Large business-to-business IT service providers in Southern Europe
June 25, 2024
•[ espionage, technology ]
Researchers from Sentinel One and Tinext Cyber reveal the details of Operation Digital Eye, a suspected China-nexus cyber espionage group attributed to an attacks targeting large business-to-business IT service providers in Southern Europe.
SpyX
June 24, 2024
•[ leak, malware, technology ]
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
Undisclosed third-party of Accenture
June 20, 2024
•[ leak, misconfiguration, technology ]
A threat actor named '888' claims to have extracted contact details of 33,000 current and former employees of Accenture in a breach that involves a third-party firm.
Z-lib
June 20, 2024
•[ leak, misconfiguration, technology ]
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
TVP
June 16, 2024
•[ hack, ddos, technology ]
Russian threat actors could be behind the disruption to TVP, an online broadcast of the Euro 2024 soccer tournament, during the Polish national teams opening match against the Netherlands.
Singapore Telecommunications
June 15, 2024
•[ espionage, technology ]
The Chinese threat actors from Volt Typhoon reportedly breached Singapore Telecommunications (SingTel) over the summer as part of their ongoing attacks against critical infrastructure operators.
Pure Storage
June 10, 2024
•[ hack, misconfiguration, technology ]
Pure Storage, a leading provider of cloud storage systems and services, confirms that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information.
Absolute Telecom
June 9, 2024
•[ hack, technology ]
GhostR claims to have stolen over 34 gigabytes of data belonging to Singapore-based telecom company Absolute Telecom PTE Ltd.
mSpy (2024)
June 9, 2024
•[ hack, leak, technology ]
In June 2024, a huge trove of data from spyware maker mSpy was obtained by hacktivists and published online. Comprising of 142GB of user data and support tickets along with 176GB of more than half a million attachments, the data contained 2.4M unique email addresses, IP addresses names and photos. The data was predominantly support tickets seeking help to install the spyware on target devices, whilst the attachments contained various data including screen grans of financial transactions, photos of credit cards and nude selfies.
New York Times
June 8, 2024
•[ leak, misconfiguration, technology ]
The New York Times confirms that internal source code and data was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024.
Multiple organizations
June 3, 2024
•[ hack, malware, technology ]
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches is added to the Have I Been Pwned data breach notification service.
Official Microsoft India account on X (formerly Twitter)
June 3, 2024
•[ financial, hack, phishing ]
The official Microsoft India account on X (formerly Twitter), with over 211,000 followers, is hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill.
Hugging Face
May 31, 2024
•[ hack, technology ]
AI platform Hugging Face says that its Spaces platform was breached, allowing threat actors to access authentication secrets for its members.
Internet Archive
May 26, 2024
•[ hack, ddos, technology ]
The Internet Archive is hit with a prolonged DDoS attack.
pcTattletale
May 25, 2024
•[ hack, sqlinjection, technology ]
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.
Everbridge
May 21, 2024
•[ hack, technology ]
Everbridge, an American software company focused on crisis management and public warning solutions, notifies customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach.
BBC
May 21, 2024
•[ leak, misconfiguration, technology ]
The BBC discloses a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members.
Patriot Mobile
May 21, 2024
•[ leak, technology ]
U.S. cell carrier Patriot Mobile experiences a data breach that included subscribers personal information, including full names, email addresses, home ZIP codes and account PINs.
Ticketmaster
May 20, 2024
•[ leak, misconfiguration, technology ]
Live Nation confirms that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. The data of 560 million users is potentially affected.
Newsquest Media Group
May 13, 2024
•[ hack, technology ]
A group declaring itself to be first-class Russian hackers deface potentially hundreds of local and regional British newspaper websites belonging to Newsquest Media Group.
