Wawa
December 19, 2019
•[ financial, malware, retail ]
Convenience store chain Wawa discloses today a card breach after its security team finds malware installed on its payment processing systems. The malware was installed on March 4 this year, and impacts potentially all locations.
baltictimes
December 19, 2019
•[ espionage, hack, technology ]
Ghostwriter, a suspected Belarus-backed hacking group, has compromised websites and email accounts in Latvia, Lithuania, and Poland'to publish fabricated documents pushing anti-North Atlantic Treaty Organization (NATO) narratives consistent with Kremlin talking points. The influence campaign started in 2017.
Ring
December 19, 2019
The log-in credentials for 3,672 Ring camera owners are compromised, exposing log-in emails, passwords, time zones, and the names people give to specific Ring cameras.
Sinai Health System
December 19, 2019
•[ social, phishing, healthcare ]
Sinai Health System discovers that the email accounts of two of its employees have been compromised as a result of responses to phishing emails discovered on October, 16.
Nexus Mods
December 19, 2019
•[ hack, technology ]
The popular game modification site Nexus Mods announces a security incident: an unauthorized actor hacked their services on November 8th, 2019 through an exploit in their legacy codebase.
baltictimes.com
December 19, 2019
•[ cyber espionage, influence campaign, disinformation ]
Ghostwriter, a suspected Belarus-backed hacking group, has compromised websites and email accounts in Latvia, Lithuania, and Poland'to publish fabricated documents pushing anti-North Atlantic Treaty Organization (NATO) narratives consistent with Kremlin talking points. The influence campaign started in 2017.
Andrew Agencies
December 18, 2019
•[ ransomware, malware, finance ]
Andrew Agencies is another victim of the Maze Ransomware with allegedly 245 computers encrypted during a cyberattack in October.
Bad Homburg
December 18, 2019
•[ hack, malware, government ]
Also the City of Bad Homburg is hit with an Emotet infection.
Marietta, Ga., Power & Water Department
December 18, 2019
•[ hack, government ]
Marietta, Ga., Power & Water Department is the latest victim of the Click2Gov breach.
LifeLabs Medical Laboratory Services
December 17, 2019
•[ ransomware, malware, healthcare ]
LifeLabs Medical Laboratory Services, Canada's largest lab testing company, reveals to have paid a ransom after a major cyberattack led to the theft of lab results for 85,000 Ontarians and potentially the personal information of 15 million customers.
Justus Liebig University
December 17, 2019
•[ hack, malware, education ]
The Justus Liebig University is hit with an Emotet malware attack and as consequence 38,000 students and staff are asked to change their password.
KH - Katholische Hochschule Freiburg (Catholic University in Freiburg)
December 17, 2019
•[ malware, education ]
Katholische Hochschule Freiburg is also hit with an Emotet infection.
St. Lucie County Sheriff's Office
December 17, 2019
•[ ransomware, malware, government ]
The St. Lucie County Sheriff's Department is forced to shutter most of its network after it is struck with ransomware.
Government organization in Cambodia
December 17, 2019
•[ espionage, malware, government ]
Researchers from Palo Alto reveal a new wave of attacks carried out by a Chinese APT dubbed Rancor, using a new malware strain dubbed Dudell.
Avvo
December 17, 2019
•[ leak, misconfiguration, technology ]
In approximately December 2019, an alleged data breach of the lawyer directory service Avvo was published to an online hacking forum and used in an extortion scam (it's possible the exposure dates back earlier than that). The data contained 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. Multiple attempts at contacting Avvo over the course of a week were unsuccessful and the authenticity of the data was eventually verified with common Avvo and HIBP subscribers.
GameSprite
December 17, 2019
•[ leak, technology ]
In December 2019, the now defunct gaming platform GameSprite suffered a data breach that exposed over 6M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes.
Go Ninja
December 17, 2019
•[ hack, technology ]
In December 2019, the now defunct German gaming website Go Ninja suffered a data breach that exposed 5M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. More than 4M of the email addresses appeared to have been generated as opposed to organically provided by the user.
Epilepsy Foundation Twitter's account
December 16, 2019
•[ hack, healthcare ]
The Epilepsy Foundation files a criminal complaint and requests investigation in response to some attacks on its Twitter feed, showing flashing and strobing lights.
City of Galt
December 16, 2019
•[ ransomware, malware, government ]
The city of Galt, California, is hit with a ransomware attack.
SoarGames
December 16, 2019
•[ leak, misconfiguration, technology ]
In December 2019, the now defunct gaming website SoarGames suffered a data breach that exposed 4.8M unique email addresses. The impacted data included usernames, email and IP addresses and salted MD5 password hashes. A significant number of the email addresses appeared to have been generated as opposed to organically provided by the user.