-
Italian organization operating in the Oil&Gas sector
January 11, 2019
•
[ hack, malware, energy ]
Researchers from Cybaze-Yoroi ZLab reveal a campaign against an undisclosed Italian organization in the Oil and Gas sector, exploiting CVE-2017-11882 to distribute the AVE_MARIA malware.
-
Tecnimont SpA
January 11, 2019
•
[ financial, phishing, energy ]
The Indian subsidiary of Tecnimont SpA falls prey to a fraud wherein $18.6 million (INR 130 crore) were being stolen by a group of Chinese hackers pretending to be trading an acquisition in China.
-
Discountmugs
January 10, 2019
•
[ hack, malware, retail ]
Another victim of Magecart. Discountmugs.com reveals that anyone who used a credit between August 5, 2018, and November 16, 2018 may have had their information compromised.
-
Sacred Heart Rehabilitation Center
January 10, 2019
•
[ social, phishing, healthcare ]
Sacred Heart Rehabilitation Center notifies patients of a phishing incident occurred in early April.
-
Salisbury Police Department
January 9, 2019
•
[ ransomware, malware, government ]
The Salisbury Police Department is hit by a ransomware attack.
-
Hanover County
January 9, 2019
•
[ financial, misconfiguration, government ]
Another victim of the Click2Gov breach. Officials disclose that an unauthorized party stole credit card information between Aug. 1, 2018 and Jan. 9, 2019.
-
Caddo Parish School System
January 8, 2019
•
[ financial, phishing, education ]
The Caddo Parish School System is scammed out of nearly $1 million in tax payer money after a phishing attack.
-
Bridgeport School District
January 8, 2019
•
[ ransomware, malware, education ]
The Bridgeport, Connecticut, School District is hit with a ransomware
-
Kent County Community Mental Health
January 8, 2019
•
[ social, phishing, healthcare ]
Kent County Community Mental Health Authority notifies 2,284 patients after phishing attack
-
OXO International
January 7, 2019
•
[ financial, malware, manufacturing ]
OXO International discloses a data breach that spans numerous periods over two years. Customer and payment information may have been exposed. The attack was most likely a MageCart attack.
-
Ethereum Classic
January 7, 2019
Coinbase detects a "deep chain reorganization" of the Ethereum Classic (ETC) blockchain. The equivalent of $1.1M is double spent, but the attacker reportedly returns $100,000 to cryptocurrency exchange Gate.io.
-
Collection #1
January 7, 2019
In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.
-
Linda Frum's Twitter account
January 6, 2019
•
[ hack, government ]
Conservative Senator Linda Frum's Twitter account is hacked. The attackers share personal information including her drivers license and post racial tweets.
-
Queensland EWN
January 5, 2019
•
[ hack, malware, government ]
A hacker gains unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company's subscribers.
-
Resort Municipality of Whistler
January 5, 2019
•
[ hack, government ]
The Resort Municipality of Whistler (RMOW) is reporting that its municipal website, whistler.ca, has been breached.
-
German politicians
January 4, 2019
In what is immediately called "Hacker-Angriff" (Hacker Attack), someone publishes the personal details of hundreds of German politicians, artists and local YouTube celebrities. Few days later a 20-year-old German confesses to be the author of the attack.
-
Chaplaincy Health Care
January 4, 2019
•
[ social, phishing, healthcare ]
Chaplaincy Health Care offers free identity protection and credit monitoring to more than 1,000 people after an employee's email login credentials are compromised through an apparent phishing scheme.
-
Wichita State University
January 4, 2019
•
[ social, phishing, education ]
At least three employees of Wichita State University do not receive their paychecks after they fall victim of an e-mail phishing scheme.
-
Luas
January 3, 2019
The website of the tram operator Luas is taken down after a cyber attack. The author threatens to dump the records of about 3,000 if the ransom of 1 BTC ($3,843 worth) is not paid.
-
ixigo
January 3, 2019
•
[ leak, misconfiguration, technology ]
In January 2019, the travel and hotel booking site ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to Facebook profiles and passwords stored as MD5 hashes. The data was provided to HIBP by a source who requested it to be attributed to "BenjaminBlue@exploit.im".