July 4, 2024 at 12:18PM A threat actor compromised Ethereum’s mailing list provider and sent a phishing email to over 35,000 addresses, luring recipients to a malicious site offering investment returns. Ethereum disclosed the incident, stating it had no material impact. The internal security team launched an investigation, blocked the attacker, and warned the community. … Read more
July 3, 2024 at 12:00PM FIA, the international auto racing governing body, revealed unauthorized access to personal data in a phishing attack. It has informed data protection regulators and implemented additional security measures. However, specific details regarding the breach, affected individuals, and stolen data remain undisclosed. The organization emphasized its commitment to data protection and … Read more
June 24, 2024 at 09:57AM The Los Angeles County Department of Health Services (DHS) revealed a data breach resulting from a push notification spamming attack on an employee’s Microsoft 365 account. Personal information may have been compromised, including names, addresses, Social Security numbers, and medical data. The DHS took immediate action to mitigate the breach … Read more
June 22, 2024 at 07:54AM A new phishing attack targets Meta Quest (formerly Oculus) app seekers, tricking them into downloading an adware called AdsExhaust. This adware can capture screenshots, interact with browsers, and generate revenue for operators by clicking on ads. The attack also includes social engineering tactics and the use of YouTube videos to … Read more
June 21, 2024 at 09:45AM Cybersecurity researchers have uncovered a new phishing campaign targeting people in Pakistan, utilizing military-themed documents to deploy a custom backdoor called PHANTOM#SPIKE. The unsophisticated campaign’s ZIP file, posing as meeting minutes for a legitimate event, contains a CHM file and an executable backdoor, enabling remote access and command execution. Based … Read more
June 17, 2024 at 03:56PM The Los Angeles County Department of Public Health suffered a phishing attack on Feb. 19-20, leading to the compromise of 53 employees’ credentials and personal information of over 200,000 people. After disabling affected email accounts, the department launched an investigation and notified law enforcement. Potentially accessed sensitive information includes medical … Read more
June 17, 2024 at 10:14AM The County of Los Angeles’ Department of Public Health confirmed a data breach affecting 200,000 individuals, caused by a phishing attack compromising employees’ login credentials. Attackers accessed personal information, prompting Public Health to take measures and offer one year of free monitoring services. Other health agencies in the county also … Read more
June 6, 2024 at 04:48PM The “SickSync” campaign, attributed to the UAC-0020 hacking group linked to the Luhansk People’s Republic, targets Ukrainian defense forces. The attack uses SyncThing and SPECTR malware to steal sensitive military data. SPECTR’s capabilities include taking screenshots, copying files, and stealing data from various applications and browsers. CERT-UA urges investigating any … Read more
May 31, 2024 at 02:38AM Cloudflare’s threat intel team thwarted a month-long phishing and espionage attack targeting Ukraine, attributed to Russia-aligned group FlyingYeti. The attack targeted financially strained citizens after a government moratorium on evictions and utility disconnections ended. Cloudforce One stopped the threat, but the target base might have been vast. FlyingYeti intended to … Read more
April 26, 2024 at 08:39AM Thousands of patients’ personal and health information was exposed in a data breach at Los Angeles County Department of Health Services. The breach was a result of a phishing attack on employees, compromising 23 mailboxes. Approximately 6,085 individuals’ information may have been impacted. The health system took measures to address … Read more