Ransomware Gang Demands $42 Million From Celebrity Law Firm
15th May 2020 | Target: Grubman Shire Meiselas & Sacks | Reported Here
The criminal group behind the REvil (Sodinokibi) ransomware is extorting a New York-based law firm, threatening to release sensitive files on the company’s celebrity clients unless the the firm pays a whopping $42 million ransom demand.
The extortion attempt is the result of a ransomware infection that Grubman Shire Meiselas & Sacks (GSMS) suffered last week.
GoDaddy Suffers Data Breach
5th May 2020 | Target: GoDaddy | Reported Here
GoDaddy has confirmed a data breach that occurred back in October, impacting web hosting account credentials. The breach was caused by an unauthorized individual.
With the case, reported by ZDNet, the person was able to access login credentials of SSH accounts used in GoDaddy’s hosting environment. The company discovered an “unauthorized individual” had gained access to login credentials that enabled them to “connect to SSH” on the affected hosting accounts. The security incident that took place on October 19, 2019, was discovered on April 23, 2020.
Taiwan’s CPC suffers malware attack
4th May 2020 | Target: CPC Crop | Reported Here
Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop.
Ransomware Payments Surge 33% as Attacks Target Remote Access
1st May 2020 | Target: Various Enterprise | Reported Here
The average sum paid by enterprises to ransomware attackers surged by 33% quarter-on-quarter in the first three months of the year, as victim organizations struggled to mitigate remote working threats, according to Coveware.
The security vendor analyzed ransomware cases handled by its own incident response team during the period to compile its latest findings.
Nintendo Breach Affects 160,000 User Accounts
24th April 2020 | Target: Nintendo | Reported Here
Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system.
Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were logging into victims’ accounts and abusing the payment cards connected to the accounts to buy digital goods on Nintendo’s online stores, such as V-Bucks, in-game currency used in Fortnite.
Hackers Target Netflix and Disney+ with #COVID19 Phishing
19th April 2020 | Target: Netflix, Disney+ | Reported Here
Hackers are turning their attention to streaming services in an ongoing bid to capitalize on the current COVID-19 pandemic and increase their own profits, according to Mimecast.
The email security vendor revealed that it had detected the registration of over 700 suspicious domains designed to impersonate the Netflix brand in under a week. The recently launched Disney+ service is also coming under increasing scrutiny from black hats, it claimed.
Equifax pays Indiana $19.5m to settle data breach case
16th April 2020 | Target: Equifax | Reported Here
On April 14, 2020, the Indiana Attorney General’s office announced that the state had reached a settlement agreement with Equifax in connection with Equifax’s 2017 data breach. Under the terms of the settlement, Equifax will pay a $19.5 million penalty. Indiana previously elected not to participate in a July 2019 multistate and Federal Trade Commission settlement with Equifax regarding the same data breach..
Number of leaked government records increases by 278% in Q1, 2020
15th April 2020 | Target: Government | Reported Here
There has been a huge rise in the number of breached records of governments and individual politicians in the first quarter of 2020, according to research from Atlas VPN. The study showed there were 17 million leaked government records during this period: a 278% increase compared with the first quarter of 2019.
Australians Arrested Over $2.6m Email Scam
3rd April 2020 | Target: Various Businesses | Reported Here
NSW Police have charged two men over their alleged involvement in a $2.6 million email scam syndicate.
The scam involved sending altered invoices to legitimate businesses which unwittingly paid the scammers who then transferred the money into their personal bank accounts.
New Marriott data breach impacts 5.2 million guests
31st March 2020 | Target: Marriott | Reported Here
Hotel chain Marriott International announced today that it has suffered a second data breach.
According to an incident notification published on their website, the company spotted unusual activity occurring in an app that guests use to access services during their stay.
An investigation into the activity revealed that the login credentials of two Marriott employees had been used to access “an unexpected amount” of guest information.
