-
Multiple organizations in Ukraine
May 7, 2022
Ukraine's Computer Emergency Response Team (CERT-UA) warns of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments.
-
Community Psychiatry Management
May 7, 2022
•
[ hack, phishing, healthcare ]
Community Psychiatry Management, which does business under the name Mindpath Health, files notice of a data breach after discovering that an unauthorized party was able to gain access to two employee email accounts containing confidential patient information
-
Official OpenSea Discord Channel
May 6, 2022
•
[ hack, phishing, finance ]
OpenSea, a non-fungible token marketplace, is the victim of a hack on its main Discord channel: threat actors post fake announcements about partnerships between OpenSea and other projects.
-
WellDyneRx
May 6, 2022
•
[ social, phishing, healthcare ]
WellDyneRx, a pharmacy benefits service provider, discloses to have been hit by a phishing attack.
-
BlackBerry Fans
May 6, 2022
•
[ hack, misconfiguration, technology ]
In May 2022, the Chinese BlackBerry enthusiasts website BlackBerry Fans suffered a data breach that exposed 174k member records. The impacted data included usernames, email and IP addresses and passwords stored as salted MD5 hashes.
-
CorpMSP
May 5, 2022
•
[ leak, government ]
NB65, a group affiliated to the Anonymous leak a 482.5 GB archive containing 75,000 files, emails and disk images from CorpMSP. a federal institution providing support to small and medium-sized businesses.
-
Ferrari
May 5, 2022
One of Ferrari's subdomains (forms.ferrari.com) is hijacked to host a scam promoting fake Ferrari NFT collection.
-
Undisclosed organzations
May 5, 2022
Google releases the second part of the May security patch for Android, including a fix for CVE-2021-22600, an actively exploited Linux kernel vulnerability.
-
AGCO
May 5, 2022
•
[ ransomware, malware, manufacturing ]
AGCO, a leading US-based agricultural machinery producer, announces it was hit by a ransomware attack impacting some of its production facilities.
-
APG Neuros
May 5, 2022
•
[ ransomware, malware, manufacturing ]
SNATCH executed exfiltration of data and ransomeware in targeted network. Data presented on dark web "leak site"
-
ELTA Hellenic Post
May 5, 2022
•
[ ransomware, malware, government ]
Vice Society encrypts network and threatens to leak data on their dark web portal.
-
Haynes Manuals
May 4, 2022
Vice Society encrypts network and threatens to leak data on their dark web portal.
-
Russian websites managed by government, military, and news organizations.
May 4, 2022
•
[ hack, ddos, government ]
Researchers from Crowdstrike reveal that Docker images with a download count of over 150,000 have been used to run DDoS attacks against a dozen of Russian and Belarusian websites managed by government, military, and news organizations.
-
Heroku
May 4, 2022
•
[ hack, misconfiguration, technology ]
Salesforce-owned Heroku performs a forced password reset on a subset of user accounts. The company admits that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database.
-
LLC Capital
May 4, 2022
•
[ leak, finance ]
Anonymous leak a 20.4 GB archive containing 31,990 emails from LLC Capital.
-
MM.Finance
May 4, 2022
•
[ financial, misconfiguration, finance ]
MM.Finance announces that attackers managed to steal $2 million worth of digital assets in a Domain Name System (DNS) attack.
-
PRGX Global Inc.
May 4, 2022
•
[ ransomware, malware, technology ]
Black Basta drops examples of sensitive organizational data on their dark web page demanding payment under threat of publication.
-
Ziedot
May 4, 2022
•
[ hack, ddos, technology ]
A Latvian national news agency and another latvian news organization were hit by DDoS attacks on May 04. This attack was the largest of a spate of attacks that had affected the news agency since the start of the war.
-
Kaiser Permanente
May 4, 2022
•
[ social, phishing, healthcare ]
Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, recently discloses a data breach that exposed the health information of more than 69,000 individuals when the email of an employee is compromised.
-
National Health System (NHS)
May 4, 2022
Researchers from INKY reveal that for about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins.