, compulsory social security
CC
DE
North Rhine-Westphalia, COVID-19
543
09/04/2020
?
Android users
Check Point’s researchers discover 16 different malicious apps masquerading as legitimate coronavirus apps, which contain a range of malware aimed at stealing users’ sensitive information or generating fraudulent revenues.
Malware
X Individual
CC
>1
Check Point, coronavirus, COVID-19, Android
544
09/04/2020
?
E-Commerce sites powered by WordPress
Researchers from Sucuri discover a dedicated Javascript skimmer targeting WordPress e-commerce sites powered by WooCommerce.
Malicious Script Injection
Y Multiple Industries
CC
>1
Sucuri, Javascript, WooCommerce
545
09/04/2020
?
Single Individuals
A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer's webcam.
Malicious Spam
X Individual
CC
>1
Extortion
546
09/04/2020
?
Single Individuals
Researchers from Inky discover a phishing campaign trying to impersonate the White House who is sending out Coronavirus guidelines on behalf of President Trump.
Account Hijacking
X Individual
CC
US
Inky, White House, Mike Pence, Coronavirus, COVID-19
547
09/04/2020
?
DESMI
DESMI, a global company specialized in the development and manufacture of pump solutions, discloses a cyber attack.
Malware
C Manufacturing
CC
DK
DESMI, ransomware
548
09/04/2020
?
Several Iranian sites including Niazpardaz[.]ir, Arzi24[.]com
Someone is selling personal details of 45,000 Iranians on the dark web.
Unknown
X Individual
CC
IR
Niazpardaz[.]ir, Arzi24[.]com
549
10/04/2020
?
Mediterranean Shipping Co (MSC)
Mediterranean Shipping Co., the world’s second largest container line, says it has been hit by a network outage. Few days later the company confirms a malware cyber attack.
Malware
H Transportation and storage
CC
CH
Mediterranean Shipping Co, (MSC)
550
10/04/2020
Protag
Quidd
Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums.
Unknown
R Arts entertainment and recreation
CC
US
Quidd
551
10/04/2020
Nefilim
MAS Holdings
The Nefilim ransomware group operators leak the data of MAS Holdings.
Malware
C Manufacturing
CC
LK
Nefilim, Mas Holdings, ransomware
552
10/04/2020
?
Single Individuals
Researchers from IntSights discover a database available on an underground forum in the dark web containing more than 2,300 compromised Zoom credentials.
Credential Stuffing
X Individual
CC
>1
IntSights, Zoom
553
10/04/2020
?
Saint Francis Ministries
An unauthorized party gained entry into an employee’s email account at Saint Francis Ministries, accessing sensitive personal identifying information, as well as financial and protected health data between Dec. 13 and 20 of 2019.
Account Hijacking
S Other service activities
CC
US
Saint Francis Ministries
554
10/04/2020
?
Single Individuals
Researchers from Sophos reveal a surge in sextortion emails.
Malicious Spam
X Individual
CC
>1
Sophos, Sextortion
555
10/04/2020
?
115 million Pakistani mobile users
Researchers from Rewterz discover a data dump of 115 million Pakistani mobile users for sale on the dark web today. The cyber criminal behind this data breach demands 300 BTC ($2.1 million USD) for the data.
Unknown
X Individual
CC
PK
Rewterz, Pakistan
556
11/04/2020
?
Monte dei Paschi
Hackers accessed the mailboxes of some employees at Italian state-owned bank Monte dei Paschi and send emails to clients. The attack occurred on March 30.
Account Hijacking
K Financial and insurance activities
CC
IT
Monte dei Paschi
557
11/04/2020
?
Lafayette Regional Rehabilitation Hospital
Lafayette Regional Rehabilitation Hospital suffers a second phishing attack in few months.
Account Hijacking
Q Human health and social work activities
CC
US
Lafayette Regional Rehabilitation Hospital
558
12/04/2020
?
Single Individuals
A malware distributor has decided to play a nasty prank by locking victim's computers, and blaming the infection on two well-known and respected security researchers.
Malware
X Individual
CC
>1
Ransomware
559
12/04/2020
?
New York State
New York State officials are investigating a breach of the state government computer network. The attack, discovered in late January, is believed to have originated outside of the United States.
Vulnerability
O Public administration and defence, compulsory social security
CE
US
New York State
560
12/04/2020
?
Doctors based in the US
A cybercriminal is selling personal and contact details of 1.41 million doctors based in the United States.
Unknown
Q Human health and social work activities
CC
US
561
13/04/2020
?
Single Individuals
Researchers from Cyble discover over 500,000 Zoom accounts sold on the dark web and hacker forums.
Credential Stuffing
X Individual
CC
>1
Cyble, 500,000, Zoom
562
13/04/2020
?
Hartford HealthCare
Hartford HealthCare releases a statement warning patients about a phishing incident that took place between February 13 and February 14 this year.
Account Hijacking
Q Human health and social work activities
CC
US
Hartford HealthCare
563
13/04/2020
?
Government agencies involved in the procurement of personal protective equipment and other supplies
The FBI issues a warning of BEC scams against government agencies involved in the procurement of personal protective equipment and other supplies, during the COVID-19 Pandemic.
Business Email Compromise
O Public administration and defence, compulsory social security
CC
US
FBI, COVID-19, Coronavirus
564
13/04/2020
?
Accounts of banking customers in Spain
Researchers from Kaspersky warn of a remote overlay malware attack carried out via a malware called Grandoreiro, which leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain.
Malware
K Financial and insurance activities
CC
ES
Kaspersky, Grandoreiro, Chrome
565
13/04/2020
?
Doctors Community Medical Center
Doctors Community Medical Center notifies an unreported number of patients whose protected health information was potentially compromised by a phishing incident discovered in January.
Account Hijacking
Q Human health and social work activities
CC
US
Doctors Community Medical Center
566
14/04/2020
Ragnar Locker
Energias de Portugal (EDP)
Attackers using the Ragnar Locker ransomware encrypt the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M).
Malware
D Electricity gas steam and air conditioning supply
CC
PT
Energias de Portugal (EDP),
567
14/04/2020
?
Chrome Users
Google removes 49 malicious Chrome browser extensions from its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. The applications were discovered by MyCrypto and PhishFort.
Malicious Browser Extension
X Individual
CC
>1
Google, Chrome, MyCrypto, PhishFort, crypto
568
14/04/2020
?
Single Individuals
Researchers at White Ops reveal the details of ICEBUCKET, a massive online fraud operation that for the past few months has been mimicking smart TVs to gain profits from online ads.
Server-Side Ad Insertion (SSAI) Hijacking
X Individual
CC
>1
White Ops, ICEBUCKET, Smart TVs
569
14/04/2020
?
Canadian government healthcare organization
Researchers from Palo Alto discover a ransomware attack against a Canadian government healthcare organization exploiting the COVID-19 pandemic.
Medical organizations and medical research facilities located in Japan and Canada
Researchers from Palo Alto discover a separate campaign targeting various organizations, including medical organizations and medical research facilities located in Japan and Canada, with the AgentTesla malware.
Malware
Q Human health and social work activities
CC
CA
JP
Palo Alto, AgentTesla, COVID-19, Coronavirus
572
14/04/2020
?
GitHub users
GitHub users are targeted by a Sawfish phishing campaign designed to steal their GitHub login credentials and time-based one-time password (TOTP) codes.
Account Hijacking
Y Multiple Industries
CC
>1
GitHub, Sawfish
573
14/04/2020
?
Individuals in the US
Researchers from Fortinet discover a new variant of the NetWire RAT delivered via IRS-themed phishing emails.
Malware
X Individual
CC
US
Fortinet, NetWire, IRS, COVID-19, Coronavirus
574
14/04/2020
TA505
Multiple targets
Researchers from IBM X-Force reveal that the TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns spreading the persistent SDBbot RAT.
Malware
Y Multiple Industries
CC
>1
IBM X-Force, TA505, SDBbot
575
14/04/2020
?
Two Manitoba law firms
Two Manitoba law firms are hit with a ransomware attack.
Malware
M Professional scientific and technical activities
CC
CA
Manitoba, ransomware
576
14/04/2020
?
Users in Pakistan, India, Afghanistan, Bangladesh, Iran, Saudi Arabia, Austria, Romania, Grenada, and Russia.
Researchers at Trend Micro discover a potential cyberespionage campaign, named Project Spy, that infects Android and iOS devices with spyware in disguise of a fake COVID-19 app.
Malware
Y Multiple Industries
CE
>1
Trend Micro, Project Spy, COVID-19
577
15/04/2020
Syrian Electronic Army (SEA)
Single Individuals in Syria
Researchers at Lookout discover a COVID-19 Themed Spyware targeting Syrian citizens.
Malware
X Individual
CE
SY
Lookout, COVID-19, Coronavirus
578
15/04/2020
International Union of Virtual Media (IUVM) (linked to Iran)
Social Network users
Researchers from Graphika discover an Iranian-linked group spreading disinformation about Coronavirus on Facebook, Instagram, and Twitter.
Fake Social Network accounts/groups/pages
X Individual
CW
>1
Graphika, Iran, COVID-19, Coronavirus, Facebook, Instagram, Twitter, International Union of Virtual Media, IUVM
579
15/04/2020
Satan
Mercantile Communications Pvt Ltd
A group of hackers manage to gain access to the .np domain of Mercantile Communications Pvt Ltd.
DNS Hijacking
J Information and communication
CC
NP
Mercantile Communications Pvt Ltd, Satan
580
15/04/2020
?
Valorant players
Soon after the game Valorant entered closed beta, malware samples are released that targets users who are trying to play the game or get beta keys.
Malware
R Arts entertainment and recreation
CC
>1
Valorant
581
15/04/2020
?
Single Individuals
Researchers from Trustwave detect a peak of BEC scams leveraging COVID-19
Business Email Compromise
X Individual
CC
US
Trustwave, COVID-19, Coromnavirus
582
15/04/2020
?
Wappalyzer
Tech company Wappalyzer discloses a security incident after a hacker began emailing its customers and offering to sell Wappalyzer's database for $2,000. The incident took place on January 20.
Misconfiguration
M Professional scientific and technical activities
CC
AU
Wappalyzer
583
15/04/2020
?
Customers of the main Portuguese banks
A new Android Trojan-Banker targets customers of the main Portuguese banks.
Malware
K Financial and insurance activities
CC
PT
Android, Trojan-Banker
584
15/04/2020
?
Single Individuals
Researchers from Mimecast discover a flight refund scam exploiting the COVID-19 outbreak.
Account Hijacking
X Individual
CC
>1
Mimecast, COVID-19, Coronavirus
585
15/04/2020
Hidden Cobra
US and western financial institutions
The Department of Home Security issues a warning that hackers from North Korea are launching new attacks against US and western financial institutions.
Targeted Attack
K Financial and insurance activities
CC
>1
DHS, Department of Homeland Security, DHS, Hidden Cobra, CISA
586
15/04/2020
?
Applications Software Technologies
Applications Software Technologies reveals to have discovered on March 9 that an unauthorized party had accessed the company by obtaining access to a company email account.
Account Hijacking
M Professional scientific and technical activities
CC
US
Applications Software Technologies
587
15/04/2020
?
EA Sports
EA Sports is hit by a DDoS attack
DDoS
R Arts entertainment and recreation
CC
US
EA Sports
588
15/04/2020
?
South African Department for Women, Youth, and Persons with Disabilities
The South African Department for Women, Youth, and Persons with Disabilities is the latest victim of a Zoom bombing attack.
Zoom bombing
O Public administration and defence, compulsory social security
CC
ZA
South African Department for Women, Youth, and Persons with Disabilities, Zoom
589
03/04/2020
?
Vulnerable ZyXEL routers
Researchers from Palo Alto Networks discover a new variant of the Hoaxcalls botnet, spreading via an unpatched vulnerability impacting the ZyXEL Cloud CNM SecuManager that was disclosed last month.
Researchers from Sucuri reveal that attackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts.
Vulnerability
Y Multiple Industries
CC
>1
Sucuri, WordPress, OneTone
591
15/04/2020
?
Vulnerable IoT devices
Researchers at NetLab 360 discover Moobot, a new botnet family based on Mirai, which targets internet of things (IoT) devices.
Malware
Y Multiple Industries
CC
>1
NetLab 360, Moobot, Mirai
592
16/04/2020
Foreign government hackers
Companies conducting research into treatments for COVID-19
The FBI reveals that foreign government hackers have broken into companies conducting research into treatments for COVID-19.
Targeted Attack
Q Human health and social work activities
CE
US
FBI, COVID-19
593
16/04/2020
?
Azerbaijan government and utility companies
Researchers from Cisco Talos publish an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) targeting both the Azerbaijan government and utility companies, and exploits the COVID-19 outbreak.
Targeted Attack
O Public administration and defence, compulsory social security
CE
AZ
Cisco Talos, PoetRAT, COVID-19
594
16/04/2020
?
Ruby Users
Security researchers from ReversingLabs discover 725 Ruby libraries uploaded on the official RubyGems repository that contained malware meant to hijack users' clipboards.
Malware
Y Multiple Industries
CC
>1
ReversingLabs, RubyGems, Ruby
595
16/04/2020
?
Single Individuals
Researchers from Avast discover a malvertising campaign taking advantage of COVID-19, targeting Internet Explorer users via the Fallout Exploit Kit, to steal their information via the Kpot v2.0 information stealer.
Malvertising
X Individual
CC
>1
Avast, COVID-19, Internet Explorer, Fallout Exploit Kit, Kpot v2.0
596
17/04/2020
?
Aptoide
A hacker leaks the details of 20 million users of Aptoide, a third-party app store for Android applications.
SQL Injection
J Information and communication
CC
PT
Aptoide, Android
597
17/04/2020
Trickbot
Multiple targets
Researchers from Microsoft's Security Intelligence team say that the operation behind Trickbot over the past few days sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, with the aim of installing Trickbot malware via unique "macro-laced" malicious document attachments inside the message.
Malware
Y Multiple Industries
CC
>1
Microsoft, Trickbot, COVID-19, Coronavirus
598
17/04/2020
Clop
ExecuPharm
U.S. pharmaceutical giant ExecuPharm has its data leaked after it refuses to pay the ransom.
Malware
Q Human health and social work activities
CC
US
ExecuPharm, Clop
599
17/04/2020
?
Organizations in Italy
Researchers from Cybaze-Yoroi ZLab discover a new variant of Ursnif targeting organizations in Italy.
Malware
Y Multiple Industries
CC
IT
Cybaze-Yoroi ZLab, Ursnif
600
17/04/2020
?
PrimoHoagies
PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020.
Malicious Script Injection
I Accommodation and food service activities
CC
US
PrimoHoagies
601
17/04/2020
?
Banking users
Researchers from Trustwave discover a new malspam campaign that sends Excel 4.0 xls 97-2003 files with a compromised macro in email messages. The campaign attempts to dupe users with themes ranging from fake invoices to COVID-19 related lures and distributes the Gozi banking trojan.
Malware
K Financial and insurance activities
CC
>1
Trustwave, Excel, COVID-19, Gozi
602
17/04/2020
?
Aurora Medical Center Bay Area
Aurora Medical Center Bay Area notifies to have been hit with a phishing attack occurred on January 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Aurora Medical Center Bay Area
603
17/04/2020
?
Olean City
Olean City is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Olean City. Ransomware
604
18/04/2020
?
Cognizant
Information technologies services giant Cognizant is hit by the Maze Ransomware.
Malware
M Professional scientific and technical activities
CC
US
Cognizant, Maze
605
18/04/2020
?
Webkinz World,
A hacker leaks the usernames and passwords of nearly 23 million players of Webkinz World, an online children's game managed by Canadian toy company Ganz.
SQL Injection
R Arts entertainment and recreation
CC
CA
Webkinz World, Ganz
606
19/04/2020
?
Uniswap
Hackers try to attack the Uniswap cryptocurrency exchange but the attack is unsuccessful.
Vulnerability
V Fintech
CC
US
Uniswap, Crypto
607
19/04/2020
?
Lendf.me
The same hackers steal more than $25 million in cryptocurrency from the Lendf.me lending platform but they need to return the money after they are caught.
Vulnerability
V Fintech
CC
N/A
Lendf.me, crypto
608
19/04/2020
?
Facebook users
Researchers from Cyble discover a threat actor selling a database with 267 million Facebook profiles for £500 on the dark web and through hacking forums.
Misconfiguration
X Individual
CC
>1
Cyble, Facebook
609
19/04/2020
?
UniCredit
Researchers from Tesly reveal that data on about 3,000 UniCredit SpA employees was put up for sale on cybercrime forums after an SQL Injection attack.
SQL Injection
K Financial and insurance activities
CC
IT
UniCredit
610
19/04/2020
?
Energy, manufacturing, and business services in the United States
Researchers from Proofpoint discover a new campaign designed to steal user credentials via a lure that claims to welcome users to their new Zoom account.
Account Hijacking
Y Multiple Industries
CC
US
Proofpoint, Zoom, COVID-19
611
19/04/2020
TA4562
Manufacturing industrial, marketing/advertising, technology, IT and construction companies
Researchers from Proofpoint discover a campaign distributing the ServLoader and NetSupport remote access Trojans (RATs) via fake Zoom meetings cancellations.
Malware
Y Multiple Industries
CC
>1
Proofpoint, Zoom, COVID-19, TA4562
612
19/04/2020
?
Danish Agro
Danish Agro is hit with a ransomware attack.
Malware
S Other service activities
CC
DK
Danish Agro, ransomware
613
20/04/2020
Winnti (aka APT41, BARIUM, Blackfly).
Gravity
Researchers from QuoIntelligence (QuoINT) reveal that attackers from Winnti (aka APT41, BARIUM, Blackfly attempted to breach the internal network of Gravity, the South Korean gaming company behind the popular Ragnarok Online Massive Multiplayer Online Role-Playing Game.
Hackers infiltrate a Zoom meeting of a virtual church service hosted by Adam Evers, the founder of the Christian LGBTQ+ dating app Believr.
Zoom Bombing
S Other service activities
CC
US
Zoom, Believr
615
20/04/2020
?
Chartered Institute for Securities and Investments (CISI)
The Chartered Institute for Securities and Investments (CISI) confirms that some of its members may have had their financial information stolen after “malicious code” was inserted on its website.
Malicious Script Injection
S Other service activities
CC
UK
Chartered Institute for Securities and Investments, CISI
616
20/04/2020
?
Brandywine Counseling and Community Services
Brandywine Counseling and Community Services notifies patients of a ransomware incident occurred on February 2020.
Malware
Q Human health and social work activities
CC
US
Brandywine Counseling and Community Services, ransomware
617
21/04/2020
?
Nintendo users
Nintendo users report that their accounts have been getting hacked and accessed from remote locations around the globe, with some users losing money as a result of the unauthorized intrusion. Few days after the company confirms the compromise of 160,000 accounts after the attackers exploited its Nintendo Network ID (NNID) login system.
Account Hijacking
R Arts entertainment and recreation
CC
JP
Nintendo, Nintendo Network ID, NNID
618
21/04/2020
?
China's Uyghur minority
Security firm Volexity discovers Insomnia, a new iOS exploit used to spy on China's Uyghur minority.
Targeted Attack
X Individual
CE
CN
Volexity, Insomnia, iOS, Uyghur
619
21/04/2020
?
Zoom users in corporate environments
Researchers from Abnormal Security discover a new phishing campaign targeting Zoom users, using fake Zoom meeting notifications to warn victims that their contracts will either be suspended or terminated.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Zoom, COVID-19
620
21/04/2020
DoppelPaymer
City of Torrance
The City of Torrance of the Los Angeles metropolitan area is hit by the DoppelPaymer Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
The City of Torrance, DoppelPaymer
621
21/04/2020
?
US healthcare providers
The FBI warns of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments.
Malware
Q Human health and social work activities
CC
US
FBI, COVID-19
622
21/04/2020
?
Single Individuals
A fake WiFi hacking program is used to distribute CoronaLocker, a new Coronavirus-themed malware that tries to lock the victim out of Windows while making some very annoying sounds.
Malware
X Individual
CC
>1
CoronaLocker, COVID-19
623
21/04/2020
?
Oil and gas industries in multiple countries
Researchers from Bitdefender discover a new campaign targeting the oil and gas industry sector with highly targeted spearphishing campaigns impersonating shipment companies and engineering contractors while attempting to infect their targets with Agent Tesla info-stealer malware payloads.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
>1
Bitdefender, Agent Tesla
624
21/04/2020
?
Parkview Medical Center
Parkview Medical Center is hit with a ransomware attack.
Malware
Q Human health and social work activities
CC
US
Parkview Medical Center, ransomware
625
21/04/2020
?
Single Individuals
Researchers from ZeroFOX discover a massive scam campaign circulating via WhatsApp.
Account Hijacking
X Individual
CC
>1
ZeroFOX, WhatsApp, COVID-19
626
21/04/2020
?
Whisky Auctioneer
An online auction of rare whiskies is postponed indefinitely following a DDoS attack.
DDoS
R Arts entertainment and recreation
CC
US
Whisky Auctioneer
627
21/04/2020
?
Banking users in Spain, Portugal, Brazil and other parts of Latin America
Researchers from IBM X-Force uncover Banking.BR, a new Android banking trojan targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America.
Malware
K Financial and insurance activities
CC
>1
BM X-Force, Banking.BR
628
22/04/2020
State-sponsored actor
Multiple targets
Researchers from ZecOps discover two zero-day vulnerabilities affecting iPhone and iPad devices, used on a series of ongoing remote attacks targeting iOS users since at least January 2018.
Targeted Attack
Y Multiple Industries
CE
>1
ZecOps, iPhone, iPad
629
22/04/2020
?
Valve
The source code of Valve's Team Fortress 2 and Counter-Strike: Global Offensive games was leaked
Unknown
R Arts entertainment and recreation
CC
US
Valve
630
22/04/2020
Government-backed attackers
US government workers
Google's Threat Analysis Group (TAG) reveals that one group has started using free meals and coupons supposedly from fast-food franchises to lure US government workers into exposing their Gmail credentials.
Account Hijacking
O Public administration and defence, compulsory social security
CE
US
Google's Threat Analysis Group, TAG, Gmail
631
22/04/2020
Tag Barnakle
Vulnerable AD servers
Researchers from Confiant identify Tag Barnakle, a group that has been compromising advertising networks running old versions of the Revive open-source ad server to redirect victims to malware.
Malvertising
Y Multiple Industries
CC
>1
Confiant, Tag Barnakle, Revive
632
22/04/2020
?
Multiple targets
A new phishing campaign is underway that targets employees with fake customer complaints that install a new backdoor used to compromise a network.
Account Hijacking
Y Multiple Industries
CC
>1
Phishing
633
22/04/2020
?
SIngle Individuals
Researchers from Sophos reveal the details of a massive sextortion campaign netting nearly $500K in five months.
Malicious Spam
X Individual
CC
>1
Sophos
634
23/04/2020
Jerusalem Electronic Army (J.E.Army)
Water supply and treatment facilities in Israel
The Israeli National Cyber-Directorate (INCD) warns that hackers have targeted its water supply and treatment facilities. The agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems.
Unknown
E Water supply, sewerage waste management, and remediation activities
CE
IL
Jerusalem Electronic Army, J.E.Army, Israeli National Cyber-Directorate, INCD
635
23/04/2020
Ocean Lotus AKA APT32
Wuhan government and Chinese Ministry of Emergency Management
Researchers from FireEye believe that hacking group Ocean Lotus, also known as APT32 and linked to the Vietnamese government, was involved in a spear phishing campaign targeting members of the Wuhan government and Chinese Ministry of Emergency Management in search of information related to the coronavirus pandemic.
GoDaddy notifies some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH.
Account Hijacking
J Information and communication
CC
US
GoDaddy
637
23/04/2020
?
US Universities
Researchers at Proofpoint discover a new campaign targeting Faculty and students at several U.S. colleges and universities with Hupigon RAT.
Malware
P Education
CC
US
Hupigon RAT
638
23/04/2020
Sodinokibi
SeaChange
SeaChange is hit with the Sodinokibi ransomware.
Malware
J Information and communication
CC
US
SeaChange, Sodinokibi, ransomware
639
23/04/2020
?
Multiple targets
The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) issue a joint report warning of threat actors increasingly exploiting vulnerable web servers to deploy web shells.
Web Shells
Y Multiple Industries
CC
US
AU
National Security Agency, NSA, Australian Signals Directorate, ASD
640
23/04/2020
?
Multiple targets
Researchers from Cofense discover a phishing campaign against remote workers using Skype, luring them with emails that fake notifications from the service.
Account Hijacking
Y Multiple Industries
CC
>1
Cofense, Skype, COVID-19
641
23/04/2020
?
Organizations in both public and private sectors, including financial institutions.
Researchers from ESET discover a previously undocumented botnet called VictoryGate, active since at least May 2019, and composed mainly of devices in Peru. The main activity of the botnet is mining Monero cryptocurrency.
Malware
Y Multiple Industries
CC
PE
ESET, VictoryGate, Crypto, Monero
642
23/04/2020
Florentine Banker
Israeli and UK financial firms
Researchers from Check Point reveal the details of Florentine Banker, a cybercriminal group launching advanced business email compromise (BEC) attacks on leading Israeli and UK financial firms, stealing $1.3 million dollars in just four separate transactions.
Business Email Compromise
K Financial and insurance activities
CC
IL
UK
Florentine Banker, Check Point
643
24/04/2020
?
Small business owners
Researchers from Abnormal Security discover a new phishing campaign targeting users of US Payroll Protection Program loans for small businesses.
Account Hijacking
Y Multiple Industries
CC
US
Abnormal Security, US Payroll Protection
644
24/04/2020
?
Multiple targets
A new phishing campaign delivers a new stealthy malware called BazarBackdoor from the developers of TrickBot that is used to compromise and gain full access to corporate networks.
Account Hijacking
Y Multiple Industries
CC
>1
BazarBackdoor, TrickBot
645
24/04/2020
?
US and South Korean financial organizations and banks
Researchers at Group-IB discover that the details on roughly 400,000 payment cards related to US and South Korean financial organizations and banks are currently up for sale on Joker's Stash.
Unknown
K Financial and insurance activities
CC
US
KR
Group-IB, Joker's Stash
646
24/04/2020
?
Single Individuals
Researchers from Inky discover a new campaign, sending out emails that impersonate the U.S. Federal Reserve and lure recipients with financial relief options through the Payment Protection Program.
Account Hijacking
X Individual
CC
US
Inky, U.S. Federal Reserve, COVID-19
647
24/04/2020
?
Single Individuals
Hackers setup a fake NHS site, claiming to provide COVID-19 updates, aimed to distribute malware.
Malware
X Individual
CC
US
NHS, COVID-19
648
24/04/2020
?
Illinois Valley Community College
Illinois Valley Community College is hit with a ransomware attack.
Malware
P Education
CC
US
Illinois Valley Community College, ransomware
649
25/04/2020
Asnarök
Vulnerable Sophos XG Firewalls
Cyber-security firm Sophos publishes an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product, being abused in the wild by hackers. The malware is dubbed Asnarök.
SQL Injection
Y Multiple Industries
CC
>1
Sophos, XG, Asnarök
650
25/04/2020
THE0TIME
Huiying Medical Technology
Research from Cyble identify a threat actor attempting to sell Huiying Medical Technology’s source code for AI-assisted COVID-19 detection and experimental data.
Unknown
C Manufacturing
CC
CN
Cyble, Huiying Medical Technology, COVID-19, THE0TIME
651
26/04/2020
?
Robert Dyas
Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March.
Malicious Script Injection
G Wholesale and retail trade
CC
UK
Robert Dyas
652
27/04/2020
?
Multiple targets
Researchers from Kaspersky discover a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL.
Account Hijacking
Y Multiple Industries
CC
>1
Kaspersky, COVID-19, FedEx, UPS, DHL
653
27/04/2020
?
Lumberton Township Public Schools in Burlington County
Lumberton Township Public Schools in Burlington County announces it will temporarily stop using Zoom after a hacker reportedly streamed pornography and used racist language during a lesson for middle school students.
Zoom Bombing
P Education
CC
US
Lumberton Township Public Schools, Burlington County, Zoom
654
27/04/2020
Sodinokibi AKA Revil
CivicSmart
CivicSmart, a vendor of smart parking meters, is hit with a Sodinokibi ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
Sodinokibi, Revil, CivicSmart, Ransomware
655
28/04/2020
Light
Zaha Hadid Architects
A group of hackers breaches the network of Zaha Hadid Architects, one of the world's leading architectural firms. The attackers threaten to release sensitive information on the dark web unless the company pays a ransom demand.
Malware
M Professional scientific and technical activities
CC
UK
Zaha Hadid Architects, Light, ransomware
656
28/04/2020
?
Android users
Researchers from Check Point discover a new version of the Lucy malware going mobile, encrypting data and asking for a ransom threatening FBI action.
Malware
X Individual
CC
>1
Check Point, Lucy, FBI, ransomware, Android
657
28/04/2020
?
Single Individuals
Microsoft Security Intelligence Team uncovers a number of fake movie torrents carrying malicious software that attempts to hijack a user’s machine to generate cryptocurrency.
Malware
X Individual
CC
>1
Microsoft, torrent
658
28/04/2020
?
Vulnerable Wordpress servers
Researchers from Wordfence detect a peak of attacks targeting more than 900,000 Wordpress servers exploiting vulnerable plugins.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, Wordpress
659
28/04/2020
Ocean Lotus AKA APT32?
Android devices in countries including India, Vietnam, Bangladesh, and Indonesia.
Researchers from Kaspersky warn of PhantomLance, an ongoing spying campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.
Malware
X Individual
CE
>1
Kaspersky, PhantomLance, Google Play, Android
660
28/04/2020
Outlaw Hacking Group
Multiple targets in Europe
Researchers from Cybaze-Yoroi ZLab uncover a new botnet that is targeting European organizations.
Malware
Y Multiple Industries
CC
>1
Cybaze-Yoroi ZLab, Outlaw
661
28/04/2020
?
Banking users especially in Brazil, Mexico, Spain and Peru
Researchers from ESET discover a new campaign using the Grandoreiro banking trojan, and exploiting the COVID-19 crisis to attack users especially in Brazil, Mexico, Spain and Peru.
Malware
K Financial and insurance activities
CC
>1
ESET, Grandoreiro, COVID-19
662
28/04/2020
?
Organizations in Healthcare
Researchers from Microsoft warn of a wave of ransomware attacks with multiple payloads, targeting organizations in Healthcare.
Malware
Q Human health and social work activities
CC
>1
Microsoft, ransomware, COVID-19
663
28/04/2020
?
Zoom users
Researchers at IntSights discover multiple Zoom databases on underground forums.
Credential stuffing
Y Multiple Industries
CC
>1
IntSights, Zoom
664
29/04/2020
?
High-profile Estonian individuals
The Estonian Internal Security Service (KaPo) reveal that state-sponsored hackers have used a zero-day vulnerability to hijack a small number of high-profile email accounts at Estonian email provider Mail.ee.
Vulnerability
O Public administration and defence, compulsory social security
CE
EE
KaPo, Mail.ee.
665
29/04/2020
?
Chegg
Chegg confirms its third data breach in the past three years: hackers stole 700 current and former employee records, including their names and Social Security numbers.
Unknown
M Professional scientific and technical activities
CC
US
Chegg
666
29/04/2020
?
Single Individuals
Researchers at TrendMicro uncover a new cyber-criminal campaign attempting to exploit the COVID-19 pandemic to trick remote workers into installing RevCode WebMonitor RAT in disguise of a fake Zoom installer.
Malware
X Individual
CC
>1
TrendMicro, COVID-19, Coronavirus, RevCode, Zoom
667
29/04/2020
?
Multiple targets
Researchers from Kaspersky reveal a spike in brute-force attacks targeting RDP endpoints after the beginning of the COVID-19 pandemic.
Brute-force
Y Multiple Industries
CC
>1
Kaspersky, RDP, COVID-19, Coronavirus
668
29/04/2020
?
UseNeXT and Usenet.nl
UseNeXT and Usenet.nl, two companies that provide Usenet services, disclose security breaches today, blaming the breaches on "a security vulnerability at a partner company."
Unknown
J Information and communication
CC
DE
NL
UseNeXT, Usenet.nl, Usenet
669
29/04/2020
?
Undisclosed Multinational conglomerate
Researchers from Check Point reveal that attackers infected more than 75% of a multinational conglomerate's managed Android devices with the Cerberus banking trojan using the company’s compromised Mobile Device Manager (MDM) server.
Malware
Z Unknown
CC
N/A
Check Point, Android, Cerberus, Ransomware
670
29/04/2020
Aggah
Multiple targets
Researchers from Cisco Talos reveal the details of an updated Aggah campaign distributing a cocktail of malware strains: Agent Tesla, njRAT and Nanocore RAT.
Malware
Y Multiple Industries
CC
>1
Cisco Talos, Aggah, Agent Tesla, njRAT, Nanocore RAT
671
29/04/2020
?
PaperlessPay Corporation
PaperlessPay Corporation, an e-pay vendor, discovers to have been hacked in February 2019, putting at risk the identity of multiple customers.
SQL Injection
M Professional scientific and technical activities
CC
US
PaperlessPay Corporation
672
30/04/2020
PerSwaysion
High-ranking executives at more than 150 companies
Cyber-security firm Group-IB reveal the detail of PerSwaysion, a cybercrime group operating since mid-2019, able to breach the email accounts of high-ranking executives at more than 150 companies.
Account Hijacking
Y Multiple Industries
CE
>1
Group-IB, PerSwaysion
673
30/04/2020
?
Vulnerable WebLogic servers
Oracle publishes an urgent security alert, urging companies that run WebLogic servers to install the latest patches the company released in mid-April. The company says it received reports of attempts to exploit CVE-2020-2883.
Vulnerability
Y Multiple Industries
CC
>1
Oracle, WebLogic, CVE-2020-2883.
674
30/04/2020
?
Banks and financial services across Europe
Researchers from Cybereason reveal the details of EventBot, a new Android malware targeting banks, financial services across Europe
Malware
K Financial and insurance activities
CC
>1
Cybereason, EventBot, Android
675
30/04/2020
?
Multiple targets
Researchers from IBM X-Force uncover a new Trickbot campaign targeting email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA).
Malware
K Financial and insurance activities
CC
US
Researchers from IBM X-Force, Trickbot, U.S. Department of Labor, DoL, Family and Medical Leave Act, FMLA, COVID-19
676
30/04/2020
Netwalker
NWT Power Corporation
NWT Power Corporation (Northwest Territories Power Corporation) confirms to have been hit with a Netwalker ransomware attack
Malware
D Electricity gas steam and air conditioning supply
CC
CA
NWT Power Corporation, Northwest Territories Power Corporation
677
30/04/2020
LockBit
Multiple countries including the US, the UK, France, Germany, Ukraine, China, India, and Indonesia.
Researchers from McAfee and Northwave Intelligent Security Operations discover a new ransomware called LockBit, able to self-spread inside the victim's network.
Researchers from Barracuda Networks observe a single phishing campaign that sent out 128,000 emails to a variety of organizations and employees using reCAPTCHA walls to conceal fake Microsoft log-in pages.
Account Hijacking
Y Multiple Industries
CC
>1
Barracuda Networks, reCAPTCHA, Microsoft
679
30/04/2020
?
Warwick University
The Warwick University reveals to have been breached last year (and tried to cover the breach).
Malware
P Education
CC
UK
Warwick University
680
30/04/2020
?
SWPS University of Humanities and Social Sciences (‘SWPS University’)
The Polish University of Humanities and Social Sciences is hit with a ransomware attack.
Malware
P Education
CC
PL
SWPS, University of Humanities and Social Sciences , ransomware
681
27/04/2020
?
Aeries Student Information System
Multiple school districts are impacted by a breach occurred to Aeries Student Information System, occurred in November 2019.
Unknown
M Professional scientific and technical activities
CC
US
Aeries Student Information System
682
18/04/2020
?
Etana Custody
Etana Custody states that its “client user interface was accessed by an unauthorized external party”
Unknown
V Fintech
CC
US
Etana Custody, Crypto
683
01/05/2020
Maze
Banco BCR
Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data.
Malware
K Financial and insurance activities
CC
CR
Maze, Banco BCR, ransomware
684
01/05/2020
?
Multiple organizations
Researchers from Abnormal Security discover a malicious campaign impersonating notifications from Microsoft Teams.
Account Hijacking
O Public administration and defence, compulsory social security
CC
>1
Microsoft Teams, Abnormal Security, COVID-19
685
01/05/2020
?
Single Individuals
A new phishing campaign is distributing a combination of malware: a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.
Malware
X Individual
CC
>1
LokiBot, Jigsaw, Ransomware
686
01/05/2020
Maze
Nashville Plastic Surgery Institute,
Nashville Plastic Surgery Institute, dba Maxwell Aesthetics, is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Nashville Plastic Surgery Institute, Maxwell Aesthetics, Maze, ransomware
687
01/05/2020
Maze
Plastic Surgery Center Dr. Kristin Tarbet’s
Plastic Surgery Center Dr. Kristin Tarbet’s is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
US
Plastic Surgery Center Dr. Kristin Tarbet’s, Maze, Ransomware
688
01/05/2020
Sodinokibi (AKA REvil)
MJ Payne
MJ Payne, a London accountancy firm, suffers a REvil ransomware attack.
Malware
K Financial and insurance activities
CC
UK
MJ Payne, REvil ransomware, Sodinokibi
689
02/05/2020
?
LineageOS
Hackers breach the main infrastructure of the LineageOS Android, causing a full outage. The attackers exploited a high-severity vulnerability in the open source “Salt” management framework that was disclosed to the public on April 30.
Vulnerability
M Professional scientific and technical activities
CC
N/A
LineageOS, Salt, CVE-2020-11651, CVE-2020-11652
690
02/05/2020
?
PeroxyChem
PeroxyChem is hit by a Maze ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
PeroxyChem, Maze, ransomware
691
03/05/2020
Shiny Hunters
Tokopedia
A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online.
SQL Injection
G Wholesale and retail trade
CC
ID
Tokopedia, Shiny Hunters
692
03/05/2020
Shiny Hunters
Unacademy
Online learning platform Unacademy suffers a data breach after a hacker gains access to their database and starts selling the account information for close to 22 million users.
Unknown
P Education
CC
IN
Unacademy, Shiny Hunters
693
03/05/2020
?
Naughty Dog
A security flaw in patches from game developer Naughty Dog give hackers access to unreleased content from the upcoming The Last of Us Part II that was stored in an Amazon S3 bucket.
Misconfiguration
R Arts entertainment and recreation
CC
US
Naughty Dog, The Last of Us, Amazon S3
694
03/05/2020
?
Ghost
The blogging platform Ghost is compromised exploiting the Salt vulnerability. The attackers install a cryptominer.
Vulnerability
J Information and communication
CC
US
Ghost, Salt, CVE-2020-11651, CVE-2020-11652
695
03/05/2020
?
Digicert
Digicert is compromised as a consequence of the Salt vulnerability.
Vulnerability
M Professional scientific and technical activities
CC
US
Digicert, Salt, CVE-2020-11651, CVE-2020-11652
696
03/05/2020
?
Xen Orchestra
Xen Orchestra, a platform that provides tools to administrate Citrix Hypervisor is also compromised via the Salt vulnerability.
Vulnerability
M Professional scientific and technical activities
A virtual ceremony by Florida Gulf Coast University is disrupted by a DDOS attack.
DDoS
P Education
CC
US
Florida Gulf Coast University
699
03/05/2020
?
Dakota Carrier Network
Dakota Carrier Network, a consortium of 14 independent broadband companies, is hit by the Maze ransomware.
Malware
M Professional scientific and technical activities
CC
US
Dakota Carrier Network, Maze, Ransomware
700
04/05/2020
?
Single individuals in France
A new ransomware called VCrypt is targeting French victims by utilizing the legitimate 7zip command-line program to create password-protected archives of data folders.
Malware
X Individual
CC
FR
VCrypt, ransomware
701
04/05/2020
State-sponsored hackers from Russia, Iran, and China
UK universities and scientific facilities
The UK's National Cyber Security Centre (NCSC) warns that the country's universities and scientific facilities are being subject to a wave of hacking attempts conducted by other countries in the quest for coronavirus research.
Targeted Attack
P Education
CE
UK
National Cyber Security Centre, NCSC, Russia, Iran, China
702
04/05/2020
?
Financial Organizations
The US Financial Industry Regulatory Authority (FINRA) issues a cyber-security alert warning member organizations of "a widespread, ongoing phishing campaign." aimed at stealing Microsoft Office and SharePoint account passwords from its member organizations.
Account Hijacking
K Financial and insurance activities
CC
US
Financial Industry Regulatory Authority, FINRA, Microsoft Office, SharePoint
703
04/05/2020
?
Companies across different industries
Microsoft warns of multiple malspam campaigns carrying malicious disk image files aimed to distribute the REMCOS remote access tool, using the COVID-19 lure.
Malicious Spam
Y Multiple Industries
CC
>1
REMCOS, COVID-19
704
04/05/2020
?
Tarkett
French flooring company Tarkett reveals that it was hit by a cyber attack on April 29th, and that its operations continue to be disrupted as a result:
Malware
C Manufacturing
CC
FR
Tarkett
705
04/05/2020
?
Android users in Ukraine, Russia, Kazakhstan, Turkmenistan
Researchers from Bitdefender discover an existing version of the Android device screen-locking malware SLocker, repackaged in the form of a mobile coronavirus app
Malware
X Individual
CC
>1
COVID-19, Android, Bitdefender, SLocker
706
04/05/2020
?
Bukapalak
The data of 13 million users of the e-commerce platform Bukapalak are posted on a dark web forum, despite the company denies the breach.
Unknown
G Wholesale and retail trade
CC
ID
Bukapalak
707
04/05/2020
?
York University
York University suffers a "serious" cyber attack.
Unknown
P Education
CC
CA
York University
708
04/05/2020
?
CPC Corp.,
Oil refiner Taiwan's CPC Corp., suffers a ransomware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
TW
CPC Corp.,
709
05/05/2020
?
Individuals in UK
Researchers from Cofense discover a new spear-phishing campaign targeting executives and others in attempt to steal login credentials and bank account details by posing as their smartphone provider EE.
Account Hijacking
X Individual
CC
UK
Cofense, EE
710
05/05/2020
Government-backed hacking group
Organizations involved in international COVID-19 responses, healthcare, and essential services
A joint advisory by cyber-security agencies from the US (CISA) and the UK (NCSC) reveal that organizations involved in international COVID-19 responses, healthcare, and essential services are actively targeted by government-backed hacking groups
Password-spraying
Q Human health and social work activities
CE
>1
CISA, NCSC, COVID-19
711
05/05/2020
?
Single Individuals
Researchers from Malwarebytes reveal that hackers have created and used a fake icon portal to host and load a JavaScript web skimmer camouflaged as a favicon.
Malicious Script Injection
X Individual
CC
>1
Malwarebytes, JavaScript, Magecart
712
05/05/2020
?
Multiple organizations
Researchers from Abnormal Security discover a highly convincing series of phishing attacks, using fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to steal users' account credentials.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Cisco Webex
713
05/05/2020
?
Mercedes-Benz Instagram account
Unknown hackers post swastikas on Mercedes-Benz Instagram account.
Account Hijacking
C Manufacturing
CC
DE
Mercedes-Benz, Instagram
714
05/05/2020
?
Algolia
Search service Algolia says it suffered a security breach over the weekend after hackers exploited a well-known vulnerability in the Salt server configuration software to gain access to its infrastructure.
Vulnerability
M Professional scientific and technical activities
CC
US
Algolia, CVE-2020-11651, CVE-2020-11652
715
05/05/2020
?
Linux-based servers and smart IoT devices
Security researchers discover Kaiji, another strain of malware specifically built to infect Linux-based servers and smart IoT devices to launch DDoS attacks.
Malware
Y Multiple Industries
CC
>1
Kaiji
716
05/05/2020
?
BJC HealthCare
BJC HealthCare warns patients that their information may have been exposed after it discovered someone gained unauthorized access to three employee email accounts on March 6.
Account Hijacking
Q Human health and social work activities
CC
US
BJC HealthCare
717
05/05/2020
?
Formosa Petrochemical Corp.,
Formosa Petrochemical Corp., is hit by a malware attack.
Malware
D Electricity gas steam and air conditioning supply
CC
TW
Formosa Petrochemical Corp.,
718
06/05/2020
Snake
Fresenius
Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services is hit in a Snake ransomware cyber attack on its technology systems.
Malware
Q Human health and social work activities
CC
DE
Fresenius, Snake, Ransomware
719
06/05/2020
Shiny Hunters
Microsoft
A hacker dubbed Shiny Hunters claims to have stolen over 500GB of data from Microsoft's private GitHub repositories
Unknown
M Professional scientific and technical activities
CC
US
Shiny Hunters, Microsoft, GitHub
720
06/05/2020
?
Vulnerable Wordpress sites
Researchers from Wordfence reveal that hackers are actively exploiting two security vulnerabilities in the Elementor Pro and Ultimate Addons for Elementor WordPress plugins to remotely execute arbitrary code and fully compromise unpatched targets.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, Wordpress, Elementor Pro, Ultimate Addons for Elementor
721
06/05/2020
Lazarus group
Multiple organizations
Researchers from Malwarebytes reveal that hackers have hidden malware in MinaOTP, a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group.
Targeted Attack
Y Multiple Industries
CE
>1
Malwarebytes, MinaOTP, 2FA, Dacls, North Korea, Lazarus group
722
06/05/2020
?
Multiple E-Commerce servers
The FBI warns about attacks on Magento online stores via an old plugin vulnerability (CVE-2017-7391, a vulnerability in MAGMI, Magento Mass Import).
Vulnerability
G Wholesale and retail trade
CC
>1
FBI, Magento, CVE-2017-7391, MAGMI, Magento Mass Import
723
06/05/2020
Nefilim
Toll Group
For the second time in three months, Toll Group becomes the victim of a ransomware attack.
Malware
M Professional scientific and technical activities
CC
AU
Toll Group, Nefilim, ransomware
724
06/05/2020
?
44 million Pakistani mobile subscribers
The details of 44 million Pakistani mobile subscribers are leaked online.
Unknown
X Individual
CC
PK
Pakistan
725
06/05/2020
?
Chrome users
11 new fake crypto-wallet extensions add-ons are discovered in the Chrome Web store.
Malicious browser extension
X Individual
CC
>1
Chrome, Crypto
726
06/05/2020
?
Single Individuals in the US
Researchers from Secureworks Counter Threat Unit (CTU) observe an increase in tax identity theft aimed at fraudulently obtaining stimulus checks.
Account Hijacking
X Individual
CC
US
Secureworks Counter Threat Unit, CTU
727
06/05/2020
?
Multiple organizations
Researches from Prevailion discover a new variant of the EVILNUM malware.
Malware
Y Multiple Industries
CC
>1
Researches from Prevailion discover a new variant of the EVILNUM malware.
728
07/05/2020
Silver Terrier
Multiple organizations
Researchers from Palo Alto Networks reveal the details of a new series of attacks from Silver Terrier, targeting multiple organizations involved with the COVID-19 response.
Business Email Compromise
Y Multiple Industries
CC
>1
Silver Terrier, Palo Alto Networks, COVID-19
729
07/05/2020
Naikon APT
Several national government entities in the Asia Pacific (APAC) region
Researchers from Check Point discover new evidence of an ongoing cyber espionage operation against several national government entities in the Asia Pacific (APAC) region, using a new backdoor named Aria-body.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Check Point, Aria-body, Naikon APT
730
07/05/2020
?
Ruhr University Bochum (RUB)
The Ruhr University Bochum (RUB) announces that it was forced to shut down large parts of its central IT infrastructure, after a ransomware attack that took place between May 6 and May 7.
Malware
P Education
CC
DE
Ruhr University Bochum, RUB, ransomware
731
07/05/2020
DonJuji
MobiFriends
The personal details of 3,688,060 users registered on the MobiFriends dating app are posted online and available for download. The data was obtained in a security breach that took place in January 2019
Unknown
R Arts entertainment and recreation
CC
ES
MobiFriends, DonJuji
732
07/05/2020
?
Web applications built on the ASP.NET
Researchers at security firm Red Canary uncover a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework.
Vulnerability
Y Multiple Industries
CC
>1
Red Canary, Monero, Blue Mockingbird, CVE-2019-18935, ASP.NET, Crypto
733
07/05/2020
?
Fitness class
A Zoom hacker scares a group of about 60 children taking part in a fitness class, streaming a child sex abuse footage.
Zoom bombing
R Arts entertainment and recreation
CC
UK
Zoom
734
07/05/2020
Maze
Sparboe Companies
The threat group MAZE publishes what it claims is data stolen from Sparboe Companies, a Minnesota egg supplier during a ransomware attack.
Malware
I Accommodation and food service activities
CC
US
Sparboe Companies, Maze
735
07/05/2020
?
Giannis Antetokounmpo's Twitter account
NBA Milwaukee Bucks' player Giannis Antetokounmpo's Twitter account is hacked.
Account Hijacking
X Individual
CC
US
Giannis Antetokounmpo, Twitter, Milwaukee Bucks
736
07/05/2020
?
StorEnvy
The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online.
Unknown
G Wholesale and retail trade
CC
US
StorEnvy
737
08/05/2020
Sodinokibi (AKA REvil)
Grubman Shire Meiselas & Sacks (GSMLaw)
The Sodinokibi ransomware group threatens to release hundreds of gigabytes of legal documents from Grubman Shire Meiselas & Sacks, a prominent entertainment and law firm that counts dozens of international stars as their clients, including Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross, and many others.
Malware
N Administrative and support service activities
CC
US
Sodinokibi, REvil. ransomware, Grubman Shire Meiselas & Sacks, GSMLaw, Madonna, Lady Gaga, Elton John, Robert de Niro, Nicki Minaj, Chris Brown, Usher, U2, Timbaland, Rick Ross
738
08/05/2020
Attackers linked to Iran
Gilead Sciences
Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences Inc in recent weeks, as the company races to deploy a treatment for the COVID-19 virus.
Targeted Attack
M Professional scientific and technical activities
CC
>1
Iran, Gilead Sciences Inc, COVID-19
739
08/05/2020
Shiny Hunters
HomeChef
A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale in the dark web.
Unknown
I Accommodation and food service activities
CC
US
HomeChef, Shiny Hunters
740
08/05/2020
Shiny Hunters
ChatBooks
A database with 15 million records belonging to ChatBooks, a photo print service, is put on sale in the dark web.
Unknown
M Professional scientific and technical activities
CC
US
ChatBooks, Shiny Hunters
741
08/05/2020
Shiny Hunters
Chronicle.com
Chronicle.com, a news source for higher education, is the latest victim to have a database dumped from the Shiny Hunters collective (3 million records).
Unknown
J Information and communication
CC
US
Chronicle.com, Shiny Hunters
742
08/05/2020
?
Texas Office of Court Administration (OCA)
The Texas Office of Court Administration (OCA) is hit by ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
Texas Office of Court Administration, Ransomware
743
08/05/2020
?
Multiple organizations
Researchers from Abnormal Security discover a new phishing campaign exploiting the DocuSign platform.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, DocuSign
744
08/05/2020
?
City Index
Financial trading provider City Index informs users of a breach of their personal data, after its network was accessed by an unauthorized third party on April 14.
Unknown
K Financial and insurance activities
CC
UK
City Index
745
09/05/2020
?
Stadler
International rail vehicle construction company, Stadler, disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data.
Malware
C Manufacturing
CC
CH
Stadler
746
09/05/2020
Shiny Hunters
Bhinneka
Bhinneka has 1.2 million records dumped by Shiny Hunters.
Unknown
G Wholesale and retail trade
CC
ID
Bhinneka, Shiny Hunters
747
09/05/2020
Shiny Hunters
Minted
Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by Shiny Hunters.
Unknown
R Arts entertainment and recreation
CC
US
Minted, Shiny Hunters
748
09/05/2020
Shiny Hunters
Styleshare
Styleshare, an online platform that allows users to share and receive updates on fashion and beauty, is breached by Shiny Hunters. 6 million records are leaked.
Unknown
J Information and communication
CC
KR
Styleshare, Shiny Hunters
749
09/05/2020
Shiny Hunters
Ggumim
Ggumim suffers 2 million records leaked by Shiny Hunters.
Unknown
Z Unknown
CC
KR
Shiny Hunters, Ggumim
750
09/05/2020
Shiny Hunters
Mindful
2 Million accounts from Mindful are leaked by the Shiny Hunters.
Unknown
Q Human health and social work activities
CC
US
Shiny Hunters, Mindful
751
09/05/2020
Shiny Hunters
Star Tribune
1 Million accounts from the Star Tribune are leaked by the Shiny Hunters.
Unknown
J Information and communication
CC
US
Shiny Hunters, Star Tribune
752
09/05/2020
Shiny Hunters
Zoosk
The Shiny Hunters leak 30 million accounts from Zoosk.
Unknown
S Other service activities
CC
>1
Shiny Hunters, Zoosk
753
09/05/2020
?
U.S. Marshals Service
A data breach at the U.S. Marshals Service exposes the personal information of current and former prisoners (387,000 individuals are affected). The breach occurred on December 2019.
Unknown
O Public administration and defence, compulsory social security
CC
US
U.S. Marshals Service
754
10/05/2020
?
Port of Bandar Abbas
Iranian officials say that hackers damaged a small number of computers in a cyber-attack against the port of Bandar Abbas, the country's largest port in the Strait of Hormuz.
Unknown
H Transportation and storage
CW
IR
Bandar Abbas, Strait of Hormuz
755
10/05/2020
?
MyBudget
MyBudget, one of Australia's largest debt-management services is taken down by malware.
Malware
K Financial and insurance activities
CC
AU
MyBudget
756
11/05/2020
Maze
Pitney Bowes
Pitney Bowes suffers a cyber attack for the second time in few months. The attackers are detected but manage to steal some files.
Malware
M Professional scientific and technical activities
CC
US
Pitney Bowes, Maze, Ransomware
757
11/05/2020
ProLock
Diebold Nixdorf
Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, suffers a ProLock ransomware attack that disrupts some operations.
Malware
C Manufacturing
CC
US
Diebold Nixdorf, ProLock, ransomware
758
11/05/2020
?
WeLeakData.com
The database for the defunct hacker forum and data breach marketplace WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site.
Unknown
S Other service activities
CC
N/A
WeLeakData.com
759
11/05/2020
?
Banking users in Brazil
Researchers from Cisco Talos discover a new variant of the Astaroth malware using YouTube as its command and control infrastructure.
Malware
K Financial and insurance activities
CC
BR
Cisco Talos, Astaroth
760
11/05/2020
?
Banking users
Researchers from IBM X-Force reveal that the Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams.
Malware
K Financial and insurance activities
CC
>1
IBM X-Force, Zeus Sphinx, COVID-19
761
11/05/2020
?
Portuguese Banking users
A new campaign targets Portuguese Banking users with the Lampion malware, impersonating an invoice from a Bank transaction, an invoice from Vodafone Group, and emergency funds provided by the Portuguese Government to help the COVID-19 fight.
Malware
K Financial and insurance activities
CC
PT
Lampion, Vodafone Group, COVID-19
762
11/05/2020
?
Multiple organizations
Researchers from Abnormal Security revel the details of a new attack impersonating a notification from Zoom in order to steal Microsoft credentials of employees.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Zoom, Microsoft
763
12/05/2020
?
Magellan Health Inc
Magellan Health Inc announces that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.
Malware
Q Human health and social work activities
CC
US
Magellan Health Inc, ransomware
764
12/05/2020
HIDDEN COBRA AKA Lazarus Group
US Companies
The US government (FBI, CISA, and DoD) releases information on three new malware variants (COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH) used in malicious cyber activity campaigns by the North Korean government-backed hacker group tracked as HIDDEN COBRA.
Targeted Attack
Y Multiple Industries
CE
US
(FBI, CISA, DoD, COPPERHEDGE, TAINTEDSCRIBE, PEBBLEDASH, HIDDEN COBRA, Lazarus Group
765
12/05/2020
Magecart
>1000 websites
Security researcher Max Kersten collects in a span of a few weeks over 1,000 domains infected with payment card skimmers.
Malicious Script Injection
Y Multiple Industries
CC
>1
Max Kersten, Magecart
766
12/05/2020
?
ESET
ESET fends off a DDoS attack facilitated by "Updates for Android", a malicious news app hosted in the Google Play Store and downloaded 50,000 times.
DDoS
M Professional scientific and technical activities
CC
SK
ESET, Updates for Android, Google Play Store, Android
767
12/05/2020
?
Nikkei Inc.,
Nikkei Inc., announces that personal information on a total of 12,514 people had been leaked after a computer used by a group company employee was infected with a virus in an apparent cyberattack.
Malware
J Information and communication
CC
JP
Nikkei Inc.
768
12/05/2020
Nefilim
W&T Offshore
The hackers behind the Nefilim malware say they have stolen over 800 gigabytes of personnel and financial data from W&T Offshore Inc.,
Malware
D Electricity gas steam and air conditioning supply
CC
US
W&T Offshore, Nefilim
769
13/05/2020
Threat actors affiliated to the People’s Republic of China
US health care, pharmaceutical, and research industry sectors.
The US government (FBI, CISA, and DoD) reveals that Threat actors affiliated to the People’s Republic of China (PRC) are attempting to compromise and collect COVID-19 information from organizations in the US health care, pharmaceutical, and research industry sectors.
Targeted Attack
Q Human health and social work activities
CE
US
FBI, CISA, DoD, People’s Republic of China, PRC, COVID-19
770
13/05/2020
?
Supercomputers across UK, Germany, Switzerland and Spain
Multiple supercomputers across Europe are infected with cryptocurrency mining malware and shut down to investigate the intrusions.
Malware
P Education
CC
>1
Supercomputers
771
13/05/2020
?
Multiple organizations
Microsoft discovers a new COVID-19 themed phishing campaign using economic concerns to target businesses with the LokiBot information-stealing Trojan.
Malware
Y Multiple Industries
CC
>1
Microsoft, COVID-19, LokiBot
772
13/05/2020
?
Multiple organizations
Researchers from ESET discover a new malware toolkit, dubbed Ramsay, able to collect sensitive files from systems isolated from the internet.
Malware
Y Multiple Industries
CC
>1
ESET, Ramsay
773
13/05/2020
?
Interserve
Interserve, a contractor for the Britain’s Ministry of Defence suffers a security breach, after hackers break into a database and steal up to 100,000 of past and current employees details.
Unknown
M Professional scientific and technical activities
CC
UK
Interserve, Ministry of Defence
774
13/05/2020
?
Bam Construct
Bam Construct is hit by a malware.
Malware
M Professional scientific and technical activities
CC
UK
Bam Construct
775
13/05/2020
Russia
German Chancellor Angela Merkel
German Chancellor Angela Merkel reveals that Russia was targeting her in hacking attacks, saying she had concrete proof of the "outrageous" spying attempts.
Targeted Attack
O Public administration and defence, compulsory social security
CE
DE
Angela Merkel, Russia
776
13/05/2020
?
Single Individuals
Researchers from Sophos discover a new phishing campaign using a well-crafted fake DHL delivery notification,
Account Hijacking
X Individual
CC
>1
Sophos, DHL
777
13/05/2020
?
Wright County
Wright County notifies residents of a phishing attack occurred on January 31, 2019.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
Wright County
778
13/05/2020
AKO
North Shore Pain Management
North Shore Pain Management has 4 GB of data leaked by the AKO ransomware gang.
Malware
Q Human health and social work activities
CC
US
North Shore Pain Management, AKO, ransomware
779
14/05/2020
?
Norfund
Fraudsters running business email compromise scams were able to swindle Norfund, Norway’s state investment fund, out of $10 million.
Business Email Compromise
K Financial and insurance activities
CC
NO
Norfund
780
14/05/2020
?
Multiple organizations
Microsoft says that attackers have already adapted their phishing campaigns to use the newly updated design for Azure AD and Office 365 sign-in pages.
Account Hijacking
Y Multiple Industries
CC
>1
Microsoft, Azure AD, Office 365
781
14/05/2020
Turla APT?
European diplomatic entities
Researchers from Kaspersky discover a new COMpfun remote access trojan (RAT) variant controlled using uncommon HTTP status codes, used in attacks targeting European diplomatic entities.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Kaspersky, COMpfun, Turla
782
14/05/2020
RATicate
Industrial companies
Researchers from Sophos identifies RATicate, a hacking group that abused NSIS installers to deploy remote access tools (RATs) and information-stealing malware in attacks targeting industrial companies.
Targeted Attack
Y Multiple Industries
CE
>1
Sophos, RATicate
783
14/05/2020
?
Multiple organizations
A new Node.js based remote access trojan and password-stealing malware is being distributed through malicious emails pretending to be from the U.S. Department of the Treasury.
Malware
Y Multiple Industries
CC
US
Adwind, U.S. Department of the Treasury, COVID-19
784
14/05/2020
APT from China
Government entities, telecommunications firms, and the gas industry
A joint report issued by ESET and Avast reveal the details of Mikroceen, a backdoor used in attacks against public and private entities in central Asia since 2017.
Targeted Attack
Y Multiple Industries
CE
>1
ESET, Avast, China, Mikroceen
785
14/05/2020
?
Elexon
Elexon, a middleman in the UK power grid network, reports that it fell victim to a cyber-attack (probably malware).
Malware
D Electricity gas steam and air conditioning supply
CC
UK
Elexon, ransomware
786
14/05/2020
?
Service NSW
Service NSW reveals to have fallen victim to a phishing attack occurred on April 22.
Account Hijacking
O Public administration and defence, compulsory social security
CC
AU
Service NSW
787
14/05/2020
?
Multiple Organizations
Researchers from Palo Alto Networks Unit 42 observe both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8.
Vulnerability
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, Mirai, Hoaxcalls, Symantec
788
14/05/2020
?
Multiple organizations
Researchers from Armorblox reveal the details of a phishing campaign exploiting Symantec URL Protection to evade detection.
Account Hijacking
Y Multiple Industries
CC
>1
Armorblox, Symantec
789
14/05/2020
?
Saint Paulus Lutheran Church
Saint Paulus Lutheran Church sues video chat company Zoom after a hacker allegedly hijacked a virtual Bible study class to post graphic images of child abuse.
Zoom bombing
S Other service activities
CC
US
Saint Paulus Lutheran Church, Zoom
790
14/05/2020
?
Des Moines City Council
A Des Moines civil rights meeting is abandoned after being Zoombombed.
Zoom bombing
O Public administration and defence, compulsory social security
CC
US
Des Moines City Council, Zoom
791
15/05/2020
?
Online Shops
Researchers at Sucuri discover a new WordPress malware used to scan and identify WooCommerce online shops to be targeted in future Magecart attacks.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sucuri, WordPress, WooCommerce, Magecart
792
15/05/2020
?
Texas Department of Transportation (TxDOT)
A new ransomware attack hits the network of the state’s Department of Transportation (TxDOT).
Malware
O Public administration and defence, compulsory social security
CC
US
Texas Department of Transportation, TxDOT
793
15/05/2020
?
Car owners in Moscow
A database with 129 million records of car owners in Moscow is being offered for sale on a dark web forum.
Unknown
X Individual
CC
RU
Russia, Car owners
794
15/05/2020
?
BlueScope
BlueScope confirms it was the victim of a cyber incident.
Unknown
C Manufacturing
CC
AU
BlueScope
795
15/05/2020
Tropic Trooper, AKA KeyBoy
Taiwanese and Philippine military
Researchers from Trend Micro reveal the details of a campaign targeting the air-gapped networks of the Taiwanese and the Philippine military via the USBferry malware.
Targeted Attack
O Public administration and defence, compulsory social security
CE
TW
PH
Trend Micro, USBferry, Tropic Trooper, KeyBoy
796
04/05/2020
?
Healthcare, government entities, financial institutions, and retail
The FBI issues a security alert about a new ransomware strain named ProLock, deployed in intrusions at healthcare, government entities, financial institutions, and retail.
Malware
Y Multiple Industries
CC
US
FBI, ProLock, ransomware
797
08/05/2020
?
Nipissing First Nation
Nipissing First Nation is hit by a ransomware attack.
Malware
U Activities of extraterritorial organizations and bodies
CC
CA
Nipissing First Nation, ransomware
798
10/05/2020
Powerful Greek Army
North Macedonia’s Ministry of Economy and Finance
A Greek group called Powerful Greek Army leaks dozens of email addresses and passwords from staffers in the North Macedonia’s Ministry of Economy and Finance, as well as from the municipality of Strumica
Unknown
O Public administration and defence, compulsory social security
H
MK
Powerful Greek Army, North Macedonia’s Ministry of Economy and Finance, Strumica
799
11/05/2020
?
Bernards Township
Bernards Township is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Bernards Township, ransomware
800
14/05/2020
?
BlockFi
Crypto lending provider BlockFi reports that it suffered a data breach after, some of the company’s client data was breached through a SIM card swap attack performed on one of its employees.
Account Hijacking
V Fintech
CC
US
BlockFi, Crypto
801
14/05/2020
?
Single Individuals in the US
Researchers from the advocacy group Abuse.ch discover a COVID-19-related malspam campaign that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials using a remote access trojan.
Account Hijacking
X Individual
CC
US
COVID-19, Abuse.ch, U.S. Treasury Department
802
14/05/2020
?
9 million customers of the CDEK Express transportation service
Data belonging to nine million customers of the CDEK Express transportation service was is up for sale on the Web for 70 thousand rubles ($950).
Unknown
H Transportation and storage
CC
RU
CDEK Express
803
14/05/2020
?
Covve
Covve, the popular address book app, is identified as the source of a data breach that exposed the details of nearly 23 million individuals.
Unknown
J Information and communication
CC
CY
Covve
804
18/05/2020
?
Undisclosed Target
Researchers from Cofense discover a phishing tactic that leverages the OAuth2 framework and OpenID Connect (OIDC) protocol to access user data.
Account Hijacking
Z Unknown
CC
N/A
Cofense, OAuth2, OpenID Connect
805
18/05/2020
NetWalker
Multiple organizations
Researchers at Trend Micro discover a new fileless version of the NetWalker ransomware.
Malware
Y Multiple Industries
CC
>1
Trend Micro, NetWalker, Ransomware
806
19/05/2020
?
EasyJet
EasyJet admits that a "highly sophisticated cyber-attack" has affected approximately nine million customers. Email addresses and travel details have also been stolen and 2,208 customers had also their credit and debit card details "accessed". The attack was discovered on January.
Targeted Attack
H Transportation and storage
CC
UK
EasyJet
807
19/05/2020
?
Multiple organizations
Microsoft's Security Intelligence team warns of a "massive" COVID-19 themed phishing campaign that attempts to install NetSupport Manager, a remote access tool, by tricking users into opening email attachments containing malicious Excel 4.0 macros.
Malicious Spam
Y Multiple Industries
CC
>1
Microsoft, COVID-19, NetSupport Manager, Excel
808
19/05/2020
?
Banking users
Researchers from Malwarebytes and HYAS reveal the details of Silent Night, a botnet distributed via the RIG exploit kit and COVID-19 spam.
Researches from Cisco Talos reveal the details of WolfRAT, a new Trojan targeting Thai users of Whatsapp, Facebook Messenger, and Line messaging apps on the Android mobile platform.
Researchers from Agari discover Scattered Canary, a group of business email compromise (BEC) Nigerian scammers targeting U.S. unemployment systems and COVID-19 relief funds provided through the CARES Act.
Business Email Compromise
X Individual
CC
US
Agari, Scattered Canary, BEC, COVID-19, CARES Act
811
19/05/2020
?
Undisclosed Target
Researchers from Abnormal Security reveal the detail of a new campaign impersonating the collaboration software provider, LogMeIn.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, LogMeIn
812
20/05/2020
Winnti Group
Massively multiplayer online (MMO) game developers located in South Korea and Taiwan
Cybersecurity firm ESET releases a report on the Winnti APT group, using PipeMon, a new, modular malware on the systems of several massively multiplayer online (MMO) game developers located in South Korea and Taiwan.
Targeted Attack
R Arts entertainment and recreation
CE
KR
TW
ESET, Winnti, PipeMon
813
20/05/2020
ShinyHunters
Wishbone
ShinyHunters puts up for sale the details of 40 million users registered on Wishbone, a popular mobile app that lets users compare two items in a simple voting poll.
Unknown
M Professional scientific and technical activities
CC
US
ShinyHunters, Wishbone
814
20/05/2020
?
Banking users in the U.S., Canada, Germany, Poland, and Australia
Researchers from Proofpoint reveal the details of a new version of the ZLoader banking malware seen in more than 100 email campaigns since the beginning of the year.
Malware
K Financial and insurance activities
CC
>1
Proofpoint, ZLoader
815
20/05/2020
CyberWare
Scam companies
A group of hackers calling themselves CyberWare starts targeting scam companies with ransomware and DDoS attacks.
Malware
S Other service activities
CC
N/A
CyberWare
816
20/05/2020
?
Multiple organizations
The FBI issues a security alert about Zoom-bombing.
Zoom bombing
Y Multiple Industries
CC
US
FBI, Zoom bombing
817
21/05/2020
?
Multiple organizations
Researchers from Sophos reveal the details of RagnarLocker, a new ransomware installing virtual machines to avoid detection.
Malware
Y Multiple Industries
CC
>1
Sophos, RagnarLocker, ransomware
818
21/05/2020
Hackers of Savior
2000 Israeli websites
More than 2000 Israeli websites are defaced to show an anti-Israeli message and with malicious code seeking permission to access visitors' webcams. Most of the websites were hosted on uPress, a local Israeli WordPress hosting service.
Defacement
Y Multiple Industries
H
IL
uPress, Hackers of Savior
819
21/05/2020
Ke3chang (AKA APT15, Vixen Panda, Playful Dragon, and Royal APT)
Multiple organizations
Researchers from Intezer discover a new operation from the Ke3chang APT, using a new malware dubbed Ketrum.
Researchers from Armorblox discover a new campaign in disguise of the Supreme Court, using a CAPTCHA page to evade security controls on Office 365.
Account Hijacking
Y Multiple Industries
CC
>1
Armorblox, Supreme Court, CAPTCHA, Office 365
821
21/05/2020
Chafer APT
Governments in Kuwait and Saudi Arabia
Researchers from BitDefender reveal the details of the Iran-linked Chafer APT group, targeting governments in Kuwait and Saudi Arabia
Targeted Attack
O Public administration and defence, compulsory social security
CE
KW
SA
Chafer APT, Iran, BitDefender
822
21/05/2020
?
Multiple organizations
Researchers from Trustwave uncover a new phishing campaigns, taking advantage of “the reputation and services” of the Google Cloud’s Firebase mobile and web application development platform.
Account Hijacking
Y Multiple Industries
CC
>1
Trustwave, Google Cloud, Firebase
823
22/05/2020
LulzSecITA
San Raffaele Hospital
Hackers from LulzSecITA leak sensitive data from the San Raffaele Hospital in Milan. Data includes personal details of patients, doctors, nurses, and various employees. The breach occurred two months ago.
SQL Injection
Q Human health and social work activities
H
IT
LulzSecITA, San Raffaele
824
22/05/2020
ShinyHunters
Mathway
ShinyHunters breaches Mathway, a popular math solving application, stealing more than 25 million emails and passwords.
Unknown
M Professional scientific and technical activities
CC
US
ShinyHunters, Mathway
825
22/05/2020
?
Multiple organizations
Researchers from Sentinel One discover a new version of the Sarwent malware that opens RDP (Remote Desktop Protocol) ports on infected computers.
A threat actor shares the 2014 voter information for close to 2 million Indonesians on a hacker forum.
Unknown
X Individual
CC
ID
Indonesia
827
22/05/2020
?
EduCBA
Online education site EduCBA starts notifying customers that they are resetting their passwords after suffering a data breach.
Unknown
P Education
CC
IN
EduCBA
828
22/05/2020
?
Italian companies operating in the manufacturing sector.
Researchers from ZLab discover a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector.
Targeted Attack
C Manufacturing
CE
IT
ZLab
829
23/05/2020
?
Unknown resume aggregator
Researchers from Cyble discover a dump containing 29.1M Indian jobseekers personal details, offered for free in the hacking underground.
Unknown
M Professional scientific and technical activities
CC
IN
Cyble
830
23/05/2020
?
Multiple organizations
Researchers from Malwarebytes and HYAS publish a new report related to a new botnet, derived from Zeus, dubbed Silent Night Zeus.
Malware
Y Multiple Industries
CC
>1
Malwarebytes, HYAS, Zeus, Silent Night Zeus.
831
23/05/2020
DoubleGun
Multiple organizations in China
Researchers from NetLab 360 dismantle the infrastructure built by the DoubleGun Group, which had amassed hundreds of thousands of bots controlled via public cloud services, including Alibaba and Baidu Tieba.
Malware
Y Multiple Industries
CC
CN
NetLab 360, DoubleGun Group, Alibaba, Baidu Tieba
832
24/05/2020
?
Multiple Crypto wallets
The hacker that breached the Ethereum.org forum is allegedly selling the databases of several popular crypto hard wallets, including: Ledger, Trezor, and KeepKey.
Account Hijacking
V Fintech
CC
>1
Ethereum.org, Ledger, Trezor, KeepKey, Crypto
833
24/05/2020
?
Discord users
A new version of the AnarchyGrabber Discord malware is released that modifies the Discord client files so that it can evade detection and steal user accounts every time someone logs into the chat service.
Malware
X Individual
CC
>1
AnarchyGrabber, Discord
834
24/05/2020
?
Three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online
Researchers from Cyble discover the databases of three hacking forums Nulled.ch, Sinfulsite.com, and suxx.to leaked online
Unknown
S Other service activities
CC
N/A
Nulled.ch, Sinfulsite.com, suxx.to, Cyble
835
25/05/2020
[F]Unicorn
Single individuals in Italy
The Agency for Digital Italy (AgID) discovers a new ransomware threat called [F]Unicorn, encrypting computers in Italy by tricking victims into downloading a fake COVID-19 contact tracing app.
Malware
X Individual
CC
IT
Agency for Digital Italy (AgID), [F]Unicorn, COVID-19
836
25/05/2020
?
More than two dozen SQL databases
More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website (over 1.5 million rows).
Unknown
Y Multiple Industries
CC
>1
SQL
837
26/05/2020
Turla
Three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe
Security researchers from ESET have discovered new attacks carried out by Turla via the ComRAT backdoor, taking place in January 2020. The attacks targeted three high-profile entities, such as a national parliament in the Caucasus and two Ministries of Foreign Affairs in Eastern Europe.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
ESET, Turla
838
26/05/2020
?
Arbonne International
Arbonne International exposes the personal information and credentials of thousands after its internal systems were breached by an unauthorized party.
Account Hijacking
M Professional scientific and technical activities
CC
US
Arbonne International
839
26/05/2020
?
Banking users in Portugal
A new version of the Grandoreiro malware is discovered In Portugal.
Malware
K Financial and insurance activities
CC
PT
Grandoreiro
840
27/05/2020
NetWalker
City of Weiz
The Austrian City of Weiz is hit by the NetWalker Ransomware.
Malware
O Public administration and defence, compulsory social security
CC
AT
City of Weiz, ransomware, NetWalker
841
27/05/2020
PonyFinal
Multiple Organizations
Microsoft's security team issues an advisory warning organizations around the globe to deploy protections against PonyFinal a new strain of ransomware that has been in the wild over the past two months.
Malware
Y Multiple Industries
CC
>1
Microsoft, PonyFinal
842
27/05/2020
?
LiveJournal
Blogging platform LiveJournal appears to have suffered a security breach in 2014, and multiple hackers are selling the company's user database on the dark web and on hacking forums (26 million users).
Unknown
J Information and communication
CC
RU
LiveJournal
843
27/05/2020
?
Undisclosed Target
Researchers from Abnormal Security reveal the details of a new campaign impersonating AWS notifications.
Account Hijacking
Z Unknown
CC
N/A
AWS, Abnormal Security
844
27/05/2020
?
47.5 million Indian Truecaller users
Researchers from Cyble discover the data of 47.5 million Indian users, apparently leaked on the dark web allegedly originated from the famous caller-ID app, Truecaller.
Unknown
X Individual
CC
IN
Cyble, Truecaller
845
27/05/2020
"Hack-for-hire" groups operating in India
Employees at financial services, consulting and healthcare firms around the world
"Hack-for-hire" groups operating in India are spoofing World Health Organization emails to steal credentials from employees at financial services, consulting and healthcare firms around the world, according to Google's Threat Analysis Group.
Account Hijacking
Y Multiple Industries
CC
>1
Google's Threat Analysis Group
846
28/05/2020
?
Cisco Systems
Cisco discloses a security breach that impacted a small part of its backend infrastructure: hackers used a vulnerability in the SaltStack software package, which Cisco bundles with some products, to gain access to six servers:
Nippon Telegraph & Telephone (NTT discloses a security breach. Hackers gained access to its internal network from Singapore and stole information on 621 customers from its communications subsidiary, NTT Communications.
Targeted Attack
J Information and communication
CE
JP
NTT, NTT Communications
848
28/05/2020
?
Github users
GitHub issues a security alert warning about Octopus Scanner, a new malware strain that's been spreading on its site via 26 boobytrapped Java projects.
Malware
Y Multiple Industries
CC
>1
GitHub, Octopus Scanner
849
28/05/2020
Sandworm AKA BlackEnergy
Multiple organizations
The US National Security Agency (NSA publishes a security alert warning of a new wave of cyberattacks against Exim email servers, exploiting CVE-2019-10149, conducted by Sandworm.
Targeted Attack
Y Multiple Industries
CE
US
US National Security Agency, NSA, Exim, CVE-2019-10149, Sandworm, BlackEnergy
850
28/05/2020
?
Multiple organizations
Researchers from Cybereason discover a new variant of the Valak malware targeting Microsoft Exchange.
Malware
Y Multiple Industries
CC
>1
Valak, Cybereason, Microsoft Exchange
851
28/05/2020
Netwalker
Michigan State University
The operators of the NetWalker (Mailto) ransomware announce that they've infected the network of Michigan State University
Malware
P Education
CC
US
NetWalker, Mailto, ransomware, Michigan State University
852
28/05/2020
?
Multiple organizations
Researchers at Palo Alto reveal the details of a new version of the Trickbot malware, providing a better method of evading detection.
Malware
Y Multiple Industries
CC
>1
Palo Alto Networks, Unit 42, Trickbot
853
28/05/2020
?
Valorant Players
Researchers from Dr.Web discover fake Android and iOS Valorant apps, promoting scams.
Malware
R Arts entertainment and recreation
CC
>1
Valorant, Dr.Web, iOS, Android
854
28/05/2020
?
Undisclosed Target
Researchers from Abnormal Security reveal the details of a new campaign impersonating the World Health Organization.
Account Hijacking
Z Unknown
CC
N/A
COVID-19, Abnormal Security, WHO, World Health organization
855
28/05/2020
?
City government systems in Minneapolis
City government systems in Minneapolis are taken down by a DDoS attack.
DDoS
O Public administration and defence, compulsory social security
H
US
Minneapolis
856
28/05/2020
?
Single Individuals in India
Security researchers from SonicWall discover fake malicious versions of Aarogya Setu, the Indian government’s coronavirus contact tracing mobile application.
Malware
X Individual
CC
IN
SonicWall, Aarogya Setu, COVID-19
857
29/05/2020
?
Amtrak
The National Railroad Passenger Corporation (Amtrak) discloses a data breach that may have resulted in the compromise of customer personally identifiable information (PII). The data breach was discovered on April 16, 2020 and was carried out via compromised credentials.
Account Hijacking
H Transportation and storage
CC
US
Amtrak
858
29/05/2020
?
Organizations in Japan, Italy, Germany and the UK
Researchers from Kaspersky identify a series of attacks on organizations in Japan, Italy, Germany and the UK. Up to 50% of the attackers’ targets are organizations in various industrial sectors.
Targeted Attack
M Professional scientific and technical activities
CC
>1
Kaspersky
859
29/05/2020
?
Multiple organizations
Researchers at ZLab discover a new campaign using COVID-19 lures (FMLA: Family and Medical Leave Act) to spread Himera and Absent-Loader.
Malware
Y Multiple Industries
CC
>1
ZLab, COVID-19, FMLA, Family and Medical Leave Act, Himera, Absent-Loader.
860
29/05/2020
Toogod
Department of Household Registration (Taiwan)
Researchers from Cyble discover in the dark web a database containing details of over 20 Million Taiwanese citizens.
Unknown
O Public administration and defence, compulsory social security
CC
TW
Cyble, Department of Household Registration, Toogod
861
30/05/2020
?
Emirates customers
Emirates airline warned passengers about the latest phishing email scam warning that flights have been cancelled because of COVID-19.
Account Hijacking
H Transportation and storage
CC
UAE
Emirates
862
30/05/2020
?
Unpatched Wordpress sites
Researchers from Wordfence reveal that Hackers launched a massive campaign against WordPress websites, attacking old vulnerabilities in unpatched plugins to download configuration files.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, Wordpress
863
30/05/2020
Anonymous
Minneapolis Police Department
Anonymous takes down the Minneapolis Police Department website in retaliation for the murder of George Floyd.
DDoS
O Public administration and defence, compulsory social security
H
US
Anonymous, Minneapolis Police Department, George Floyd
864
30/05/2020
?
Single individuals in Italy
Researchers from D3Lab uncover a new COVID-19-themed phishing campaign targeting the users of the Italian National Institute for Social Security (INPS) and exploiting the COVID-19 measures.
Account Hijacking
X Individual
CC
IT
D3Lab, COVID-19, INPS
865
30/05/2020
Sekhmet
Excis
Sekhmet ransomware operators claim to have hit an international IT firm, Excis.
Malware
M Professional scientific and technical activities
CC
UK
Excis, Sekhmet, ransomware
866
31/05/2020
?
Coincheck
Japanese cryptocurrency exchange Coincheck says hackers took control over its account at Oname.com, a local domain registrar and hijacked one of its domain names, which they later used to contact some of its customers.
Account Hijacking
V Fintech
CC
JP
Coincheck, Oname.com, Crypto
867
14/05/2020
?
Genworth Financial
Fortune 500 insurance holding company Genworth Financial discloses a data breach after an unauthorized party gained access to insurance agents' online accounts using compromised login credentials. The breach was discovered by Genworth on April 20.
Account Hijacking
K Financial and insurance activities
CC
US
Genworth Financial
868
22/05/2020
?
Everett & Hurite Ophthalmic Association
Everett & Hurite Ophthalmic Association notifies 34,113 patients of a phishing attack occurred between February and March 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Everett & Hurite Ophthalmic Association
869
01/06/2020
?
Kent Commercial Services
Kent Commercial Services reveal to have been hit with a ransomware attack on April 2. The attackers demanded 800,000 GBP.
Malware
N Administrative and support service activities
CC
UK
Kent Commercial Services, ransomware
870
01/06/2020
?
Multiple organizations
Researchers from Panda Security uncover BazarBackdoor, a new malware sharing code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks.
Malware
Y Multiple Industries
CC
>1
Panda Security, BazarBackdoor, TrickBot
871
02/06/2020
?
Minnesota Senate
The Minnesota Senate’s servers are hacked, and the attackers are able to access a file of passwords used by senators and staff, Senate officials.
Unknown
O Public administration and defence, compulsory social security
CC
US
Minnesota Senate
872
02/06/2020
?
Kentucky Employees’ Health Plan (KEHP)
Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) are victims of two connected data breaches that took place in late April and mid-May.
Account Hijacking
Q Human health and social work activities
CC
US
Kentucky Employees’ Health Plan, KEHP
873
02/06/2020
Sodinokibi AKA REvil
Agromart Group
The gang behind the Sodinokibi ransomware puts on sale on an auction site the data stolen for Agromart Group.
Malware
M Professional scientific and technical activities
CC
CA
Sodinokibi, Agromart Group, ransomware
874
03/06/2020
Cycldek, Conimes, or Goblin Panda
Large organizations and government institutions in Vietnam
Researchers from Kaspersky reveal the details of USBCulprit, a malware used by a group known as Cycldek, Conimes, or Goblin Panda, designed for compromising air-gapped devices via USB.
Targeted Attack
O Public administration and defence, compulsory social security
CE
VN
Kaspersky, USBCulprit, Cycldek, Conimes, Goblin Panda
875
03/06/2020
Netwalker
Columbia College of Chicago
The Netwalker Ransomware operators claim to have successfully attacked the Columbia College of Chicago, stole unencrypted data, and encrypted their computers.
Malware
P Education
CC
US
Columbia College of Chicago, Netwalker, Ransomware
876
03/06/2020
Netwalker
University of California San Francisco (UCSF)
The Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco (UCSF), stole unencrypted data, and encrypted their computers.
Malware
P Education
CC
US
University of California San Francisco, UCSF, Netwalker, Ransomware
877
03/06/2020
?
Microsoft Office 365 customers
Researchers from Abnormal Security discover a new phishing campaign targeting Microsoft Office 365 customers, using bait messages camouflaged as notifications sent by their organization to update the VPN configuration.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Microsoft Office 365, VPN, COVID-19
878
03/06/2020
?
San Francisco Employees’ Retirement System (SFERS)
The San Francisco Employees’ Retirement System (SFERS) suffers a data breach after an unauthorized person gains access to a database hosted in a test environment. The breach occurred on February 2020.
Unknown
S Other service activities
CC
US
San Francisco Employees’ Retirement System, SFERS
879
03/06/2020
DoppelPaymer
Digital Management Inc. (DMI)
The DoppelPaymer ransomware gang says it successfully breached the network of Digital Management Inc. (DMI), a managed IT and cyber-security services on demand, NASA contractor.
Malware
M Professional scientific and technical activities
CC
US
DoppelPaymer, ransomware, Digital Management Inc., DMI, NASA
880
03/06/2020
Maze
Westech International
The threat actors behind the Maze ransomware steal and leak the data of Westech International, a US military contractor.
Malware
C Manufacturing
CC
US
Westech International, Maze, Ransomware
881
03/06/2020
?
Viva Republica Inc.
Viva Republica Inc., a fintech firm, has its Toss platform hacked suffering a loss worth 9.4 million won ($7,853).
Unknown
V Fintech
CC
KR
Viva Republica Inc., Toss
882
03/06/2020
?
Duluth School District
The Duluth School District reveals the details of a security breach involving 14 student accounts.
Account Hijacking
P Education
CC
US
Duluth School District
883
03/06/2020
?
Anti-racism organizations
Cloudflare reveals a 1,120 fold soar of cyber-attacks against anti-racism organizations in the wake of the death of George Floyd.
DDoS
U Activities of extraterritorial organizations and bodies
CC
>1
Cloudflare, George Floyd
884
04/06/2020
China and Iran APT Groups
Trump and Biden presidential campaigns
Researchers from Google’s Threat Analysis Group say they’ve identified efforts by at least two nation state-backed hackers against the Trump and Biden presidential campaigns.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
Google, Threat Analysis Group, TAG, Trump, Biden
885
04/06/2020
Maze
Conduent
The Maze Ransomware operators claim to have successfully attacked business services giant Conduent, where they stole unencrypted files and encrypted devices on their network.
Malware
M Professional scientific and technical activities
CC
US
Conduent, Maze, Ransomware
886
04/06/2020
?
Chartered Professional Accountants of Canada (CPA)
Chartered Professional Accountants of Canada (CPA) disclose a cyberattack against their website that allowed unauthorized third parties to access the personal information of over 329,000 members and other stakeholders.
Unknown
S Other service activities
CC
CA
Chartered Professional Accountants of Canada, CPA
887
04/06/2020
Tycoon
Small to medium size organizations in the software and education industries
Researchers from Blackberry and KPMG discover Tycoon, a new human-operated ransomware strain deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.
Malware
Y Multiple Industries
CC
>1
Blackberry, KPMG, Tycoon, ransomware
888
04/06/2020
?
Multiple organizations
Researchers from Akamai discover Stealthworker a piece of malware attempting brute-force attacks against cPanel.
Brute-Force
Y Multiple Industries
CC
>1
Akamai, cPanel, Stealthworker
889
04/06/2020
?
Hundreds of enterprises across all industries, including real estate, oil & gas, engineering, IT, healthcare, financial services and more
Researchers from Ironscale discover a massive phishing campaign sending fake email notifications for voice messages.
Account Hijacking
Y Multiple Industries
CC
>1
Ironscale
890
04/06/2020
?
Banking users
Researchers from Check Point discover a new malware campaign, spoofing job seekers and delivering Zloader via emails with file attachments that claim to be curriculum vitae (CV).
Malware
K Financial and insurance activities
CC
US
Check Point, Zloader
891
04/06/2020
Higaisa
Multiple organizations
Researchers from Malwarebytes discover a new campaign from a Korea-linked APT known as Higaisa, using LNK files.
Targeted Attack
Y Multiple Industries
CE
>1
Malwarebytes, Higaisa, LNK
892
04/06/2020
?
Android users
Researchers from Trend Micro reveal that a couple of Android barcode reader apps, downloaded more than 1 million times, were found to contain ad fraud malware (AndroidOS_HiddenAd.HRXJA).
Malware
X Individual
CC
>1
Trend Micro, Android, AndroidOS_HiddenAd.HRXJA
893
04/06/2020
?
San Beda University (SBU)
An unidentified hacker infiltrates the online student portal of San Beda University (SBU), gaining access to personal information and social media passwords of thousands of students and apparently releasing them online.
Unknown
P Education
CC
PH
San Beda University, SBU
894
05/06/2020
Maze
VT San Antonio Aerospace
The Maze Ransomware gang breach and successfully encrypt the systems of VT San Antonio Aerospace. They also steal and leak unencrypted files. The attack occurred in April 2020.
Malware
M Professional scientific and technical activities
CC
US
VT San Antonio Aerospace, Maze, Ransomware
895
05/06/2020
"John Wick" and "Korean Hackers"
ZEE5
A hacker identifying themselves as "John Wick" and "Korean Hackers" claim to have breached the systems for Indian video on demand giant ZEE5 and are threatening to sell the database on criminal markets.
Unknown
J Information and communication
CC
IN
John Wick, Korean Hackers, ZEE5
896
05/06/2020
?
Fitness Depot
Canadian retailer Fitness Depot announces customers that their personal and financial information was stolen following a breach that affected the company's e-commerce platform last month.
Malicious Script Injection
G Wholesale and retail trade
CC
CA
Fitness Depot, Magecart
897
05/06/2020
Kupidon
Multiple organizations
A new ransomware dubbed Kupidon targets not only corporate networks, but also home user's personal data.
Malware
Y Multiple Industries
CC
>1
Kupidon, Ransomware
898
05/06/2020
eCh0raix
QNAP storage devices
The threat actors behind the eCh0raix Ransomware launch a brand new campaign targeting QNAP storage devices.
Malware
Y Multiple Industries
CC
>1
eCh0raix, Ransomware, QNAP
899
05/06/2020
?
City of Florence
The city of Florence, Alabama, is hit by the DoppelPaymer ransomware.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Florence, Alabama
900
05/06/2020
Maze
ST Engineering
The threat actors behind the Maze ransomware steal and leak the data of ST Engineering.
Malware
C Manufacturing
CC
SG
Maze, ransomware, ST Engineering.
901
05/06/2020
?
University of Utah
University of Utah notifies its patients after a phishing incident compromised employee email accounts between April 6 and May 22.
Account Hijacking
Q Human health and social work activities
CC
US
University of Utah
902
05/06/2020
?
Multiple organizations
Researchers from Yoroi ZLab reveal the details of a Netwire campaign targeting Italian-speakers.
Targeted Attack
Y Multiple Industries
CE
IT
Yoroi ZLab, Netwire
903
05/06/2020
?
Multiple organizations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that attackers are trying to exploit the SMBGhost vulnerability (CVE-2020-0796).
Vulnerability
Y Multiple Industries
CC
US
U.S. Cybersecurity and Infrastructure Security Agency, CISA, SMBGhost, CVE-2020-0796
904
06/06/2020
?
Single Individuals
A fake decryptor for the STOP Djvu Ransomware is being distributed. Instead of getting their files back for free, they are infected with another ransomware, Zorab.
Malware
X Individual
CC
>1
STOP Djvu, Ransomware, Zorab
905
07/06/2020
EKANS (SNAKE)
Enel Group
The Enel Group is hit by a ransomware attack from EKANS (SNAKE) ransomware operators that affected its internal network,
Malware
D Electricity gas steam and air conditioning supply
CC
IT
Enel Group, SNAKE, EKANS, ransomware
906
07/06/2020
?
University of the Philippines Cebu
Unknown attackers break into the evaluation portal of the University of the Philippines Cebu.
Unknown
P Education
CC
PH
University of the Philippines Cebu
907
07/06/2020
?
Hockley Medical Practice
Hockley Medical Practice have their records of nearly 9,000 patients hacked.
Unknown
Q Human health and social work activities
CC
UK
Hockley Medical Practice
908
08/06/2020
EKANS (SNAKE)
Honda
Computer networks in Europe and Japan from car manufacturer giant Honda are also affected by issues that are reportedly related to a SNAKE Ransomware cyber-attack.
Malware
C Manufacturing
CC
JP
Honda, SNAKE, EKANS
909
08/06/2020
Russia?
German multinational corporation
Researchers at IBM X-Force uncover a COVID-19 related phishing campaign targeting a German multinational corporation, associated with a German government-private sector task force to procure personal protective equipment. The threat actors behind this campaign targeted more than 100 high ranking executives within this organization and its third-party ecosystem (approximately 40 organizations).
Targeted Attack
C Manufacturing
CE
DE
IBM X-Force, COVID-19
910
08/06/2020
DoppelPaymer
Avon
Cosmetics giant Avon discloses a security incident allegedly due to the DoppelPaymer ransomware.
Malware
C Manufacturing
CC
UK
Avon, DoppelPaymer, ransomware
911
08/06/2020
?
Greenworks
Researchers at RapidSpike discover that payment card data from customers of Greenworks hardware tools website is being stolen by hackers via a malicious script with self-cloaking capabilities and anti-tampering protection.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Greenworks, RapidSpike, Magecart
912
08/06/2020
?
Bitcoin users
Scammers hijack three YouTube channels (Juice TV, Right Human, and MaximSakulevich) to display bitcoin scams impersonating Elon Musk's SpaceX channel, stealing nearly $150,000 in bitcoins in two days.
Account Hijacking
X Individual
CC
>1
YouTube, Juice TV, Right Human, MaximSakulevich, Elon Musk, SpaceX
913
08/06/2020
TA410
U.S. energy providers
Researchers from Proofpoint discover a new spear-phishing campaign targeting U.S. energy providers via FlowCloud, a new remote access trojan (RAT) capable of providing attackers with full control over infected systems.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
US
Proofpoint, FlowCloud
914
08/06/2020
Avaddon
Single Individuals
Researchers from Appriver discover a new Avaddon Ransomware campaign targeting users worldwide.
Malware
X Individual
CC
>1
Appriver, Avaddon, Ransomware
915
09/06/2020
Dark Basin
Environmental advocacy groups, journalists, and others
A joint report by Citizen Labs and the University of Toronto reveals the details of a Dark Basin, a massive hack-for-hire operation targeting especially climate-change organizations who were campaigning against Exxon Mobil.
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
>1
Dark Basin, Exxon Mobil, Citizen Lab, University of Toronto
916
09/06/2020
?
Lion
Australian beverage giant Lion is hit by a Ransomware attack.
Malware
I Accommodation and food service activities
CC
AU
Lion, Ransomware
917
09/06/2020
?
Multiple organizations
Security researchers from RiskIQ discover a new wave of attacks relying on Magecart and malicious redirector code lurking in misconfigured S3 buckets.
Misconfiguration
Y Multiple Industries
CC
>1
RiskIQ, Magecart, S3
918
09/06/2020
R3dr0x
Bharat Earth Movers Limited (BEML).
Researchers from Cyble report that a threat actor is offering in a dark web black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML)
Unknown
C Manufacturing
H
IN
Cyble, R3dr0x, Bharat Earth Movers Limited, BEML
919
09/06/2020
?
Vulnerable Microsoft SQL Servers
Researchers from Sophos reveal that the operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Servers using brute-force methods in order to mine cryptocurrency.
Brute-Force
Y Multiple Industries
CC
>1
Sophos, Kingminer, Microsoft SQL Servers, Crypto
920
09/06/2020
?
Slovak government
Slovak authorities arrest four suspects as part of an investigation into a series of suspicious devices found connected to the government's official IT network.
Wiretapping
O Public administration and defence, compulsory social security
CC
SK
Slovakia
921
10/06/2020
Maze
MaxLinear
U.S. system-on-chip (SOC) maker company MaxLinear discloses that some of its computing systems were encrypted by Maze Ransomware operators. The attack was discovered on May 24.
Malware
C Manufacturing
CC
US
MaxLinear, Ransomware, Maze
922
10/06/2020
?
Single Individuals
A recent phishing email campaign discovered by Abuse.ch asks to vote anonymously about Black Lives Matter to spread the TrickBot information-stealing malware.
Malware
X Individual
CC
>1
Abuse.ch, Black Lives Matter, TrickBot
923
10/06/2020
?
Small businesses in the UK
Researchers from Abnormal Security discover a new phishing campaign targeting business owners with Microsoft Office 365, and using bait emails designed to look like legitimate Small Business Grants Fund (SGF) relief payment messages from the UK government.
Account Hijacking
Y Multiple Industries
CC
UK
Abnormal Security, Microsoft Office 365, Small Business Grants Fund, SGF, COVID-19
924
10/06/2020
?
Multiple organizations
Researchers from Recorded Future discover a new Ransomware-as-a-service, dubbed Thanos, with high evasion capabilities.
Malware
Y Multiple Industries
CC
>1
Thanos, Recorded Future, Ransomware
925
10/06/2020
?
Microsoft
Microsoft reveals that attackers recently hijacked powerful machine-learning clusters inside Microsoft’s Azure cloud-computing service to mine cryptocurrency at the expense of the customers who rented them.
Misconfiguration
M Professional scientific and technical activities
CC
US
Microsoft, Azure
926
10/06/2020
?
Single Individuals
Researchers from Google report an increase in the number of COVID-19 related scams.
Account Hijacking
X Individual
CC
IN
Google, India, COVID-19
927
10/06/2020
?
Small businesses in the UK
Researchers from Google discover a new campaign targeting small businesses in the UK, designed to look like legitimate Small Business Grants Fund (SGF) messages.
Account Hijacking
Y Multiple Industries
CC
UK
Google, Small Business Grants Fund, SGF
928
10/06/2020
?
Single Individuals
Researchers from Google discover a phishing campaign themed with streaming services, targeting Brazilian users.
Account Hijacking
X Individual
CC
BR
Google, Brazil
929
10/06/2020
?
Single Individuals in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Researchers from Anomali identify 12 fake COVID-19 contact tracing apps targeting citizens in Armenia, India, Brazil, Chhattisgarh, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia and Singapore.
Malware
X Individual
CC
>1
Anomali, Armenia, India, Brazil, Columbia, Indonesia, India, Iran, Italy, Kyrgyzstan, Russia and Singapore.
930
10/06/2020
?
City of Keizer
The city of Keizer is hit with a ransomware attack, and is able to restore the data, paying the perpetrators a $48,000 ransom.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Keizer, ransomware
931
11/06/2020
?
City of Knoxville
The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Knoxville, ransomware
932
11/06/2020
?
Customers of 36 US financial institutions
Security researchers at F5 Labs discover ongoing attacks using Qbot malware payloads to steal credentials from customers of dozens of US financial institutions.
Malware
K Financial and insurance activities
CC
US
F5 Labs, Qbot
933
11/06/2020
?
TAIT Towers
TAIT Towers, one of the world's leading live event solutions providers, discloses a data breach that led to the exposure of personal and financial information stored on a server and on the email accounts of some of its employees.
Account Hijacking
C Manufacturing
CC
US
TAIT Towers
934
11/06/2020
Gamaredon (Primitive Bear)
Ukrainian institutions
Researchers from ESET discover new recent campaigns by Gamaredon (Primitive Bear) containing a Visual Basic for Applications (VBA) project (.OTM file) targeting Microsoft Outlook email client with malicious macro scripts.
Targeted Attack
O Public administration and defence, compulsory social security
CE
UA
ESET, Gamaredon, Primitive Bear, VBA, Microsoft Outlook
935
11/06/2020
China, Russia, and Turkey
Twitter users
Twitter discloses three new state-linked operations on its platform this year. As a result of its investigation, it bans and removes 32,242 accounts operated out of China, Russia, and Turkey, pushing local political agendas and narratives, and associated with state-sponsored entities.
Fake Social Network accounts/groups/pages
O Public administration and defence, compulsory social security
CC
>1
Twitter, China, Russia, Turkey
936
11/06/2020
?
A1 Telekom
A1 Telekom, the largest internet service provider in Austria, admits a malware security breach from December 2019 to May 2020.
Malware
J Information and communication
CC
AT
A1 Telekom
937
11/06/2020
Earth Empusa, AKA POISON CARP/Evil Eye,
Uyghurs minority
Researchers from Trend Micro reveal that the Earth Empusa threat group (aka POISON CARP/Evil Eye) is targeting the Uyghurs minority with a new Android spyware dubbed ActionSpy.
Infinity Diagnostics Center Instagram account is compromised by an unknown hacker. After gaining access, the threat actor uploads multiple stories designed to paint the business as racist.
Account Hijacking
Q Human health and social work activities
CC
US
Infinity Diagnostics Center
939
11/06/2020
?
eHealth Saskatchewan
eHealth Saskatchewan admits to have suffered a ransomware attack on December 20.
Malware
Q Human health and social work activities
CC
CA
eHealth Saskatchewan, ransomware
940
11/06/2020
Sodinokibi AKA REvil
Activewear
Activewear reveals to have suffered a Sodinokibi ransomware attack back in May 2020.
Malware
G Wholesale and retail trade
CC
AU
Activewear, Sodinokibi, REvil, ransomware
941
12/06/2020
?
University of Missouri Health Care (MU Health Care)
University of Missouri Health Care (MU Health Care) discloses a breach that occurred in September 2019, when the email accounts of some students was been accessed without authorization.
Account Hijacking
Q Human health and social work activities
CC
US
University of Missouri Health Care, MU Health Care
942
12/06/2020
?
Portuguese users
A new malware called TroyStealer targets Portuguese users.
Malware
X Individual
CC
PT
TroyStealer
943
12/06/2020
?
NHS
The NHS confirms that 113 internal email accounts were compromised and used to send malicious spam between May 30 and June 1 2020.
Account Hijacking
Q Human health and social work activities
CC
UK
NHS
944
12/06/2020
m1x
puebla.gob.mx
A Russian hacker named m1x breaches a Mexican government web portal (puebla.gob.mx) and three days later once the government refused to pay a ransom, publicly-releases some 14,000 Mexican taxpayer ID numbers.
Unknown
O Public administration and defence, compulsory social security
CC
MX
m1x, puebla.gob.mx
945
12/06/2020
?
Electronic Waveform Lab, Inc.
Electronic Waveform Lab, Inc. reveals it suffered a ransomware attack on April 11, 2020.
Malware
C Manufacturing
CC
US
Electronic Waveform Lab, Inc., ransomware
946
12/06/2020
?
Cano Health
Cano Health warns its patients of a phishing attack involving three employees, discovered on April 2020 and occurred on May 2018.
Account Hijacking
Q Human health and social work activities
CC
US
Cano Health
947
12/06/2020
?
www.indianblooddonors.com
A data leak that contains sensitive information of 12,472 Indian blood donors is posted on two forums.
Unknown
Q Human health and social work activities
CC
IN
www.indianblooddonors.com
948
13/06/2020
Black Kingdom
Multiple organizations
Researchers from REDTEAM.PL reveal that operators of Black Kingdom ransomware target enterprises with unpatched Pulse Secure VPN software or initial access on the network, exploiting CVE-2019-11510.
Vulnerability
Y Multiple Industries
CC
>1
REDTEAM.PL, Black Kingdom, Pulse Secure, CVE-2019-11510, ransomware
949
13/06/2020
?
Rangely District Hospital (RDH)
Rangely District Hospital (RDH) reveals to have been hit by a ransomware attack on April 2020.
Malware
Q Human health and social work activities
CC
US
Rangely District Hospital, RDH, ransomware
950
13/06/2020
?
3,500 Armenian citizens
Azerbaijani hackers publish the data of about 3,500 Armenian citizens (people infected with COVID-19 and their contacts).
Unknown
X Individual
CC
AM
Azerbaijan, Armenia, COVID-19
951
14/06/2020
Maze
Threadstone Advisors LLP
The Maze ransomware gang hits Threadstone Advisors LLP, a US corporate advisory firm specialized in M&A.
Malware
K Financial and insurance activities
CC
US
Maze, Threadstone Advisors LLP
952
14/06/2020
?
Sapiens International
Israeli software company Sapiens International falls victim to a ransomware attack, paying $250,000 in Bitcoin to hackers
Malware
M Professional scientific and technical activities
CC
IL
Sapiens International, Ransomware
953
14/06/2020
?
Bitcoin users
For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages, to steal bitcoins.
Account Hijacking
V Fintech
CC
>1
Privnotes.com, privnote.com, bitcoin, crypto
954
14/06/2020
Anonymous USA (@AnonOpUSA)
Atlanta Police Department
The Anonymous claim to have taken down the website of the Atlanta Police Department (atlantapd.org).
DDoS
O Public administration and defence, compulsory social security
H
US
Anonymous, Anonymous USA, @AnonOpUSA, Atlanta Police Department, atlantapd.org
955
15/06/2020
?
Foodora
The details of 727,000 Foodora accounts in 14 countries are leaked online.
Unknown
I Accommodation and food service activities
CC
DE
Foodora
956
15/06/2020
?
Geox
Geox, the Italian shoe maker is hit with a ransomware attack.
Malware
C Manufacturing
CC
IT
Geox, Ransomware
957
15/06/2020
?
Claire's
Researchers from Sansec reveal that the websites for U.S. based jewelry and accessory giant Claire's, and its subsidiary Icing, were compromised in April via a Magecart attack.
Malicious Script Injection
G Wholesale and retail trade
CC
US
Claire's, Magecart, Sansec
958
15/06/2020
?
Single Individuals
A new campaign starts to push fake data breach notifications for big company names that really suffered a breach, to distribute malware and scams.
Malware
Y Multiple Industries
CC
>1
Breach
959
15/06/2020
?
Single Individuals
Nine human rights activists, journalists, academics and lawyers in India have been targeted by a “coordinated” spyware operation, according to an investigation by Amnesty International and the Citizen Lab.
Targeted Attack
X Individual
CE
IN
Amnesty International, Citizen Lab
960
15/06/2020
?
Intersport
The website of Intersport, one of Europe's largest sporting goods retail chain, is hit by a Magecart attack.
Malicious Script Injection
G Wholesale and retail trade
CC
CH
Intersport, Magecart
961
15/06/2020
?
Apple Mac Users
Researchers at Intego warn Apple Mac users of a new malware in disguise of an installer for Adobe Flash Player (a variant of OSX/Shlayer and OSX/Bundlore), distributed via Google search results.
Malware
X Individual
CC
>1
Apple, Mac, Adobe Flash Player, OSX/Shlayer, OSX/Bundlore, Intego, Google
962
15/06/2020
Vendetta
Multiple organizations
Researchers from ElevenPaths reveal the details of Vendetta, a threat actor targeting technological, business and government sectors that handle sensitive information
Targeted Attack
Y Multiple Industries
CE
>1
ElevenPaths, Vendetta
963
08/06/2020
?
Preen.Me
Researchers from Risk Based Security reveal that personal data of an estimated 350,000 social media influencers has been accessed and partially leaked following a breach at social media marketing firm Preen.Me.
Unknown
M Professional scientific and technical activities
CC
IL
Preen.Me, Risk Based Security
964
09/06/2020
?
South Africa’s Life Healthcare
South Africa’s Life Healthcare says its southern African operation is hit by a cyber attack affecting its admissions systems, business processing systems and email servers.
Unknown
Q Human health and social work activities
CC
ZA
Life Healthcare
965
10/06/2020
?
Multiple organizations
Researchers from Cofense discover a massive keylogger distribution campaign dubbed Mass Logger.
Malware
Y Multiple Industries
CC
>1
Cofense, Mass Logger
966
11/06/2020
?
University of the Philippines Visayas
The University of the Philippines Visayas confirmed on its official Facebook page that its website, upv.edu.ph, was defaced on Thursday, June 11.
Defacement
P Education
CC
PH
University of the Philippines Visayas, upv.edu.ph
967
16/06/2020
?
Countries across Europe and North America
Social media research group Graphika publishes a report unmasking a new Russian information operation codenamed Secondary Infektion, active since 2014, relying on fake news articles, fake leaks, and forged documents to generate political scandals in countries across Europe and North America.
Fake Social Network accounts/groups/pages
O Public administration and defence, compulsory social security
CW
>1
Graphika, Russia, Secondary Infektion
968
16/06/2020
?
Single Individuals
Researchers from Morphisec discover a new campaign exploiting a DLL hijacking vulnerability in Apple’s Push Service (APSDaemon) to install a cryptocurrency miner and avoid detection.
The New Zealand's national computer emergency response team warns of a crime gang seeking "ransomware attack opportunities" against NZ organizations that use unpatched or poorly secured Citrix remote-access technology.
Misconfiguration
Y Multiple Industries
CC
NZ
New Zealand's national computer emergency response team, Citrix ransomware
970
16/06/2020
China
India
China launches DDOS attacks against information websites and the country’s financial payments system, amid growing tensions over border disputes in the Kashmir region.
DDoS
O Public administration and defence, compulsory social security
CW
IN
China, India
971
17/06/2020
?
Amazon
Amazon reveals that its AWS Shield service mitigated the largest DDoS attack ever recorded, stopping a 2.3 Tbps attack in mid-February this year.
DDoS
M Professional scientific and technical activities
CC
US
Amazon
972
17/06/2020
Lazarus Group
European aerospace and military companies
Security researchers from ESET disclose a new operation orchestrated by the Lazarus Group codenamed "Operation In(ter)ception," targeting victims for both cyber-espionage and financial theft.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
ESET, Lazarus Group, Operation In(ter)ception, North Korea
973
17/06/2020
Sodinokibi (AKA REvil)
Light S.A.
Sodinokibi ransomware (aka REvil) operators breach the Brazilian-based electrical energy company Light S.A. and demanding a $14 million worth ransom.
Malware
D Electricity gas steam and air conditioning supply
CC
BR
Sodinokibi, REvil, Light S.A.
974
17/06/2020
?
Russian Organizations
Researchers from Palo Alto Unit 42 discover a new malware, dubbed AcidBox, employed in targeted attacks against Russian organizations, and that leverages an exploit previously associated with the Russian-linked Turla APT group.
Targeted Attack
Z Unknown
CE
RU
Palo Alto Unit 42, AcidBox, Turla
975
17/06/2020
?
Unnamed Web host
An unnamed webhost was is hit with one of the largest DDoS attacks ever registered by Akamai (1.44 terabit-per-second)
DDoS
Z Unknown
CC
N/A
Akamai, DDoS
976
17/06/2020
?
City of Lexington
A Zoom meeting regarding issues surrounding police discipline is interrupted by callers shouting racist and homophobic remarks.
Zoom bombing
O Public administration and defence, compulsory social security
CC
US
Lexington, Zoom
977
17/06/2020
?
Cebu Normal University (CNU)
Subdomains of the Cebu Normal University (CNU) website, particularly the Library and Journal for Higher Education (JHE), are hacked by unknown entities.
Unknown
P Education
CC
PH
Cebu Normal University, CNU
978
17/06/2020
Pinoy Grayhats
Far Eastern University (FEU)
1,000 student accounts from the Far Eastern University (FEU) are made public, with details such as names, student numbers, and passwords exposed.
Unknown
P Education
CC
PH
Far Eastern University, FEU, Pinoy Grayhats
979
18/06/2020
InvisiMole and Gamaredon
High-profile organizations in Eastern Europe
Researchers from ESET discover a new campaign carried out by the InvisiMole group in cooperation with Gamaredon (two groups linked to Russia).
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
ESET, InvisiMole, Gamaredon, Russia
980
18/06/2020
?
Android users
Researchers at Awake Security reveal that a newly discovered spyware attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser. Google immediately removes 70 of the malicious extensions
Malware
X Individual
CC
>1
Google, Android, Awake Security
981
18/06/2020
Holmium AKA APT33, StoneDrill and Elfin
Aerospace, defence, chemical, mining, and petrochemical companies
Researchers from Microsoft reveal the details of a new campaign by Holmium, a group targeting exposed Exchange servers.
Account Hijacking
Y Multiple Industries
CE
>1
Microsoft, Holmium, APT33, StoneDrill, Elfin
982
18/06/2020
?
Wells Fargo customers
Researchers from Abnormal Security discover a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites.
Account Hijacking
K Financial and insurance activities
CC
US
Abnormal Security, Wells Fargo
983
18/06/2020
?
European, Asian, and Middle Eastern targets
Researchers from Check Point discover a phishing campaign abusing an Adobe Campaign redirection mechanism, and using a Samsung domain to redirect victims to an O365 themed phishing website. The attackers also hijacked an Oxford email server to deliver the malicious emails.
Account Hijacking
Y Multiple Industries
CC
>1
Check Point, Adobe Campaign, Samsung, Office 365, Oxford
984
18/06/2020
?
Bank of America customers
Researchers from Armorblox discover a phishing campaign against Bank of America customers able to bypass security filters.
Account Hijacking
K Financial and insurance activities
CC
US
Armorblox, Bank of America
985
18/06/2020
?
Banking users
Researchers from Juniper discover a new version of the IcedID banking trojan employed in COVID-19 themed attacks exploiting FMLA.
Malware
K Financial and insurance activities
CC
US
Juniper, IcedID, COVID-19, FMLA
986
18/06/2020
?
Lion
Australian beverage giant Lion is hit by a second cyber attack.
Unknown
I Accommodation and food service activities
CC
AU
Lion
987
18/06/2020
?
RBX.Place
Hackers steal data from RBX.Place, a grey marketplace where players of the massively popular online game Roblox can sell in-game items for real money.
Unknown
S Other service activities
CC
N/A
RBX.Place
988
19/06/2020
China?
Australian Organizations
Australian Prime Minister Scott Morrison calls a press conference to reveal that Australian organizations (government and private sector) are currently being targeted by a sophisticated state-based cyber actor. Fingers are pointed to China.
Targeted Attack
O Public administration and defence, compulsory social security
CE
AU
Scott Morrison, China
989
19/06/2020
Anonymous
US Police
A leak-focused activist group known as Distributed Denial of Secrets publishes BlueLeaks, a 269-gigabyte collection of police data, allegedly received from the Anonymous collective, which includes emails, audio, video, and intelligence documents, with more than a million files in total.
Unknown
O Public administration and defence, compulsory social security
H
US
Distributed Denial of Secrets, BlueLeaks, Anonymous
990
19/06/2020
NetWalker
Crozer-Keystone Health System
Crozer-Keystone Health System suffers a ransomware attack by the NetWalker ransomware gang. The gang auctions the stolen data through its darknet website.
Malware
Q Human health and social work activities
CC
US
Crozer-Keystone Health System, NetWalker
991
19/06/2020
?
Blaze Angel Roberts Instagram account
Popular Australian surfer Blaze Angel Roberts has her Instagram account hacked, posting sexually explicit images.
Account Hijacking
X Individual
CC
AU
Blaze Angel Roberts, Instagram
992
19/06/2020
?
Bitcoin users
A new bitcoin scam allows attackers to steal more than $2 million in two months from Elon Musk's name. The trick involves the use of Bitcoin vanity addresses in order to give the scam more credibility.
Bitcoin vanity addresses
X Individual
CC
>1
Bitcoin, Elon Musk, Crypto
993
19/06/2020
?
Mid-Michigan College
An attacker breaks into the Mid-Michigan College’s email system, compromising the accounts of 10 employees and compromising personal data of potentially up to 16,000 people.
Account Hijacking
P Education
CC
US
Mid-Michigan College
994
19/06/2020
?
Florida Orthopedic Institute
The Florida Orthopedic Institute warns of a ransomware attack suffered on April 9.
Malware
Q Human health and social work activities
CC
US
Florida Orthopedic Institute, Ransomware
995
19/06/2020
?
Multiple organizations
Multiple ConnectWise have their customers hit with ransomware through a software flaw.
Malware
Y Multiple Industries
CC
>1
ConnectWise, ransomware
996
20/06/2020
?
Discord users
A new malware dubbed NitroHack is distributed in disguise of the premium Discord Nitro service.
Malware
X Individual
CC
>1
Discord, NitroHack
997
20/06/2020
?
Tallapoosa County Probate Office
Tallapoosa County Probate Office is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Tallapoosa County Probate Office
998
21/06/2020
?
Over 230.000 Indonesian COVID-19 patient
Security researchers from Cyble discover over 230.000 Indonesian COVID-19 patients records leaked in the darknet.
Unknown
Z Unknown
CC
ID
Cyble, COVID-19
999
21/06/2020
?
University of California, Davis
A racist cyberattack email is delivered to thousands of University of California, Davis email accounts, prompting the university to block most of the emails, officials said Tuesday.
Malicious Spam
P Education
CC
US
University of California, Davis
1.000
22/06/2020
CLOP
Indiabulls Group
Indian conglomerate Indiabulls Group is allegedly hit with a cyberattack from the CLOP Ransomware operators who have leaked screenshots of stolen data.
Malware
M Professional scientific and technical activities
CC
IN
Indiabulls Group, CLOP, ransomware
1.001
22/06/2020
?
Misconfigured Docker clusters
Security researchers from Trend Micro discover what appears to be the first organized and persistent series of attacks against Docker servers that infect misconfigured clusters with DDoS malware (XORDDoS AKA Backdoor.Linux.XORDDOS.AE and Kaiji DDoS AKA DDoS.Linux.KAIJI.A).
Several dozen e-commerce sites using Google Analytics.
Researchers from Sansec reveals they discovered a Magecart campaign using Google Analytics to bypass Content Security Policies.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sansec, Google Analytics, Content Security Policies, Magecart
1.003
22/06/2020
?
Undisclosed technology company
Researchers from Darktrace discover a phishing campaign spoofing QuickBooks, a product commonly being used in advance of the July 15 tax deadline.
Account Hijacking
Z Unknown
CC
US
Darktrace, QuickBooks
1.004
22/06/2020
?
Stalker Online
More than one million players of the video game Stalker Online are at risk after a database containing over 1.2 million user records is being sold on hacking forums. Separately, another database which is said to contain more than 136,000 records from the game’s forums are also being offered for sale.
Unknown
R Arts entertainment and recreation
CC
RU
Stalker Online
1.005
22/06/2020
?
Government and military orgs in South Asia
Researchers from Cisco Talos discover a military-themed malware campaign targeting military and government organizations in South Asia, using the Cobalt Strike toolset, and distributing a RAT via the IndigoDrop malware dropper.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Cisco Talos, Cobalt Strike, IndigoDrop
1.006
22/06/2020
?
Mid-level employees across Austria, Switzerland and Germany
Researchers from Proofpoint discover a campaign spreading the Hakbit ransomware using malicious Microsoft Excel attachments and the GuLoader dropper.
Malware
Y Multiple Industries
CC
>1
Proofpoint, Hakbit, ransomware, GuLoader
1.007
22/06/2020
UK Police
Encrochat
The encrypted chat Encrochat shuts down after a police hack.
Unknown
M Professional scientific and technical activities
N/A
N/A
Encrochat
1.008
22/06/2020
?
Iowa State University
Iowa State University officials announce hat nearly 4,900 Iowa State University-affiliated email accounts were the recipients of a racist cyberattack from an email sender claiming to be Equity Prime Mortgage.
Malicious Spam
P Education
CC
US
Iowa State University
1.009
22/06/2020
?
CHI St. Luke’s Health-Memorial Lufkin
CHI St. Luke’s Health-Memorial Lufkin notifies of a phishing incident occurred on April 23, 2020.
Account Hijacking
P Education
CC
US
CHI St. Luke’s Health-Memorial Lufkin
1.010
23/06/2020
?
K12 Schools
The US Federal Bureau of Investigation sends out a security alert to K12 schools about the increase in ransomware attacks during the COVID-19 pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.
Malware
P Education
CC
US
FBI, K12, Ransomware, COVID-19
1.011
23/06/2020
Evil Corp
Multiple organizations
Researchers from Fox-IT reveal that the malicious actor Evil Corp is now deploying the WastedLocker ransomware.
Malware
Y Multiple Industries
CC
>1
Fox-IT, Evil Corp, WastedLocker
1.012
23/06/2020
Sodinokibi (AKA REvil)
Multiple organizations
Researchers from Symantec discover a new variant of the Sodinokibi ransomware scanning networks for PoS systems.
Malware
Y Multiple Industries
CC
>1
Symantec, Sodinokibi, REvil, ransomware
1.013
23/06/2020
?
Choice Health Management Services
Choice Health Management Services notifies an unspecified number of individuals of a phishing attack occurred in late 2019.
Account Hijacking
M Professional scientific and technical activities
CC
US
Choice Health Management Services
1.014
24/06/2020
?
Five cryptocurrency exchanges in United States, Japan, and the Middle East
Researchers from ClearSky reveal the details of CryptoCore, an organized hacker group believed to be operating out of Eastern Europe, which has stolen around $200 million from online cryptocurrency exchanges
Account Hijacking
V Fintech
CC
>1
ClearSky, CryptoCore, Crypto
1.015
24/06/2020
?
Multiple organizations
Researchers from Sophos reveal the details of Glupteba, an evasive malware that creates a backdoor providing full access to compromised Windows machines, while adding them to a growing botnet.
Malware
Y Multiple Industries
CC
>1
Sophos, Glupteba
1.016
24/06/2020
?
Multiple organizations
Researchers from Palo Alto Unit 42 reveal the details of a new variant of Lucifer, a powerful cryptojacking and DDoS malware exploiting severe vulnerabilities in order to infect Windows machines.
Malware
Y Multiple Industries
CC
>1
Lucifer, Palo Alto Unit 42
1.017
24/06/2020
?
Android users in Canada
Researchers from ESET discover a malicious Android app in disguise of Canada's official COVID-19 tracing app, but hiding the CryCryptor ransomware.
Malware
X Individual
CC
CA
ESET, Android, COVID-19, CryCryptor ransomware
1.018
24/06/2020
KelvinSecurity
Frost & Sullivan
U.S. business consulting firm Frost & Sullivan is breached after data from an unsecured backup folder exposed on the Internet is sold on a hacker forum.
Misconfiguration
M Professional scientific and technical activities
CC
US
Frost & Sullivan, KelvinSecurity
1.019
25/06/2020
Maze
LG Electronics
Maze ransomware operators claim on their website that they breached and locked the network of the South Korean multinational LG Electronics.
Malware
C Manufacturing
CC
KR
Maze, LG Electronics, ransomware
1.020
25/06/2020
Maze
Xerox Corporation
Maze ransomware operators update their list of victims adding Xerox Corporation.
Malware
C Manufacturing
CC
US
Maze, Xerox Corporation, ransomware
1.021
25/06/2020
?
Multiple e-commerce sites
Researchers from Malwarebytes discover a new Magecart campaign hiding the credit card skimmer inside images.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebyes, Magecart,
1.022
25/06/2020
?
Undisclosed bank in Europe
Akamai reveals that a bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that peaked a record 809 million packets per second (PPS).
DDoS
K Financial and insurance activities
CC
N/A
Akamai, DDoS
1.023
25/06/2020
?
Vulnerable Microsoft Exchange servers
Microsoft warns organizations of a spike of attacks against Microsoft Exchange servers trying to exploit CVE-2020-0688
Vulnerability
Y Multiple Industries
CE
>1
Microsoft, Microsoft Exchange, CVE-2020-0688
1.024
25/06/2020
Chinese Bank
UK-based technology/software vendor and a major financial institution
Researchers from Trustwave reveal that a Chinese bank has forced at least two western companies to install a tax software infected with the GoldenSpy malware on their systems.
Malware
K Financial and insurance activities
CE
N/A
Trustwave, China, GoldenSpy
1.025
25/06/2020
?
Multiple organizations
Researchers from Check Point detect a new campaign distributing phishing emails and malicious files disguised as COVID-19 training materials.
Account Hijacking
Y Multiple Industries
CC
>1
Check Point, COVID-19
1.026
25/06/2020
DarkCrewFriends
Vulnerable CMS servers
A report from Check Point reveals that the hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet.
Vulnerability
Y Multiple Industries
CC
>1
Check Point, DarkCrewFriends
1.027
25/06/2020
?
Windows and Linux machines
Researchers from Barracuda Networks discover a new variant of the cryptominer malware known as Golang, targeting both Windows and Linux machines.
Malware
Y Multiple Industries
CC
>1
Barracuda Networks, Golang, Crypto
1.028
26/06/2020
Anonymous Brazil
Senior Brazilian government officials including president Jair Bolsonaro.
The Brazilian federal investigates the leak of personal details of senior government officials including president Jair Bolsonaro.
Unknown
O Public administration and defence, compulsory social security
H
BR
Anonymous, Jair Bolsonaro.
1.029
26/06/2020
?
E27
Media firm E27 is hacked, and attackers ask for a small "donation" to provide information on the vulnerabilities used in the attack.
Unknown
J Information and communication
CC
SG
E27
1.030
26/06/2020
Ransom X
Government agencies and enterprises
A new ransomware called Ransom X is being actively used in human-operated and targeted attacks against government agencies and enterprises.
Malware
Y Multiple Industries
CC
>1
Ransom X, Malware, Ransomware
1.031
26/06/2020
?
France Télévisions
The France Télévisions group announces it was the victim of a cyber attack that targeted one of its broadcasting sites.
Unknown
J Information and communication
CC
FR
France Télévisions
1.032
26/06/2020
?
Eight cities across three states in the United States
Researchers from Trend Micro reveal that eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. The sites all appear to have been built using Click2Gov.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
Trend Micro, Click2Gov, Magecart
1.033
28/06/2020
?
Israel Philharmonic Orchestra
The online Israel Philharmonic Orchestra concert, hosted by Helen Mirren, was disrupted by cyberattackers.
DDoS
R Arts entertainment and recreation
CC
IL
Israel Philharmonic Orchestra
1.034
28/06/2020
?
National Highway Authority of India (NHAI)
The National Highway Authority of India (NHAI) is attacked by a malware.
Malware
O Public administration and defence, compulsory social security
CC
IN
National Highway Authority of India, NHAI
1.035
29/06/2020
?
Efun
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
R Arts entertainment and recreation
CC
CN
1.036
29/06/2020
?
Fluke
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
C Manufacturing
CC
US
1.037
29/06/2020
?
Footters
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
J Information and communication
CC
ES
1.038
29/06/2020
?
JamesDelivery
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
I Accommodation and food service activities
CC
BR
1.039
29/06/2020
?
KitchHike
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
I Accommodation and food service activities
CC
JP
1.040
29/06/2020
?
KreditPlus
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
K Financial and insurance activities
CC
ID
1.041
29/06/2020
?
Playwings
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
R Arts entertainment and recreation
CC
KR
1.042
29/06/2020
?
Revelo
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
C Manufacturing
CC
CA
1.043
29/06/2020
?
Yotepresto
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020 (four: - HomeChef, Minted, Tokopedia, and Zoosk - where already known).
Unknown
R Arts entertainment and recreation
CC
US
1.045
29/06/2020
Promethium AKA StrongPity APT
Political targets in multiple targets.
In separate reports, researchers from Cisco Talos and BitDefender reveal new campaigns from the Promethium, AKA StrongPity APT.
Targeted Attack
O Public administration and defence, compulsory social security
CE
>1
Cisco Talos, BitDefender, Promethium, StrongPity
1.046
29/06/2020
Cl0ud SecuritY
Old LenovoEMC NAS devices
A hacker group going by the name of 'Cl0ud SecuritY' is breaking into old LenovoEMC (formerly Iomega) network-attached storage (NAS) devices, wiping files, and leaving ransom notes behind asking owners to pay between $200 and $275 to get their data back.
Misconfiguration
Y Multiple Industries
CC
>1
Cl0ud SecuritY, LenovoEMC
1.047
29/06/2020
?
Bloggers and website owners
Researchers from Sophos discover a new phishing campaign targeting bloggers and website owners with emails pretending to be from their hosting provider who wants to upgrade their domain to use secure DNS (DNSSEC).
Account Hijacking
X Individual
CC
>1
Sophos, DNSSEC
1.048
29/06/2020
?
945 websites
Researchers from Lucy Security discover a collection of SQL databases for sale on the Dark Web. The archived files were stolen from 945 websites around the world.
SQL Injection
Y Multiple Industries
CC
>1
Lucy Security
1.049
29/06/2020
?
City of Duncannon
Duncannon reveals to have been hit with a ransomware attack in April, which left many municipal computer systems inoperable and caused the borough to pay out more than $40,000 to the hackers to restore systems.
Malware
O Public administration and defence, compulsory social security
CC
US
Duncannon, ransomware
1.050
30/06/2020
Evil Corp
Dozens of US newspaper websites
Researchers from Symantec reveal that the Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms with the WastedLocker ransomware.
Hackers use leaked credentials on pastebin to deface Roblox profiles to support Donald Trump in the forthcoming US presidential election.
Account Hijacking
R Arts entertainment and recreation
CC
US
Roblox, Donald Trump
1.052
30/06/2020
?
MacOS users
Multiple security researchers discover a new ransomware strain targeting macOS users, called OSX.ThiefQuest (or EvilQuest). The malware also installs a keylogger, a reverse shell, and steals cryptocurrency wallet-related files from infected hosts.
Malware
X Individual
CC
>1
MacOS, OSX.ThiefQuest, EvilQuest
1.053
30/06/2020
?
Android users
Google removes 25 Android applications from the Google Play Store that were caught stealing Facebook credentials.
Malware
X Individual
CC
>1
Google, Android, Google Play Store, Facebook
1.054
30/06/2020
?
Users from multiple countries
Researchers from Group-IB discover thousands of personal records of users from multiple countries exposed in a targeted multi-stage bitcoin scam.
Unknown
X Individual
CC
>1
Group-IB, crypto
1.055
30/06/2020
?
Self-employed people in the UK
A new campaign targets the passport details of self-employed people, along with other information including personal and bank details, exploiting COVID-19-related HMRC phishing scams.
Account Hijacking
X Individual
CC
UK
COVID-19, HMRC
1.056
12/06/2020
?
Managed Service Providers in the US
The US Secret Service (GIOC -- Global Investigations Operations Center) sends out a security alert to the US private sector and government organizations warning about an increase in hacks of managed service providers (MSPs).
>1
M Professional scientific and technical activities
CC
US
US Secret Service, GIOC, Global Investigations Operations Center, MSP
1.057
26/06/2020
Maze
Benefit Recovery Specialists, Inc. (BRSI)
Benefit Recovery Specialists, Inc. (BRSI) discovers a data breach after detecting malware on its systems. The malware, discovered on April 2020, may have allowed unauthorized individuals to obtain the information of 274,837 people.
Malware
M Professional scientific and technical activities
Hackers from the Kerala Cyber Hackers Group obtain COVID-19 patient database in protest at treatment of Indian health workers.
Unknown
O Public administration and defence, compulsory social security
H
IN
Delhi State Health Mission, Kerala Cyber Hackers, COVID-19
1.059
30/06/2020
Homeland Cheetahs
Nuclear site at Natanz
A group of dissidents within Iran's military and security forces takes credit for a cyber attack causing an incident at the Natanz nuclear facility.
Unknown
D Electricity gas steam and air conditioning supply
CW
IR
Homeland Cheetahs, Natanz
1.060
30/06/2020
?
City of Palm Bay
The City of Palm Bay leadership reveals a possible security breach involving the Click2Gov online payment platform.
Malicious Script Injection
O Public administration and defence, compulsory social security
CC
US
City of Palm Bay, Click2Gov
1.061
30/06/2020
?
Central California Alliance for Health
The Central California Alliance for Health announces that a recent cybersecurity breach may have compromised the personal health information of a limited number of its members.
Account Hijacking
Q Human health and social work activities
CC
US
Central California Alliance for Health
1.062
17/05/2020
?
M.J. Brunner
M.J. Brunner is hit with a Maze ransomware attack.
Malware
M Professional scientific and technical activities
CC
US
M.J. Brunner, Maze, Ransomware
1.063
29/06/2020
?
New Mexico State University Foundation
New Mexico State University Foundation is another victim of the Blackbaud hack.
Malware
P Education
CC
US
New Mexico State University Foundation, Blackbaud, ransomware
1.064
01/07/2020
?
22,900 MongoDB databases
A hacker uploads ransom notes on 22,900 MongoDB databases left exposed online without a password, wiping their content, asking for a 0.015 bitcoin (~$140) payment. and threatening to leak their data and then contact the victim's local GDPR enforcement authority.
Misconfiguration
Y Multiple Industries
CC
EU
MongoDB, GDPR
1.065
01/07/2020
Roaming Mantis
Android users in China, Taiwan, France, Switzerland, Germany, UK, US and other
Researchers from Cybereason discover a campaign distributing the FakeSpy Android malware via a phishing message for a missed package from a local postal or delivery service.
Malware
X Individual
CC
>1
Cybereason, FakeSpy, Android
1.066
01/07/2020
?
Multiple organizations
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn enterprises of cyberattacks launched from the Tor network.
N/A
Y Multiple Industries
CC
US
Cybersecurity and Infrastructure Security Agency, CISA, Federal Bureau of Investigation, FBI, Tor
1.067
01/07/2020
NetWalker
Trinity Metro
The cybercriminals behind NetWalker publish online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs.
Malware
H Transportation and storage
CC
US
NetWalker, Trinity Metro
1.068
01/07/2020
China
Uyghur ethnic minority
Researchers from Lookout discover four Android surveillance tools, named SilkBean, DoubleAgent, CarbonSteal, and GoldenEagle, elements of campaigns originating in China, and primarily targeting the Uyghur ethnic minority.
Researchers from CenturyLink discover a comeback of the point-of-sale (POS) malware called Alina, using a new trick for stealing credit- and debit-card data: Domain Name System (DNS) tunneling.
Malware
Y Multiple Industries
CC
>1
CenturyLink, Alina, DNS tunneling
1.070
01/07/2020
?
Financial, Manufacturing, Healthcare and Insurance Firms
Researchers from Cisco Talos discover a new campaign carried out by the group behind the Valak malware, targeting Financial, Manufacturing, Healthcare and Insurance Firms.
Malware
Y Multiple Industries
CC
>1
Cisco Talos, Valak
1.071
02/07/2020
?
Undisclosed company
Researchers from Abnormal Security discover a new campaign impersonating a Twitter security notification email, to lure the victims towards a phishing page.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, Twitter
1.072
02/07/2020
?
Russia’s Ministry of Foreign Affairs
Unknown hackers hijack the Twitter account of Russia’s Ministry of Foreign Affairs, offer to sell stolen data.
Account Hijacking
O Public administration and defence, compulsory social security
CC
RU
Russia’s Ministry of Foreign Affairs, Twitter
1.073
02/07/2020
KelvinSecurity Team
BMW car owners in the U.K.
A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum.
Unknown
C Manufacturing
CC
UK
BMW, KelvinSecurity Team
1.074
02/07/2020
?
Heartland Farm Mutual
A phishing attack at Heartland Farm Mutual, a Canadian insurance firm, may have exposed the personal data of clients, the company warns.
Account Hijacking
K Financial and insurance activities
CC
CA
Heartland Farm Mutual
1.075
02/07/2020
?
CNY Works
The names and Social Security numbers of 56,000 people who used CNY Works employment services are exposed in a ransomware discovered in December 2019.
Malware
S Other service activities
CC
US
CNY Works, ransomware
1.076
03/07/2020
Avaddon
Organizations in Italy
Researchers from Microsoft discover a new Avaddon ransomware campaign focused primarily against organizations in Italy.
Malware
Y Multiple Industries
CC
IT
Microsoft, Avaddon, ransomware
1.077
03/07/2020
Try2Cry
Multiple targets
Researchers from G DATA discover Try2Cry, a new ransomware with a worm-like behavior to infect other systems.
Malware
Y Multiple Industries
CC
>1
G DATA, Try2Cry
1.078
03/07/2020
?
Kingston’s Royal Military College
Kingston’s Royal Military College is one of four military training schools in Canada targeted in a ransomware attack.
Malware
P Education
CC
CA
Kingston’s Royal Military College, ransomware
1.079
03/07/2020
?
Swvl
Swvl, a bus-booking app and operator of bus routes in Egypt, Kenya, and Pakistan, becomes aware of “unauthorized access to its IT infrastructure”.
Unknown
H Transportation and storage
CC
EG
Swvl
1.080
03/07/2020
?
MyGov accounts
Logins for more than 3600 MyGov accounts are for sale on the dark web.
Unknown
X Individual
CC
AU
MyGov
1.081
04/07/2020
Nefilim
Orange
Orange is hit with a ransomware attack through the "Orange Business Solutions" division.
Malware
J Information and communication
CC
FR
Orange, Orange Business Solutions, ransomware, Nefilim
1.082
04/07/2020
?
Multiple organizations
Researchers from NCC Group reveal that hackers have started launching attacks against F5 BIG-IP networking devices.
Vulnerability
Y Multiple Industries
CC
>1
NCC Group, F5, BIG-IP, CVE-2020-5902
1.083
04/07/2020
Sodinokibi (AKA REvil)
Sheriff's Office for Cooke County, Texas
The Sheriff's Office for Cooke County is hit by a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Sodinokibi, REvil, Sheriff's Office for Cooke County
1.084
05/07/2020
?
Xchanging
Global IT services and solutions provider DXC Technology announces over the weekend a ransomware attack on systems from its Xchanging subsidiary.
Malware
M Professional scientific and technical activities
CC
US
DXC Technology, Xchanging
1.085
05/07/2020
?
Atadan Egemen Koyuncu
The personal information of 10,000 patients is compromised after a medical study in Turkey suffers a cyber attack.
Unknown
Q Human health and social work activities
CC
TR
Atadan Egemen Koyuncu
1.086
05/07/2020
?
Multiple targets
Researchers from ProofPoint reveal that the criminals behind the Purple Fox fileless downloader malware recently upgraded their operation, targeting two new vulnerabilities (CVE-2020-0674 and CVE-2019-1458).
Researchers from Sansec reveal that North Korea's state-sponsored hacking crews are breaking into online stores for Magecart attacks.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Sansec, Magecart, Lazarus Group, Hidden Cobra
1.088
06/07/2020
Sheriff
eToro
Using the alias “Sheriff,” a threat actor advertises an auction for 62,000 accounts belonging to users of the eToro social trading platform.
Unknown
K Financial and insurance activities
CC
IL
eToro, Sheriff
1.089
06/07/2020
?
Multiple cryptocurrency exchanges and online trading platforms
Another threat actor puts on sale a list of accounts belonging to payment/money transfer systems, cryptocurrency exchange and online trading platforms, including Advcash, Azimo, Binance, Bitcan, Coinmama, Coinsbank, Neteller, OKPAY, Payoneer, Paypal, Skrill, Yandex Money, Webmoney, Qiwi, along with many others.
A new release of the Lampion trojan banker targets uses in Portugal.
Malware
K Financial and insurance activities
CC
PT
Lampion
1.091
06/07/2020
?
Multiple online stores
Researchers from Malwarebytes identify a new card skimmer campaign targeting ASP.NET sites and exploiting CVE-2017-9248.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebytes, ASP.NET, CVE-2017-9248, Magecart
1.092
06/07/2020
?
Hapvida
Brazilian health insurer Hapvida reveals to have suffered a cyber attack potentially involving access to the personal information of its customers.
Unknown
K Financial and insurance activities
CC
BR
Hapvida
1.093
06/07/2020
?
Bcycle
BCycle, a bicycle sharing service, suffered a malware attack in April and launches an investigation, according to a company letter. The stolen information may have included names, credit card numbers and addresses.
Malware
H Transportation and storage
CC
US
Bcycle
1.094
07/07/2020
Keeper
More than 570 e-commerce sites
Researchers from Gemini Advisory reveal the details of Keeper, a group responsible for compromising more than 570 e-commerce websites with Magecart Attacks.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Gemini Advisory. Keeper, Magecart
1.095
07/07/2020
Cosmic Lynx
Multiple organizations worldwide
Researchers from Agari reveal the details of Cosmic Lynx, a BEC campaign targeting individuals in 200 companies across 46 countries.
Business Email Compromise
Y Multiple Industries
CC
>1
Agari, Cosmic Lynx
1.096
07/07/2020
C-Data?
Users of C-Data devices
Two security researchers discover severe vulnerabilities and what appears to be intentional backdoors in the firmware of devices from popular Chinese vendor C-Data.
Malware
Y Multiple Industries
CE
>1
C-Data
1.097
07/07/2020
?
Multiple targets
Mozilla temporarily suspends the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators.
Malware
Y Multiple Industries
CC
>1
Mozilla, Firefox Send
1.098
07/07/2020
?
Spanish-speaking Android users
Security researchers from Avast discover the Cerberus banking Trojan disguised as a legitimate currency app on Google Play.
Malware
X Individual
CC
>1
Avast, Cerberus, Google Play, Android
1.099
07/07/2020
?
Undisclosed company
Researchers at Abnormal Security uncover a campaign aiming to steal Office 365 user credentials using SurveyMonkey as cover.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, Office 365, SurveyMonkey
1.100
07/07/2020
?
Chilton County
Chilton County shuts down after being targeted by a suspected ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Chilton County, ransomware
1.101
07/07/2020
?
Single individuals
More than 240 website subdomains belonging to organizations large and small, including household names, are hijacked to redirect users to malware, X-rated material, online gambling, and other unexpected content.
Misconfiguration
Y Multiple Industries
CC
>1
Azure
1.102
08/07/2020
?
Android users
Researchers from Malwarebytes discover pre-installed malware on a budget Android phone ANS (American Network Solutions) UL40 handset connected to Assurance Wireless by Virgin Mobile.
Malware
X Individual
CC
US
Malwarebytes, Android, ANS, American Network Solutions, UL40, Assurance Wireless, Virgin Mobile
1.103
08/07/2020
?
Multiple targets
Researchers from Carbon Black discover Conti, a ransomware strain using up to 32 simultaneous CPU threads to encrypt files on infected computers for blazing-fast encryption speeds.
Malware
X Individual
CC
>1
Carbon Black, Conti, ransomware
1.104
08/07/2020
?
Undisclosed company
Researchers from Abnormal Security discover a new phishing campaign using fake Zoom notifications to steal Office 365 logins.
Account Hijacking
Z Unknown
CC
N/A
Abnormal Security, Zoom, Office 365
1.105
08/07/2020
?
Office 365 Users
Microsoft issues a warning for Office 365 phishing attacks carried out via malicious OAuth apps.
Account Hijacking
Y Multiple Industries
CC
>1
Office 365, Oauth
1.106
08/07/2020
?
Comtrend routers
Researchers at Trend Micro discover a new version of the Mirai IoT botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.
Vulnerability
Y Multiple Industries
CC
>1
Trend Micro, Mirai, CVE-2020-10173, Comtrend
1.107
08/07/2020
?
Impact Guru
Researchers from Cyble identify a threat actor claiming to be in possession of more than 500,000 confidential data records of Impact Guru, a crowdfunding platform.
Misconfiguration
S Other service activities
CC
IN
Cyble, Impact Guru
1.108
08/07/2020
?
Multiple targets
Researchers from Wordfence reveal that a vulnerability on the Adning Advertising plugin for WordPress is currently under attack.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, Adning Advertising, WordPress
1.109
09/07/2020
?
Android users
Researchers from Check Point discover a new version of the Joker malware in Google Play
Malware
X Individual
CC
US
Check Point, Joker. Google Play
1.110
09/07/2020
?
Vulnerable Citrix Systems
Researchers from the SANS Institute reveal that threat actor are scanning the internet for two recently-discovered Citrix vulnerabilities (CVE-2020-8195, CVE-2020-8196)
Vulnerability
Y Multiple Industries
CC
>1
SANS, Citrix, CVE-2020-8195, CVE-2020-8196
1.111
09/07/2020
?
Religare Health Insurance
Researchers from Cyble discover 5 M records from Religare Health Insurance up for sale in the dark web.
Unknown
Q Human health and social work activities
CC
IN
Cyble, Religare Health Insurance
1.112
09/07/2020
?
Cloudflare
Cloudflare reveals that on June 21 it detected and mitigated a packet-based volumetric DDoS attack that peaked at 754 million packets-per-second.
DDoS
M Professional scientific and technical activities
CC
US
Cloudflare
1.113
09/07/2020
?
HSBC customers in the U.K.
People in the UK are targeted by a new phishing scam designed to trick victims into handing over details of their HSBC bank account.
Account Hijacking
K Financial and insurance activities
CC
UK
HSBC
1.114
09/07/2020
?
Indian Users
A fake TikTok app targets Indian users.
Malware
X Individual
CC
IN
TikTok
1.115
09/07/2020
?
Single individuals
Researchers from Kaspersky discover over 1000 inactive websites compromised to redirect visitors to unwanted URLs, many of which are malicious and distribute the Shlayer trojan.
Malvertising
X Individual
CC
>1
Kaspersky, Shlayer
1.116
10/07/2020
Magadimarus
LiveAuctioneers
LiveAuctioneers discloses a data breach after a well-known data breach broker begins selling 3.4 million stolen user records on a hacker forum.
Unknown
S Other service activities
CC
US
LiveAuctioneers, Magadimarus
1.117
10/07/2020
LulzSecurityITA
ENAC (Ente Nazionale Aviazione Civile), Italian Agency for the Civil Aviation
The Italian Agency for the Civil Aviation is hit with a cyber attack.
Unknown
O Public administration and defence, compulsory social security
H
IT
ENAC, LulzSecurityITA
1.118
10/07/2020
Netwalker
Alfanar
Researchers from Cyble discover internal data from Alfanar leaked from the Netwalker ransomware operators.
Malware
C Manufacturing
CC
SA
Alfanar, Cyble, Netwalker, ransomware
1.119
10/07/2020
?
Temple Sinai
A malicious hacker disrupts a Jewish congregation's virtual prayer service to display symbols synonymous with anti-Semitism.
Zoom bombing
S Other service activities
CC
US
Temple Sinai, Zoom
1.120
10/07/2020
?
Vancouver Coastal Health
Vancouver Coastal Health reveals to have suffered a ransomware attack on May 21.
Malware
Q Human health and social work activities
CC
CA
Vancouver Coastal Health, ransomware
1.121
10/07/2020
?
SEC registrants and service providers to SEC registrants.
The SEC’s Office of Compliance Inspections and Examinations (OCIE) issues a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants.
Malware
K Financial and insurance activities
CC
US
SEC, Office of Compliance Inspections and Examinations, OCIE, ransomware
1.122
11/07/2020
?
Cashaa
U.K.-based cryptocurrency exchange Cashaa reports that hackers stole more than 336 Bitcoin (BTC) and ceases all the crypto-related transactions.
Unknown
V Fintech
CC
UK
Cashaa
1.123
11/07/2020
?
Dunzo
Indian delivery service Dunzo said it suffers a data breach that left customer data including email IDs and phone numbers exposed, after attackers accessed one of its databases.
Unknown
I Accommodation and food service activities
CC
IN
Dunzo
1.124
12/07/2020
AgeLocker
Multiple organizations
A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files.
Malware
Y Multiple Industries
CC
>1
AgeLocker, Google, ransomware
1.125
12/07/2020
?
Multiple organizations
A new password-stealing trojan spam campaign adds an anti-sandbox evasion check.
Malware
Y Multiple Industries
CC
>1
Any.Run
1.126
12/07/2020
?
45 million travelers to Thailand and Malaysia from multiple countries
Researchers from Cyble discover the availability on the dark web of records of over 45 million travelers to Thailand and Malaysia from multiple countries.
Unknown
Z Unknown
CC
>1
Cyble, Thailand, Malaysia
1.127
12/07/2020
?
40,000 US citizens
Security researchers at Cyble discover the availability on the dark web of personal details of approximately 40,000 US citizens along with their social security numbers (SSNs).
Unknown
Z Unknown
CC
US
Cyble
1.128
13/07/2020
?
Argenta
Antwerp-based savings bank Argenta shuts down 143 ATM machines after falling victim to what is believed to be Belgium’s first jackpotting attacks.
Jackpotting
K Financial and insurance activities
CC
BE
Argenta
1.129
13/07/2020
NightLion
DataViper
A hacker going by the handle of NightLion claims to have breached the backend servers belonging to DataViper, a cyber security firm, and dumps 8,225 databases.
Unknown
M Professional scientific and technical activities
CC
US
NightLion, DataViper,
1.130
14/07/2020
Shiny Hunters
Wattpad
An allegedly stolen Wattpad database containing 270 million records is being sold in private sales for over $100,000 and offered for free on hacker forums.
Unknown
J Information and communication
CC
CA
Wattpad, Shiny Hunters
1.131
14/07/2020
BadPatch?
Users in Palestine
Researchers from ESET discover Welcome Chat, a chat application for Android with spying capabilities.
Targeted Attack
X Individual
CE
PS
ESET, Welcome Chat, Android, BadPatch
1.132
14/07/2020
Maze
Collabera
Collabera discloses a ransomware attack occurred on June, 8.
Malware
M Professional scientific and technical activities
CC
US
Collabera, ransomware, Maze
1.133
14/07/2020
LulzSecurityITA
Milan Linate and Malpensa Airports
Hackers from the LulzSecurityITA collective dump the list of 23 databases from the Airports of Milan Linate and Milan Malpensa, allegedly accessed.
Unknown
H Transportation and storage
H
IT
Milan, Linate, Malpensa, LulzSecurityITA
1.134
14/07/2020
?
Senior Catalonian Politicians
Roger Torrent, the speaker of Catalan parliament, and at least two other pro-independence supporters, have reportedly been told their phones were targeted last year using the ‘Pegasus’ spyware.
Targeted Attack
X Individual
CE
ES
Roger Torrent, Catalan parliament, Pegasus
1.135
14/07/2020
Jamescarter
UK ticketing provider
Security researchers from KELA discover a database containing millions of emails and usernames up for sale on the dark web, linked to a well-known UK ticketing provider.
Unknown
R Arts entertainment and recreation
CC
UK
Jamescarter, KELA
1.136
14/07/2020
?
Banking customers worldwide
Researchers from Kaspersky reveal that the "Tetrade", a set of four Brazilian banking trojans (Guildma, Javali, Melcoz, Grandoreiro) is now spreading globally.
Researchers from Sophos discover another campaign carried out by the RATIcate group, using the CloudEye tool
Targeted Attack
Y Multiple Industries
CE
>1
RATIcate. CloudEye
1.138
15/07/2020
CIA
Targets in Iran, Russia, China, and North Korea
A new report reveals that the Central Intelligence Agency conducted a series of covert cyber operations against Iran and other targets, including Russia, China, and North Korea.
Targeted Attack
O Public administration and defence, compulsory social security
CW
>1
CIA, Central Intelligence Agency, Russia, China, North Korea
1.139
15/07/2020
?
Citrix third-party
An actor sells what they claim to be a database with information on 2,000,000 Citrix customers on the dark web. An official statement by the company reveals that the database has ben obtained from a third-party.
Unknown
Z Unknown
CC
N/A
Citrix
1.140
15/07/2020
Graham Ivan Clark
Twitter
A number of high profile Twitter accounts, including Bill Gates, Elon Musk and Apple, are hijacked to promote a bitcoin scam. The author of the hack is arrested by the FBI two weeks later.
Account Hijacking
S Other service activities
CC
US
Twitter, Bill Gates, Elon Musk, Apple, bitcoin, Graham Ivan Clark
1.141
15/07/2020
?
Banks across Europe
ATM maker Diebold Nixdorf warns banks of a new type of ATM "black box" attack that was recently spotted used across Europe.
ATM "Black Box"
K Financial and insurance activities
CC
EU
Diebold Nixdorf, ATM, Black Box
1.142
15/07/2020
Mustang Panda
Hong Kong Catholic Church
China's government hackers have targeted members of the Hong Kong Catholic Church in a series of spear-phishing operations traced back to May this year.
Targeted Attack
S Other service activities
CE
HK
Mustang Panda, China, Catholic Church, Hong Kong
1.143
15/07/2020
Ghost Squad
European Space Agency (ESA)
Hackers from the Ghost Squad deface a domain of the European Space Agency (ESA): business.esa.int.
Defacement
U Activities of extraterritorial organizations and bodies
H
EU
Ghost Squad, European Space Agency, ESA, business.esa.int.
1.144
15/07/2020
?
Blackbaud
Blackbaud, a cloud software provider specializing in fundraising suites for charities and educational institutions, discloses a ransomware attack occurred on May, 2020.
Malware
M Professional scientific and technical activities
CC
US
Blackbaud, ransomware
1.145
15/07/2020
?
Single individuals in the UK
The Cofense Phishing Defense Center observes a new email-based phishing scam that aims to harvest Her Majesties Revenue and Customs (HMRC) credentials and sensitive personal information by preying on UK workers who are expecting COVID-19 tax relief grants.
Account Hijacking
X Individual
CC
US
Cofense, PDC, Her Majesties Revenue and Customs, HMRC, COVID-19
1.146
15/07/2020
?
Misconfigured Docker servers
Researchers from Aqua Security discover a new campaign exploits misconfigured Docker API ports in order to infect victims with a resource-hijacking cryptominer.
Misconfiguration
Y Multiple Industries
CC
>1
Aqua Security, Docker
1.147
15/07/2020
?
Multiple targets
Researchers from Bad Packets report that threat actors have been scanning the Internet for SAP systems affected by RECON vulnerability, tracked as CVE-2020-6287.
Vulnerability
Y Multiple Industries
CC
>1
CVE-2020-6287, SAP
1.148
15/07/2020
?
Tax Collector’s Office for Polk County
Tax Collector’s Office for Polk County blames malware found on an employee's computer for a data breach that affected around 450,000 residents of Polk County. The breach occurred in June.
Malware
O Public administration and defence, compulsory social security
CC
US
Tax Collector’s Office for Polk County
1.149
15/07/2020
?
Air travelers in the US
The Federal Bureau of Investigation issues a warning to air travelers to be wary of bogus US airport websites when booking flights online.
Account Hijacking
H Transportation and storage
CC
US
FBI
1.150
15/07/2020
?
Gravitas
An Auckland research firm, Gravitas, suffers a hack and loses the information provided by the NZ Police. As a consequence the police decides to close the contract.
Unknown
M Professional scientific and technical activities
CC
NZ
Gravitas
1.151
16/07/2020
APT29 (AKA Cozy Bear, The Dukes, and Yttrium)
Organizations involved in coronavirus vaccine development in Canada, UK, and the US
The National Cyber Security Centre (NCSC) in UK, warns of an ongoing campaign, carried out by Russian malicious actors, targeting organizations involved in coronavirus vaccine development.
Targeted Attack
Q Human health and social work activities
CE
>1
National Cyber Security Centre, NCSC, APT29, Cozy Bear, The Dukes, Yttrium, COVID-19
1.152
16/07/2020
?
Android users
Researchers from ThreatFabric discover a new Android banking trojan dubbed BlackRock.
Malware
K Financial and insurance activities
CC
>1
ThreatFabric, Android, BlackRock
1.153
16/07/2020
?
Apple macOS users
Researchers from ESET reveal that Apple macOS users are targeted in a fresh campaign aiming to pilfer cryptocurrency from their wallets via the Gmera trojan.
Malware
V Fintech
CC
>1
ESET, Apple macOS, Gmera, crypto
1.154
16/07/2020
?
Targets across the US and Europe in the professional, healthcare, IT, manufacturing, logistics, and travel sector
Researchers from Cybereason discover a new backdoor, dubbed Bazar, linked to the threat actors behind Trickbot.
Malware
Y Multiple Industries
CC
>1
Cybereason, Bazar, Trickbot
1.155
17/07/2020
?
Multiple targets
Emotet, 2019's most active cybercrime operation and malware botnet, returns to life with new attacks.
Malicious Spam
Y Multiple Industries
CC
>1
Emotet
1.156
17/07/2020
Netwalker
Lorien Health Services
Lorien Health Services announces that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident.
Malware
Q Human health and social work activities
CC
US
Lorien Health Services, Netwalker, ransomware
1.157
17/07/2020
?
Agricultural water pumps in upper Galilee
Local news outlet in Israel report that the agricultural water pumps in upper Galilee were hit by a cyber attack back in June
Unknown
E Water supply, sewerage waste management, and remediation activities
CW
IL
Agricultural water pumps in upper Galilee
1.158
17/07/2020
?
Water pumps in the province of Mateh Yehuda
Also the agricultural water pumps in upper Galilee were hit by a cyber attack back in June.
Unknown
E Water supply, sewerage waste management, and remediation activities
CW
IL
Water pumps in the province of Mateh Yehuda
1.159
17/07/2020
?
Office 365 Users
Researchers from Abnormal Security discover two phishing campaigns using the bait of an Office 365 subscription renewal.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Microsoft Office 365
1.160
18/07/2020
REvil AKA Sodinokibi
Telecom Argentina
The REvil ransomware gang infects the internal network of Telecom Argentina, and asks for a $7.5 million ransom demand to unlock encrypted files.
Malware
J Information and communication
CC
AR
REvil, Sodinokibi, Telecom Argentina, ransomware
1.161
18/07/2020
?
Multiple targets
A new phishing campaign uses a trio of enterprise cloud services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud.
Account Hijacking
Y Multiple Industries
CC
>1
Microsoft Azure, Microsoft Dynamics, IBM Cloud
1.162
19/07/2020
?
GEDMatch
More than a million DNA profiles are available to search on GEDMatch after the genealogy portal is hacked.
Account Hijacking
S Other service activities
CC
US
GEDMatch
1.163
20/07/2020
?
Multiple financial targets
After awakening last week and starting to send spam worldwide, Emotet is now once again installing the TrickBot trojan on infected Windows computers.
Malware
K Financial and insurance activities
CC
>1
Emotet, TrickBot
1.164
20/07/2020
?
UK Consumers
UK consumers are targeted by a new phishing scam falsely purporting to be from UK supermarket Tesco.
Account Hijacking
X Individual
CC
UK
Tesco
1.165
20/07/2020
?
Single Individuals
Researchers from Area 1 Security discover an email phishing campaign impersonating the Bill & Melinda Gates Foundation with messages demanding Bitcoin being sent out.
Account Hijacking
X Individual
CC
>1
Area 1 Security, Bill & Melinda Gates Foundation, Bitcoin
1.166
20/07/2020
?
University of Utah Health
University of Utah Health notifies 10,000 patients after it suffered a phishing attack.
Account Hijacking
Q Human health and social work activities
CC
US
University of Utah Health
1.167
21/07/2020
?
Multiple financial targets
Researchers tracking Emotet botnet notice that, after the comeback, the malware is starting to push QakBot banking trojan at an unusually high rate, replacing the longtime TrickBot payload.
Malware
K Financial and insurance activities
CC
>1
Emotet, QakBot, TrickBot
1.168
21/07/2020
?
DeepSource
DeepSource resets the user logins after an employee falls for the Sawfish phishing campaign.
Account Hijacking
M Professional scientific and technical activities
CC
US
DeepSource, Sawfish
1.169
21/07/2020
?
Multiple targets
Researchers from Check Point discover a new phishing campaign using Google Cloud Services to steal Office 365 logins.
Account Hijacking
Y Multiple Industries
CC
>1
Check Point, Google Cloud Services, Office 365
1.170
21/07/2020
?
MyHeritage
MyHeritage, a genealogy website based in Israel, announces that some of its users had been subjected to a phishing attack to obtain their log-in details for the site, apparently targeting email addresses obtained in the attack on GEDmatch just two days before.
Account Hijacking
S Other service activities
CC
IL
MyHeritage, GEDMatch
1.171
21/07/2020
?
Multiple targets
The FBI sends out an alert warning about the discovery of new network protocols abused to launch large-scale distributed denial of service (DDoS) attacks. The list includes CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software.
DDoS
Y Multiple Industries
CC
US
FBI, DDoS, CoAP, Constrained Application Protocol, WS-DD, Web Services Dynamic Discovery, ARMS, Apple Remote Management Service,Jenkins
1.172
21/07/2020
Suspected Chinese APT
Political entities and individuals in India and Hong Kong.
Researchers from Malwarebytes discover an uptick in the spread of a new MgBot malware variant across India and Hong Kong by a suspected Chinese advanced persistent threat (APT) group.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IN
HK
Malwarebytes, MgBot, India, Hong Kong, China
1.173
21/07/2020
?
UFO VPN
UFO VPN database is destroyed by a 'meow' attack.
Misconfiguration
M Professional scientific and technical activities
CC
HK
UFO VPN, meow
1.174
22/07/2020
?
Unsecured databases
Hundreds of unsecured databases exposed on the public web are the target of an automated 'meow' attack that destroys data without any explanation.
Misconfiguration
Y Multiple Industries
CC
>1
meow
1.175
22/07/2020
?
Twilio
Twilio discloses that its TaskRouter JS SDK was compromised by attackers after they gained access to one of its misconfigured Amazon AWS S3 buckets which left the SDK's path publicly readable and writable for roughly five years, since 2015.
Misconfiguration
J Information and communication
CC
US
Twilio, TaskRouter JS SDK, Amazon, AWS, S3
1.176
22/07/2020
?
Multiple organizations
Research from Cisco Talos reveal the details of Prometei, a new cryptojacking botnet spreading across compromised networks via multiple methods including the EternalBlue exploit for Windows SMB. The s goal is to mine Monero (XMR) cryptocurrency.
Researches from Kaspersky reveal the details of MATA, a recently discovered malware framework used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft.
Malware
Y Multiple Industries
CC
>1
Kaspersky, MATA, The Lazarus Group. HIDDEN COBRA
1.178
22/07/2020
OilRig APT
A telecom company in the Middle East
Researchers from Palo Alto Networks discover a series of cyberattacks on a telecom company in the Middle East signaling the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT.
Targeted Attack
J Information and communication
CE
N/A
Palo Alto Networks, OilRig APT
1.179
22/07/2020
?
SUNY Erie Community College
About 50 computers at SUNY Erie Community College are disabled by a malware attack.
Malware
P Education
CC
US
SUNY Erie Community College
1.180
23/07/2020
REvil AKA Sodinokibi
Administrador de Infraestructuras Ferroviarias (ADIF)
Administrador de Infraestructuras Ferroviarias (ADIF), a Spanish state-owned railway infrastructure manager is hit by REvil ransomware operators.
Malware
H Transportation and storage
CC
ES
REvil, Sodinokibi, Administrador de Infraestructuras Ferroviarias, ADIF
1.181
23/07/2020
?
Sports organizations and teams, including Premier League football clubs
The UK National Cyber Security Centre (NCSC) highlight the increasing risks posed by ransomware attacks, phishing campaigns, and Business Email Compromise (BEC) fraud schemes targeting sports organizations and teams, including Premier League football clubs.
>1
R Arts entertainment and recreation
CC
UK
UK National Cyber Security Centre, NCSC, Business Email Compromise, BEC, Premier League
1.182
23/07/2020
?
University of York
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.183
23/07/2020
?
CouchSurfing
CouchSurfing, an online service that lets users find free lodgings, investigates a security breach after hackers began selling the details of 17 million users on Telegram channels and hacking forums.
Unknown
I Accommodation and food service activities
CC
US
CouchSurfing
1.184
23/07/2020
China
US companies in the healthcare, chemical, and
finance sectors
The Federal Bureau of Investigation issues an alert to inform organizations in the United States of the risk associated with the use of Chinese tax software.
Malware
Y Multiple Industries
CE
US
FBI, China, GoldenSpy
1.185
23/07/2020
?
Critical infrastructure across the U.S
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of cyber attacks targeting critical infrastructure across the U.S.
>1
D Electricity gas steam and air conditioning supply
CC
US
National Security Agency, NSA, Cybersecurity and Infrastructure Security Agency, CISA
1.186
23/07/2020
?
Instacart
Online shopping service Instacart says reused passwords are to blame for a recent spate of account breaches, which saw personal data belonging to hundreds of thousands of Instacart customers stolen and put up for sale on the dark web.
Password-spraying
I Accommodation and food service activities
CC
US
Instacart
1.187
23/07/2020
?
?
Researchers from White Ops expose Chartreuse Blur. a malicious cyber-operation involving 29 fraudulent photo-editing apps downloaded 3.5 million times.
Malware
X Individual
CC
>1
White Ops, Chartreuse Blur
1.188
23/07/2020
?
Oxford Brookes University
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.189
23/07/2020
?
Loughborough University
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.190
23/07/2020
?
University of Leeds
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.191
23/07/2020
?
University of London
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.192
23/07/2020
?
University of Reading
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.193
23/07/2020
?
University College Oxford
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.194
23/07/2020
?
Ambrose University in Alberta
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.195
23/07/2020
?
Canada Human Rights Watch
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.196
23/07/2020
?
Young Minds, Rhode Island School of Design
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.197
23/07/2020
?
University of Exeter
At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked Blackbaud a cloud computing provider with ransomware.
Malware
P Education
CC
UK
University of York, Oxford Brookes University, Loughborough University, University of Leeds, University of London, University of Reading, University College Oxford, Ambrose University in Alberta, Canada Human Rights Watch, Young Minds, Rhode Island School of Design in the US, University of Exeter
1.198
24/07/2020
WastedLocker
Garmin
Garmin is hit by a WastedLocker ransomware attack.
Malware
C Manufacturing
CC
US
Garmin, WastedLocker, ransomware
1.199
24/07/2020
APT28 AKA Fancy Bear
US Government and Energy Targets
From December 2018 until at least May of this year, APT28 AKA Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
APT28, Fancy Bear, FBI
1.200
24/07/2020
APT28 AKA Fancy Bear
US Government and Energy Targets
From December 2018 until at least May of this year, APT28 AKA Fancy Bear carried out a broad hacking campaign against US targets, according to an FBI notification sent to victims of the breaches in May.
Targeted Attack
D Electricity gas steam and air conditioning supply
CE
US
1.201
24/07/2020
?
Multiple organizations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) publishes a warning confirming the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices.
Vulnerability
Y Multiple Industries
CC
>1
Cybersecurity and Infrastructure Security Agency, CISA, RCE, CVE-2020-5902,F5, Big-IP
1.202
24/07/2020
?
Multiple targets
Cisco fixes a high severity and actively exploited vulnerability affecting the web services interface of two of its firewall products (CVE-2020-3452).
Vulnerability
Y Multiple Industries
CC
>1
Cisco, CVE-2020-3452
1.203
24/07/2020
?
Emotet botnet
Someone is taking fun at the Emotet botnet and disrupting its operations by hacking into the malware's distribution sites and replacing malicious payloads with memes and GIFs.
Account Hijacking
S Other service activities
H
N/A
Emotet
1.204
24/07/2020
?
Aberystwyth University
The Aberystwyth University is an additional university hit with ransomware after the Blackbaud hack.
Malware
P Education
CC
UK
Aberystwyth University, Blackbaud
1.205
24/07/2020
?
Sheldon Independent School District
Sheldon Independent School District notifies current and former staff and students of an unauthorized access on its network occurred on June 15, 2020.
Unknown
P Education
CC
US
Sheldon Independent School District
1.206
25/07/2020
RagnarLocker
Carlson Wagonlit Travel (CWT)
US corporate travel management firm Carlson Wagonlit Travel (CWT) suffers an intrusion and it is believed to have paid a $4.5m ransom to get its data back.
Beaumont Health, Michigan's largest healthcare provider warns around 6,000 patients that their data may have been exposed following a phishing attack occurred between January 3, 2020, and January 29, 2020.
Account Hijacking
Q Human health and social work activities
CC
US
Beaumont Health, Michigan
1.208
26/07/2020
?
Waydev
Hackers use a blind SQL injection vulnerability to gain access to its database, from where they stole GitHub and GitLab OAuth tokens from other companies.
SQL Injection
M Professional scientific and technical activities
CC
US
GitHub, GitLab, OAuth, Waydev
1.209
26/07/2020
?
Dave.com
Loan app Dave.com has 7.5 million records leaked, blaming the breach to the OAuth tokens stolen by the attackers from Waydev.
OAuth token hijacking
K Financial and insurance activities
CC
US
Dave.com, Waydev
1.210
26/07/2020
?
Flood.io
Software testing service Flood.io suffers a breach blamed to the OAuth tokens stolen by the attackers from Waydev.
OAuth token hijacking
M Professional scientific and technical activities
CC
AU
Flood.io, Waydev
1.211
27/07/2020
ShinyHunters
Promo.com
Promo.com, an Israeli-based marketing video creation site, discloses a data breach after a database containing 22 million user records is leaked for free on a hacker forum.
Unknown
M Professional scientific and technical activities
CC
US
Promo.com, ShinyHunters
1.212
27/07/2020
ShinyHunters
Drizly
ShinyHunters leaks the database of Drizly, containing approximately 2.5 million records
Unknown
I Accommodation and food service activities
CC
IT
ShinyHunters, Drizly
1.213
27/07/2020
Ensiko
Systems running PHP
Researchers from Trend Micro discover Ensiko, a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers.
Malware
Y Multiple Industries
CC
>1
Trend Micro, Ensiko, ransomware, PHP
1.214
27/07/2020
?
Office 365 Users
Researchers from Abnormal Security discover a new campaign targeting Microsoft Office 365 users, and making use of bait messages camouflaged as automated SharePoint notifications to steal their accounts.
Account Hijacking
Y Multiple Industries
CC
>1
Abnormal Security, Microsoft Office 365, SharePoint
1.215
27/07/2020
?
Sheffield Hallam University
The Sheffield Hallam University confirms that it is dealing with a data breach linked to the software provider Blackbaud.
Unknown
P Education
CC
UK
Sheffield Hallam University, Blackbaud
1.216
27/07/2020
?
Users in the UK
Users in UK are warned not to fall for yet another COVID-related lure after warnings of a new phishing campaign, this time promising the recipient a government-funded tax cut.
Account Hijacking
X Individual
CC
UK
COVID-19
1.217
28/07/2020
Netwalker
U.S. and foreign government organizations
The FBI issues a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations.
Malware
O Public administration and defence, compulsory social security
CC
>1
FBI, Netwalker, ransomware
1.218
28/07/2020
The Lazarus Group AKA HIDDEN COBRA
Multiple Enterprise Targets
Researchers from Kaspersky reveal that North Korean-backed hackers from the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets.
Malware
Y Multiple Industries
CC
>1
The Lazarus Group, Kaspersky, VHD, ransomware, HIDDEN COBRA
1.219
28/07/2020
?
Misconfigured cloud-based docker instances
Researchers from Intezer Labs reveal the details of Doki, a malware part of the Ngrok Cryptominer Botnet targeting misconfigured cloud-based docker instances running on Linux.
Misconfiguration
Y Multiple Industries
CC
>1
Intezer Labs, Doki, Ngrok, Crypto, Linux
1.220
28/07/2020
Nefilim
Dresdner Kühlanlagenbau GmbH (DKA)
The Nefilim ransomware operation begins to publish unencrypted files stolen from a Dussmann Group subsidiary, Dresdner Kühlanlagenbau GmbH (DKA), during a recent attack.
Researchers from McAfee reveal the details of Operation North Star, a long-lasting spear-phishing campaign targeting U.S. defense and aerospace contractors between early April and mid-June 2020.
Targeted Attack
C Manufacturing
CE
US
McAfee, Operation North Star, Hidden Cobra
1.225
29/07/2020
Deceptikons
Law firms and fintech companies in Europe and Middle East.
Researchers from Kaspersky discover a new hacker-for-hire mercenary group codenamed Deceptikons, and active for almost a decade.
Targeted Attack
K Financial and insurance activities
CE
>1
Kaspersky, Deceptikons
1.226
29/07/2020
Deceptikons
Law firms and fintech companies in Europe and Middle East.
Researchers from Kaspersky discover a new hacker-for-hire mercenary group codenamed Deceptikons, and active for almost a decade.
Targeted Attack
V Fintech
CE
>1
Kaspersky, Deceptikons
1.227
29/07/2020
ShinyHunters
Havenly
Havenly, discloses a data breach that impacted 1.3 million users.
Unknown
G Wholesale and retail trade
CC
US
Havenly, ShinyHunters
1.228
29/07/2020
China?
Vatican and the Holy See’s Study Mission to China’
Researchers from Recorded Future reveal that the Vatican’s computer networks have allegedly been infiltrated by Chinese hackers in the run up to sensitive talks between the Catholic Church and Beijing focusing on the religion’s status in China.
Targeted Attack
O Public administration and defence, compulsory social security
CE
VA
Recorded Future, Vatican and the Holy See’s Study Mission to China’
1.229
29/07/2020
?
European Bank for Reconstruction and Development (EBRD) Twitter account
The European Bank for Reconstruction and Development (EBRD) Twitter account is hijacked.
Account Hijacking
U Activities of extraterritorial organizations and bodies
CC
EU
European Bank for Reconstruction and Development, EBRD
1.230
29/07/2020
?
Ledger
Crypto-wallet firm Ledger reveals a major security breach of its e-commerce and marketing database, resulting in the compromise of one million customer email addresses and the personal details of thousands after the vulnerability was exploited in June 25, 2020.
Vulnerability
V Fintech
CC
FR
Ledger
1.231
29/07/2020
?
Athens ISD
Athens ISD pays a $50,000 ransom for school data that was taken in a ransomware attack.
Malware
P Education
CC
US
Athens ISD, ransomware
1.232
29/07/2020
?
Las Cruces Middle School
Las Cruces Middle School suffers a Zoom bombing attack.
Zoom bombing
P Education
CC
US
Las Cruces Middle School, Zoom bombing
1.233
30/07/2020
ShinyHunters
Appen.com
ShinyHunters leaks the databases of 18 startups.
Unknown
M Professional scientific and technical activities
M Professional scientific and technical activities
CC
MX
1.236
30/07/2020
ShinyHunters
Proctoru.com
ShinyHunters leaks the databases of 18 startups.
Unknown
M Professional scientific and technical activities
CC
US
1.237
30/07/2020
ShinyHunters
Rewards1.com
ShinyHunters leaks the databases of 18 startups.
Unknown
R Arts entertainment and recreation
CC
US
1.238
30/07/2020
ShinyHunters
Vakinha.com.br
ShinyHunters leaks the databases of 18 startups.
Unknown
S Other service activities
CC
BR
1.239
30/07/2020
ShinyHunters
Scentbird
Shentbird discloses the security breach after ShinyHunters leak their database.
Unknown
G Wholesale and retail trade
CC
US
Scentbird, ShinyHunters
1.240
30/07/2020
?
Multiple organizations
Researchers from Cofense discover an Office 365 phishing campaign abusing Google Ads to bypass secure email gateways, redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials.
Account Hijacking
Y Multiple Industries
CC
>1
Cofense, Office 365, Google Ads
1.241
30/07/2020
?
High-impact targets with valuable financial information.
Researchers from Intezer Labs reveal that the TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.
Malware
Y Multiple Industries
CC
>1
Intezer Labs, TrickBot, Anchor, Linux
1.242
30/07/2020
Russia?
Audiences in Lithuania, Latvia, and Poland
Researchers from FireEye discover Ghostwriter, a widespread long-lasting influence campaign using compromised websites to discredit the NATO.
Vulnerability
O Public administration and defence, compulsory social security
CW
>1
FireEye, NATO, Ghostwriter, Russia
1.243
31/07/2020
?
Zello
The push-to-talk app, Zello, discloses a data breach that revealed user's email addresses and hashed passwords after discovering unauthorized activity on their systems on July 8, 2020.
Unknown
J Information and communication
CC
US
Zello
1.244
31/07/2020
?
Pivot Technology Solutions
Managed service provider Pivot Technology Solutions discloses that it was the victim of a failed ransomware attack that resulted in sensitive information being accessed by the hackers. The incident occurred last month.
Malware
M Professional scientific and technical activities
CC
CA
Pivot Technology Solutions, ransomware
1.245
31/07/2020
?
Multiple government websites
In an ongoing blackhat SEO campaign, scammers use open redirects found on government websites to redirect visitors to pornography sites.
Malicious SEO redirection
X Individual
CC
US
SEO
1.246
31/07/2020
?
2gether
2gether reveals a cyberattack in which roughly €1.2 million in cryptocurrency has been stolen from cryptocurrency investment accounts.
Unknown
V Fintech
CC
ES
2gether
1.247
31/07/2020
?
Elkins Rehabilitation & Care Center
Elkins Rehabilitation & Care Center notifies residents and employees of a phishing attack discovered in February 2019.
Account Hijacking
Q Human health and social work activities
CC
US
Elkins Rehabilitation & Care Center, ERCC
1.248
21/07/2020
?
Pepperstone
Pepperstone sends out an email to clients, alerting them of a data security incident in which third parties are reaching out to the broker’s clients and falsely claiming to be Pepperstone.
Unknown
K Financial and insurance activities
CC
AU
Pepperstone
1.249
27/07/2020
?
City of Lafayette
The City of Lafayette suffers a ransomware attack that impact the phone services, email, and online payment reservation systems. The city is forced to pay $45,000.
Malware
O Public administration and defence, compulsory social security
CC
US
City of Lafayette, ransomware
1.250
29/07/2020
?
iVoy
Delivery startup, iVoy, experiences a data breach, over 127,000 accounts exposed.
Unknown
H Transportation and storage
CC
MX
iVoy
1.251
30/07/2020
Maze
Canon
Canon suffers a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.
Malware
C Manufacturing
CC
JP
Canon, Ransomware, Maze
1.252
30/07/2020
RansomEXX
Konica Minolta
Konica Minolta is hit with a RansomEXX ransomware attack
Malware
C Manufacturing
CC
JP
Konica Minolta, RansomEXX, ransomware
1.253
30/07/2020
?
British Dental Association
The British Dental Association notifies its members of a breach occurred on July 30.
Unknown
S Other service activities
CC
UK
British Dental Association
1.254
02/08/2020
?
Telstra
Telstra is hit with a DDoS attack
DDoS
J Information and communication
CC
AU
Telstra
1.255
02/08/2020
Indian Hackers
Dawn News Channel
One of the leading Pakistan News Channels, Dawn, was reportedly targeted by Indian hackers.
Unknown
J Information and communication
H
PK
Pakistan, India
1.256
02/08/2020
?
Hudson Independent School District
Hudson ISD’s website is down after a cyber attack affected the website’s host.
Unknown
P Education
CC
US
Hudson Independent School District
1.257
03/08/2020
Chinese state-sponsored hackers
US private entities
Three agencies of the US government CISA, CyberCom, and FBI) publish a joint alert about new versions of Taidoor (AKA Taurus RAT), a malware family previously associated with Chinese state-sponsored hackers.
Targeted Attack
Y Multiple Industries
CE
US
CISA, CyberCom, FBI, Taidoor, Taurus RAT, China
1.258
03/08/2020
Russian Hackers
Liam Fox
A personal email account belonging to Liam Fox, the former UK trade minister, is repeatedly hacked into by Russian attackers who stole classified documents relating to US-UK trade talks.
Targeted Attack
O Public administration and defence, compulsory social security
CE
UK
Liam Fox, Russia
1.259
03/08/2020
?
Multiple targets
The FBI warns private industry partners of increased security risks because of devices still running Windows 7, after observing some attacks.
>1
Y Multiple Industries
CC
US
FBI, Windows 7
1.260
03/08/2020
Maze
Regis
Regis, an aged-care operator is hit by a Maze ransomware attack.
Malware
Q Human health and social work activities
CC
AU
Regis, Raze, Ransomware
1.261
03/08/2020
Netwalker
Forsee Power
Netwalker ransomware operators leak the data of Forsee Power, a well-known player in the electromobility market.
Malware
C Manufacturing
CC
FR
Netwalker, ransomware, Forsee Power
1.262
03/08/2020
?
Single Individuals in U.K.
Hundreds of Britons are targeted by a free TV license SMS phishing campaign.
Account Hijacking
X Individual
CC
UK
TV
1.263
03/08/2020
?
Tacoma Public Schools
Tacoma Public Schools email is hacked and sends out phishing emails.
Account Hijacking
P Education
CC
US
Tacoma Public Schools
1.264
04/08/2020
?
Multiple targets
A hacker publishes a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
Vulnerability
Y Multiple Industries
CC
>1
CVE-2019-11510, Pulse Secure
1.265
04/08/2020
?
SMB in the U.S.
A report from Interpol reveals that American medium-sized companies are actively targeted by LockBit ransomware.
Malware
Y Multiple Industries
CC
US
LockBit, ransomware
1.266
04/08/2020
?
Chrome users
Researchers from Adguard reveal that more than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
Malicious Browser Extension
X Individual
CC
>1
Adguard, Chrome
1.267
04/08/2020
?
UberEats
Security researchers from Cyble discover user records of American online food ordering and delivery platform UberEats on the DarkWeb.
Unknown
I Accommodation and food service activities
CC
US
Cyble, UberEats
1.268
04/08/2020
?
Multiple targets
Researchers from INKY discover a phishing campaign in several countries designed to extract credentials from users via fake Zoom invites.
Account Hijacking
Y Multiple Industries
CC
>1
INKY, Zoom
1.269
05/08/2020
?
Hillsborough County
A court hearing held via Zoom for the US teenager accused of masterminding the Twitter hack is interrupted with rap music and porn.
Zoom bombing
O Public administration and defence, compulsory social security
CC
US
Zoom, Twitter, Hillsborough County
1.270
05/08/2020
?
Pace Center for Girls
Pace Center for Girls issues a warning to its supporters after the organization discovers some of its data was affected by the security breach at Blackbaud.
Malware
Q Human health and social work activities
CC
US
Pace Center for Girls, Blackbaud, ransomware
1.271
05/08/2020
?
Hancock County school district
Hancock County school district is hit by a cyber attack, affecting the internet connectivity
Unknown
P Education
CC
US
Hancock County school district
1.272
06/08/2020
China, Russia, Iran, and Tunisia
Multiple countries
In its TAG bulletin, Google reveals it took down ten influence operation campaigns in Q2 2020, traced back to China, Russia, Iran, and Tunisia.
Fake Social Network accounts/groups/pages
O Public administration and defence, compulsory social security
CW
>1
TAG bulletin, Google, China, Russia, Iran, Tunisia
1.273
06/08/2020
?
Intel
Classified and confidential documents from Intel, allegedly resulting from a breach, are uploaded to a public file sharing service.
Misconfiguration
C Manufacturing
CC
US
Intel
1.274
06/08/2020
Water Nue
More than 1,000 companies in the U.S. and Canada
Researchers from Trend Micro discover Water Nue, a series of business email compromise campaigns targeting executives of more than 1,000 companies, most recently in the US and Canada.
Business Email Compromise
Y Multiple Industries
CC
US
CA
Trend Micro, Water Nue
1.275
06/08/2020
Chimera
Taiwan semiconductor vendors
Researchers from CyCraft Technology reveal the details of Operation Skeleton, a series of targeted attacks against Taiwan semiconductor vendors.
Targeted Attack
C Manufacturing
CE
TW
CyCraft Technology, Operation Skeleton, Chimera
1.276
06/08/2020
?
Firefox users
Firefox fixes a bug abused in the wild by tech support scammers to create artificial mouse cursors and prevent users from easily leaving malicious sites.
Evil cursor
X Individual
CC
>1
Firefox
1.277
06/08/2020
Magecart Group 8
Multiple Targets
Researchers from Malwarebytes discover a new credit card skimming campaign making use of homoglyph techniques, connected to an existing Magecart threat group.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebytes, homoglyph, Magecart, Magecart Group 8
1.278
06/08/2020
Interactive Data
?
Interactive Data, a data broker, is hacked and fuels fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts
Unknown
M Professional scientific and technical activities
CC
US
Interactive Data, COVID-19
1.279
06/08/2020
?
Imperial Valley College
Imperial Valley College is hit with a Ransomware Attack
Malware
P Education
CC
US
Imperial Valley College
1.280
06/08/2020
?
Scholarship America
Scholarship America discloses a phishing attack.
Account Hijacking
Q Human health and social work activities
CC
US
Scholarship America
1.281
07/08/2020
DoppelPaymer
Boyce Technologies
The DoppelPaymer ransomware gang hits ventilator manufacturer Boyce Technologies amid the COVID-19 pandemic.
Malware
C Manufacturing
CC
US
Boyce Technologies, ransomware,
1.282
07/08/2020
?
Reddit users
Multiple Reddit subreddits are defaced, with the attackers posting pro-Trump messages and changing the communities' themes to show content supporting Trump's 2020 campaign.
Account Hijacking
Y Multiple Industries
H
US
Reddit, Trump
1.283
07/08/2020
?
Britain's National Trust
Britain's National Trust warns volunteers of a data breach linked to the cyber-attack on US cloud computing and software provider Blackbaud in May.
Malware
Q Human health and social work activities
CC
UK
Britain's National Trust, Blackbaud, ransomware
1.284
08/08/2020
Fox Kitten (AKA Parisite)
Fortune 500 firms, government agencies, and banks.
The FBI warns of Iranian hackers actively attempting to exploit CVE-2020-5902 affecting F5 Big-IP application delivery controller (ADC) devices used by Fortune 500 firms, government agencies, and banks.
Vulnerability
Y Multiple Industries
CC
US
FBI, CVE-2020-5902, F5 Big-IP, ADC, Fox Kitten, Parisite
1.285
08/08/2020
?
cPanel users
A phishing scam is targeting cPanel users with a fake security advisory alerting them of critical vulnerabilities in their web hosting management panel.
The defcon.org forum is attacked with CVE-2019-16759 (targeting vBulletin), three hours after it is disclosed.
Vulnerability
S Other service activities
CC
US
Defcon.org, CVE-2019-16759, vBulletin
1.288
09/08/2020
?
Users accessing cryptocurrency-related sites
A report reveals that a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser.
SSL Stripping
V Fintech
CC
>1
Tor
1.289
09/08/2020
Nefilim
SPIE group
Nefilim ransomware operators leak the date of SPIE group, an independent European leader in multi-technical services
Malware
M Professional scientific and technical activities
CC
FR
Nefilim, ransomware, SPIE
1.290
10/08/2020
?
utahgunexchange.com
A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum.
Misconfiguration
S Other service activities
CC
>1
utahgunexchange.com
1.291
10/08/2020
?
muleyfreak.com
A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum.
Misconfiguration
S Other service activities
CC
>1
muleyfreak.com
1.292
10/08/2020
?
deepjunglekratom.com
A hacker releases the databases of Utah-based gun exchange, hunting, and kratom sites for free on a cybercrime forum.
Misconfiguration
S Other service activities
CC
>1
deepjunglekratom.com
1.293
10/08/2020
?
Michigan State University (MSU)
Michigan State University (MSU) discloses that attackers were able to steal credit card and personal information from roughly 2,600 users of its shop.msu.edu online store. The attacked lasted between Oct. 19, 2019 and June 26, 2020
Malicious Script Injection
P Education
CC
US
Michigan State University, MSU, Magecart
1.294
10/08/2020
Avaddon
Undisclosed Construction company
The gang behind the Avaddon ransomware launches a data leak site to extort victims and published the data of a construction company.
Malware
C Manufacturing
CC
N/A
Avaddon, ransomware
1.295
10/08/2020
?
Single Individuals
Researchers from Cyble discover a large scale hacking campaign targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams.
Malware
Y Multiple Industries
CC
>1
Cyble
1.296
10/08/2020
?
Multiple targets
Researchers from SentinelOne discover new variants of the popular Agent Tesla Trojan that include new modules to steal credentials from applications including popular web browsers, VPN software, as well as FTP and email clients.
Malware
Y Multiple Industries
CC
>1
SentinelOne, Agent Tesla
1.297
10/08/2020
?
US Small businesses
Researchers from Proofpoint reveal the details of a wave of phishing attacks impersonating the US Small Business Administration (SBA).
Account Hijacking
Y Multiple Industries
CC
US
Proofpoint, US Small Business Administration, SBA
1.298
10/08/2020
Pysa (AKA Mespinoza)
Piedmont Orthopedics/OrthoAtlanta
Piedmont Orthopedics/OrthoAtlanta is hit with a Pysa (AKA Mespinoza) ransomware attack. The threat actors leak the data.
Microsoft addresses 120 vulnerabilities with its August 2020 Patch Tuesday updates, including two vulnerabilities, CVE-2020-1464 and CVE-2020-1380, actively exploited in attacks.
Vulnerability
Y Multiple Industries
CC
>1
Microsoft, CVE-2020-1464 , CVE-2020-1380
1.309
11/08/2020
?
Single Individuals
Researchers from Check Point reveal the details of multiple phishing campaigns exploiting the promise of a COVID-19 vaccine.
Account Hijacking
X Individual
CC
>1
COVID-19, Check Point
1.310
11/08/2020
?
FHN
Illinois healthcare system FHN notifies patients of a phishing attack that took place in February and was discovered in April.
Account Hijacking
Q Human health and social work activities
CC
US
FHN
1.311
11/08/2020
?
Adit
An unsecured database with 3.1 million patients' details is exposed by a medical software company and subsequently destroyed by a "meow" attack.
Misconfiguration
M Professional scientific and technical activities
CC
US
Adit, meow
1.312
12/08/2020
The Lazarus Group AKA Hidden Cobra AKA APT37
Israeli Defense Industry
Researchers from ClearSky reveal that hackers from North Korea were able to steal sensitive information from dozens of companies in the defense sector. The campaign is dubbed Dreamjob.
Targeted Attack
O Public administration and defence, compulsory social security
CE
IL
ClearSky, North Korea, The Lazarus Group, Hidden Cobra, APT37
1.313
12/08/2020
?
Various government organization in the U.S.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) releases an alert about phishing attacks targeting various government organizations to steal logins for the Small Business Administration COVID-19 loan relief accounts.
Account Hijacking
O Public administration and defence, compulsory social security
CC
US
The U.S. Cybersecurity and Infrastructure Security Agency, CISA, COVID-19
1.314
12/08/2020
DarkHotel?
Undisclosed South Korean Company
Researchers from Kaspersky reveal the details of "Operation PowerFall,” an attack occurred in May, relying on two unknown vulnerabilities back then: CVE-2020-1380 and CVE-2020-0986.
An alleged cyber attack by Indian intelligence agencies is identified by the Pakistani intelligence.
Unknown
O Public administration and defence, compulsory social security
CE
PK
India, Pakistan
1.316
12/08/2020
?
NHS
A report reveals that NHS staff were hit with a wave of malicious email attacks at the height of the COVID-19 pandemic, with doctors, nurses and other key workers reporting over 40,000 spam and phishing attacks between March and the first half of July.
Account Hijacking
O Public administration and defence, compulsory social security
CC
UK
NHS, COVID-19
1.317
12/08/2020
?
Flintshire Council
Personal information of people who left comments about local planning issues on Flintshire council's website is hacked.
Unknown
O Public administration and defence, compulsory social security
CC
UK
Flintshire Council
1.318
12/08/2020
?
Multiple targets
Researchers from Juniper discover a new phishing campaign targeting business customers with a new version of the IceID malware using password protection, among other techniques, to avoid detection.
Malware
Y Multiple Industries
CC
>1
Juniper, IcedID
1.319
13/08/2020
Russian Intelligence Directorate (GRU)
Multiple targets
The NSA and FBI warn about espionage operations from the Russian Intelligence Directorate (GRU) using a previously undisclosed Linux malware toolset called Drovorub.
Researchers from Group-IB reveal the details of RedCurl, a cyber espionage group conducting carefully planned attacks against victims in a wide geography to steal confidential corporate documents.
Targeted Attack
Y Multiple Industries
CE
>1
Group-IB, RedCurl
1.321
13/08/2020
?
Banking users in multiple countries
Researchers from ESET reveal the details of Mekotio, a banking trojan targeting users in multiple countries (including Mexico, Brazil, Chile, Spain, Peru, and Portugal).
Malware
K Financial and insurance activities
CC
>1
ESET, Mekotio, Mexico, Brazil, Chile, Spain, Peru, Portugal
1.322
13/08/2020
?
U.S. Financial Industry Regulatory Authority (FINRA) members
The U.S. Financial Industry Regulatory Authority (FINRA) warns its members that a copycat site is impersonating them and potentially being used in phishing attacks.
Account Hijacking
K Financial and insurance activities
CC
US
U.S. Financial Industry Regulatory Authority, FINRA
1.323
13/08/2020
?
Nykaa
Nykaa, an Indian retail seller of beauty, wellness and fashion, loses Rs 62 lakh (around USD 85,000) after the email of an Italian supplier is spoofed.
Business Email Compromise
G Wholesale and retail trade
CC
IN
Nykaa
1.324
13/08/2020
CactusPete (AKA Karma Panda or Tonto Team)
Financial and military organizations in Eastern Europe
Researchers from Kaspersky discover a new campaign carried out by Cactus Pete, an APT linked to the Chinese military.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, Cactus Pete, Karma Panda, Tonto Team
1.325
13/08/2020
?
Bletchley Park Trust
The Bletchley Park Trust is another victim hit in Blackbaud breach.
Malware
R Arts entertainment and recreation
CC
UK
Bletchley Park Trust, ransomware, Blackbaud
1.326
13/08/2020
?
Harvard University
Even the Harvard University might have compromised by the Blackbaud breach.
Malware
P Education
CC
US
Harvard University, ransomware, Blackbaud
1.327
13/08/2020
?
Verizon customers
Researchers from Armorblox discover a new phishing campaign targeting Verizon customers to steal user credentials, passwords and personal details.
Account Hijacking
J Information and communication
CC
US
Armorblox, Verizon
1.328
13/08/2020
?
FuhrparkService (BWFU)
Unknown hackers infiltrate the FuhrparkService (BWFU) transport fleet, Germany's state-owned vehicle fleet, which provides chauffeurs for parliamentarians and is run by the Bundeswehr military.
Unknown
O Public administration and defence, compulsory social security
CC
DE
FuhrparkService, BWFU
1.329
14/08/2020
Defray
R1 RCM Inc
R1 RCM Inc., one of the US largest medical debt collection companies, is hit in a ransomware attack.
Malware
Q Human health and social work activities
CC
US
R1 RCM Inc, Defray, ransomware
1.330
14/08/2020
?
U.S. Businesses
The Emotet malware has begun to spam COVID-19 related emails to U.S. businesses
Malware
Y Multiple Industries
CC
US
Emotet
1.331
14/08/2020
?
Multiple Targets
Researchers from Menlo Security reveal the details of Duri, a new attack campaign using a combination of HTML smuggling techniques and data blobs to evade detection and download malware.
Malware
Y Multiple Industries
CC
>1
Menlo Security, Duri, HTML smuggling
1.332
14/08/2020
?
Multiple targets
Researchers from Trend Micro discover XCSSET, a malware family exploiting Xcode projects to spread a form of Mac malware specializing in the compromise of Safari and other browsers.
Targeted Attack
Y Multiple Industries
CE
>1
Trend Micro, XCSSET, Xcode, Mac
1.333
14/08/2020
Hackers from North Korea
Multiple targets
The US Cybersecurity and Infrastructure Security Agency (CISA) publishes an alert on a new wave of attacks delivering the KONNI remote access Trojan (RAT).
Targeted Attack
Y Multiple Industries
CE
US
US Cybersecurity and Infrastructure Security Agency, CISA, KONNI
1.334
14/08/2020
?
ASDA Supermarket shoppers in the UK
ASDA Supermarket shoppers in the UK are targeted by a phishing scam run via Facebook and Twitter.
Account Hijacking
G Wholesale and retail trade
CC
UK
ASDA
1.335
14/08/2020
?
Gwinnet County High School
Gwinnet County High School is zoom bombed.
Zoom bombing
P Education
CC
US
Gwinnet County High School
1.336
14/08/2020
?
Oklahoma State Board of Education
Oklahoma State Board of Education is zoom bombed.
Zoom bombing
P Education
CC
US
Oklahoma State Board of Education, Zoom
1.337
15/08/2020
?
Carnival Corporation
Cruise line operator Carnival Corporation discloses that one of their brands suffered a ransomware attack.
Malware
R Arts entertainment and recreation
CC
US/UK
Carnival Corporation, ransomware
1.338
15/08/2020
?
GCKey
Canadian government sites used to provide access to crucial services for immigration, taxes, pension, and benefits are breached in a coordinated attack to steal COVID-19 relief payments. The online portal referred to as GCKey is a critical single sign-on (SSO) system used by the public to access multiple Canadian government services.
Credential Stuffing
O Public administration and defence, compulsory social security
CC
CA
COVID-19, GCKey
1.339
15/08/2020
Sodinokibi (AKA REvil)
Brown-Forman
Brown-Forman, one of the largest U.S. companies in the spirits and wine business, suffers a ransomware attack. The intruders allegedly copied 1TB of confidential data.
Malware
I Accommodation and food service activities
CC
US
Sodinokibi, Revil, Brown-Forman
1.340
15/08/2020
?
Customers of Ritz Hotel in London
Diners at the luxury Ritz hotel in London are targeted by "extremely convincing" scammers who posed as hotel staff to steal payment card details. The scammers were able to obtain the victims' reservation details.
Unknown
I Accommodation and food service activities
CC
UK
Ritz Hotel
1.341
15/08/2020
?
Rochester City School District
Rochester City School District is zoom bombed.
Zoom bombing
P Education
CC
US
Rochester City School District, Zoom
1.342
02/08/2020
Maze
Ventura Orthopedics
The Maze ransomware operators add Ventura Orthopedics to their leak site
Malware
Q Human health and social work activities
CC
US
Ventura Orthopedics, Maze, Ransomware
1.343
03/08/2020
Maze
United Memorial Medical Center (UMMC)
The Maze ransomware team adds the United Memorial Medical Center (UMMC) to their leak site.
Malware
Q Human health and social work activities
CC
US
Maze, ransomware, United Memorial Medical Center, UMMC
1.344
03/08/2020
?
Kent State University
Kent State University is among the victims of the Blackbaud ransomware attack.
Malware
P Education
CC
US
Kent State University, Blackbaud, ransomware
1.345
05/08/2020
?
Isetan Mitsukoshi Co.
Isetan Mitsukoshi Co. announces that that, along with its subsidiary MI Card Co., it suffered a data breach affecting approximately 19,000 customers as a result of unauthorized access
Unknown
G Wholesale and retail trade
CC
JP
Isetan Mitsukoshi Co., MI Card Co.
1.346
06/08/2020
?
Cuyahoga Community College Foundation
The Cuyahoga Community College Foundation notifies to be among the organizations affected by the Blackbaud ransomware attack.
Malware
P Education
CC
US
Cuyahoga Community College Foundation, Blackbaud, ransomware
1.347
10/08/2020
DarkSide
Multiple targets
A new ransomware operation named DarkSide begins to attack organizations with customized attacks that have already earned them million-dollar payouts.
Malware
Y Multiple Industries
CC
>1
DarkSide, Ransomware
1.348
10/08/2020
?
Bletchley Park
Bletchley Park joins the list of the victims of the Blackbaud ransomware attack.
Malware
R Arts entertainment and recreation
CC
UK
Bletchley Park, Blackbaud ransomware
1.349
12/08/2020
?
Luminate Education Group (LEG)
Luminate Education Group (LEG) is hit by a cyber attack, affecting Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College and University Centre Leeds.
Unknown
P Education
CC
UK
Luminate Education Group, LEG, Leeds City College, Keighley College, Harrogate College, Leeds Sixth Form College, University Centre Leeds
1.350
12/08/2020
?
RailYatri
An unsecured server of the Indian ticket platform RailYatri exposes the personal information of over 700,000 passengers and is wiped out by a Meow attack.
Misconfiguration
H Transportation and storage
CC
IN
RailYatri, Meow
1.351
15/08/2020
?
Ponca City Schools
Ponca City Schools is the target of ransomware attack.
Malware
P Education
CC
US
Ponca City Schools, ransomware
1.352
16/08/2020
?
600+ organizations worldwide
Vairav Technology uncovers a Microsoft Office 365 phishing campaign targeting more than 600 organizations worldwide.
Account Hijacking
Y Multiple Industries
CC
>1
Vairav Technology, Microsoft Office 365
1.353
17/08/2020
?
Momentum Metropolitan
Financial services group Momentum Metropolitan warns that a third party unlawfully accessed a limited portion of data of a subsidiary of the group.
Unknown
K Financial and insurance activities
CC
ZA
Momentum Metropolitan
1.354
17/08/2020
?
Financial Service Providers
Researchers from Akamai discover a group, using the names Fancy Bear and Armada Collective, launching DDoS attacks against some of the world's biggest financial service providers, including Moneygram and Braintree.
DDoS
K Financial and insurance activities
CC
>1
Akamai, Fancy Bear, Armada Collective, Moneygram, Braintree
1.355
17/08/2020
?
Single individuals
The Criminal Investigation Department (CID) of the West Bengal police warns citizens of fake oximeter apps on mobile phones, leading to phishing attacks and theft of personal data
Account Hijacking
X Individual
CC
IN
Criminal Investigation Department, CID, West Bengal, COVID-19
1.356
17/08/2020
?
East Anglia's Children's Hospices (EACH)
East Anglia's Children's Hospices (EACH) joins the victims of the Blackbaud ransomware cyber attack.
Malware
Q Human health and social work activities
CC
UK
East Anglia's Children's Hospices, EACH, Blackbaud, Ransomware
1.357
17/08/2020
?
Baugo Community Schools
Baugo Community Schools is hit by an unspecified cyber attack via its ISP.
Unknown
P Education
CC
US
Baugo Community Schools
1.358
18/08/2020
TeamTNT
Multiple targets
Researchers from Cado Security discover a cybercrime group known as TeamTNT, using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.
Malware
Y Multiple Industries
CC
>1
Cado Security, TeamTNT, AWS, Docker, Kubernetes
1.359
18/08/2020
HIDDEN COBRA AKA The Lazarus Group AKA APT38
Unnamed organization in the cryptocurrency vertical
Researchers from F-Secure Labs discover a targeted attack against an organization in the cryptocurrency vertical, attributed to the Lazarus Group.
Targeted Attack
V Fintech
CC
N/A
HIDDEN COBRA, The Lazarus Group, F-Secure
1.360
18/08/2020
?
Cleveland Museum of Natural History
Even the Cleveland Museum of Natural History is affected by the Blackbaud ransomware breach.
Malware
R Arts entertainment and recreation
CC
US
Cleveland Museum of Natural History, Blackbaud, ransomware
1.361
19/08/2020
?
Multiple targets
Researchers from Netscout discover a new version of the Lucifer cryptomining DDoS malware, targeting Linux systems.
Malware
Y Multiple Industries
CC
>1
Netscout, Lucifer, Linux
1.362
19/08/2020
HIDDEN COBRA AKA The Lazarus Group AKA APT38
US government contractors
The FBI and CISA issue a joint advisory exposing information on BLINDINGCAN, a RAT malware used by North Korean hackers in attacks targeting government contractors.
Targeted Attack
O Public administration and defence, compulsory social security
CE
US
FBI, CISA, BLINDINGCAN, HIDDEN COBRA, The Lazarus Group, APT38
1.363
19/08/2020
?
Multiple targets
Researchers from Guardicore reveal the details of FritzFrog, a sophisticated botnet campaign attacking SSH servers around the world, since at least January 2020.
Brute-force
Y Multiple Industries
CC
>1
Guardicore, FritzFrog, SSH
1.364
19/08/2020
?
TFI International
The four Canadian courier divisions of TFI International (Canpar Express, ICS Courier, Loomis Express and TForce Integrated Solutions) are hit with a ransomware attack.
The Taiwan Investigation Bureau’s Cyber Security Investigation Office reveals that Chinese hackers have hacked 6000 Taiwan Government email accounts belonging at least 10 Taiwan agencies.
Targeted Attack
O Public administration and defence, compulsory social security
CE
TW
The Taiwan Investigation Bureau’s Cyber Security Investigation Office, Blacktech, Taidoor
1.366
19/08/2020
?
Samaritan Medical Center
After three weeks the Samaritan Medical Center restores from a malware attack.
Malware
Q Human health and social work activities
CC
US
Samaritan Medical Center
1.367
19/08/2020
?
The Donkey Sanctuary
Hackers may have seized childrens' personal details after targeting the Donkey Sanctuary, as a consequence of the Blackbaud breach.
Malware
Q Human health and social work activities
CC
UK
The Donkey Sanctuary, Blackbaud, ransomware
1.368
19/08/2020
?
Lee County High School
Students who logged on to a virtual Spanish class via Google Meet are shown racist, violent and pornographic content by an unknown person who gained access to the lesson.
Account Hijacking
P Education
CC
US
Lee County High School
1.369
19/08/2020
?
Multiple targets
A group of cyber criminals targets organizations via a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.
Account Hijacking
Y Multiple Industries
CC
US
VPN, vishing, COVID-19
1.370
20/08/2020
CCP Unmasked
Knowlesys
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies.
Unknown
M Professional scientific and technical activities
H
CN
Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked
1.371
20/08/2020
CCP Unmasked
Yunrun Big Data Service
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies.
Unknown
M Professional scientific and technical activities
H
CN
Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked
1.372
20/08/2020
CCP Unmasked
OneSight
A group of hackers says they have obtained internal files from three Chinese social media monitoring companies.
Unknown
M Professional scientific and technical activities
H
CN
Knowlesys, Yunrun Big Data Service, OneSight, CCP Unmasked
1.373
20/08/2020
?
University of Utah
The University of Utah reveals to have paid a $457,000 ransomware to prevent threat actors from releasing files stolen during a ransomware attack.
Malware
P Education
CC
US
University of Utah, Ransomware
1.374
20/08/2020
APT from South Korea?
Unnamed architecture firm
Researchers from Bitdefender reveal that an advanced hackers-for-hire group has compromised computers of an architecture firm via a malicious plugin for the Autodesk 3ds Max software.
Malicous Autodesk plugin
M Professional scientific and technical activities
CE
N/A
Bitdefender, Autodesk 3ds Max
1.375
20/08/2020
?
Multiple targets
The FBI and CISA issue a joint advisory warning teleworkers of an ongoing vishing campaign targeting entities from multiple US industry sectors.
Account Hijacking
Y Multiple Industries
CC
US
FBI, CISA, vishing
1.376
20/08/2020
Transparent Tribe
Multiple countries, mainly India and Afghanistan
Researchers from Kaspersky reveal a new operation by the Transparent Tribe APT.
Targeted Attack
Y Multiple Industries
CE
>1
Kaspersky, Transparent Tribe, India, Afghanistan
1.377
20/08/2020
?
SnapFulfil
A UK warehouse management software company, SnapFulfil, is hit by ransomware
Malware
M Professional scientific and technical activities
CC
UK
SnapFulfil, ransomware
1.378
20/08/2020
Maze
SK hynix
South Korean semiconductor manufacturer SK hynix is hit with a Maze ransomware attack.
Malware
C Manufacturing
CC
KR
SK hynix, Maze, ransomware
1.379
21/08/2020
?
Freepik
Freepik says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website.
SQL Injection
S Other service activities
CC
ES
Freepik, Flaticon
1.380
21/08/2020
?
U.S. Financial Industry Regulatory Authority (FINRA) members
The U.S. Financial Industry Regulatory Authority (FINRA) issues a new regulatory notice warning members of threat actors using registered brokers' info to create phishing websites.
Account Hijacking
K Financial and insurance activities
CC
US
U.S. Financial Industry Regulatory Authority, FINRA
1.381
21/08/2020
Maze
Hoa Sen Group
The Maze ransomware operators claim to have breached the steel sheet giant Hoa Sen Group.
Malware
C Manufacturing
CC
VN
Maze, ransomware, Hoa Sen Group
1.382
21/08/2020
?
Spanish users
Researchers from ESET reveal that the operators behind the Grandoreiro banking trojan, have been using emails posing as the Agencia Tributaria to trick Spanish victims into installing the malware.
Malware
X Individual
CC
ES
ESET, Grandoreiro, Agencia Tributaria
1.383
21/08/2020
?
Food Bank of Central & Eastern North Carolina
The Food Bank of Central & Eastern North Carolina reveals it was a victim in the Blackbaud data breach.
Malware
Q Human health and social work activities
CC
US
Food Bank of Central & Eastern North Carolina, Ransomware, Blackbaud
1.384
21/08/2020
?
Planned Parenthood
Even Planned Parenthood is hit with the Blackbaud breach.
Malware
Q Human health and social work activities
CC
US
Planned Parenthood, Blackbaud, Ransomware
1.385
21/08/2020
?
Myerscough College
Myerscough College is hit with a cyber attack.
Unknown
P Education
CC
UK
Myerscough College
1.386
21/08/2020
?
Millbrook Magnet High School
The virtual lessons via Google Meet on Millbrook Magnet High School are disrupted by an intruder.
Account Hijacking
P Education
CC
US
Millbrook Magnet High School, Google Meet
1.387
21/08/2020
?
Oberlin Magnet Middle School
Even the virtual lessons via Google Meet on Oberlin Magnet Middle School are disrupted by an intruder.
Account Hijacking
P Education
CC
US
Oberlin Magnet Middle School, Google Meet
1.388
21/08/2020
?
Multiple targets
Researchers from Mitiga discover a Community Amazon Machine Image infected with malware.
Malware
Y Multiple Industries
CC
>1
Amazon Machine Image, Mitiga
1.389
21/08/2020
?
Multiple MSPs
Researchers from Huntress Labs discover a malware campaign targeting MSPs and using multiple strategies to go undetected.
Malware
M Professional scientific and technical activities
CC
>1
Huntress Labs
1.390
21/08/2020
?
Mental Health Partners
Mental Health Partners notified clients and employees about an employee email account compromise discovered in late March.
Account Hijacking
Q Human health and social work activities
CC
US
Mental Health Partners
1.391
21/08/2020
?
Multiple targets
Researchers from Sophos discover a new phishing campaign pretending to delivery a mail issue notification and delivering the malicious payload from Azure.
Account Hijacking
Y Multiple Industries
CC
>1
Sophos, Azure
1.392
22/08/2020
?
Tempo.co
Tempo.co, a news site that criticized the local government for the strategy adopted against the pandemic is defaced.
Defacement
J Information and communication
CC
ID
Tempo.co
1.393
22/08/2020
?
Center for Indonesia’s Strategic Development Initiatives (CISDI)
The Center for Indonesia’s Strategic Development Initiatives (CISDI), also known to be critical of the Indonesian government’s coronavirus policies, is defaced.
Defacement
Q Human health and social work activities
CC
ID
Center for Indonesia’s Strategic Development Initiatives, CISDI
1.394
22/08/2020
?
Twitter account of Pandu Riono
The Twitter account of Pandu Riono, an epidemiologist at the University of Indonesia (UI), also critical against the Indonesian government, is hijacked.
Account Hijacking
X Individual
CC
ID
Twitter, Pandu Riono
1.395
23/08/2020
?
Gosnell School District
The Gosnell School District is hit with a ransomware attack.
Malware
P Education
CC
US
Gosnell School District, ransomware
1.396
23/08/2020
?
Rialto Unified School District
Even the Rialto Unified School District is hit with a ransomware attack.
Malware
P Education
CC
US
Rialto Unified School District, ransomware
1.397
24/08/2020
Iranian hackers
Multiple targets
Researchers from Group-IB expose a low-skilled group of Iranian hackers exploiting exposed RDP servers to deploy the Dharma ransomware.
Malware
Y Multiple Industries
CC
>1
Group-IB, Iran, RDP, Dharma, Ransomware
1.398
24/08/2020
SunCrypt
Haywood County School district
The SunCrypt Ransomware shuts down the Haywood County School district.
Malware
P Education
CC
US
SunCrypt, Ransomware, Haywood County School district.
1.399
24/08/2020
?
Empire Market
The dark web site Empire Market is hit by a prolonged DDoS attack, before its admins decide to abruptly leave the business.
DDoS
S Other service activities
CC
N/A
Empire Market
1.400
24/08/2020
?
Vulnerable WordPress servers
Researchers from WebARX reveal that hackers are actively targeting and trying to exploit SQL injection, authorization issues, and unauthenticated XSS vulnerabilities in the Discount Rules for WooCommerce WordPress, a plugin with more than 30,000 installations.
Vulnerability
Y Multiple Industries
CC
>1
WebARX, Discount Rules for WooCommerce, WordPress
1.401
24/08/2020
?
iOS users
Security firm Snyk claims to have found malicious code inside SourMint, a Chinese iOS SDK by Mintegral, used by more than 1,200 iOS applications, all collectively downloaded more than 300 million times per month.
Malware
X Individual
CC
>1
Snyk, Mintegral, iOS, SourMint
1.402
24/08/2020
DeathStalker
Organizations in the financial sector
Researchers from Kaspersky reveal the details of a hack-for-hire group, tracked as DeathStalker, targeting organizations in the financial sector since 2012.
Targeted Attack
K Financial and insurance activities
CC
>1
Kaspersky, DeathStalker
1.403
24/08/2020
?
Multiple targets
Researchers from KnowBe4 discover a wave of phishing campaigns exploiting AWS to deliver the Malicous payload.
Account Hijacking
Y Multiple Industries
CC
>1
KnowBe4, AWS
1.404
24/08/2020
?
Transsion Tecno W2 handsets mainly in Egypt, Ethiopia, South Africa, Cameroon, Ghana
Researchers from Secure-D Lab discover a new Chinese handset with pre-installed Triada malware.
Rialto Unified School District is affected by malware
Malware
P Education
CC
US
Rialto Unified School District
1.406
24/08/2020
?
Holden Forests and Gardens
Holden Forests and Gardens reveals to have been affected by the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
Holden Forests and Gardens, Blackbaud, ransomware
1.407
25/08/2020
?
New Zealand’s stock exchange (NZX)
New Zealand’s stock exchange (NZX) is hit by DDoS attacks in the last two days.
DDoS
K Financial and insurance activities
CC
NZ
New Zealand’s stock exchange, NZX
1.408
25/08/2020
?
38 Japanese companies including Sumitomo Forestry Co. and Hitachi Chemical Co.
38 Japanese companies have authentication information to access their virtual private networks stolen and leaked.
Vulnerability
Y Multiple Industries
CC
JP
Sumitomo Forestry Co.. Hitachi Chemical Co., CVE-2019-11510
1.409
25/08/2020
DarkSide
Brookfield Residential
Brookfield Residential is one of the first victims of the new DarkSide Ransomware.
Malware
L Real estate activities
CC
CA
Brookfield Residential, DarkSide, Ransomware
1.410
25/08/2020
?
Multiple targets
Researchers from Sophos discover a new version of the Lemon_Duck cryptominer updated to compromise Linux machines via SSH brute force attacks, to exploit SMBGhost-vulnerable Windows systems, and to infect servers running Redis and Hadoop instances.
Researchers from Armorblox detect a phishing campaign delivering the phishing page from Box.
Account Hijacking
Y Multiple Industries
CC
>1
Armorblox, Box
1.412
25/08/2020
?
Crypto currency traders
Researchers from Abnormal Security reveal that Cyber-criminals have been impersonating the well-known Bitcoin BTC ERA trading platform in order to infect users of the online currency with malware.
Malware
V Fintech
CC
>1
Abnormal Security, Bitcoin BTC ERA
1.413
25/08/2020
?
North Okanagan Pediatric Clinic
The North Okanagan Pediatric Clinic reveals to have been hacked in late May 2020.
Unknown
Q Human health and social work activities
CC
US
North Okanagan Pediatric Clinic
1.414
26/08/2020
BeagleBoyz
Several international banks
A joint advisory issued by several U.S. Government agencies reveals that North Korean hackers tracked as BeagleBoyz have been using malicious remote access tools as part of ongoing attacks to steal millions from international banks. The campaign is called "Fast Cash"
Malware
K Financial and insurance activities
CC
>1
BeagleBoyz, North Korea, Fast Cash
1.415
26/08/2020
China
Twitter users
Social media research group Graphika identifies Dracula, a Twitter botnet of around 3,000 bots that pushed pro-Chinese political spam, echoing official messaging released through state propaganda accounts.
Fake Social Network accounts/groups/pages
X Individual
CW
>1
Graphika, Dracula, Twitter, China
1.416
26/08/2020
?
Multiple targets
Microsoft warns of a recently uncovered piece of malware, tracked as Anubis, designed to steal information from infected systems.
Malware
Y Multiple Industries
CC
>1
Microsoft, Anubis
1.417
26/08/2020
China?
US organizations doing business in China
The FBI and CISA issue another warning to organizations doing business in China after reports of a potentially widespread attempt to remotely target them with powerful malware hidden in tax software.
Malware
Y Multiple Industries
CE
US
FBI, CISA, China, GoldenHelper
1.418
26/08/2020
?
MetroHealth Foundation
The MetroHealth Foundation is among the victims of the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
MetroHealth Foundation, Blackbaud, ransomware
1.419
27/08/2020
Netwalker
Argentina's official immigration agency, Dirección Nacional de Migraciones,
Argentina's official immigration agency, Dirección Nacional de Migraciones, suffers a Netwalker ransomware attack that temporarily halts border crossing into and out of the country.
Malware
O Public administration and defence, compulsory social security
CC
AR
Dirección Nacional de Migraciones, Ransomware, Netwalker
1.420
27/08/2020
Charming Kitten, AKA APT35, NewsBeef, Newscaster, or Ajax
Academia experts, human rights activists, and journalists specialized in Iranian affairs
Researchers from ClearSky reveal that Iranian government hackers have impersonated journalists to reach out to targets via LinkedIn, and set up WhatsApp calls to win their trust, before sharing links to phishing pages and malware-infected files.
Researchers from Check Point discover a new Qbot campaign, stealing full email threads to use in reply-chain.
Malware
Y Multiple Industries
CC
>1
Check Point, Qbot
1.422
27/08/2020
?
Data#3
Australian IT vendor Data#3 notifies to have experienced what it dubbed as a "cyber incident".
Unknown
J Information and communication
CC
AU
Data#3
1.423
27/08/2020
REvil AKA Sodinokibi
Valley Health Systems
REvil ransomware operators claim to have breached Valley Health Systems.
Malware
Q Human health and social work activities
CC
US
REvil, Sodinokibi, Ransomware, Valley Health Systems
1.424
27/08/2020
?
Misconfigured Docker containers
Researchers from Palo Alto Networks reveal the details of Cetus, a new Docker cryptojacking worm mining for Monero.
Misconfiguration
Y Multiple Industries
CC
>1
Palo Alto Networks, Cetus
1.425
27/08/2020
?
NCR Corporation
NCR Corporation confirms that it found malware-infected computers in an isolated non-production lab environment outside of the U.S., but claims its clients were never at risk of a secondary infection.
Malware
C Manufacturing
CC
US
NCR Corporation
1.426
27/08/2020
DoppelPaymer
Amphastar Pharmaceuticals
Amphastar Pharmaceuticals reveals to have been hit with a DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21.
Malware
C Manufacturing
CC
US
Amphastar Pharmaceuticals, DoppelPaymer ransomware attack on May 2, after Company data is posted on July 21.
1.427
27/08/2020
?
Clark County School District
The Clark County School District notifies parents after a "data security incident".
Unknown
P Education
CC
US
Clark County School District
1.428
27/08/2020
?
Single individuals
Researchers at Area 1 Security discover a global phishing campaign that purports to offer information about surgical masks and other protective equipment for the COVID-19 pandemic, infecting victims' devices with the AgentTesla RAT.
Account Hijacking
X Individual
CC
>1
Area 1 Security, COVID-19, AgentTesla
1.429
28/08/2020
UltraRank
700 websites and more than a dozen third-party service providers
Security researchers from Group-IB reveal the details of UltraRank, a cybercriminal group specialized in infecting online shops to steal payment card data, responsible for compromising almost 700 websites and more than a dozen third-party service providers.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Group-IB, UltraRank
1.430
28/08/2020
?
"Fall Guys: Ultimate Knockout" players
The npm security team removes a malicious JavaScript library, named "fallguys", from the npm portal, designed to steal sensitive files from an infected users' browser and Discord application.
Malware
X Individual
CC
>1
JavaScript, npm, fallguys, Discord
1.431
28/08/2020
?
Several ISPs across Europe
More than a dozen ISPs across Europe report DDoS attacks targeting their DNS infrastructure. The list includes Belgium's EDP, France's Bouygues Télécom, FDN, K-net, SFR, and the Netherlands' Caiway, Delta, FreedomNet, Online.nl, Signet, and Tweak.nl.
The Irish Department of Social Protection warns against “sophisticated” phishing scams.
Account Hijacking
X Individual
CC
IE
Department of Social Protection
1.433
28/08/2020
?
Multiple targets
Email service provider Sendgrid suffers an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks.
Account Hijacking
Y Multiple Industries
CC
>1
Sendgrid
1.434
28/08/2020
?
Turkish Instagram users
Researchers from Trend Micro reveal that Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials.
Account Hijacking
X Individual
CC
TR
Trend Micro, Instagram
1.435
28/08/2020
?
PULAU Corporation
Defense supplier PULAU Corporation notifies their employees about an intrusion and unauthorized access into parts of their network between June 11 and June 29.
Unknown
C Manufacturing
CC
US
PULAU Corporation
1.436
28/08/2020
?
Rocky Mount
Rocky Mount is hit with a ransomware attack.
Malware
O Public administration and defence, compulsory social security
CC
US
Rocky Mount, Ransomware
1.437
28/08/2020
?
Selma Unified School District
Selma Unified School District is hit with a ransomware attack.
Malware
P Education
CC
US
Selma Unified School District, ransomware
1.438
29/08/2020
?
Utah Pathology Services
Utah Pathology Services notifying more than 110,000 patients of a data breach when the personal information of certain individuals was accessible to an unauthorized party:
Unknown
Q Human health and social work activities
CC
US
Utah Pathology Services
1.439
30/08/2020
John Wick?
PayTM Group
PayTM Group suffers a breach after hackers from John Wick access its internal database.
Vulnerability
K Financial and insurance activities
CC
>1
PayTM Group, John Wick
1.440
30/08/2020
?
Android users
Google removes 56 Android applications from the official Google Play Store that the company says were part of Terracotta, an ad fraud botnet discovered by White Ops.
Malware
X Individual
CC
>1
Android, Google Play Store, Terracotta, White Ops
1.441
30/08/2020
?
Unknown Bitcoin user
A user loses 1400 Bitcoin ($16 million worth) via a fake bitcoin wallet.
Malware
K Financial and insurance activities
CC
N/A
Bitcoin
1.442
30/08/2020
?
Greenville Technical College
Greenville Technical College acknowledges to have been hit with a ransomware attack, while the threat actors claim to have successfully exfiltrated personal information of staff and students.
Malware
P Education
CC
US
Greenville Technical College
1.443
31/08/2020
Pioneer Kitten
Multiple targets
Researchers from Crowdstrike reveal that a group of Iranian hackers tracked as Pioneer Kitten is selling corporate-network credentials on hacker forums. The credentials have been obtained from vulnerable VPN devices.
Cisco warns that threat actors are trying to exploit two high severity memory exhaustion denial-of-service (DoS) vulnerabilities in the company's Cisco IOS XR software that runs on carrier-grade routers.
Vulnerability
Y Multiple Industries
CC
>1
Cisco, CVE-2020-3566, CVE-2020-3569
1.445
31/08/2020
?
American Payroll Association (APA)
The American Payroll Association (APA) discloses a data breach affecting members and customers after attackers successfully planted a web skimmer on the organization's website login and online store checkout pages.
Malicious Script Injection
S Other service activities
CC
US
American Payroll Association, APA, Magecart
1.446
31/08/2020
?
Multiple e-commerce targets
Visa issues a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Visa, JavaScript, Baka
1.447
31/08/2020
?
MacOS users
Security researchers discover that the authors of the Shlayer malware have been able to bypass the Apple's automated notarizing process.
Malware
X Individual
CC
>1
Shlayer, Apple, MacOS
1.448
31/08/2020
?
Vulnerable QNAP devices
Researchers from Qihoo 360 reveal that hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a RCE vulnerability to implant backdoor.
Vulnerability
Y Multiple Industries
CC
>1
Qihoo 360, QNAP, RCE
1.449
31/08/2020
?
Android users
Researchers at Pradeo discover six new Android apps infected with Joker malware,
Malware
X Individual
CC
>1
Pradeo, Android, Joker
1.450
31/08/2020
?
Multiple targets
Researchers from KnowBe4 discover a wave of phishing campaigns exploiting Slack to deliver phishing pages.
Account Hijacking
Y Multiple Industries
CC
>1
KnowBe4, Slack
1.451
31/08/2020
?
Atrium Health
Atrium Health joins the list of the victims of the Blackbaud ransomware attack.
Malware
Q Human health and social work activities
CC
US
Atrium Health, Blackbaud, ransomware
1.452
17/07/2020
?
Somerset Berkley Regional High School
Somerset Berkley Regional High School is hit with a ransomware attack
Malware
P Education
CC
US
Somerset Berkley Regional High School, ransomware
1.453
30/08/2020
DoppelPaymer
Newcastle University
The Newcastle University is hit with a DoppelPaymer ransomware attack.
Malware
P Education
CC
UK
Newcastle University, DoppelPaymer, ransomware
1.454
31/08/2020
?
Multiple targets
Visa issues a warning regarding a new JavaScript e-commerce skimmer known as Baka that will remove itself from memory after exfiltrating stolen data.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Visa, JavaScript, Baka
1.455
31/08/2020
?
Northumbria University
Northumbria University is also hit with a ransomware attack.
Malware
P Education
CC
UK
Northumbria University, ransomware
1.456
28/08/2020
Kimsuky
28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.
Kimsuky, a hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.
Targeted Attack
U Activities of extraterritorial organizations and bodies
CE
N/A
Kimsuky, United Nations
1.457
31/08/2020
?
Anglicare Sidney
Anglicare Sydney is hit with a ransomware attack and 17GB of its data is transmitted “to a remote location”.
Malware
Q Human health and social work activities
CC
AU
Anglicare Sidney, ransomware
1.458
01/09/2020
Russia?
Norwegian Parliament (Stortinget)
Attackers compromise a limited number of email accounts of Norwegian Parliament (Stortinget) representatives and employees. Fingers are pointed to Russia
Targeted Attack
O Public administration and defence, compulsory social security
CE
NO
Norwegian Parliament, Stortinget, Russia
1.459
01/09/2020
RansomExx AKA Defray
SoftServe
Ukrainian software developer and IT services provider SoftServe suffers a RansomExx ransomware attack
Malware
M Professional scientific and technical activities
CC
UA
SoftServe, RansomExx, Defray
1.460
01/09/2020
ProLock
Multiple targets
The FBI issues a second warning to alert US companies of ProLock ransomware operators stealing data from compromised networks before encrypting their victims' systems.
Malware
Y Multiple Industries
CC
US
FBI, ProLock, ransomware
1.461
01/09/2020
?
Warner Music Group (WMG)
Warner Music Group (WMG) discloses a data breach affecting customers' personal and financial information after several of its US-based e-commerce stores were hacked in April 2020 in what looks like a Magecart attack.
Malicious Script Injection
R Arts entertainment and recreation
CC
US
Warner Music Group, WMG, Magecart
1.462
01/09/2020
?
Vulnerable Wordpress sites
Researchers from Wordfence reveal that hackers are actively exploiting a critical RCE vulnerability that allows to upload scripts and execute arbitrary code on WordPress sites running vulnerable File Manager plugin versions.
Vulnerability
Y Multiple Industries
CC
>1
Wordfence, File Manager
1.463
01/09/2020
?
Multiple targets
Researchers from Malwarebytes analyze a new credit card skimmer exfiltrating data via Telegram.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
Malwarebytes, Telegram, Magecart
1.464
01/09/2020
Epic Manchego
Companies all over the world
Researchers from NVISO Labs reveal the details of Epic Manchego, a malware gang, active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document.
Malware
Y Multiple Industries
CC
>1
NVISO Labs, Epic Manchego, Excel
1.465
01/09/2020
Russia?
Facebook and Twitter users
Facebook and Twitter remove social media accounts for a news organization going by the name of PeaceData, which they linked to Russia's state propaganda efforts.
Fake Social Network accounts/groups/pages
X Individual
CW
>1
Facebook, Twitter, PeaceData, Russia
1.466
01/09/2020
?
Catholic Health
Catholic Health joins the list of the entities hit with the Blackbaud breach.
Malware
Q Human health and social work activities
CC
US
Catholic Health, Blackbaud, ransomware
1.467
01/09/2020
?
Roswell Park Alliance Foundation
Even the Roswell Park Alliance Foundation is hit by the Blackbaud breach.
Malware
Q Human health and social work activities
CC
US
Roswell Park Alliance Foundation, Blackbaud, ransomware
1.468
01/09/2020
?
Several million American voters
A database containing several million American voters’ personal information appears on the Russian dark web.
Unknown
Z Unknown
CC
US
American voters
1.469
01/09/2020
?
Bykea
Unidentified hackers successfully infiltrate and delete the entire database of Bykea, a Pakistan-based vehicle for hire and delivery company.
Unknown
H Transportation and storage
CC
PK
Bykea
1.470
01/09/2020
?
Georgian Ministry of Health
Hackers break into the Georgian Ministry of Health to steal data on the Russian nerve agent Novichok
Targeted Attack
O Public administration and defence, compulsory social security
CE
GE
Georgian Ministry of Health
1.471
01/09/2020
?
Canadian Ministry of Justice
The Canadian Ministry of Justice is hit with an Emotet attack.
Malware
O Public administration and defence, compulsory social security
CC
CA
Canadian Ministry of Justice, Emotet
1.472
01/09/2020
?
Mansfield City Schools
The Mansfield City Schools District is hit with a cyber attack.
Unknown
P Education
CC
US
Mansfield City Schools
1.473
01/09/2020
?
St. Louis County
The St. Louis County website goes down without notice after a cyber attack.
Unknown
O Public administration and defence, compulsory social security
CC
US
St. Louis County
1.474
02/09/2020
?
Cryptocurrency users in the Czech Republic and Slovakia
Researchers from ESET discover KryptoCibule, a new malware family focused on getting as much cryptocurrency as possible from its victims.
Malware
V Fintech
CC
>1
ESET, KryptoCibule, Crypto
1.475
02/09/2020
?
Multiple targets
Researchers from Tencent discover MrbMiner, a malware targeting vulnerable exposed Microsoft MSSQL servers.
Malware
Y Multiple Industries
CC
>1
Tencent, MrbMiner, Microsoft MSSQL
1.476
02/09/2020
?
K7Maths
A leak from K7Maths, an online service providing school e-learning solutions, causes the compromise of the personal details of more than one million students, teachers, and staff.
Misconfiguration
P Education
CC
AU
K7Maths
1.477
02/09/2020
?
Hartford School District
The Hartford School District in Connecticut postpones the first day of school after a ransomware attack.
Malware
P Education
CC
US
Hartford School District, ransomware
1.478
02/09/2020
Belarusians government?
Belarusians attending anti-government protests
Google removes from the Play Sore NEXTA LIVE, an Android used to collect personal information from Belarusians attending anti-government protests.
Malware
X Individual
CE
BY
Google, Play Sore NEXTA LIVE, Android
1.479
02/09/2020
?
Meteorological Service of New Zealand (Metservice)
The Meteorological Service of New Zealand (Metservice) is hit with a DDoS attack.
DDoS
O Public administration and defence, compulsory social security
CC
NZ
Meteorological Service of New Zealand, Metservice
1.480
02/09/2020
TA413
European diplomatic entities and the Tibetan community
Researchers from Proofpoint reveal the details of a new campaign targeting European diplomatic entities and the Tibetan community with the Sepulcher malware.
Targeted Attack
Y Multiple Industries
CE
>1
TA413, Sepulcher, Proofpoint
1.481
02/09/2020
?
Jewish Federation of Greater Washington
The Jewish Federation of Greater Washington reports a hack that stole $7.5 million from its endowment fund and funneled the money into international accounts.
Account Hijacking
S Other service activities
CC
US
Jewish Federation of Greater Washington
1.482
02/09/2020
?
Multiple targets
Researchers from RiskIQ reveal the details of Inter, a Magecart Skimming Tool affecting more than 1,500 Sites.
Malicious Script Injection
G Wholesale and retail trade
CC
>1
RiskIQ, Inter, Magecart
1.483
02/09/2020
?
Multiple targets
Researchers from Sophos discover a new phishing campaign using Sharepoint and OneNote to avoid detection.
Account Hijacking
Y Multiple Industries
CC
>1
Sophos, Sharepoint, OneNote
1.484
03/09/2020
John Wick
Twitter account of Indian Prime Minister Narendra Modi
The Twitter account of Indian Prime Minister Narendra Modi is hacked.
Account Hijacking
X Individual
CC
IN
Twitter, Narendra Modi, John Wick
1.485
03/09/2020
Evilnum
Financial tech organizations
Researchers from Cybereason unveil the latest campaign by Evilnum, using a Python RAT dubbed PyVil RAT.
