Multiple organizations
August 15, 2024
•[ hack, misconfiguration, technology ]
Researchers at Sysdig discover a large-scale malicious operation named "EmeraldWhale" scanning for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.
Tracki
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.
Explore Talent (August 2024)
August 15, 2024
•[ leak, misconfiguration, technology ]
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024.
X
August 12, 2024
•[ hack, technology ]
Elon Musks interview with US Presidential candidate Donald Trump on the X social media platform is impacted by technical glitches and what is a cyberattack.
Not SOCRadar
August 3, 2024
•[ leak, misconfiguration, technology ]
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
Brontoo Technology Solutions
July 31, 2024
•[ ransomware, technology ]
A RansomEXX ransomware attack on Brontoo Technology Solutions, a partner of C-Edge Technologies, a technology service provider, forces payment systems across nearly 300 small local banks in India to shut down temporarily.
Microsoft
July 30, 2024
•[ hack, ddos, technology ]
Microsoft says that a DDoS attack led to an eight hour outage involving its Azure portal, as well as some Microsoft 365 and Microsoft Purview services.
Locata
July 29, 2024
•[ social, phishing, technology ]
A cyber attack on software company Locata spreads across councils across Greater Manchester, leaving thousands of residents vulnerable to a phishing scam.
Ubook
July 28, 2024
•[ leak, misconfiguration, technology ]
In July 2024, 700k unique email addresses from the audiobook platform Ubook were posted to a popular hacking forum. Allegedly scraped from the service, the data appears to be sourced from the Ubook Exchange (UBX) and also includes names, genders, dates of birth and links to profile photos.
Avanpost
July 26, 2024
•[ hack, leak, technology ]
A pro-Ukrainian hacker group, known as Cyber Anarchy Squad, claims it hacked the Russian information security firm Avanpost and leaked 390 gigabytes of its data, destroyed over 60 terabytes, and disrupted over 400 virtual machines and physical workstations.
Team Software
July 26, 2024
•[ leak, technology ]
Business software maker Team Software (WorkWave) revealed this week that a recent data breach impacts nearly 100,000 individuals.
Spytech Software
July 25, 2024
•[ hack, malware, technology ]
Spytech, a little-known spyware maker is hacked, revealing thousands of devices around the world under its stealthy remote surveillance.
Megafon
July 23, 2024
•[ hack, ddos, technology ]
Ukraines military intelligence (HUR) also claims responsibility for a DDoS attack to several large telecom operators in Russia.
Taiwanese government-affiliated research institute
July 15, 2024
•[ espionage, malware, government ]
Researchers from Cisco Talos reveal that a Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by the nation-state threat actors APT41 with ties to China, through a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike.
Fractal ID
July 14, 2024
•[ hack, misconfiguration, technology ]
Web3 identity solutions provider Fractal ID reveals that a threat actor recently managed to exfiltrate data belonging to 6,300 users or 0.5% of its user base after compromising credentials for an operator account that had admin privileges.
AT&T
July 12, 2024
•[ leak, misconfiguration, technology ]
AT&T warns of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account.
MSI
July 7, 2024
•[ leak, misconfiguration, technology ]
In July 2024, MSI inadvertently exposed hundreds of thousands of customer records related to RMA claims that were subsequently found to be publicly accessible. The data included 250k unique email addresses alongside names, phone numbers, physical addresses and warranty claims. When contacted about the incident, MSI advised that "there is no evidence the information was ever accessed" and that "the security incident we had did not trigger state data breach notification obligations" due to the absence of "(social security number, driver's license number.etc)".
FNTech
July 5, 2024
•[ hack, misconfiguration, technology ]
Roblox announces that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees, after a vendor, FNTech, is compromised.
FNTECH
July 4, 2024
•[ leak, technology ]
In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
AnimeLeague
July 4, 2024
•[ leak, sqlinjection, technology ]
In July 2024, AnimeLeague disclosed a data breach of their services. The data was posted for sale on a popular hacking forum and included 2 databases covering both event registration records and a dump of the phpBB bulletin board. The impacted data included passwords in various hashed formats including SHA-1, salted md5 and bcrypt, as well as usernames, private messages, dates of birth, purchases and 192k unique email addresses.
