Daily Security Update

Local government bodies across the U.S. are facing the wrath of growing cyber intrusions. The latest such victim is a Texan city that suffered a data breach affecting half a million government files. Meanwhile, the Cl0p ransomware continued to claim more victims of MOVEit Transfer zero-day exploitation, this time including …

An unsecured database belonging to RateForce ended up exposing 93.93 GB of personal information of users. This is a reminder to secure your cloud buckets. We also have two more victims of the MOVEit ransomware attack. This time, it is the largest public pension fund in the U.S. and an insurance …

With every passing day, ransomware actors are causing increasing disruptions. In one such case, a real estate firm operating multiple addiction recovery centers fell victim to an attack, resulting in the compromise of the PHI of hundreds of thousands of individuals. Following the deadline of June 14 to pay the …

Ransomware is big business. How big, you ask? Well, just one notorious group appears to have extorted nearly a nine-figure sum. The group we are talking about is LockBit and a joint advisory by international cybersecurity agencies revealed some alarming statistics about it. A new campaign is underway wherein threat …

We have three more victims of the MOVEit vulnerability – government departments in two U.S. states and a U.K regulator. All leading to the compromise of sensitive data. Earlier this year, healthcare vendor Intellihartx had fallen victim to the GoAnywhere zero-day attack. It concluded the investigation, revealing hundreds of thousands …

Only recently did Barracuda ask you to replace your hacked ESG appliances and we already have our first victim. The Australian capital suffered a security breach, owing to a vulnerability in the product. Another day, another unsecured bucket. A database containing hundreds of thousands of files belonging to Pflegia was …

The North Korean hacker group APT38 is back in the headlines as it is targeting investment banking and venture capital firms. Coming right on the heels of connecting the MOVEit Transfer flaw exploitation to the Cl0p ransomware group, there is now an extortion note aimed at hundreds of organizations. The …

Just a few days after the MOVEit Transfer flaw was disclosed, threat actors started abusing it. One of them being the Cl0p ransomware group that attacked Zellis, which, in turn, impacted multiple major organizations. Moving on from ransomware attacks, we come to unsecured databases and the resulting data exposure. This …

Misconfigured systems can spill data, which can be used by threat actors to breach a company’s systems and hijack communication channels. In one instance, a misconfiguration issue in Swiss real estate agency Neho’s website exposed sensitive credentials for AWS, email services, communication tools, and review platforms to the public. This …