Mirrors/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections synced 2024-06-29 18:31:36 +00:00
Code Issues Projects Releases Wiki Activity
0dc3f30595
APT_CyberCriminal_Campagin_.../Report/2019.01.15.2018-a-year-of-cyber-attacks/2018 Master Table.csv
cybermonitor 6ecca466ac 2022
2022-04-27 16:20:36 +08:00

406 KiB
Executable File
Raw Blame History

1DateAuthorTargetDescriptionAttackTarget ClassAttack ClassCountryLink
201/10/2018Attackers linked to Saudi Arabia?Canadian permanent resident and Saudi dissident Omar AbdulazizA report from The Citizen Lab reveals that the Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted by an attack infecting his phone with NSOs Pegasus spyware.Malware/PoS MalwareX IndividualCyber EspionageCALink
301/10/2018?ApolloApollo, a sales engagement startup boasting a database of more than 200 million contact records, is hacked and sends an email to its affected customers.UnknownS Other service activitiesCyber CrimeUSLink
401/10/2018Roaming MantisiOS UsersKaspersky discover that the Roaming Mantis group is testing a new monetization scheme by redirecting iOS users to pages that contain the Coinhive in-browser mining script rather than the normal Apple phishing page.Malicious Script InjectionX IndividualCyber Crime>1Link
502/10/2018Hidden Cobra AKA Lazarus GroupUS BanksA joint technical alert from the DHS, the FBI, and the Treasury warns about a new ATM cash-out scheme, dubbed “FASTCash,” used by the Hidden Cobra APT.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeUSLink
602/10/2018?SBM Holdings (State Bank of Mauritius India)Mauritius banking group SBM Holdings unveils that its Indian operations suffered a cyber fraud earlier in the week, and that the bank has potentially lost up to $14 million worth. The bank is able to recover $10 million.Fraudulent SWIFT TransactionsK Financial and insurance activitiesCyber CrimeINLink
702/10/2018?Individuals in the USResearchers from ProofPoint discover a new DanaBot campaign spread through Malspam campaign installing the Hancitor malware.Malware/PoS MalwareX IndividualCyber CrimeUSLink
802/10/2018?Android Users in Japan and KoreaResearchers from Fortinet unveil a new round of attack carried on via the FakeSpy Android malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
902/10/2018?City of ReginaA city of Regina email is hacked, and used as a phishing tool to try and get passwords and emails from other city of Regina staff as well as external groups.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeCALink
1002/10/2018?WhatsApp Users in IsraelA wave of reports about hijacked WhatsApp accounts in Israel has forced the government's cyber-security agency to send out a nation-wide security alert.Account HijackingX IndividualCyber CrimeILLink
1103/10/2018APT10 AKA Red Apollo, Stone Panda, POTASSIUM, MenuPass, Cloud Hopper, Red LeavesManaged Service ProvidersThe US Department of Homeland Security issues an alert about "ongoing" cyber-attacks against managed service providers, indirectly attributed to APT10.Targeted AttackJ Information and communicationCyber EspionageUSLink
1203/10/2018?Black History Month WebsiteThe Black History Month website falls victim to two cyber attacks in just 24 hoursDDoSR Arts entertainment and recreationCyber CrimeUKLink
1303/10/2018?Single IndividualsResearchers from Cybereason unveil a peak of multiple Betabot, aka Neurevt, infections over the past few weeks.Malware/PoS MalwareX IndividualCyber Crime>1Link
1403/10/2018?North American Risk ServicesNorth American Risk Services, suffers a data breach between February 7 and March 27, when the company notices suspicious emails being sent from one of their employee's accounts.Account HijackingS Other service activitiesCyber CrimeUSLink
1504/10/2018China?30 U.S. companies, including Amazon and Apple.Bloomberg reports that an alleged attack by Chinese spies, carried out implanting a chip on Super Micro servers, reached almost 30 U.S. companies, including Amazon and Apple.Targeted AttackY Multiple IndustriesCyber EspionageUSLink
1604/10/2018APT28, AKA Swallowtail, Fancy Bear, SofacyMilitary and Government Organizations in Europe and South AmericaResearchers from Symantec uncover a new espionage operation carried out by the infamous APT28 collective, targeting Military and Government Organizations in Europe and South America.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
1704/10/2018?US Department of DefenseRoughly 30,000 DOD military and civilian personnel are believed to be affected by a cyber attack. A third-party contractor is compromised, granting the attackers access to the Pentagon network to steal travel data for DOD personnel.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
1804/10/2018Nomadic Octopus AKA DustSquadHigh-value targets in several countries of Central AsiaResearchers from ESET and Kaspersky discover a new cyber espionage campaign carried out by Nomadic Octopus, active since at least 2015.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
1904/10/2018?Assassins Creed OdysseyUbisoft's Assassins Creed Odyssey's launch is disrupted by a DDoS attack in the day of its release.DDoSR Arts entertainment and recreationCyber CrimeFRLink
2004/10/2018?Square EnixThe same day Square Enix also announces to be fighting off a DDoS attack aimed towards its popular game, Final Fantasy XIV.DDoSR Arts entertainment and recreationCyber CrimeJPLink
2104/10/2018?Tillamook Chiropractic ClinicTillamook Chiropractic Clinic reveals that on May 2016, malware was installed on the primary insurance billing system, which hackers then used as a staging area to collect patient records.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
2205/10/2018Russia-sponsored attackersThe Islam ChannelThe Financial Times reveals that Russian military intelligence agents launched a 2015 cyber attack on UK-based TV station the Islam Channel, giving the Kremlin-backed hackers complete control over the broadcasters computer networks and infrastructure.Targeted AttackJ Information and communicationCyber EspionageUKLink
2305/10/2018?Multiple Targets in IndiaA new report from security company Banbreach reveals that a massive cryptojacking campaign, carried out via CoinHive, is ongoing in India, targeting 30,000 routers.Malicious Script InjectionY Multiple IndustriesCyber CrimeINLink
2405/10/2018?Single IndividualsMultiple Security companies reveal a spike in sextortion (sex extortion) campaigns targeting individuals via credentials collected from breach repositories.Credential StuffingX IndividualCyber Crime>1Link
2505/10/2018?Hetzner South AfricaThe South African branch of Hetzner, a well-known web hosting provider, suffers a new security breach. The attacker manages to gain access to customer details such as names, email addresses, phone numbers, addresses, identity numbers, VAT numbers, and bank account numbers.UnknownJ Information and communicationCyber CrimeZALink
2605/10/2018?Assassins Creed OdysseyAssassins Creed Odyssey's launch is disrupted by a DDoS attack.DDoSR Arts entertainment and recreationCyber CrimeFRLink
2705/10/2018?City of St. PetersburgThe City of St. Petersburg publishes notifies a data breach of the third-party Click2Gov self-service payment which affected users who made payments between August 11, 2018, and September 25, 2018, using their credit cards.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
2805/10/2018AirNaine AKA TA545Businesses in CanadaResearchers from Blueliv Team detect a new data stealer malware, dubbed ZeroEvil, targeting businesses in Canada.Malware/PoS MalwareY Multiple IndustriesCyber CrimeCALink
2905/10/2018?National Ambulatory Hernia InstituteNational Ambulatory Hernia Institute notifies almost 16,000 patients of Gamma ransomware attackMalware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
3006/10/2018?SpankChainSpankChain, an adult industry focused cryptocurrency, has $38,000 worth of Ethereum stolen due to a smart contract bug.Smart Contract VulnerabilityV FintechCyber CrimeUSLink
3106/10/2018?Anne Arundel County Public LibraryAnne Arundel County Public Library officials announce that nearly 600 staff and public library computers have been hit by the Emotet virus. 4,768 customers who used public computers since September 17 are also notified;Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
3207/10/2018MagecartCancer Research UKThe Magecart gang hit the Cancer Research UK back in 2016 with the same modus operandi.Malicious Script InjectionQ Human health and social work activitiesCyber CrimeUKLink
3307/10/2018?Madison County Government ServicesA ransomware attack hits Madison County Government services.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
3407/10/2018Ayyıldız Tim Cyber ArmyRep. Pete Kings campaign websiteRep. Pete Kings campaign website is defaced.DefacementX IndividualHacktivismUSLink
3509/10/2018?Single IndividualsResearchers from Trend Micro unveil a new phishing sophisticated campaign: the operators take over email accounts and insert the URSNIF banking trojan in conversation threads.Malware/PoS MalwareX IndividualCyber Crime>1Link
3609/10/2018MagecartShopper ApprovedShopper Approved is the latest victim of the Magecart gang. The incident took place on September 15.Malicious Script InjectionG Wholesale and retail tradeCyber CrimeUSLink
3709/10/2018?Minnesota Department of Human ServicesThe Minnesota Department of Human Services falls victim of a phishing email scam. The attackers accessed the information of approximately 21,000 individuals in two incidents back in June and July.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
3809/10/2018?City of Lake Worth UtilitiesCustomers of the City of Lake Worth Utilities who utilized the online option to pay their bill, between August 28 and October 9, may have experienced a possible breach of their credit card information.UnknownD Electricity gas steam and air conditioning supplyCyber CrimeUSLink
3909/10/2018?Rebound Orthopedics & NeurosurgeryRebound Orthopedics & Neurosurgery reports a data breach occurred back in May, when an employee's email account was improperly accessed. 2,800 employees and patients may have been compromised.Account HijackingQ Human health and social work activitiesCyber CrimeCALink
4009/10/2018?Cork City Council5,000 peoples personal information, who used a parking app, collected by Cork City Council, is illegally accessed by a hacker.UnknownO Public administration, defence, compulsory social securityCyber CrimeIELink
4110/10/2018GallmakerEntities in the government, military and defense sectorsResearchers from Symantec discover Gallmaker, a previously unknown cyber espionage group, targeting entities in the government, military and defense sectors since at least 2017.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
4210/10/2018FruityArmor?Entities in Middle EastResearchers from Kaspersky reveal that the newly discovered Windows vulnerability CVE-2018-8453 is actively exploited for attacks targeting entities in Middle East.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
4310/10/2018?Vulnerable Drupal ServersSecurity researchers from IBM unveil a massive campaign targeting Drupal, exploiting CVE-2018-7600 and CVE-2018-7602 to install a backdoor on the infected systems and take full control.Drupal VulnerabilitiesY Multiple IndustriesCyber Crime>1Link
4410/10/2018?Sodexo Motivation SolutionsSodexo Motivation Solutions internal IT systems are hit by malware and as a consequence the Sodexo Engage's website lifestylehub.co.uk is pulled offline.Malware/PoS MalwareS Other service activitiesCyber CrimeUKLink
4511/10/2018?Single IndividualsResearchers from Palo Alto Unit 42 unveil a new malware campaign carried out via a fake Flash Player Trojan that installs a XMRig miner, but it also automatically updates his installed Flash Player.Malware/PoS MalwareX IndividualCyber Crime>1Link
4611/10/2018?Multiple Literary AgenciesMultiple literary agencies are hit by a sophisticated phishing campaign aimed to steal manuscripts. The most notable campaigns hit the Eccles Fisher Agency and Penguin Random House (PRH) North America.Account HijackingR Arts entertainment and recreationCyber Crime>1Link
4711/10/2018?Android UsersResearchers from Cisco Talos discover "GPlayed", a modular Android malware, still in testing phase, able to adapt itself and load multiple modules.Malware/PoS MalwareX IndividualCyber Crime>1Link
4812/10/2018?IcelandResearchers from Cyren unveil the details of a massive phising campaign hitting Iceland, and distributing the Remcos remote access tool.Malware/PoS MalwareX IndividualCyber CrimeILLink
4912/10/2018Black EnergyInformation and telecommunication systems of Ukrainian government bodiesThe Security Service of Ukraine (SBU) unveil a new targeted attack on the information and telecommunication systems of Ukrainian government bodies carried out by the Russia state-sponsored actor Black Energy.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUALink
5012/10/2018?Henderson School DistrictThe Henderson school district in Texas is hit with a business email compromise (BEC) attack resulting in a $600,000 loss for the district. The attack took place on September, 26th.Account HijackingP EducationCyber CrimeUSLink
5112/10/2018?Catawba Valley Medical Center (CVMC)Catawba Valley Medical Center (CVMC) notifies patients of a phishing incident that took place back on August 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
5212/10/2018?Indio Water Authority (IWA)Indio Water Authority (IWA) is another victim of the Click2Gov breach.Malware/PoS MalwareE Water supply, sewerage waste management, and remediation activitiesCyber CrimeUSLink
5313/10/2018?Onslow Water and Sewer Authority (ONWASA)The Onslow Water and Sewer Authority (ONWASA) is hit by a targeted ransomware attack carried out via Ryuk.Malware/PoS MalwareE Water supply, sewerage waste management, and remediation activitiesCyber CrimeUSLink
5415/10/2018?EOSBetHackers are believed to have stolen $338,000 worth of EOS cryptocurrency from blockchain-powered gambling dApp EOSBet.EOS VulnerabilityV FintechCyber CrimeN/ALink
5515/10/2018?35 million records belonging to US votersA database containing an estimated 35 million records belonging to US voters appears on sale on a forum.UnknownX IndividualCyber CrimeUSLink
5615/10/2018?Multiple TargetsResearchers from Cisco Talos discover a new malware campaign distributing the information-stealing trojan "Agent Tesla," and other malware such as the Loki information stealer exploiting Microsoft Word vulnerabilities CVE-2017-0199 and CVE-2017-11882.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
5705/10/2018?National Ambulatory Hernia InstituteNational Ambulatory Hernia Institute notifies almost 16,000 patients of Gamma ransomware attack occurred on October 5.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
5816/10/2018?New Share CountsResearchers from Sucuri reveal that New Share Counts, a discontinued Tweet counter is hijacked, redirecting the users to scam pages.Malicious ScriptX IndividualCyber Crime>1Link
5916/10/2018Attackers linked to HezbollahMultiple TargetsThe Czech Security Intelligence Service (BIS) reveals to have taken down the infrastructure used by Hezbollah operatives to target and infect users around the globe with mobile malware.Malware/PoS MalwareY Multiple IndustriesCyber Warfare>1Link
6016/10/2018?City of West HavenThe City of West Haven pays $2,000 after having 23 of its servers encrypted from a ransomware attack.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
6117/10/2018GreyEnergyEnergy companies and other high-value targets in Ukraine and PolandResearchers from ESET uncover details of the successor of the BlackEnergy APT group, named GreyEnergy. Since December 2015, the group attacked energy companies and other high-value targets in Ukraine and Poland for the past three years.Targeted AttackD Electricity gas steam and air conditioning supplyCyber Warfare>1Link
6217/10/2018?A primary company in the Italian Naval IndustryResearchers from Yoroi discover a new targeted campaign against one of the most important companies in the Italian Naval Industry. The malware is dubbed MartyMcFly.Targeted AttackH Transportation and storageCyber EspionageITLink
6317/10/2018?Vesta Control Panel (VestaCP)Vesta Control Panel, the provider of an open-source hosting panel software reveals a security breach during which an unknown hacker contaminated the project's source code with malware. The malicious code was added on May 31, this year, and later removed two weeks later, on June 13.Malware/PoS MalwareJ Information and communicationCyber Crime>1Link
6417/10/2018?Single IndividualsResearchers from Zscaler uncover a new SEO poisoning campaign, targeting keywords associated with the U.S. midterm elections. Attackers have hacked over 10,000 web sites in order to promote 15,000 different keywordsSEO PoisoningX IndividualCyber Crime>1Link
6517/10/2018?City of MuscatineThe City of Muscatine is hit with a ransomware attack on October 17. Financial and other servers are affected.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
6617/10/2018?FacepunchAs reported by Troy Hunt's Have I Been Pwned breach notification service, the Facepunch game studio was the victim of a data breach in June 2016 which led to sensitive information of 396,650 users being exposed.UnknownR Arts entertainment and recreationCyber CrimeUKLink
6718/10/2018OceansaltTargets in US and Canada linked to South KoreaResearchers from McAfee discover a new attack targeting Korean-speaking victims, and borrowing code from a reconnaissance tool linked to Comment Crew, a Chinese nation-state threat actor exposed in 2013.Targeted AttackY Multiple IndustriesCyber Crime>1Link
6818/10/2018?Indiana National GuardThe Indiana National Guard reports that a non-military server that contains the personal information of civilian and military personnel is hit with ransomwareMalware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
6918/10/2018Tick (or also Redbaldknight, or Bronze Butler)Targets in South Korea and JapanResearchers from Cisco Talos reveal the details of the latest campaign carried out by a group dubbed Tick (or also Redbaldknight, or Bronze Butler), targeting South Korea and Japan.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
7019/10/2018?Healthcare.govThe Centers for Medicare & Medicaid Services (CMS) announces that Healthcare.gov, the federally operated health insurance marketplace, has suffered a data breach. The CMS believes files for as many as 75,000 people were accessed,UnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
7119/10/2018?Around 50 victims located in Russia, Iran and Egypt, related to nuclear energy, telecommunications, IT, aerospace and R&D.Researchers from Kaspersky reveal a campaign targeting systems used in aerospace, nuclear energy, and other industries, using three tools leaked from the NSA: DarkPulsar, DanderSpritz, and Fuzzbunch.Targeted AttackD Electricity gas steam and air conditioning supplyCyber Espionage>1Link
7219/10/2018APT-C-27Countries in Middle EastResearchers from 360 Total Security reveal the details of a recent attack carried out by APT-C-27 and targeting Arabic countries.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
7319/10/2018?Twitter usersTwitter shuts down a bot network pushing out pro-Saudi government tweets.Social Network BotsX IndividualCyber Warfare>1Link
7419/10/2018?Catawba Valley Medical CenterCatawba Valley Medical Center notifies patients of a phishing email incident occurred on August 13, 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
7519/10/2018?Investimer, or Hyipblock, or MmpowerResearchers from Doctor Web expose an online scammer targeting thousands of victims interested in cryptocurrencies via a large and diverse business that includes phishing and fraud operations.Account Hijacking FraudX IndividualCyber Crime>1Link
7620/10/2018?8 Adult WebsitesEight poorly secured websites are hacked, exposing megabytes of personal data. 1.2M users are exposed.UnknownR Arts entertainment and recreationCyber CrimeUSLink
7721/10/2018?Trade.ioCryptocurrency exchange Trade.io reveals a security breach: an unknown party withdraws over 50 million Trade tokens (TIO), worth over $7.5 million, from its cold storage wallets.UnknownV FintechCyber CrimeCHLink
7821/10/2018?Python usersA malicious package is uploaded into the official repository of Python. The package is called “Colourama" and is able to inject a cryptocurrency clipboard hijacker.Malware/PoS MalwareX IndividualCyber Crime>1Link
7922/10/2018?Davos in the DesertThe website of the Saudi Arabian investment conference, referred to as “Davos in the Desert”, is defaced with anti-Saudi messages, to protest against the death of journalist Jamal Khashoggi.DefacementU Activities of extraterritorial organizations and bodiesHacktivismSALink
8022/10/2018?Orange County Branch of the Girl Scouts of AmericaHackers breach the Orange County, Calif. branch of the Girl Scouts of America, potentially exposing personal information for 2,800 members and their families.Account HijackingU Activities of extraterritorial organizations and bodiesCyber CrimeUSLink
8122/10/2018?Vulnerable IoT devicesResearchers from SophosLabs reveal the details of a new IoT botnet called Chalubo, targeting internet-facing SSH servers on Linux-based systems.Account HijackingY Multiple IndustriesCyber Crime>1Link
8223/10/2018?Axa MexicoInsurer Axa reveals it suffered a cyber attack that prompted an alert from the Mexico central bank alert, however clients information and resources are safe and have not been affected.UnknownK Financial and insurance activitiesCyber CrimeMXLink
8323/10/2018?EurostarEurostar has reset its customers' login passwords after detecting attempts to break into an unspecified number of accounts taking place between 15 and 19 October.UnknownH Transportation and storageCyber CrimeFR UKLink
8423/10/2018MagecartVulnerable Magento ServersThe researcher Willem de Groot reveals that now the Magecart gang is targeting vulnerable Magento servers via 20 vulnerable extensions.Vulnerable Magento ExtensionsY Multiple IndustriesCyber Crime>1Link
8523/10/2018?Ad PublishersGoogle removes the apps and blacklists the websites employed in a massive ad scam that made millions for fraudsters using bots trained to mimic human user behavior.BotsM Professional scientific and technical activitiesCyber Crime>1Link
8623/10/2018?Single individuals in the UK, Italy, and CanadaResearchers from ProofPoint reveal the details of a malicious campaign, carried out via a new PowerShell downloader dubbed sLoad, characterized by sophisticated reconnaissance features.Malware/PoS MalwareX IndividualCyber CrimeUK IT CALink
8723/10/2018?Jones Eye Clinic and Surgery Center40K users are affected by a ransomware attack, occurred on August 23, targeting Jones Eye Clinic and Surgery Center.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
8823/10/2018?Internet SolutionsInternet Solutions (IS) sends a notice to clients to warn them about a breach, and urges them to change their passwords and take additional steps to secure their servers. Later the company confirms that its internal monitoring systems have detected “irregular activity” on some of its virtual services.UnknownJ Information and communicationCyber CrimeZALink
8923/10/2018?Childrens Hospital of Philadelphia (CHOP)Childrens Hospital of Philadelphia (CHOP) notifies some of its current and former patients of two email incidents, both involving health information, occurred respectively on August 23, and September 6.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
9024/10/2018?Cathay PacificCathay Pacific announces to have discovered unauthorised access to some of its information system containing passenger data of up to 9.4 million people. The attack started in March and went undetected for some months.UnknownH Transportation and storageCyber CrimeHKLink
9124/10/2018?Android usersThe McAfee Mobile Research team identifies an active phishing campaign that traps users by sending an SMS to influence them on downloading and installing an Android malware app TimpDoor.Malware/PoS MalwareX IndividualCyber Crime>1Link
9225/10/2018NARWHAL SPIDERJapanese UsersResearchers from Crowdstrike uncover a new spam campaign carried out via the Cutwail botnet, targeting Japanese speaking victims, and using a mixture of malicious PowerShell and steganography to distribute the URLZone malware family (a.k.a. Bebloh).Malware/PoS MalwareX IndividualCyber CrimeJPLink
9325/10/2018?Exposed Docker Engine APIResearchers from Trend Micro discover an unknown attacker scanning for exposed Docker Engine APIs and utilizing them to deploy containers that download and execute a coin miner.MisconfigurationY Multiple IndustriesCyber Crime>1Link
9425/10/2018?Vulnerable Hadoop ClustersResearchers from Radware reveal the details of DemonBot, a botnet targeting Hadoop clusters to launch DDoS attacks.Hadoop VulnerabilityY Multiple IndustriesCyber Crime>1Link
9526/10/2018ChinaMultiple Targets in US and CanadaAn academic paper published by researchers from the US Naval War College and Tel Aviv University reveals that China Telecom has started abusing BGP hijacks after it entered into a pact with the US in September 2015 to stop all government-back cyber operations aimed at intellectual property theft.BGP HijackingY Multiple IndustriesCyber CrimeCA USLink
9626/10/2018IranFacebook users in the US and UKFacebook announces to have removed 82 Pages, Groups and accounts for coordinated inauthentic behavior that originated in Iran and targeted people in the US and UK.Social Network BotsX IndividualCyber WarfareUS UKLink
9727/10/2018?Bank IslamiKarachi-based Bank Islami acknowledges of suffering a security breach of its payment cards system but denies reports of having lost an alleged $6 million in what local press have called the biggest cyber-attack in the country's history.UnknownK Financial and insurance activitiesCyber CrimePKLink
9827/10/2018?Python users12 additional Python libraries uploaded on the official Python Package Index (PyPI) are found containing malicious code.Malware/PoS MalwareX IndividualCyber Crime>1Link
9928/10/2018?MapleChangeMapleChange, a Canadian crypto exchange, suffers a hack and looses all the funds (913 BTC, $6M worth), despite many accuse the exchange of attempting to stage an exit scam.VulnerabilityV FintechCyber CrimeCALink
10028/10/2018Anonymous70 Gabon Government WebsitesThe hacktivist group Anonymous takes down 70 Gabon government websites as part of its “anti-dictatorships” campaign.DDoSO Public administration, defence, compulsory social securityHacktivismGALink
10128/10/2018?Tomorrowland FestivalHackers breach computer security at the Tomorrowland festival organizers, and steal the data of 64,000 people who signed up for tickets for the 2004 edition.UnknownR Arts entertainment and recreationCyber CrimeBELink
10229/10/2018LulzSec ITA and AntiSec ITASeveral Italian UniversitiesIn name of Op #FifthOfNovember, the Italian branch of the Anonymous hacks several Italian Universities.SQLiP EducationHacktivismITLink
10329/10/2018?Mac UsersResearchers from Malwarebytes discover a malicious app, dubbed Coin Ticker, installing backdoor to unsuspecting Mac users for a purpose not completely clear.Malware/PoS MalwareX IndividualCyber Crime>1Link
10430/10/2018?FIFAFIFA acknowledges that its computer systems were hacked earlier in March, for the second time, and officials from European soccers governing body fear they also might have suffered a data breach.UnknownU Activities of extraterritorial organizations and bodiesCyber CrimeN/ALink
10530/10/2018?US VotersResearchers from Carbon Black reveal to have found 20 different state voter databases available for purchase on the dark web.UnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
10630/10/2018LulzSec ITA and AntiSec ITAWebsites affiliated to trade unionsIn the second day of Op #FifthOfNovember, LulzSec ITA and AntiSec ITA target some websites affiliated to trade unions.SQLiN Administrative and support service activitiesHacktivismITLink
10730/10/2018?UKs leading construction, architecture and property firmsOver 600,000 breached corporate log-ins belonging to staff at the UKs leading construction, architecture and property firms are found for sale on the dark web.Account HijackingC ManufacturingCyber CrimeUKLink
10830/10/2018?Mobile UsersA mobile malvertising campaign recently found targeting three digital advertising platforms has been using a malware, dubbed JuiceChecker-3PC, which checks a phones battery level as part of an unusual new technique for avoiding detection.Malware/PoS MalwareX IndividualCyber Crime>1Link
10931/10/2018?IranIranian infrastructure and strategic networks are allegedly hit by a computer virus similar to Stuxnet but “more violent, more advanced and more sophisticated,”Targeted AttackY Multiple IndustriesCyber WarfareIRLink
11031/10/2018?Multiple Targets using Cisco DevicesCisco reveals that attackers are actively exploiting CVE-2018-15454, a SIP vulnerability in the software of its firewall devices.Vulnerability (CVE-2018-15454)Y Multiple IndustriesCyber Crime>1Link
11131/10/2018?Radisson Hotel GroupThe hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme. The incident happened on September 11, but was identified only on October first.UnknownI Accommodation and food service activitiesCyber CrimeUS BELink
11231/10/2018?SIngle IndividualsSecurity researchers from Cisco reveal that two recent sextortion scam campaigns seem to rely on the Necurs botnet infrastructure to distribute the messages.Malicious SpamX IndividualCyber Crime>1Link
11331/10/2018LulzSec ITA and AntiSec ITAFederazione Italiana Medici Medicina Generale PisaThird day of Op #FifthOfNovember, and this time LulzSec ITA and AntiSec ITA deface a new target.DefacementQ Human health and social work activitiesHacktivismITLink
11431/10/2018?Single IndividualsAccording to a report from Kryptos Logic, the Emotet malware family has started mass-harvesting full email messages from infected victims in a new mysterious campaign.Malware/PoS MalwareX IndividualCyber Crime>1Link
11531/10/2018?NorthBay Healthcare CorporationNorthBay Healthcare Corporation suffers a data breach affecting the information of everyone who applied for a position within the organization between December 2012 and May 2018.UnknownQ Human health and social work activitiesCyber CrimeUSLink
11623/10/2018MoneyTakerRussian BanksResearchers from Group-IB discover a first massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team.Account HijackingK Financial and insurance activitiesCyber CrimeRULink
11702/11/2018?Mac users using the Exodus walletSecurity researchers at F-Secure uncover a spam campaign aimed at delivering spyware to Mac users that use the Exodus wallet.MalwareX IndividualCyber Crime>1Link
11814/11/2018SnakeMultiple targets in Germany, including: federal lawmakers, military facilities and German embassiesHackers suspected of ties to Russias government target Germany with a renewed cyber attack on political institutions, according to the countrys domestic intelligence agency, BfV.Targeted AttackY Multiple IndustriesCyber EspionageDELink
11914/11/2018?Vulnerable Linux ServersResearchers at Dr.Web discover a malicious Monero cryptominer specifically designed for Linux named Linux.BtcMine.174.DirtyCow (CVE-2016-5195) and Linux.Exploit.CVE-2013-2094 VulnerabilitiesY Multiple IndustriesCyber Crime>1Link
12016/11/2018SilenceRussian BanksResearchers from Group-IB discover a second massive phising campaign in disguise of the Central Bank of Russia and FinCERT, the Financial Sector Computer Emergency Response Team.Account HijackingK Financial and insurance activitiesCyber CrimeRULink
12116/11/2018?New York Oncology HematologyNew York Oncology Hematology notifies nearly 130,000 patients and employees that it was the victim of a phishing attack occurred between April 20 and April 27.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
12216/11/2018?OSIsoft LLCOSIsoft LLC discloses a security breach which affected its employees, consultants, interns, and contractors. The credential theft involves 29 computers and 135 accounts.Account HijackingJ Information and communicationCyber CrimeUSLink
12316/11/2018HadesMultiple targetsResearchers from Check Point discover a new spike of activity from Hades, the threat actor behind the Olympic Destroyer malware.Targeted AttackY Multiple IndustriesCyber Warfare>1Link
12416/11/2018?Center for Vitreo-Retinal DiseasesThe Center for Vitreo-Retinal Diseases in Illinois notifies more than 20,300 patients after a ransomware attack.MalwareQ Human health and social work activitiesCyber CrimeUSLink
12517/11/2018APT29 (aka The Dukes, Cozy Bear and Cozy Duke)U.S. government agencies, businesses and think tanksResearchers from Crowdstrike and FireEye uncover a malicious campaign, allegedly carried out by APT29, impersonating a State Department official, and targeting U.S. government agencies, businesses and think tanks.Targeted AttackY Multiple IndustriesCyber EspionageUSLink
12618/11/2018?Mékinac Regional County MunicipalityThe Quebec region of Mékinac pays a $30,000 Bitcoin ransom after its servers are hit by ransomware.MalwareO Public administration, defence, compulsory social securityCyber CrimeCALink
12718/11/2018TheDarkOverlordChannel Ship ServicesTheDarkOverlord claims to have hacked Channel Ship Services and have acquired personal data and information that can jeopardize maritime security.UnknownS Other service activitiesCyber CrimeUSLink
12819/11/2018Magecart GroupVisionDirectVisionDirect, a popular contact lens online merchant, posts an advisory stating that their web site was compromised causing the theft of credit card and account information. The breach occurred between November 3rd and November 8th.Malicious Script InjectionG Wholesale and retail tradeCyber CrimeUKLink
12919/11/2018?worldwish.orgUnknown attackers compromise worldwish.org, a website managed by a charitable organization, and implant the CoinIMP Javascript miner.Drupalgeddon 2 vulnerabilityU Activities of extraterritorial organizations and bodiesCyber CrimeN/ALink
13019/11/2018?Android usersMalware researcher Lukas Stefanko reveals that more than 560,000 users have been tricked into downloading malicious apps, which include a mix of luxury car and truck simulation apps.MalwareX IndividualCyber Crime>1Link
13119/11/2018?Vulnerable Drupal serversAccording to researchers from Imperva, hackers are targeting vulnerable Drupal servers via Dirty Cow and Drupalgeddon 2 to get a foothold in the attached sites.Drupalgeddon 2 and Dirty Cow vulnerabilityY Multiple IndustriesCyber Crime>1Link
13219/11/2018?East Tennessee State UniversityTwo employees at East Tennessee State University fall for an email phishing scam and pave the way for a breach at the school.Account HijackingP EducationCyber CrimeUSLink
13319/11/2018?Spotify customersResearchers from AppRiver discover a new phishing campaign targeting Spotify customers.Account HijackingX IndividualCyber Crime>1Link
13420/11/2018Sofacy, AKA APT28, AKA Fancy BearTargets in US and EuropeResearchers from Palo Alto Networks reveal the details of a new campaign carried out by the infamous APT28, AKA Fancy Bear, AKA Sofacy, via the Cannon malware.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
13520/11/2018Gamaredon groupUkrainian government agenciesThe Computer Emergency Response Team of Ukraine (CERT-UA) and the Foreign Intelligence Service of Ukraine detect a new strain of the Pterodo Windows backdoor targeting computers at Ukrainian government agencies.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUALink
13620/11/2018Two different criminal groupsBrazilian Website of UmbroResearchers from Malwarebytes reveal that two different groups compete to infect the Brazilian website of Umbro with the Magecart Card Skimming Group.Malicious Script InjectionG Wholesale and retail tradeCyber CrimeBRLink
13720/11/2018right9ctrlBitPay and CoPay usersa NodeJS package that is used by the CoPay and BitPay is poisoned by its latest administrator with a malicious code allowing an attacker to swipe Bitcoin from Bitpay and Copay wallets.Malicious Script InjectionX IndividualCyber Crime>1Link
13820/11/2018OceanLotus AKA APT32 AKA APT-C-00Multiple targets in Southeast AsiaResearchers from ESET discover a new watering hole campaign targeting 21 distinct websites in Southeast Asia carried out by OceanLotus.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
13920/11/2018Lazarus GroupLatin American financial institutionsResearchers from Trend Micro reveal that the advanced persistent threat group Lazarus has been observed using a modular backdoor to compromise a series of Latin American financial institutions.MalwareK Financial and insurance activitiesCyber Crime>1Link
14020/11/2018?Johannesburg-Lewiston Area Schools (JLAS)Johannesburg-Lewiston Area Schools (JLAS) falls victim to a ransomware attack.MalwareP EducationCyber CrimeUSLink
14120/11/2018?Vulnerable Wordpress sitesResearchers from WordFence reveal an ongoing campaign that utilizes the recently discovered vulnerabilities in the Wordpress AMP plugin to perform a XSS attack against the vulnerable WordPress sites.XSSY Multiple IndustriesCyber Crime>1Link
14220/11/2018?Multiple targetsResearchers from Cofense uncover a new Emotet-related campaign, carried out via elaborate phishing messages that spoof "a known and trusted organization."MalwareY Multiple IndustriesCyber Crime>1Link
14320/11/2018?Multiple targetsResearchers from Agari uncover a BEC campaign trying to leverage the California wildfires to defraud their victims.Account HijackingY Multiple IndustriesCyber CrimeUSLink
14421/11/2018?High Tail HallThe website of High Tail Hall, an adult video game is hacked, with the information of nearly half a million subscribers stolen. The breach occurred back in August.UnknownR Arts entertainment and recreationCyber CrimeUSLink
14521/11/2018?Vulnerable Linux ServersResearchers from Netscout Asert discover what they believe is the first variant of Mirai targeting vulnerable Linux servers (Hadoop YARN).Vulnerable Linux ServersY Multiple IndustriesCyber Crime>1Link
14623/11/2018?East Ohio Regional Hospital and Ohio Valley Medical CenterA ransomware attack hits computer systems at the East Ohio Regional Hospital and Ohio Valley Medical Center reportedly disrupting the hospitals' emergency rooms.MalwareQ Human health and social work activitiesCyber CrimeUSLink
14723/11/2018Nicholas TrugliaRobert RossIn his latest SIM swap hack, Nicholas Truglia steals $1M worth in crypto currencies from Robert Ross, a Silicon Valley executive.Account HijackingX IndividualCyber CrimeUSLink
14823/11/2018?Drakes Fortnite accountDrakes Fortnite account is hacked and joins a charity livestream, yelling bad words during the event.Account HijackingX IndividualCyber CrimeCALink
14923/11/2018?Knuddles.deFollowing a hack that resulted in leaking about 808,000 email addresses and over 1.8 million usernames and passwords, a social network website in Germany received a fine of EUR 20,000 from the Baden-Württemberg Data Protection Authority.UnknownJ Information and communicationCyber CrimeDELink
15023/11/2018?Single IndividualsIn two different analysis, researchers from Certego and Yoroi reveal the details of sLoad, a new malspam campaign hitting Italy.MalwareX IndividualCyber CrimeITLink
15126/11/2018?Android usersResearchers from analytics firm Kochava reveal that eight Android apps with a total of more than 2 billion downloads, have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars.MalwareX IndividualCyber Crime>1Link
15227/11/2018?Atrium HealthAtrium Health says that data of about 2.65 million patients including addresses, dates of birth and SSN may have been compromised in a breach at its third-party provider AccuDoc Solutions. The breach occurred between Sept. 22 and 29.UnknownQ Human health and social work activitiesCyber CrimeUSLink
15327/11/2018?Companies in Lebanon and the United Arab Emirates (UAE)Researchers from Cisco Talos discover DNSpionage, a new campaign targeting Lebanon and the United Arab Emirates (UAE) affecting .gov domains, as well as a private Lebanese airline company.Targeted AttackY Multiple IndustriesCyber EspionageUAE LBLink
15427/11/2018ScamClubiOS users in the USResearchers from Confiant uncover a massive malvertising campaign, targeting iOS users in the US, able to hijack over 300 million browser sessions over 48 hours.MalvertisingX IndividualCyber CrimeUSLink
15527/11/2018?Single IndividualsResearchers from Trend Micro discover a new worm, dubbed njRAT/Njw0rm, which spreads a modern variant of the remote access tool Bladabindi.MalwareX IndividualCyber Crime>1Link
15627/11/2018?Android usersResearchers from Trend Micro uncover seven malicious Android apps posing as voice messaging. The malware strain is dubbed AndroidOS_FraudBot.OPS.MalwareX IndividualCyber Crime>1Link
15727/11/2018?PratenOnline.nlAttackers manage to steal and hold for ransom 14,000 profiles and 16,000 chats from PratenOnline.nl, a website where young people with an anxiety and depression can chat anonymously with a professional.UnknownQ Human health and social work activitiesCyber CrimeNLLink
15828/11/2018?DellDell releases an update on its website acknowledging that it warded off a possible hack happened on November 9th. According to the company, it is possible some information was removed from Dells network.UnknownC ManufacturingCyber CrimeUSLink
15928/11/2018?Vulnerable devicesResearchers from Akamai discover a new variant of the UPnProxy vulnerability, named EternalSilence. The campaign has already compromised at least 45,000 routers.EternalBlue vulnerability (CVE-2017-0144)Y Multiple IndustriesCyber Crime>1Link
16028/11/2018?Targets primarily in China, India, Turkey, and the UAEResearchers from ForcePoint unveil a long-lasting campaign (since 2014) carried out via malicious AutoCAD files.MalwareY Multiple IndustriesCyber Espionage>1Link
16128/11/2018?Georgia Spine and Orthopaedics of AtlantaGeorgia Spine and Orthopaedics of Atlanta notifies 7,012 patients after a phishing attack occurred on July 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
16229/11/2018TA-505Multiple targetsResearchers from Morphisec reveal the details of "Pied Piper", a new wave of phishing attacks by TA-505, aimed to infect victims with the FlawedAmmyy and Remote Manipulator (RMS) RATs.Account HijackingY Multiple IndustriesCyber Crime>1Link
16329/11/2018?North and South KoreaResearchers from Palo Alto Networks uncover Fractured Block, a phishing campaign targeting the Korean peninsula, using a malicious dropper called CARROTBAT.Targeted AttackY Multiple IndustriesCyber EspionageKR HKLink
16429/11/2018?Dunkin DonutsDunkin Donuts informs some of its DD Perks program members that their account information may have been exposed through a credential stuffing attack. The incident was discovered on October 31, 2018Brute Force (Credential Stuffing)I Accommodation and food service activitiesCyber CrimeUSLink
16529/11/2018?Moscow Ropeway (MKD)One day after opening to the general public, Moscows first-ever cable car is forced to shut down after a reported ransomware cyberattack.MalwareH Transportation and storageCyber CrimeRULink
16629/11/2018Sofacy, AKA APT28, AKA Fancy BearMinistries of foreign affairs, political think-tanks, and defence organizations across Europe.Researchers from Accenture uncover a campaign carried out by the infamous APT28 threat actor, exploiting Brexit to deliver malware.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
16729/11/2018?Thundermist Health CenterRhode Islands Thundermist Health Center is hit by ransomware.MalwareQ Human health and social work activitiesCyber CrimeUSLink
16829/11/2018?Town of ChristiansburgThe information of 900 people of Christiansburg is compromised in a phishing scam.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
16930/11/2018?MarriottThe records of 500 million customers of the hotel group Marriott International are compromised. In particular the guest reservation database of its Starwood division has been compromised by an unauthorised party since 2014.UnknownI Accommodation and food service activitiesCyber CrimeUSLink
17030/11/2018TheHackerGiraffe50,000 printers across the GlobeNearly 50,000 printers across the globe are hacked by a hacker using the alias TheHackerGiraffe for the sake of promoting PewDiePies YouTube channel and encouraging users to subscribe to the channel.Printer misconfigurationX IndividualCyber Crime>1Link
17130/11/2018?Microsoft IIS and SQL serversResearchers from Check Point reveal the details of a new Monero miner called KingMiner, targeting Microsoft IIS and SQL Servers in particular, and running a brute-force attack to gain access.MalwareY Multiple IndustriesCyber Crime>1Link
17230/11/2018MuddyWaterTargets in TurkeySecurity researchers at Trend Micro discover a PowerShell-based backdoor, active in Turkey, which resembles a malware used by MuddyWater threat actor.Targeted AttackY Multiple IndustriesCyber EspionageTRLink
17330/11/2018Magecart GroupSotheby'sSotheby's Home website is the latest casualty of Magecart after a breach sees card-skimming code deployed by the cyber criminals.Malicious Script InjectionS Other service activitiesCyber CrimeUKLink
17430/11/2018?1-800-FLOWERSThe Canadian operations of 1-800-FLOWERS discloses a four-year data breach affecting customers who purchased goods on its website. An unauthorized actor gained access to customers payment card data from Aug. 15, 2014 through Sept. 15, 2018.UnknownG Wholesale and retail tradeCyber CrimeCALink
17530/11/2018?Ames Parking Ticket Payment SystemThe data breach to Click2Gov online payment system might have exposed information on 4,600 people who used Ames, Iowa, online ticket payment system between Aug. 10 to Nov. 19, 2018.MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
17630/11/2018?Technic ForumsTechnic Forums is compromised by an unknown third-party.Malicious Script InjectionR Arts entertainment and recreationCyber CrimeUSLink
17702/11/2018?ASI Computer SystemsASI Computer Systems notifies some of their customers after discovering that usernames and passwords on a support web site had been hacked prior to December 2016.Account HijackingJ Information and communicationCyber CrimeUSLink
17829/11/2018?Mind & MotionMind & Motion notifies 16,000 after a ransomware attack.MalwareQ Human health and social work activitiesCyber CrimeUSLink
17901/12/2018?Targets in ChinaOver 100,000 computers in China are infected in just a few days by 'WeChat Ransom' since the ransom is payable via Tencent's WeChat payment service.MalwareX IndividualCyber CrimeCNLink
18001/12/2018?Palermo CalcioThe Italian Football Team Palermo Calcio reveals to have suffered an intrusion with the consequent leak of fake news about the imminent sale of the team.UnknownS Other service activitiesCyber CrimeITLink
18103/12/2018Turla and APT28 (Sofacy or Fancy Bear)Czech Ministry of Foreign Affairs (MFA), Ministry of Defense, and the Army of the Czech RepublicThe Czech Security Intelligence Service (BIS) that two Russian-linked cyber-espionage groups have hacked into the Czech Republic's government networks during 2016 and 2017.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageCZLink
18203/12/2018?QuoraQuora announces that one of their systems was hacked on November 30, and has led to the exposure of approximately 100 million user's data to an unauthorized third-party.UnknownJ Information and communicationCyber CrimeUSLink
18303/12/2018MagecartOppoSuitsCustomers of Dutch clothing company OppoSuits are warned to monitor their credit card accounts after the firm discovers the Magecart malware planted on its website could have stolen the details of 7,000 customers.Malicious Script InjectionG Wholesale and retail tradeCyber CrimeNLLink
18403/12/2018?iOS UsersApple removes two malicious iOS apps (Fitness Balance and Calories Tracker) that tricked users into approving TouchID payments via misleading popups.MalwareX IndividualCyber Crime>1Link
18503/12/2018?Cancer Treatment Centers of AmericaCancer Treatment Centers of America notifies almost 42,000 patients of possible access to their protected health information after a phishing attack occurred on May 2 and discovered on September 26.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
18604/12/2018?NRCC (National Republican Congressional Committee)Politico reveals that the emails of top NRCC officials were hacked in a major 2018 hack occurred in April.Account HijackingO Public administration, defence, compulsory social securityCyber EspionageUSLink
18704/12/2018Russia?Ukraine Telecommunications NetworkThe Security Service of Ukraine (SBU) reveals to have stopped a “massive” cyberattack against the countrys telecommunications network, and blames the Kremlin for the attempted hack.Targeted AttackJ Information and communicationCyber WarfareUALink
18804/12/2018?BeatStarsBeatStars, a marketplace for selling music production beats, is mass-defaced.DefacementR Arts entertainment and recreationCyber CrimeUSLink
18904/12/2018?Humble BundleThe gaming subscription site Humble Bundle informs its customers of a data breach that may have exposed a persons subscription status.VulnerabilityR Arts entertainment and recreationCyber CrimeUSLink
19004/12/2018?Vulnerable MicroTik routersSecurity researchers discover over 415,000 MikroTik routers across the globe infected with malware designed to steal their computing power and secretly mine cryptocurrency.VulnerabilityY Multiple IndustriesCyber Crime>1Link
19104/12/2018?San Francisco State UniversityDozens of San Francisco State University student accounts are hacked in a phishing attack.Account HijackingP EducationCyber CrimeUSLink
19204/12/2018TheDarkOverlordCaribbean Island PropertiesCaribbean Island Properties is hacked by TheDarkOverlordUnknownL Real estate activitiesCyber CrimeBBLink
19304/12/2018TheDarkOverlordPrime Staff Inc.Prime Staff Inc. joins the list of the companies hacked by TheDarkOverlord. Thousands of employee's files are stolen.UnknownM Professional scientific and technical activitiesCyber CrimeUSLink
19405/12/2018?VertcoinThe blockchain of Vertcoin is under a 51% attack. The attack could have resulted in a theft of over $100,000.51% attackV FintechCyber CrimeN/ALink
19505/12/2018?Linux ServersResearchers from ESET details 21 "new" Linux malware families. All operate in the same manner, as trojanized versions of the OpenSSH client.MalwareY Multiple IndustriesCyber Crime>1Link
19605/12/2018?Wordpress sitesResearchers from Defiant reveal the details of a botnet composed of over 20,000 WordPress sites, attacking other WordPress sites. The botnet propagates itself via dictionary attacks.Dictionary attackY Multiple IndustriesCyber Crime>1Link
19705/12/2018State-sponsored actors from North KoreaUndisclosed academic institutionsResearchers from the ASERT Team of Netscout reveal the details of Stolen Pencil, a campaign allegedly originating from North Korea, targeting academic institutions since at least May 2018, using a malicious Google Chrome extensionTargeted AttackP EducationCyber Espionage>1Link
19805/12/2018Syrian Electronic ArmyMultiple TargetsResearchers from Lookout uncover the latest waves of attacks carried out by the Syrian Electronic Army via SilverHawk, a mobile malware delivered through rogue apps (WhatsApp and Telegram spreading via watering hole websites and phishing emails.Targeted AttackX IndividualCyber Espionage>1Link
19905/12/2018?High-profile online retail websitesResearchers from Symantec uncover a new payment information stealing campaign, using a new formjacking redirection method to compromise the checkout stage of high-profile online retail websites.FormjackingG Wholesale and retail tradeCyber Crime>1Link
20006/12/2018?Devices in Russia, South Korea, the UK, and the USResearchers from Anomali Labs discover a new malware, called “Linux Rabbit”, targeting Linux servers and IoT devices. The campaign utilizes two strains of malware that share the same code base called Linux Rabbit and “Rabbot”. The goal of this campaign is to install cryptocurrency miners.MalwareY Multiple IndustriesCyber Crime>1Link
20106/12/2018?Android usersResearchers from Sophos discover a group of 22 Android applications from the Google Play store, used in an advertising clickfraud scheme, faking genuine ad traffic by randomizing the device and User Agent information. The apps were installed more than 2 million times by Android device owners.MalwareX IndividualCyber Crime>1Link
20206/12/2018?Redwood Eye CenterThe Redwood Eye Center notifies 16,000 California residents their personal information may have been compromised when a company subcontractor (IT Lighthouse) suffered a ransomware attack on September 19.MalwareQ Human health and social work activitiesCyber CrimeUSLink
20306/12/2018TA505Retail, grocery, and restaurant chains in the USResearchers from Proofpoint discover a new campaign carried out by TA505, targeting almost exclusively retail, grocery, and restaurant chains. This campaign distributed tens of thousands of messages.MalwareG Wholesale and retail tradeCyber CrimeUSLink
20407/12/2018DarkVishnyaAt least eight banks in Eastern EuropeResearchers from Kaspersky reveal the details of DarkVishnya: Cyber-criminal gangs are believed to have stolen tens of millions of dollars from at least eight banks in Eastern Europe, leaving malicious devices connected to the bank's network.Malicious DevicesK Financial and insurance activitiesCyber Crime>1Link
20507/12/2018@kitlol5Linux.orgThe Linux.org website is defaced via a DNS hijack.DNS HijackJ Information and communicationCyber CrimeUSLink
20607/12/2018?Chrome usersExtraHop, a real-time IT analytics firm, detects malicious code hidden inside a Chrome estension called Postman, raising concerns about a possible about a possible industrial espionage campaign, being the extension able to collect browsing history.Malicious browser extensionY Multiple IndustriesCyber Espionage>1Link
20707/12/2018?City of TopekaAnother possible Click2Gov breach: Topekas third-party payment vendor is breached possibly exposing the personal information of about 10,000 residents.MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
20807/12/2018?Mac usersResearchers from Malwarebytes detect a fake Adobe piracy app (Adobe Zii) that infects Mac users with a one-two combination of the EmPyre backdoor/post-exploitation agent and the XMRig cryptominer. The malware is called OSX.DarthMiner.MalwareX IndividualCyber Crime>1Link
20907/12/2018?Multiple targets primarily in the United StatesResearchers from Proofpoint observe a new sextortion campaign involving thousands of messages sent to a variety of targets primarily in the United States. However the message contains a link that leads to a GandCrab infection.MalwareY Multiple IndustriesCyber Crime>1Link
21007/12/2018?Cape Cod Community CollegeThe Cape Cod Community College notifies its employees that Hackers stole more than $800,000 when they infiltrated the schools bank accounts.Account HijackingP EducationCyber CrimeUSLink
21109/12/2018?University of Maryland Medical SystemThe University of Maryland Medical System is hit by a ransomware attack, affecting about 250 of the systems 27,000 devices.MalwareQ Human health and social work activitiesCyber CrimeUSLink
21210/12/2018APT33SAIPEMItalian oil services company SAIPEM is hit by a new version of the Shamoon malware. The attack started in India and hit the servers in Saudi Arabia, the United Arab Emirates and Kuwait. Fingers are pointed to Iran.Targeted AttackD Electricity gas steam and air conditioning supplyCyber WarfareITLink
21310/12/2018Seedworm AKA MuddyWaterGovernment Agencies, Oil & Gas, NGOs, Telecoms, and IT FirmsResearchers from Symantec shed light on a recent series of cyber attacks carried out by the Seedworm (AKA MuddyWater) actor, designed to gather intelligence on targets spread primarily across the Middle East as well as in Europe and North America.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
21410/12/2018?Baylor Scott & White Medical CenterBaylor Scott & White Medical Center notifies approximately 47,000 patients or guarantors that their payment information, including partial credit card information, may have been subject to a computer intrusion to a third-party credit card processing system.UnknownQ Human health and social work activitiesCyber CrimeUSLink
21510/12/2018?North BendThe city of North Bend is hit by a ransomware attack which temporarily locks out city workers from their computers and databases.MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
21610/12/2018?Internet-exposed Ethereum wallets and mining equipmentBad Packets LLC reveals that a massive campaign is ongoing, scanning Internet-exposed Ethereum wallets and mining equipment with port 8545 exposed online.MisconfigurationX IndividualCyber Crime>1Link
21711/12/2018?Single targets in multiple sectorsResearchers from Cylance uncover a cybercriminal phishing operation lasting since three years, and designed to infect victims with a malicious backdoor, using command-and-control domains that intentionally spoofed the real-life domains of various Russian critical infrastructure firms.Targeted AttackX IndividualCyber Crime>1Link
21811/12/2018?PayPal UsersResearchers from ESET discover a new trojan capable of defeating the multifactor authentication required to access the official PayPal app.MalwareX IndividualCyber Crime>1Link
21911/12/2018?Governments of 30 countries, including Italy (52%), Portugal (22%) and Saudi Arabia (5%).Researchers at Group-IB discover 40,000 credentials for various global government websites and portals and believe they could have been sold on dark web forums or leveraged in attacks designed to steal money or sensitive data.Account HijackingO Public administration, defence, compulsory social securityCyber Crime>1Link
22011/12/2018?Ramsey County Social ServicesA cyber attack on the Ramsey County Social Services, occurred in August, may have comprised hundreds of clients private health information.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
22111/12/2018?Multiple TargetsResearchers from Netskope discover a new CapitalInstall malware strain distributed with the help of Microsoft Azure blob storage instances.MalwareY Multiple IndustriesCyber Crime>1Link
22211/12/2018?Home or small office routersResearchers from Trend Micro identify a new exploit kit named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF).DNS HijackY Multiple IndustriesCyber Crime>1Link
22312/12/2018?Multiple targets in the nuclear, defense, energy, and finance.Researchers from McAfee discover Operation Sharpshooter a new global campaign targeting nuclear, defense, energy, and financial companies.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
22412/12/2018?Ronin GalleryRonin Gallery notifies customers of payment card breach when unauthorized code is inserted in their web site able to capture customers data.Malicious Script InjectionR Arts entertainment and recreationCyber CrimeUSLink
22512/12/2018?AOS 77Former and current employees of AOS 77 in Washington County are made aware of a data breach in the school department's central office.UnknownP EducationCyber CrimeUSLink
22612/12/2018?Vulnerable Linux ServersResearchers from Trend Micro and ISC discover a malware campaign scanning the Internet for exploitable Elasticsearch instances running on Linux machines, aimed to drop a variant of the XMRig cryptocurrency miner.Vulnerabilities (CVE-2015-1427 and CVE-2014-3120)Y Multiple IndustriesCyber Crime>1Link
22713/12/2018?French Ministry of Europe, and Foreign Affairs (Ministère de lEurope et des Affaires étrangères)The personal information of 540,563 individuals is stolen from an emergency contact database after the website of the French Ministry of Europe, and Foreign Affairs is hacked.UnknownO Public administration, defence, compulsory social securityCyber CrimeFRLink
22813/12/2018?Schenectady CountySchenectady County, shuts down its government website after a cyberattack via malware.MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
22913/12/2018Charming KittyIndividuals involved in economic and military sanctions against the Islamic Republic of IranResearchers from Certfa unveil a new campaign carried out by the Charming Kitty targeting individuals involved in economic and military sanctions against the Islamic Republic of Iran.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
23013/12/2018?Save the ChildrenSave the Children reveals to have been hit last year with a business email compromise scam that cost the charity $1 million. The incident took place in May 2017.Account HijackingU Activities of extraterritorial organizations and bodiesCyber CrimeN/ALink
23113/12/2018?Brazilian mobile banking usersAccording to researchers from Doctor Web, more than 2,000 mobile banking users in Brazil have unknowingly downloaded an Android malware, dubbed Android.BankBot.495.origin, that controlled devices and stole their confidential data.MalwareK Financial and insurance activitiesCyber CrimeBRLink
23214/12/2018Hackers linked to ChinaContractors working for the US NavyAccording to a new report, classified military information including missile plans have been stolen from contractors working for the US Navy by hackers linked to China.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
23314/12/2018?Single IndividualsResearchers from Trend Micro discover a new malware strain, dubbed TROJAN.MSIL.BERBOMTHUM.AA, featuring a C&C service hidden into Twitter memes.MalwareX IndividualCyber Crime>1Link
23414/12/2018?Multiple targets including airline travel, retail, food, and entertainmentResearchers from Akamai publish a report on the “Three Questions Quiz” phishing campaign.Account HijackingY Multiple IndustriesCyber Crime>1Link
23514/12/2018?TivitBrazil-based IT services and business process outsourcing provider Tivit has data from many of its large customers leaked online, after nine members of staff have suffered a phishing attack.Account HijackingM Professional scientific and technical activitiesCyber CrimeBRLink
23607/12/2018?Titan Manufacturing and DistributingTitan Manufacturing and Distributing notifies consumers that its computer system had been compromised by malware during the period of November 23, 2017 to October 25, 2018.Malicious Script InjectionC ManufacturingCyber CrimeUSLink
23716/12/2018TheHackerGiraffe100 Internet-connected printers worldwideTheHackerGiraffe does it again, and this time, around 100,000 printers are hijacked, once again, to promote PewDiePies YouTube channel. This time the attacker claims that he is able to destroy the printers.Printer misconfigurationY Multiple IndustriesCyber Crime>1Link
23816/12/2018?Individual human right defenders spread across the Middle East and North Africa.Amnesty International identifies several campaigns of credentials phishing, likely operated by the same attackers, targeting hundreds of individuals spread across the Middle East and North Africa. Attackers were able to bypass Gmail, Yahoo 2FA.Account HijackingX IndividualCyber Espionage>1Link
23916/12/2018?CCRM Dallas-Fort WorthCCRM Dallas-Fort Worth becomes aware of a potential data security incident that may have resulted in the inadvertent exposure of patients personal and health information, after a former nurse's email account is hacked.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
24017/12/2018China and Saudi Arabia?Twitter usersTwitter shares fall seven percent after the social network giant reveals to have become aware of strange activity from China and Saudi Arabia, suggesting a possible state-sponsored attack, and involving one of its account help form APIs back on Nov. 15.Targeted AttackX IndividualCyber Espionage>1Link
24117/12/2018?The Wall Street Journals websiteThe Wall Street Journals website is defaced with a post containing a fake apology supporting YouTube megastar PewDiePie, previously accused of antisemitism by the same paper.DefacementJ Information and communicationCyber CrimeUSLink
24217/12/2018?University of Vermont Health Network Elizabethtown Community HospitalUniversity of Vermont Health Network Elizabethtown Community Hospital notifies 32,000 patients after an employees email account is accessed without authorization. The incident occurred on October 9, 2018,Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
24318/12/2018?NASANASA alerts its employees of a possible compromise of NASA servers containing personally identifiable information. The breach was discovered on October 23, and affects NASA Civil Service employees from July 2006 through October 2018.UnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
24418/12/2018?Click2GovAccording to a new report published by Gemini Advisory, in the wake of the Ckick2Gov breach, at least 294,929 payment records have been compromised in 46 U.S. cities and sold in the Dark Web.MalwareJ Information and communicationCyber CrimeUSLink
24518/12/2018?Barnes-Jewish Company HealthCareAt least 5,850 people are alerted about a possible breach of credit card information through Barnes-Jewish Company HealthCares online payment portal. The breach was discovered on Nov. 19 and involved the injection of malicious code into their website.Malicious Script InjectionQ Human health and social work activitiesCyber CrimeUSLink
24619/12/2018Chinese Strategic Support Force (SSF)European Diplomatic NetworkA report by Area 1 Security reveals that a successful phishing attack on the Ministry of Foreign Affairs of Cyprus, an EU member nation, compromised the diplomatic communication network for the European Union (COREU).Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
24719/12/2018?The Wellcome TrustThe Wellcome Trust reveals in its annual report, that the email of four senior executives was compromised and sensitive information monitored for several months.Account HijackingS Other service activitiesCyber EspionageUKLink
24819/12/2018?Financial sector employees in the U.S. and UKResearchers from Menlo Security uncover a new phishing campaign, targeting financial sector employees in the U.S. and UK with remote access trojan payloads (Houdini - aka H-Worm -, as well as jRAT and Qrat), stored on a Google Cloud Storage domain.Account HijackingK Financial and insurance activitiesCyber Crime>1Link
24919/12/2018?California Department of Consumer AffairsThe California Department of Consumer Affairs suffers a malware attack, affecting workstations and disrupting computer networks.MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
25019/12/2018?Hammer NutritionHammer Nutrition notifies customers after discovering a malicious script into their website as a consequence of the compromise of their third-party website provider.Malicious Script InjectionG Wholesale and retail tradeCyber CrimeUSLink
25119/12/2018?Steelite InternationalSteelite International discovers that hackers had encrypted its servers to cause "maximum disruption" to its payroll systems.MalwareC ManufacturingCyber CrimeUKLink
25219/12/2018Digital RevolutionKvant Scientific Research InstituteThe Digital Revolution group claims to have hacked the servers of Moscow-based Kvant Scientific Research Institute, and gathered evidence of a neural networks tool used to analyze activities on social networks.UnknownM Professional scientific and technical activitiesHacktivismRULink
25320/12/2018APT10 AKA Red Apollo, CVNX, Stone Panda, POTASSIUM, MenuPassNine MSPs worldwide including Hewlett Packard Enterprise and IBMHackers working on behalf of Chinas Ministry of State Security breached the networks of Hewlett Packard Enterprise Co and IBM, then used the access to hack into their clients computers in 12 countries including Brazil, Germany, India, Japan, the United Arab Emirates, Britain and the United States. The campaign is called Operation Cloudhopper.Targeted AttackN Administrative and support service activitiesCyber Espionage>1Link
25420/12/2018?Caribou CoffeeUS coffee store chain Caribou Coffee announces a security breach after it discovered unauthorized access of its point of sale (POS) systems. The breach was discovered on November 28, and the company listed 239 stores of its total 603 locations as impacted.Pos MalwareI Accommodation and food service activitiesCyber CrimeUSLink
25520/12/2018?Warby ParkerWarby Parker discloses that roughly 198,000 of its customers may have been affected by a credential stuffing attack targeting the eyeglass retail chain. The unauthorized activity started on Sept. 25 and continued through late November.Credential StuffingG Wholesale and retail tradeCyber CrimeUSLink
25620/12/2018?UK TaxpayersSecurity researchers warn of a new HMRC scam using a threatening automated message in a bid to trick taxpayers into paying a fine.Account HijackingX IndividualCyber CrimeUKLink
25720/12/2018?DrBenLynch.comDrBenLynch.com notifies customers of payment card compromise after detecting a code injection into their web site that captured order information placed between September 8 and October 2,Malicious Script InjectionG Wholesale and retail tradeCyber CrimeUSLink
25820/12/2018?The Podiatric Offices of Bobby YeeThe Podiatric Offices of Bobby Yee notifies 24,000 patients after ransomware attack.MalwareQ Human health and social work activitiesCyber CrimeUSLink
25921/12/2018?Electrum Bitcoin walletsA clever phishing attack targeting Electrum Bitcoin wallets results in the theft of more than $750,000 worth of cryptocurrency.Account HijackingV FintechCyber CrimeDELink
26021/12/2018?San Diego Unified School District (SDUSD)The San Diego Unified School District (SDUSD) reveals that PII of more than a half million students and staff were compromised as the result of a phishing attack that may have occurred as early as January 2018.Account HijackingP EducationCyber CrimeUSLink
26121/12/2018?Saint John online parking payment systemAnother consequence of the Click2Gov breach: the city of Saint John shuts down its online system used to pay parking tickets after discovering a data breach that could have exposed customer names, addresses and credit card information.MalwareO Public administration, defence, compulsory social securityCyber CrimeCALink
26221/12/2018?Victorian GovernmentThe work details of 30,000 Victorian public servants have been stolen in a data breach, after part of the Victorian Government directory was downloaded by an unknown party after an employee's email account is compromised.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeAULink
26321/12/2018?Over 45,000 Chinese websitesOver 45,000 Chinese websites are under attack after Chinese cyber-security firm VulnSpy posts a proof-of-concept exploit for ThinkPHP, a Chinese-made PHP framework. The attacks aims to spread a new Mirai variant called Miori.ThinkPHP VulnerabilityY Multiple IndustriesCyber CrimeCNLink
26423/12/2018?EvercoreThousands of sensitive documents have been stolen by hackers in a cyber-attack on the influential investment bank Evercore, after an employee in London falls victim of a phishing attack.Account HijackingK Financial and insurance activitiesCyber EspionageUKLink
26524/12/2018AnonymousSome Italian Public Healthcare OrganizationsIn name of #AntiSecIta, hackers from the Anonymous collective breach the database of some Italian healthcare organizations.SQLiO Public administration, defence, compulsory social securityHacktivismITLink
26624/12/2018?Hayley Atwell"Captain America" actress Hayley Atwell's nude photos are allegedly hacked and those behind it threatened to release the images, according to reports.Account HijackingX IndividualCyber CrimeUKLink
26724/12/2018?LiveBox ADSL modems from OrangeHoneypot systems at Bad Packets detect a scan targeting devices from Orange, trying to exploit a vulnerability that allows an attacker to retrieve their SSID and WiFi password in plaintext.Router VulnerabilityY Multiple IndustriesCyber Crime>1Link
26826/12/2018?News sites of Bulatlat, Kodao and Pinoy WeeklyThe news sites of Bulatlat, Kodao and Pinoy Weekly are taken down by a DDoS attack, after stories on the Communist Party of the Philippines 50th anniversary were posted.DDoSJ Information and communicationCyber CrimePHLink
26926/12/2018?Windows, Linux and MacOS serversBleeping computer reveals that a ransomware called JungleSec is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards since early November.MalwareY Multiple IndustriesCyber Crime>1Link
27026/12/2018?Netflix UsersThe Federal Trade Commission (FTC) warns consumers of a Netflix-based phishing scam that tells users they need to update their payment details.Account HijackingR Arts entertainment and recreationCyber Crime>1Link
27127/12/2018?Tribune Publishing's Southern CaliforniaA malware attack is suspected of preventing production of several newspapers, including the Wall Street Journal and Los Angeles Times. The suspected malware attack affected the computer systems at Tribune Publishing's Southern California printing plant. The Ryuk malware is suspected.MalwareJ Information and communicationCyber CrimeUSLink
27227/12/2018?Companies in the Italian automotive sectorResearchers at Cybaze-Yoroi ZLab reveal the details of Roma225, a campaign targeting companies in the Italian automotive sector.Targeted AttackC ManufacturingCyber EspionageITLink
27327/12/2018?BevMoAlcohol retailer BevMo discloses to the California Attorney Generals office that its website was breached, compromising the credit card data of nearly 15,000 customers: a “malicious code” placed on the checkout page, compromising data between Aug. 2 and Sept. 26.Malicious Script InjectionG Wholesale and retail tradeCyber CrimeUSLink
27428/12/2018South Korea?North Gyeongsang resettlement centreAlmost 1,000 North Korean defectors have their personal data leaked after a computer at the North Gyeongsang resettlement centre is hacked.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageKRLink
27528/12/2018?Family Physicians GroupFamily Physicians Group notifies more than 8,000 patients about a phishing attack on an employees email account. Patient data may have been exposed between Aug. 7 and Aug. 21, 2018, when the company discovered the attack.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
27628/12/2018?College of Eastern IdahoCollege of Eastern Idaho notifies a security incident discovered on September 5, 2018, when suspicious email activity was detected within an employees email account.Account HijackingP EducationCyber CrimeUSLink
27728/12/2018?Westminster CollegeWestminster College in Salt Lake City, Utah notifies people after eleven of their employees fell prey to phishing attacks.Account HijackingP EducationCyber CrimeUSLink
27828/12/2018?Several high profile Twitter accounts including Eamonn Holmes and Louis Theroux.Several high-profile Twitter accounts are briefly hijacked by a security company (Insinia Security) to expose alleged flaws in the service.Account HijackingX IndividualCyber CrimeUK IELink
27928/12/2018?Dental Center of Northwest OhioDental Center of Northwest Ohio reveals that a ransomware attack affecting its local third-party IT vendor (Arakyta) may have endangered personal data belonging to current and former patients and employees.MalwareQ Human health and social work activitiesCyber CrimeUSLink
28029/12/2018?Dataresolution.netCloud hosting provider Dataresolution.net struggles to bring its systems back online after suffering a Ryuk ransomware infestation on Christmas Eve.MalwareJ Information and communicationCyber CrimeUSLink
28129/12/2018?City of Lake CharlesCity of Lake Charles reports security breach of its information technology systemsUnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
28230/12/2018AnonymousItalian Trade Union of State Police Officers (silpcgil.it)Hackers from the Anonymous collective release the contact information of over 200 Italian police officers, including their full names and personal email addresses. Hackers also post the user login name and password of 26 website administrators.UnknownO Public administration, defence, compulsory social securityHacktivismITLink
28331/12/2018TheDarkOverlordSeveral insurance groups including Hiscox Syndicates Ltd, Lloyds of London, and Silverstein PropertiesTheDarkOverlord announces it had breached a law firm handling cases related to the September 11 attacks, and threatened to publicly release a large cache of related internal files unless their ransom demands were met. To provide evidence, the group publishes a link for a 10GB archive of files it allegedly stole.UnknownK Financial and insurance activitiesCyber Crime>1Link
28431/12/2018?Choice RehabilitationChoice Rehabilitation notifies patients after hack of corporate email account. The suspicious activity occurred from July 1, 2018 through September 30, 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
28501/01/2018?Faye Brookes2018 begins with a new round of Fappening leaks. This time the victim is Faye Brookes, whose explicit video is leaked on several video sharing websites.UnknownX IndividualCyber CrimeUKLink
28617/10/2018?Tallahassee Memorial HospitalTallahassee Memorial Hospital reports the information of job applicants who applied to the facility may be at risk after a breach at Jobscience, a recruiting firm it uses.UnknownQ Human health and social work activitiesCyber CrimeUSLink
28701/01/2018?Rockingham County SchoolsRockingham County Schools servers are compromised by the Emotet malware after an employee opens a phishing email.Malware/PoS MalwareP EducationCyber CrimeUSLink
28801/11/2018?AustalAustralian defence shipbuilder Austal is the victim of a data breach and an extortion attempt. The attackers gain access to ship designs and to some staff email addresses and mobile phone numbers. Fingers point to Iran.UnknownC ManufacturingCyber EspionageAULink
28902/01/2018AndarielUnnamed South Korean CompanyBloomberg reveals that a hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins, worth about $25,000 as of Dec. 29.UnknownZ UnknownCyber CrimeKRLink
29001/11/2018OutlawMultiple TargetsResearchers from Trend Micro uncover an operation of a hacking group dubbed “Outlaw” involving the use of an IRC bot built in Perl Shellbot.MalwareY Multiple IndustriesCyber Crime>1Link
29102/01/2018@0x55Taylorthefly.comA hacker using the twitter handle @0x55Taylor posts some screenshots of a breach affecting all users who registered at thefly.com a leading digital publisher of real-time financial news between 2006 and 2015. The leak contains the data of 100,000 individuals, and the credit card details of 27,000 among them.SQLi?J Information and communicationCyber CrimeUSLink
29201/11/2018LulzSec ITA and AntiSec ITASome Italian News WebsitesIn name of Op #FifthOfNovember, the Italian branch of the Anonymous hacks several news websites.SQLiJ Information and communicationHacktivismITLink
29303/01/2018?Uber UsersSymantec researchers discover a new malware strain, dubbed Android.Fakeapp, that sneakily spoofs Ubers Android app and harvests users passwords, allowing attackers to take over users accounts.Malware/PoS MalwareX IndividualCyber Crime>1Link
29401/11/2018?St. Francis Xavier UniversityCanadian St. Francis Xavier University shuts down the entire network following a cryptojacking attack which attempted to use its systems' computing power to mine for Bitcoin.MalwareP EducationCyber CrimeCALink
29503/01/2018?Android UsersResearchers from Trend Micro discover 36 apps on Google Play in disguise of security tools, but in reality able to secretly harvesting user data, tracking user location, and aggressively pushing advertisements.Malware/PoS MalwareX IndividualCyber Crime>1Link
29601/11/2018?Single IndividualsResearchers from trend Micro discover a new Trickbot module adding password stealing capabilities.MalwareX IndividualCyber Crime>1Link
29703/01/2018?City of FarmingtonThe city of Farmington is hit by a variant of the SamSam ransomware.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
29801/11/2018?Episcopal Health ServicesEpiscopal Health Services notifies patients after employee email accounts are hacked.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
29903/01/2018?Linux ServersResearchers at F5 discover a new Linux crypto-miner botnet dubbed PyCryptoMiner spreading over SSH. The Monero miner botnet is based on Python and leverages Pastebin as command and control server when the original C&C isnt available.Malware/PoS MalwareX IndividualCyber Crime>1Link
30002/11/2018?HSBCA data breach at HSBC Bank allows attackers to gain access to a limited amount of customer's information such as account numbers, balances, addresses, transaction history, and much more. The attack affects about 1% of U.S. accounts and occurred between October 4th, 2018 and October 14th, 2018.Credential StuffingK Financial and insurance activitiesCyber CrimeUSLink
30103/01/2018?Bank customers globallyResearchers from security company Quick Heal reveal the detail of Android.banker.A9480, an Android banking trojan targeting more than 232 banking apps of financial institutions globally.Malware/PoS MalwareX IndividualCyber Crime>1Link
30202/11/2018?Facebook UsersHackers appear to have compromised and published private messages from at least 81,000 Facebook users' accounts.Malicious Browser ExtensionsX IndividualCyber Crime>1Link
30303/01/2018?Big Line HolidayBig Line Holiday, a Hong Kong travel agency, reveals that hackers might have broken into its database a day before and gained possession of some of its customers personal information.Malware/PoS MalwareR Arts entertainment and recreationCyber CrimeHKLink
30402/11/2018AnonPlusSociety of Authors and PublishersAnonPlus hacks the website of the Italian Society of Authors and Publishers (SIAE) and leak 4Gb of data.SQLiR Arts entertainment and recreationHacktivismITLink
30504/01/2018?Ukrainian usersResearchers from Cisco Talos reveal that unknown attackers have compromised the official website of Ukrainian accounting software developer Crystal Finance Millennium to distribute a new variant of the malicious Zeus banking trojan. The compromised website hosts the payload retrieved by a dropper distributed via a spam campaign.Malware/PoS MalwareX IndividualCyber CrimeUALink
30602/11/2018?IngeropHackers access confidential documents about nuclear plants and prisons in a cyberattack on the French Ingerop and leak 65Gb of data. The attack occurred back in June.UnknownC ManufacturingCyber CrimeFRLink
30704/01/2018?City of Belle FourcheThe city of Belle Fourche is hit by a ransomware attack.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
30802/11/2018MagecartKitronikEducational electronics outlet Kitronik is the latest victim of the Magecart gang. The hack occurred between August and September.MalwareG Wholesale and retail tradeCyber CrimeUKLink
30904/01/2018?GoldjoyGoldjoy, another travel agency in Hong Kong, reveals that unauthorised parties accessed its customer database containing personal information such as names and ID card numbers, passport details and phone numbers, asking for a ransom.Malware/PoS MalwareR Arts entertainment and recreationCyber CrimeHKLink
31002/11/2018?Five GuysFive Guys notifies employees of data breach after an employee falls victim for a phishing attack.Account HijackingI Accommodation and food service activitiesCyber CrimeUSLink
31105/01/2018?Android UsersSecurity researchers from Check Point uncover LightsOut, a new mobile adware program hidden in 22 fake applications on the Google Play Store. According to the researchers, the apps were downloaded between 1.5 million and 7.5 million times.Malware/PoS MalwareX IndividualCyber Crime>1Link
31202/11/2018?Hobart's Henry Jones Art Hotel and Saffire FreycinetGuests of two Tasmania's luxury hotels are notified that their personal data may have been accessed by an unauthorised third party.Account HijackingI Accommodation and food service activitiesCyber CrimeAULink
31305/01/2018?RedditReddit confirms that one of its email providers, Mailgun, has been breached, resulting in the hacks of user profiles and their linked cryptocurrency accounts.Account HijackingJ Information and communicationCyber CrimeUSLink
31402/11/2018?Android UsersSecurity researchers reveal that two botnets, Fbot and Trinity, are fighting to take control over as many unsecured Android devices as they can to use their resources and mine cryptocurrency.MalwareX IndividualCyber Crime>1Link
31505/01/2018?BeautyblenderBeautyblender notifies 3,673 individuals that their information might have been compromised after the discovery of a malware on its online shop.Malware/PoS MalwareG Wholesale and retail tradeCyber CrimeUSLink
31603/11/2018?StatCounterResearchers from ESET reveal that attackers successfully breached StatCounter, a leading web analytics platform, inject a malicious bitcoin stealer script to compromise gate.ioMalicious Script InjectionV FintechCyber Crime>1Link
31705/01/2018?Oklahoma State University Center for Health Sciences (OSUCHS)Oklahoma State University Center for Health Sciences notifies an undisclosed number of affected patients of an unauthorized third party occurred on November 2017.UnknownQ Human health and social work activitiesCyber CrimeUSLink
31803/11/2018LulzSec ITA and AntiSec ITASome Local Government WebsitesIn name of Op #FifthOfNovember, the Italian branch of the Anonymous hacks some local government websites.SQLiO Public administration, defence, compulsory social securityHacktivismITLink
31905/01/2018@0x55TaylorCreditsevaAfter defacing it, @0x55Taylor manages to gain access to creditseva main website server and a copy of the s3 bucket credentials.UnknownK Financial and insurance activitiesCyber CrimeINLink
32003/11/2018LulzSec ITA and AntiSec ITAMultiple Italian targets.In the final round of their Op #FifthOfNovember, the Italian hacktivists dump multiple database from ministries, political parties, and other websites.SQLiY Multiple IndustriesHacktivismITLink
32105/01/2018The Dark OverlordColumbia Falls School District Number 6The Columbia Falls School District Number 6 in Montana, sends out letters to notify the breach occurred after the attack carried on by The Dark Overlord begun on September 1st, 2017.UnknownP EducationCyber CrimeUSLink
32205/11/2018?Twitter usersA widespread scam pretending to be from Elon Musk and utilizing a stream of hacked Twitter accounts and fake giveaway sites earns scammers over 28 bitcoins or approximately $180,000 in a single day.Fake Twitter AccountX IndividualCyber Crime>1Link
32306/01/2018?Olympic Games in South KoreaResearchers from McAfee uncover a campaign, dubbed Operation PowerShell Olympics, targeting organizations involved with next month's Games in South Korea, with the aim of controlling infected machines.Targeted AttackU Activities of extraterritorial organizations and bodiesCyber EspionageKRLink
32405/11/2018?Facebook and Instagram Users30 Facebook accounts and 85 Instagram profiles have been removed by Facebook following suspicions of "coordinated inauthentic behavior"Social Network BotX IndividualCyber Crime>1Link
32506/01/2018?BlackBerry Mobile SiteThe Blackberry Mobile site is hacked exploiting a vulnerability of Magento. The attackers install a Monero miner using the Coinhive library.Magento VulnerabilityJ Information and communicationCyber CrimeCALink
32605/11/2018?www.myidentifiers.comAfter unauthorized charges are done with cards used on www.myidentifiers.com, a site responsible for issuing ISBNs, an investigation reveals that unauthorized code was added to the checkout page affecting transactions between May 1 and October 23.Malicious Script InjectionR Arts entertainment and recreationCyber CrimeUSLink
32706/01/2018?Florida's Agency for Health Care Administration (FAHCA)A phishing attack on an employee at Florida's Agency for Health Care Administration (discovered in November 20, 2017) results in the exposure of sensitive information on 30,000 Medicaid patients.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
32805/11/2018IranIsraelIran indirectly blames Israel for a series of attempted cyber attacks that it says targeted its communication infrastructure over the last few days.Targeted AttackJ Information and communicationCyber WarfareIRLink
32907/01/2018?CVE 2017-10271 Vulnerable MachinesA report published by the SANS Technology Institute reveals that attackers are exploiting a critical Oracle WebLogic flaw (CVE 2017-10271) to inject Monero cryptocurrency miners on victims machines.Malware/PoS MalwareX IndividualCyber Crime>1Link
33005/11/2018?Telegram and Instagram users in IranResearchers from Cisco Talos reveal the details of Persian Stalker, a wave of campaigns against Telegram and Instagram users in Iran, leveraging the hijack of traffic through the BGP protocol.BGP HijackingX IndividualCyber EspionageIRLink
33108/01/2018?Health South-East RHFHealth South-East RHF, a healthcare organization that manages hospitals in Norway's southeast region, announces a security breach. A hacker or hacker group might have stolen healthcare data for more than half of Norway's population. (over 2.9 million individuals)UnknownQ Human health and social work activitiesCyber CrimeNOLink
33205/11/2018?EZECOM SINET Telcotech DigiSeveral of Cambodia's biggest internet service providers (EZECOM, SINET, Telcotech, and Digi) are hit by large-scale DDoS attacks.DDoSJ Information and communicationCyber CrimeKHLink
33308/01/2018?Single IndividualsAlien Vault reveals to have found malware that appears to install code for mining Monero cryptocurrency, sending any mined coins to a server at a North Korean university.Malware/PoS MalwareX IndividualCyber Crime>1Link
33405/11/2018Pathé Twitter AccountThe official account of Pathé, the worlds second oldest operating film company and Europes second largest studio, has been hacked to spread malicious Bitcoin giveaway links.Account HijackingR Arts entertainment and recreationCyber CrimeFRLink
33508/01/2018?Onco360Onco360 notifies a phishing incident involving an employees email account and affecting potentially 53,000 users.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
33606/11/2018?MegacableMegacable notifies its users of a cyber attack.UnknownJ Information and communicationCyber CrimeMXLink
33708/01/2018?Caremed Specialty PharmacyCaremed Specially Pharmacy is victim of the same event affecting Onco360Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
33806/11/2018?Twitter account of Indias National Disaster Management Authority (NDMA)The Twitter account of Indias National Disaster Management Authority (NDMA) is hijacked to promote fake bitcoins giveaways.Account HijackingO Public administration, defence, compulsory social securityCyber Crime>1Link
33909/01/2018TurlaEmbassies and consulates in East EuropeResearchers from ESET unveil the details of a new operation carried on by the Turla cyber espionage group, targeting embassies and consulates in East Europe using a fake Adobe Flash updater.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
34007/11/2018?Vulnerable Home RoutersResearchers from Qihoo 360s Netlab discover a massive botnet BCMUPnP_Hunter infecting 100,000 home routers worldwide.UPnP VulnerabilityY Multiple IndustriesCyber Crime>1Link
34109/01/2018?Android UsersResearchers at Trend Micro find in the Google Play Store the first Android malware designed to steal information, carry out click ad fraud, and sign users up to premium SMS services without their permission, written using the Kotlin programming language.Malware/PoS MalwareX IndividualCyber Crime>1Link
34207/11/2018?Bankers LifeBankers Life notifies more than 566,000 individuals after the hack of some employees email results in a breach of PHI. The breach occurred between May 30 and September 13, 2018.Account HijackingK Financial and insurance activitiesCyber CrimeUSLink
34309/01/2018?Single IndividualsMalwarebytes reveal the details of a RIG exploit campaign distributing malware coin miners delivered via drive-by download attacks from malvertising, exploiting the RIG Exploit Kit.MalvertisingX IndividualCyber Crime>1Link
34407/11/2018?Spanish banks usersResearchers from Trend Micro discover a malicious app called Movil Secure, claiming to be connected to Banco Bilbao Vizcaya Argentaria (BBVA).MalwareK Financial and insurance activitiesCyber CrimeESLink
34510/01/2018Pawn Storm AKA Fancy Bear AKA APT28International Olympic CommitteeAPT28 AKA Pawn Storm AKA Fancy Bear publish a set of apparently stolen emails purportedly belong to officials from the International Olympic Committee, the United States Olympic Committee, and third-party groups associated with the organizations.UnknownU Activities of extraterritorial organizations and bodiesCyber CrimeN/ALink
34607/11/2018ErwinchoMobile WorldA hacker dubbed Erwincho leaks a file containing more than 5.4 million email addresses and 31,000 bank card numbers (six digits covered), claiming they belong to clients of Mobile World.UnknownJ Information and communicationCyber CrimeVNLink
34710/01/2018?Android UsersResearchers from Symantec discover a fake Telegram (Teligram) app on the Google Play Store that claims to be a new, updated version of the popular encrypted messenger app, but whose real purpose is to distribute malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
34808/11/2018?Banking Customers in BrazilResearchers from Cisco Talos identify two ongoing malware distribution campaigns used to infect victims with banking trojans, specifically financial institutions' customers in Brazil.MalwareK Financial and insurance activitiesCyber CrimeBRLink
34910/01/2018?Russian Bank CustomersResearchers at Trend Micro discover a new mobile malware that primarily targets Russian banking customers, taking over victims' SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, The malware is dubbed FakeBank.Malware/PoS MalwareX IndividualCyber CrimeCCLink
35008/11/2018?Vulnerable ColdFusion ServersResearchers from Volexity discover a new campaign carried out by a suspected Chinese APT group aimed to exploit vulnerable ColdFusion servers (CVE-2018-15961) to upload the China Chopper webshell.CVE-2018-15961 VulnerabilityY Multiple IndustriesCyber Crime>1Link
35110/01/2018?Netflix UsersNetflix users are warned to avoid clicking on any suspicious email links after a phishing scam is uncovered by security firm Mailguard, which security experts say is designed to steal credit card details.Account HijackingX IndividualCyber Crime>1Link
35208/11/2018?Vulnerable Wordpress SitesResearchers from Wordfence discover a vulnerability in the popular plugin WP GDPR Compliance (more than 100,000 installs), exploited in the wild.Wordpress plugin vulnerabilityY Multiple IndustriesCyber Crime>1Link
35311/01/2018?Unpatched Windows and Linux serversResearchers from Check Point and Certego reveals the details of a new campaign distributing a malware dubbed RubyMiner, turning outdated web servers into Monero miners.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
35408/11/2018?Media Prima BhdMedia Prima Bhd is hit by a ransomware attack and asked to pay a ransom of 1,000 bitcoinsMalwareJ Information and communicationCyber CrimeMYLink
35511/01/2018?German UsersGerman authorities warn about phishing emails trying to take advantage of the Spectre and Meltdown vulnerabilities, promising fake patches and distributing the Smoke Loader malware.Malware/PoS MalwareX IndividualCyber CrimeDELink
35608/11/2018?Altus Baytown Hospital (ABH)Altus Baytown Hospital (ABH) is hit by a Dharma ransomware attack on September 3, 2018, with a lot of documents containing patient info being encrypted and the attackers requesting a ransom to unlock the hospital's data.MalwareQ Human health and social work activitiesCyber CrimeUSLink
35711/01/2018?Apple Mac usersPatrick Wardle, a security researcher, discovers OSX MaMi, a new, undetectable strain of malware affecting Apple Macs that can hijack a device's DNS settings and steal victims' personal data.Malware/PoS MalwareX IndividualCyber Crime>1Link
35808/11/2018?Linux ServersResearchers from Trend Micro discover a cryptocurrency-mining malware dubbed Coinminer.Linux.KORKERDS.AB affecting Linux systems, bundled with a rootkit component (Rootkit.Linux.KORKERDS.AA) to make it hidden.MalwareY Multiple IndustriesCyber Crime>1Link
35911/01/2018?North Korean defectorsResearchers at McAfee unveil the details of operation Sun Team, a campaign targeting North Korean defectors, along with those who help them, which aims to infect their devices with trojan malware for the purposes of spying on them.Malware/PoS MalwareX IndividualCyber EspionageKPLink
36008/11/2018?Southwest Washington Regional Surgery CenterSouthwest Washington Regional Surgery Center notifies 2,393 patients after phishing attack exposed their PHI.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
36111/01/2018?Adams Health NetworkAdams Health Network, which runs Adams Memorial Hospital, confirms that a ransomware attack targeted some of its computer servers.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
36209/11/2018?Florida's Department of HealthFlorida's Department of Health issues a notice of data breach detailing the compromise of an employee's Microsoft Outlook 365 account. The breach occurred between October 8 October 16, 2018.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
36312/01/2018Pawn Storm AKA Fancy Bear AKA APT28US SenateResearchers from Trend Micro reveal that the state sponsored hackers behind APT28 (AKA Pawn Storm AKA Fancy Bear) targeted the US Senate in mid-2017).Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
36409/11/2018?SIngle IndividualsResearchers from ESET discover a new spam campaign carried out via the Emotet banking trojan.MalwareX IndividualCyber Crime>1Link
36512/01/2018?Hancock Regional HospitalThe Hancock Regional Hospital, in the state of Indiana, confirms to be running on pen and paper following a SAMSAM ransomware attack, which hit the day prior. The hospital eventually pays up hackers $55,000 to restore control.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
36609/11/2018?Metrocare ServicesMetrocare Services notifies 1,804 patients after some employees email is hacked. The incident occurred on September 4, 2018.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
36712/01/2018?Android UsersResearchers from Check Point reveals the details of 'AdultSwine', a malware displays pornographic advertising on Android applications, found in 60 gaming apps on Google Play and downloaded between three and seven million times.Malware/PoS MalwareX IndividualCyber Crime>1Link
36809/11/2018?Huntsville HospitalHuntsville Hospital also reports the information of job applicants who applied to the facility may be at risk after the breach at Jobscience.UnknownQ Human health and social work activitiesCyber CrimeUSLink
36913/01/2018?New Zealand FootballNew Zealand Football says it is investigating a potential hack of its official website after a fake news article popped up "announcing" the resignation of its CEO Andy Martin.DefacementR Arts entertainment and recreationCyber CrimeNZLink
37009/11/2018?LPL FinancialLPL Financial sends a notification about a third-party hack involving Capital Forensics, Inc.UnknownK Financial and insurance activitiesCyber CrimeUSLink
37113/01/2018?BlackWalletAn unidentified thief reportedly steals more than $400,000 in Stellar lumens after hacking the digital wallet provider BlackWallet.DNS HijackingV FintechCyber CrimeDELink
37209/11/2018?Chesapeake Public SchoolsA malware received via phishing emails take down the systems of Chesapeake Public Schools.MalwareP EducationCyber CrimeUSLink
37314/01/2018?Devices powered by ARC CPUsResearchers from infosec group Malware Must Die discover a new variant of the Mirai botnet capable of infecting devices powered by ARC CPUs. The botnet is dubbed "Okiru", which means "wake up" in Japanese.Malware/PoS MalwareX IndividualCyber Crime>1Link
37410/11/2018?May Eye CareMay Eye Care notifies 30,000 patients after ransomware incident.MalwareQ Human health and social work activitiesCyber CrimeUSLink
37514/01/2018Ayyıldız TimSyed Akbaruddin's Twitter Account @AkbaruddinIndiaThe verified Twitter account of Syed Akbaruddin. India's top diplomat to the United Nations, is briefly taken over by suspected Turkish hackers.Account HijackingX IndividualHacktivismINLink
37612/11/2018?Android UsersResearcher Lukas Stefanko discovers a malware available on Google Play for download for almost a year, with over 5,000 installs.MalwareX IndividualCyber Crime>1Link
37714/01/2018Ayyıldız TimBorge Brende's Twitter Account @borgebrendeThe same hackers also manage to hijack the verified account of Borge Brende, the president of the World Economic Forum and former minister of foreign affairs for Norway.Account HijackingX IndividualHacktivismNOLink
37812/11/2018?Single IndividualsResearchers from McAfee reveal the details of WebCobra, a new Russian cryptojacking malware.MalwareX IndividualCyber Crime>1Link
37915/01/2018?OnePlusChinese smartphone manufacturer OnePlus launches an investigation after a number of customers who used its website to purchase products complain of attempted fraud. Few days after (January 19) the company confirms to have been hacked via a malicious script injected into its website, potentially compromising the payment card details of up to 40,000 customers.Malicious ScriptC ManufacturingCyber CrimeCNLink
38012/11/2018White Company (state sponsored actor)Pakistan Air ForceCylance uncover a sophisticated state-sponsored campaign, tracked as Operation Shaheen, against the Pakistan Air Force, carried out by a nation-state actor tracked as the White Company.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionagePKLink
38115/01/2018?Chrome UsersSecurity researchers from ICEBRG find four malicious Chrome extensions available in the Chrome store, laced with suspicious code, and infecting more than 500,000 users across the globe, including workstations within major organizations.Malicious Browser ExtensionX IndividualCyber Crime>1Link
38212/11/2018?Multiple Twitter AccountsScammers hijack other verified Twitter accounts to promote fake cryptocurrency giveaway links. The victims include: the Australian branch of Capgemini, the Consulate General of India in Germany, California state senator Ben Allen, and Israeli politician Rachel Azaria.Account HijackingY Multiple IndustriesCyber Crime>1Link
38315/01/2018?Financial Organizations in Latin AmericaResearchers from Trend Micro spot a new variant of the KillDisk disk-wiping malware targeting companies in the financial sector in Latin America.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
38412/11/2018?Health First, Inc.Health First, Inc. notifies 42,000 patients after a phishing incident.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
38512/01/2018?Monticello Central Strict DistrictMonticello Central School District warns of a sophisticated e-mail phishing attack occurred on November 1st, 2017. Potentially 2,598 individuals are affected.Account HijackingP EducationCyber CrimeUSLink
38612/11/2018?Midlands State UniversityMidlands State University is forced to postpone its Student Representative Council Elections after hackers breach the security system.UnknownP EducationCyber CrimeZWLink
38716/01/2018Group 123Multiple targets mainly in South KoreaResearchers from Cisco Talos reveal the details of the malicious activities of Group 123, a malicious actor linked to North Korea, author of at least six malicious campaigns focused on South Korean targets.Targeted AttackY Multiple IndustriesCyber EspionageKRLink
38813/11/2018?G Suite Twitter AccountGoogles official G Suite Twitter account, which has more than 800,000 followers, is the latest victim of an increasingly widespread Bitcoin scam.Account HijackingJ Information and communicationCyber CrimeUSLink
38916/01/2018?Several Italian IndividualsResearchers from Kaspersky Lab reveal the details of Skygofree, an Android malware, reminiscent of the Hacking Team surveillance malware, targeting some Italian individuals.Malware/PoS MalwareX IndividualCyber EspionageITLink
39013/11/2018TEMP.PeriscopeUK Engineering CompanyResearchers from Recorded Future reveal the details of a spear phishing campaign carried out by the Chinese TEMP.Periscope group against a UK based engineering company, leveraging Russian APT Techniques.Targeted AttackC ManufacturingCyber EspionageUKLink
39116/01/2018Ayyıldız TimEric Bolling (@ericbollingTR) and Greta Van Susteren (@greta) Twitter accountsFormer Fox News hosts Eric Bolling and Greta Van Susteren appear to have their Twitter accounts hijacked by a group of suspected Turkish hackers dubbed Ayyıldız Tim.Account HijackingX IndividualCyber CrimeUSLink
39213/11/2018?Users in Spain and FranceResearchers from enSilo discover DarkGate, a sophisticated password stealer with multiple resilience and evasion capabilities.MalwareX IndividualCyber CrimeES FRLink
39316/01/2018?Several cryptocurrency exchanges such as Coinlink.According to the security firm Recorded Future, the notorious North Korean hacking outfit Lazarus Group is behind cyberattacks that targeted South Korean cryptocurrency exchanges and users towards the end of 2017, security researchers have found. However Coinlink denies the claims.Account HijackingV FintechCyber Crime>1Link
39413/11/2018?Target Twitter AccountTargets Twitter account is hacked and its feed used to trick unsuspecting consumers into giving away cryptocurrency.Account HijackingG Wholesale and retail tradeCyber CrimeUSLink
39516/01/2018?Singing River Health SystemUnknown attackers try to break into the Singing River Health Systems network.UnknownQ Human health and social work activitiesCyber CrimeUSLink
39613/11/2018?Android UsersResearcher Lukas Stefanko discover four additional malicious Android apps camouflaged as fake cryptocurrency wallets.MalwareX IndividualCyber Crime>1Link
39717/01/2018?Bank Customers in the UK, France and AustraliaSecurity researchers at Forcepoint reveal a new improved version of the financial malware Dridex, targeting victims in the UK, France and Australia and using compromised FTP websites in phishing campaigns.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
39814/11/2018APT29 AKA Cozy BearMultiple Target in the USMultiple security companies including Crowdstrike and FireEye reveal a new spear phishing campaign carried out by APT29 (after one year of silence) targeting multiple sectors in the U.S.Targeted AttackY Multiple IndustriesCyber EspionageUSLink
39917/01/2018?Several telecommunications, insurance and financial service firms.Researchers from security firm FireEye reveal a new spam campaign delivering the Zyklon HTTP malware, and exploiting three relatively new Microsoft Office vulnerabilities. The attackers are targeting telecommunications, insurance and financial service firms. The malware comes with a variety of features, like password stealing, keylogging, DDoS and crypto mining.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
40014/11/2018?Midlands Regional Hospital in TullamoreMidlands Regional Hospital in Tullamore is hit by a ransomware attackMalwareQ Human health and social work activitiesCyber CrimeIELink
40117/01/2018?Claymore mining rigsA new variant of the Satori botnet springs back to life, targeting Claymore mining rigs, and replacing the device owner's mining credentials with the attacker's own.Malware/PoS MalwareV FintechCyber Crime>1Link
40214/11/2018?Italian certified email accountsUnknown hackers gain access to thousands of Italian certified email accounts, including those of magistrates and security officials.Targeted AttackO Public administration, defence, compulsory social securityCyber CrimeITLink
40317/01/2018?Single IndividualsNecurs, the world's largest spam botnet, is back on track, sending millions of spam emails that push an obscure cryptocurrency named Swisscoin, used for Multi-Level-Marketing (MLM) Ponzi scheme.Malware/PoS MalwareX IndividualCyber Crime>1Link
40414/11/2018MagecartInfowars' online storeA Magecart credit card skimming attack is discovered on the online store for the Infowars web site.MalwareR Arts entertainment and recreationCyber CrimeUSLink
40518/01/2018Dark CaracalVictims inside governments, militaries, utility companies, financial institutions, manufacturing companies and defense contractors in 21 different countriesSecurity researchers from digital rights organization Electronic Frontier Foundation and security firm Lookout reveal a long lasting campaign allegedly carried on by attackers tied to the Lebanese government, able to steal hundreds of gigabytes from thousands of victims all over the world. The group is dubbed Dark Caracal.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
40614/11/2018?Targets in Middle EastSecurity researchers from Kaspersky reveal that the CVE-2018-8589 Windows zero-day vulnerability addressed by Microsoft November 2018 Patch Tuesday has been exploited by an APT group in targeted attacks against entities in the Middle East.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
40718/01/2018?Android UsersGoogle removes 53 apps from the official Play Store because they were spreading a new breed of Android malware named GhostTeam, active since April 2017, that could steal Facebook credentials and push ads to infected phones.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
40815/11/2018TA505Single IndividualsResearchers from Proofpoint reveal a new campaign by the prolific actor TA505 aimed to deliver a new remote access trojan dubbed tRAT to victims in order to create a backdoor into PCs to steal credentials and banking information.MalwareX IndividualCyber Crime>1Link
40918/01/2018?AllscriptsA ransomware attack takes down some of the applications used by Allscripts.Malware/PoS MalwareJ Information and communicationCyber CrimeUSLink
41015/11/2018?HealthEquityn intruder accesses the email accounts of two HealthEquity members, exposing protected health information (PHI)/personally identifiable information (PII) of 20,906 subscribers. The breach dates back to September and October, and was discovered on October 5th.Account HijackingK Financial and insurance activitiesCyber Crime>1Link
41118/01/2018?Questar AssessmentA data breach at the company that develops New York States third-through-eighth grade reading and math tests allows an unauthorized user to access information about 52 students. Also students in another state are affected, but the company does not provide further details.UnknownJ Information and communicationCyber CrimeUSLink
41215/11/2018?Multiple targetsResearchers from CenturyLink reveal a new waves of attacks carried out via the Mylobot botnet.MalwareY Multiple IndustriesCyber Crime>1Link
41319/01/2018?IOTAMalicious websites used to generate password details for the fintech network IOTA (online seed generators) are reportedly to blame for the theft of nearly $4m (£2.9m) from users' digital wallets.Account HijackingV FintechCyber Crime>1Link
41415/11/2018?Family Tree Relief NurserySome 2,000 clients of Albany-based nonprofit Family Tree Relief Nursery are notified of a ransomware attack occurred between June and August.MalwareQ Human health and social work activitiesCyber CrimeUSLink
41519/01/2018?Electronic Gas StationsRussian authorities identify a distributed malware campaign targeting electronic gas stations using software programs at the pumps. Dozens of gas stations have been attacked with customers paying more for fuel (around 3 to 7% increment per gallon).Malware/PoS MalwareD Electricity gas steam and air conditioning supplyCyber CrimeRULink
41615/11/2018?Misconfigured Docker servicesResearchers at Juniper Networks discover that cybercriminals are currently taking advantage of misconfigured Docker services to add their own containers that run a Monero mining script.MisconfigurationsY Multiple IndustriesCyber Crime>1Link
41719/01/2018?Westminster Ingleside King Farm Presbyterian Retirement CommunitiesWestminster Ingleside King Farm Presbyterian Retirement Communities notifies 5,228 Residents of a malware attack occurred on November 21, 2017Malware/PoS MalwareP EducationCyber CrimeUSLink
41815/11/2018?Daniels HostingHackers compromise Daniels Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites.PHP 0-Day VulnerabilityJ Information and communicationCyber CrimeN/ALink
41919/01/2018?Charlotte Housing Authority341 employees of the Charlotte Housing Authority have their W-2 forms compromised after scammers sent CHA staffers an e-mail pretending to be from CEO.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
42015/11/2018Silence and MoneyTakerRussian Financial InstitutionsGroup-IB identifies two major phishing campaigns targeting Russian financial institutions with emails purporting to come from the country's central bank and financial cybersecurity authorities.Account HijackingK Financial and insurance activitiesCyber CrimeRULink
42121/01/2018?Android UsersSecurity researchers at Russian cybersecurity company Dr.Web discover a dangerous Android malware hidden in several gaming apps on Play store stealing personal data from users by conducting phishing attacks. The malware is dubbed Android.RemoteCode.127.origin and has been downloaded more than 4,000,000 times.Malware/PoS MalwareX IndividualCyber Crime>1Link
42222/01/2018?Fire and Fury ReadersResearchers spot a copy of Michael Wolffs book Fire and Fury infected with malware.Malware/PoS MalwareX IndividualCyber CrimeUSLink
42322/01/2018Ayyıldız TimDavid Clarke Jr. Twitter AccountThe Turkish Cyber Army hacking group strikes again and hijacks the Twitter account of vocal Donald Trump supporter and ex-Milwaukee County Sheriff David Clarke Jr.Account HijackingX IndividualCyber CrimeUSLink
42422/01/2018?Charissa ThompsonFox Sports host Charissa Thompson is the latest celebrity whose nude photos are stolen by hackers and then published online as part of The Fappening scandal.Account HijackingX IndividualCyber CrimeUSLink
42522/01/2018?Apache ServersResearchers from Trend Micro report a significant increase in the use of Apache Struts (CVE-2017-5638) and DotNetNuke (CVE-2017-9822) vulnerabilities to implant Monero miners.Apache Struts VulnerabilitiesY Multiple IndustriesCyber Crime>1Link
42623/01/2018?Bell CanadaPolice are investigating a new data breach at Bell Canada (the second in eight months), which says hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses of up to 100,000 users.UnknownJ Information and communicationCyber CrimeCALink
42723/01/2018?MetrolinxOntario transit agency Metrolinx says it was the target of a cyberattack that originated in North Korea, but no personal information was compromised.UnknownH Transportation and storageCyber EspionageCALink
42823/01/2018?220,000 Malaysian organ donors.Another data breach in Malaysia. A technology forum publishes details of a trove of data which includes the personal information of more than 220,000 organ donors.UnknownQ Human health and social work activitiesCyber CrimeMYLink
42923/01/2018Nexus ZetaIoT Devices WorldwideAccording to a new report by Newsky Security, the author of the infamous Satori IoT botnet has created two new variants of the predecessor Mirai, called Masuta and PureMasuta.Malware/PoS MalwareX IndividualCyber Crime>1Link
43023/01/2018?Turkish Defense ContractorsAccording to RiskIQ, an unknown actor purporting to be from the tax collection arm of the Turkish government is carrying out spear-phishing campaigns against Turkish defense contractors, using a RAT called Remcos.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageTRLink
43123/01/2018?Twitter UsersResearchers from Malwarebytes reveal a fresh malware campaign spreading via a spamming Twitter accounts.Malware/PoS MalwareX IndividualCyber Crime>1Link
43223/01/2018?National Stores, Inc.National Stores, Inc. announces that it has been the victim of a malware attack, enabling unauthorized parties to access payment card information. It appears that payment cards used by customers at some National Stores locations between July 16 and December 11, 2017 may be involved.Malware/PoS MalwareG Wholesale and retail tradeCyber CrimeUSLink
43323/01/2018?Unnamed company in GreenbayUnknown hackers use a known vulnerability to get into a companys computer system, stealing personal information from human resources files, and then using that to steal what police call “significant amounts” of money from several people.Undisclosed vulnerabilityZ UnknownCyber CrimeUSLink
43424/01/2018?Single IndividualsResearchers from Sucuri reveal a new campaign targeting more than 2,000 compromised websites and aimed to both mine Monero and stealing the users credentials.Malicious Script InjectionX IndividualCyber Crime>1Link
43524/01/2018?Harris CountyHarrys County lose almost $900K in a phishing scam. The attack dates back to September 2017.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
43624/01/2018?Victims based primarily in Thailand, Vietnam and EgyptResearchers from Palo Alto Networks discover A newly discover a malicious URL redirection campaign that infects users with the XMRig Monero cryptocurrency miner. The campaign has already victimized users between 15 and 30 million times.MalvertisingX IndividualCyber Crime>1Link
43724/01/2018?IoT Devices WorldwideBitdefender researchers uncover an emerging IoT botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot is dubbed Hide 'N Seek (HNS)Malware/PoS MalwareX IndividualCyber Crime>1Link
43824/01/2018?5 universities, 23 private companies and several government organizations.Security researchers from Comodo spot a new strain of sophisticated malware, dubbed Lebal, targeting a number of high-profile entities, including five universities, 23 private companies and several government organizations.Targeted AttackY Multiple IndustriesCyber Crime>1Link
43925/01/2018?Single IndividualsResearchers from Crowdstrike discover a new strain of malware that uses the National Security Agency's EternalBlue exploit to hijack computers and secretly mine cryptocurrency. The malware is dubbed WannaMine.Malware/PoS MalwareX IndividualCyber Crime>1Link
44025/01/2018?Single IndividualsA new ransomware called MoneroPay is discovered that tries to take advantage of the cryptocurrency craze by spreading itself as a wallet for a fake coin called SpriteCoin.Malware/PoS MalwareX IndividualCyber Crime>1Link
44125/01/2018OilRig8 Middle Eastern government organizations, as well as one financial and one educational institution.Researchers from Palo Alto Networks reveal a new operation of the Iran-linked cyber-espionage group tracked as OilRig, carried on using a backdoor dubbed RGDoor to target Internet Information Services (IIS) Web servers.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
44226/01/2018?Financial Organizations in Latin AmericaNCR sends an advisory to its customers saying it had received reports from the Secret Service and other sources about jackpotting attacks against ATMs in the United States. Sources say the malware behind the attack is Ploutus.D.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeUSLink
44326/01/2018?YouTube UsersYouTube is caught displaying ads that covertly use visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers.Malicious Script InjectionX IndividualCyber Crime>1Link
44426/01/2018?CoincheckJapanese cryptocurrency exchange Coincheck confirms that some $524 million worth of digital coins (a cryptocurrency called NEM) has been stolen—likely making it the largest single hack on an exchange.UnknownV FintechCyber CrimeJPLink
44526/01/2018?Users in the Middle EastSecurity researchers from Palo Alto Networks detect a fresh wave of attacks targeting users in the Middle East. Attackers use Arabic language documents related to current political events to download and run malicious malware. The campaign is called 'TopHat' and makes use of a malware dubbed 'Scote'.Targeted AttackX IndividualCyber Espionage>1Link
44626/01/2018?Chrome UsersTrend Micro publishes a list of malicious Chrome extensions making use of a recently discovered technique called "Session Replay" attack.Malicious ExtensionX IndividualCyber Crime>1Link
44726/01/2018?phpBBAn unknown attacker compromises download links for the phpBB forum software, according to a statement released today by the phpBB development team.UnknownJ Information and communicationCyber CrimeN/ALink
44827/01/2018?ABN AmbroABN Ambro is the victim of a sustained DDoS attack. The wave of cyberattacks comes just days after local media reported that Dutch intelligence agency AIVD spied on Russia-linked hacker group Cozy Bear, also known as APT29, as early as 2014.DDoSK Financial and insurance activitiesCyber WarfareNLLink
44927/01/2018?INGDuring the same weekend, also ING is targeted.DDoSK Financial and insurance activitiesCyber WarfareNLLink
45028/01/2018?ExpertyA hacker tricks Experty ICO participants into sending Ethereum funds to the wrong wallet address. He is able to do this by sending emails with a fake pre-ICO sale announcement to Experty users who signed up for notifications. The bounty amounts to $150,000 worth of Ethereum.Account HijackingV FintechCyber CrimeCHLink
45128/01/2018?Ontario Progressive Conservative PartyThe Ontario Progressive Conservative Partys internal database is locked up by a ransomware attack in early November. The incident is first being acknowledged now.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeCALink
45229/01/2018?RabobankRabobank is the third of the big Dutch banks to be targeted by a DDoS attack.DDoSK Financial and insurance activitiesCyber WarfareNLLink
45329/01/2018?Dutch tax authorityThe Dutch Tax Authority is also taken down by a DDoS attack.DDoSO Public administration, defence, compulsory social securityCyber WarfareNLLink
45429/01/2018?DigIDThe Dutch official online signature system DigID is also reportedly hit by the same wave of DDoS attacks.DDoSO Public administration, defence, compulsory social securityCyber WarfareNLLink
45529/01/2018Suspected malicious actor tied to PakistanAndroid Users in IndiaSecurity researchers from Trend Micro unveil the details o a cyber espionage campaign targeting Android users in India, using the PoriewSpy and Droid.jack malware.Malware/PoS MalwareX IndividualCyber EspionageINLink
45629/01/2018?Ransomware victimsThe operators of at least one Tor proxy service are caught replacing Bitcoin addresses on ransomware payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators. In this way the victims are damaged twice.Tor Traffic HijackingX IndividualCyber Crime>1Link
45729/01/2018?Chester County School DistrictChester County School District posts on its Facebook page that ransomware hit the districts servers over the weekend.Malware/PoS MalwareP EducationCyber CrimeUSLink
45830/01/2018?Ukrainian IndividualsResearchers from Palo Alto Networks uncovered a two-year-old cyber espionage campaign that's been infecting Ukrainians with either a newly discovered remote access tool called Vermin or the more established Quasar RAT.Targeted AttackX IndividualCyber EspionageUALink
45930/01/2018?ABN AmbroABN Ambro is targeted by a new DDoS attack. Now the fingers are pointed to Russia.DDoSK Financial and insurance activitiesCyber CrimeRULink
46030/01/2018?INGAnd during the same wave of DDoS attacks, also ING is targeted (once again).DDoSK Financial and insurance activitiesCyber CrimeRULink
46130/01/2018?Single IndividualsSecurity researchers from Malwarebytes uncover a new strain of ransomware called GandCrab that is being distributed through two separate exploit kits: the RIG EK and GrandSoft EK.Malware/PoS MalwareX IndividualCyber Crime>1Link
46230/01/2018?Spartanburg Public LibraryThe Spartanburg Public Library system is shut down after it is hit with a ransomware attack.Malware/PoS MalwareP EducationCyber CrimeRULink
46331/01/2018?More than 526,000 infected Windows hostsResearchers from Proofpoint reveal the details of the Smominru botnet. A Monero miner, active since May 2017, exploiting the Eternal Blue (CVE-2017-0144) and EsteemAudit (CVE-2017-0176) vulnerabilities to spread.Malware/PoS MalwareX IndividualCyber Crime>1Link
46431/01/2018?Users participating to the ICO of the Bee Token Crypto CurrencyUsers who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) are tricked into sending the money to scammers instead. The attackers steal nearly $1M worth of cryptocurrency.Account HijackingV FintechCyber CrimeUSLink
46531/01/2018?GoGetCar-sharing company GoGet discloses a major data breach seven months after it was first detected in June 2017 as the alleged hacker is arrested by Australian police this week. In an email sent to customers, the firm says its IT team identified "unauthorised activity" on its system on 27 June last year and immediately launched a full internal investigation.UnknownH Transportation and storageCyber CrimeAULink
46631/01/2018?Firefox UsersA Firefox extension called Image Previewer is discovered, injecting a Monero in-browser miner into Firefox. While we have seen numerous Chrome.Malicious ExtensionX IndividualCyber Crime>1Link
46731/01/2018North KoreaSouth KoreaSouth Koreas Internet & Security Agency (KISA) warns of a Flash zero-day vulnerability (CVE-2018-4878) reportedly exploited in attacks by North Koreas hackers.Targeted AttackX IndividualCyber EspionageKRLink
46801/02/2018?Single IndividualsThe FBI warns hackers have been impersonating a federal online crime complaint portal to trick victims into divulging their personal and sensitive information in a new phishing scam.Account HijackingX IndividualCyber Crime>1Link
46901/02/2018Iron TigerInstitutions in the government, technology, education and telecommunications sector in Asia and the US.Security researchers from BitDefender discover a custom-built piece of malware wreaking havoc in Asia for several months that could signal the return of the notorious Chinese hacker group - Iron Tiger. The campaign is called Operation PZChao, and has been targeting institutions in the government, technology, education and telecommunications sector in Asia and the US.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
47001/02/2018?Google Chrome UsersSecurity researchers from Trend Micro uncover 89 malicious Google Chrome extensions on the official Chrome store that can inject ads, code to secretly mine cryptocurrency, and load a tool to record and replay a person's browsing activities. According to researchers, this collection of extensions affected over 423,000 users and was used to form a new botnet called "Droidclub."Malware/PoS MalwareX IndividualCyber Crime>1Link
47101/02/2018?IoT DevicesResearchers from cyber-security firm Radware discover a new IoT DDoS botnet, built by San Calvicie, an operator of a gaming server rental business. The botnet is called JenX. The botnets borrows parts of different other IoT botnets (for instance CVE-2014-8361 and CVE-201717215).VulnerabilityX IndividualCyber Crime>1Link
47201/02/2018?City of Pittsburg in KansasThe City of Pittsburg in Kansas reveals to have been subjected to a sophisticated phishing scheme targeting employee payroll data. The attack results in the release of sensitive information for current and former city employees who received a W-2 for the 2017 fiscal year.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
47301/02/2018?HORNE LLPHORNE LLP notifies an incident affecting the security of protected health information of certain Forrest General Hospital patients. On November 1, 2017, the company discovered that the email account of one of its employees was sending phishing emails.Account HijackingK Financial and insurance activitiesCyber CrimeUSLink
47401/02/2018?City of BataviaThe city of Batavia reports employees personal and financial information was compromised through an email phishing of W-2 tax forms. The information includes names, social security numbers, addresses and earnings.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
47501/02/2018?Kinetics SystemsKinetics Systems falls victim of a phishing attack. The personal information of 11 residents of New Hampshire, including their W-2 forms, is compromised.Account HijackingC ManufacturingCyber CrimeUSLink
47601/02/2018?Purchase Line School DistrictThe Purchase Line School District is the victim of a email spoofing attack by an individual pretending to be a school district employee.Account HijackingP EducationCyber CrimeUSLink
47701/02/2018?Coastal Cape Fear Eye AssociatesCoastal Cape Fear Eye Associates notifies HHS of a ransomware incident that impacted 925 patients.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
47801/02/2018?AperioAperio informs of a data breach that occurred when two employees email accounts were compromised by successful phishing attacks that resulted in auto-forwarding email from those accounts to two external accounts.Account HijackingK Financial and insurance activitiesCyber CrimeUSLink
47902/02/2018?Redis and OrientDB serversResearchers from Qihoo 360 discover a new Monero-mining botnet targeting Redis and OrientDB servers, infecting nearly 4,400 servers and able to mine over $925,000 worth of Monero since March 2017. The botnet, called DDG, targets Redis servers via a credentials dictionary brute-force attack; and OrientDB databases by exploiting the CVE-2017-11467 remote code execution.Brute Force/Remote Code Execution VulnerabilityX IndividualCyber Crime>1Link
48002/02/2018?Mac UsersResearchers from Malwarebytes reveal that the MacUpdate site has been hacked to distribute the OSX.CreativeUpdate Monero miner via maliciously-modified copies of the Firefox, OnyX, and Deeper applications.Malware/PoS MalwareX IndividualCyber Crime>1Link
48102/02/2018?Rons Pharmacy ServicesRons Pharmacy Services notifies certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Rons Pharmacy internal account numbers, and payment adjustment information, after an employee email account was compromised in October 2017.Account HijackingG Wholesale and retail tradeCyber CrimeUSLink
48203/02/2018?Android UsersResearchers from Qihoo 360 discover an additional botnet, targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency. The botnet targets port 5555, which on devices running the Android OS is the port used by the operating system's native Android Debug Bridge (ADB). The malware is dubbed ADB.Miner.Malware/PoS MalwareX IndividualCyber Crime>1Link
48304/02/2018?Reddit UsersSecurity Researcher Alec Muffett discovers a clone of the popular social news aggregation and discussion site Reddit on the reddit.co domain.Account HijackingX IndividualCyber Crime>1Link
48404/02/2018?City of KeokukThe City of Keokuk says a data breach resulted in the release of personal information of current and former city employees and elected leaders. An unauthorized party was able to obtain 2017 W-2 tax forms through the use of a “criminal phishing email.”Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
48505/02/2018?Waldo CountyA phishing attack compromised the information of 100 Waldo County employeesAccount HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
48605/02/2018?City of KeokukThe city of Keokuk has disclosed that a cybercriminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
48705/02/2018?Partners HealthCare SystemPartners HealthCare System reveals to have discovered a malware attack, occurred in May, 2017 that may have exposed 2,600 patients information.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
48805/02/2018?University of Northern ColoradoThe private information of 12 University of Northern Colorado employees is compromised lafter an “unknown person or group” accessed their profiles on Ursa, UNCs online portal.UnknownP EducationCyber CrimeUSLink
48906/02/2018Hidden Cobra, aka Lazarus GroupMultiple TargetsThe Department of Homeland Security (DHS) and FBI jointly release two new reports analyzing trojan malware attributed to Hidden Cobra, aka Lazarus Group -- a threat actor widely believed to be sponsored by the North Korean government. The two malware packages, referred to as HARDRAIN and BADCALL, can install a remote access tool (RAT) payload on Android devices, and force infected Windows systems to act as a proxy server.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
49006/02/2018AnonPlusItalian Democratic Party (PD)The AnonPlus hacker group says they have hacked the Florence branch of the Italian centre-left Democratic Party (PD) and leaked data regarding leader Matteo Renzi online.UnknownU Activities of extraterritorial organizations and bodiesHacktivismITLink
49106/02/2018AnonPlusProvince of MilanThe same hackers also claim to have hacked the website of Provincia di Milano (Province of Milan) in Italy.SQLiO Public administration, defence, compulsory social securityHacktivismITLink
49207/02/2018?SwisscomSwisscom, the biggest telecom company in Switzerland, suffers a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. The breach dates back to Autumn 2017 and the data accessed includes the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers.Account HijackingJ Information and communicationCyber CrimeCHLink
49307/02/2018?The Sacramento BeeThe Sacramento Bee deletes two databases hosted by a third party after a ransomware attack exposed the voter records of 19.5 million California voters and 53,000 current and former subscribers to the newspaper.Malware/PoS MalwareJ Information and communicationCyber CrimeUSLink
49407/02/2018?Nova PoshtaPersonal data of 500,000 Nova Poshta clients, the largest private delivery company in Ukraine, is allegedly leaked to dark web.UnknownS Other service activitiesCyber CrimeUALink
49507/02/2018?City of EnumclawThe city of Enumclaw accidentally sends an email to an "individual pretending to be a member of City administration" and compromises the W-2s of hundreds of employees.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
49607/02/2018?Twitter UsersOnline scammers have made over $5,000 worth of Ethereum in one night alone, creating fake Twitter profiles for real-world celebrities and spamming the social network with messages tricking users to participate in "giveaways."Fake Twitter AccountsX IndividualCyber Crime>1Link
49707/02/2018?Targets in Middle EastResearchers from Cisco Talos reveal the details of a campaign targeted against entities with an interest in the geopolitical context of the region.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
49807/02/2018?Business WirePress release network Business Wire admits suffering an ongoing Distributed Denial of Service (DDoS) attack lasting a week.DDoSJ Information and communicationCyber CrimeUSLink
49907/02/2018?Smith DentalSmith Dental notifies of a ransomware attack affecting 1,500 patients.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
50008/02/2018?Undisclosed Water Utility CompanyResearchers from Radiflow discover the first example of a malware attacking the operational network of a water utility company in order to mine the Monero cryptocurrency,Malware/PoS MalwareE Water supply, sewerage waste management, and remediation activitiesCyber CrimeN/ALink
50108/02/2018?Decatur County General HospitalDecatur County General Hospital in Parsons, Tenn., publicly discloses that an unauthorized party accessed the server for its electronic medical record system and secretly implanted cryptomining malware.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
50208/02/2018?Single IndividualsResearchers from Trend Micro reveal the details of a malicious spam campaign aimed to distribute the Loki malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
50308/02/2018?Mikaela HooverThe Fappening scandal continues even in 2018, and Guardians of the Galaxy actress Mikaela Hoover appears to be the most recent victim.Account HijackingX IndividualCyber CrimeUSLink
50408/02/2018?Multiple TargetsResearchers from ForcePoint discover a new strain of point-of-sale (PoS) malware that disguises itself as a LogMeIn service pack and steals payment card information through a DNS server.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
50508/02/2018?Cisco ASA UsersFive days after details about a vulnerability in Cisco ASA software (CVE-2018-0101) becomes public, Cisco reveals to be "aware of attempted malicious use of the vulnerability."Cisco ASA VulnerabilityY Multiple IndustriesCyber Crime>1Link
50608/02/2018?Single IndividualsA new malspam campaign is underway, installing the GandCrab ransomware on a victim's computer. This is done through a series of malicious documents that ultimately install the ransomware via a PowerShell script.Malware/PoS MalwareX IndividualCyber Crime>1Link
50709/02/2018?Single IndividualsA new ransomware is discovered called Black Ruby. The ransomware encrypts the files on a computer, scrambles the file name, and then appends the BlackRuby extension. To make matters worse, Black Ruby also installs a Monero miner. The malware only encrypts computer not from Iran.Malware/PoS MalwareX IndividualCyber Crime>1Link
50810/02/2018Vietnamese HackerNewtek Business Services Corp.,Newtek Business Services Corp., a Web services conglomerate that operates more than 100,000 business Web sites and some 40,000 managed technology accounts, has several of its core domain names stolen over the weekend.DNS HijackingJ Information and communicationCyber CrimeUSLink
50910/02/2018?BitGrailItalian cryptocurrency exchange BitGrail reports a loss of 17 million Nano, valued at over $170 million at the time of the hack. However, conflicting reports surface with some believing the exchange to be insolvent for a number of months.UnknownV FintechCyber CrimeITLink
51011/02/2018?Pyeongchang Winter OlympicsPyeongchang Winter Olympics organizers confirm that the Games had fallen victim to a cyber attack during Fridays opening ceremony, but they refused to reveal the source. Researchers from Cisco Talos call the malware Olympic Destroyer and confirm that the only purpose is to disrupt systems.Targeted AttackU Activities of extraterritorial organizations and bodiesCyber WarfareKRLink
51111/02/2018?4,275 sites4,275 sites are injected with an in-browser Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, is compromised. The list of the affected sites includes government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk.Malicious ScriptY Multiple IndustriesCyber Crime>1Link
51212/02/2018?Wordpress WebsitesTwo malicious plug-ins are recently discovered by Sucuri, injecting obfuscated JavaScript into WordPress websites, in order to generate advertisements that appear if a visitor clicks anywhere on the page.Wordpress Malicious PluginsX IndividualCyber Crime>1Link
51312/02/2018?Android UsersMalwarebytes researchers detect a series of attacks that began around November 2017 in which millions of Android devices were targeted redirecting to a specifically designed page performing in-browser cryptomining of Monero virtual currency.Drive-ByX IndividualCyber Crime>1Link
51412/02/2018Hidden Cobra, aka Lazarus GroupBitcoin users and global financial organizations.Researchers from McAfee discover an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. The campaign is dubbed HaoBao and targets Bitcoin users and global financial organizations.Targeted AttackK Financial and insurance activitiesCyber Crime>1Link
51512/02/2018?Single IndividualsA new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service.Malware/PoS MalwareX IndividualCyber Crime>1Link
51612/02/2018?Single IndividualsResearchers from IBM's X-Force reveal the details of a new campaign leveraging the Necurs botnet to send Valentines Day-themed spam emails. The campaign reaches over 230 million spam messages within a matter of two weeks.Malware/PoS MalwareX IndividualCyber Crime>1Link
51712/02/2018?Idaho Transportation Department (ITD)A hack of two email accounts at the Idaho Transportation Department (ITD) potentially exposes the personal information of commercial truckers whose rigs are registered in Idaho, including Social Security and credit card numbers. About 114 individuals are notified.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
51812/02/2018?EntergyEntergy notifies employees of a W-2 breach involving the TALX portal (a wholly-owned subsidiary of Equifax). The breach involves 2016 W-2 data.UnknownD Electricity gas steam and air conditioning supplyCyber CrimeUSLink
51913/02/2018?Telegram UsersResearchers from Kaspersky reveal that malware authors have used a zero-day vulnerability in the Windows client for the Telegram instant messaging service to infect users with cryptocurrency mining malware (Monero, Zcash, and Fantomcoin primarily).Zero-Day Vulnerability in TelegramX IndividualCyber Crime>1Link
52013/02/2018?Android UsersResearchers from Trend Micro detect a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits. The AndroRAT targets CVE-2015-1805, a publicly disclosed vulnerability in 2016.Malware/PoS MalwareX IndividualCyber Crime>1Link
52113/02/2018?Military personnel and businessmen, among others, in various South Asian countriesValentine's Day is approaching, and researchers from Trend Micro reveal that criminals from the Confucius gang are targeting military personnel and businessmen, among others, in various South Asian countries, persuading them into downloading malware hidden in chat apps.Targeted AttackX IndividualCyber Espionage>1Link
52213/02/2018?Vulnerable FirewallsResearchers from NewSky Security discover a new IoT botnet, dubbed DoubleDoor, exploiting CVE-20157755 and CVE-201610401 to bypass respectively Juniper and Zyxel firewalls.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
52313/02/2018?Advertisement Screen in LondonAnd the last victim of the cryptocurrency frenzy is an advertisement screen in London that is infected by a miner.Malware/PoS MalwareZ UnknownCyber CrimeUKLink
52414/02/2018?Staybridge Suites Lexington HotelThe Staybridge Suites Lexington Hotel is hit with what appears to be a point of sales data breach that occurred when several devices at the hotel were hit with malware.Malware/PoS MalwareR Arts entertainment and recreationCyber CrimeUSLink
52514/02/2018?Single IndividualsResearchers from Trustwave reveal a new multi-stage email word attack, exploiting CVE-2017-11882, but not making use of any macro.Malware/PoS MalwareX IndividualCyber Crime>1Link
52614/02/2018?Single IndividualsA Ukrainian cybercrime operation has made an estimated $50 million by using Google AdWords to lure users on Bitcoin phishing sites. The operation is temporarily disrupted by the Ukrainian cyber police, acting on information received from Cisco's Talos security division. The campaign is dubbed Coinhoarder.SEO PoisoningX IndividualCyber Crime>1Link
52714/02/2018?Bitmessage usersMaintainers of the Bitmessage P2P encrypted communications protocol have released a fix after discovering that hackers were using a zero-day in attempts to steal Bitcoin wallet files from users' computers.Zero-Day Vulnerability in BitmessageX IndividualCyber Crime>1Link
52814/02/2018?AtosReports emerge that the Olympic Destroyer malware might be used months before to target Atos, the IT provider of Winter Olympics.Targeted AttackJ Information and communicationCyber EspionageFRLink
52914/02/2018?Western UnionWestern Union warns that some customers' information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storageUnknownK Financial and insurance activitiesCyber CrimeUSLink
53015/02/2018?Jenkins CI ServersResearchers from Check Point reveal the details of Jenkins Miner, a massive operation targeting Jenkins CI servers, via CVE-2017-1000353, aimed to mine Monero cryptocurrency. The Criminals are ableMalware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
53115/02/2018?Retina-X StudiosA vigilante hacker claims to have wiped 1 Terabyte of data from Retina-X Studios, a company that sells spyware products.UnknownJ Information and communicationCyber CrimeUSLink
53215/02/2018GOLD LOWELLMultiple TargetsResearchers from SecureWorks reveal the detail of a threat actor dubbed GOLD LOWELL using the SAMSAM ransomware for opportunistic attacks.Malware/PoS MalwareY Multiple IndustriesCyber CrimeUSLink
53315/02/2018?Single IndividualsResearchers from IBM's X-Force discover a new variant of the infamous TrickBot malware repurposed to steal bitcoins.Malware/PoS MalwareX IndividualCyber Crime>1Link
53413/02/2018?US TaxpayersThe Internal Revenue Service warns taxpayers of a quickly growing scam involving erroneous tax refunds being deposited into their bank accounts.Account HijackingX IndividualCyber CrimeUSLink
53513/02/2018?City of AllentownThe city of Allentown is hit by the Emotet Trojan. The City believes that the cost of remediation is close to $1 million.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
53613/02/2018?City of SavannahThe city of Savannah is in recovery mode after being hit by a malware attack when a city worker most likely opened a malicious email.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
53714/02/2018?poorly secured Linux serversAccording to researchers from GoSecure, attacks are launching SSH brute-force attacks on poorly secured Linux servers to deploy a backdoor dubbed Chaos backdoorBrute-ForceY Multiple IndustriesCyber Crime>1Link
53816/02/2018?Unnamed Russian BankThe Russian Central Bank reveals that unknown hackers stole 339.5 million roubles ($6 million) from a Russian bank last year in an attack using the SWIFT international payments messaging system.UnknownK Financial and insurance activitiesCyber CrimeRULink
53916/02/2018?Snapchat UsersDetails emerge on a phishing attack occurred on July 2017 able to score credentials for 50,000 Snapchat users.Account HijackingX IndividualCyber Crime>1Link
54016/02/2018rmsrfRoomsurfRoomsurf notifies his users of a data breach in which the attacker has been able to obtain usernames, phone numbers, and email addresses.UnknownI Accommodation and food service activitiesCyber CrimeUSLink
54116/02/2018?Davidson CountyThe Davidson County computers are hit by an unspecified ransomware.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
54216/02/2018?Jemison Internal MedicineJemison Internal Medicine notifies 6,550 patients of a ransomware attack. However the investigation reveals that the systems had already been compromised.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
54316/02/2018?Laufer Group InternationalLaufer Group International is the victim of a W-2 scam.Account HijackingN Administrative and support service activitiesCyber CrimeUSLink
54416/02/2018?White and Bright Family DentalWhite and Bright Family Dental notifies patients of a hack occurred on January 30 2018.UnknownQ Human health and social work activitiesCyber CrimeUSLink
54517/02/2018?Mac UsersResearchers from Digita Security warn users about the Coldroot remote access Trojan that is going undetected by AV engines since more than one year and targets MacOS computers.Malware/PoS MalwareX IndividualCyber Crime>1Link
54618/02/2018?Indias City Union BankIndias City Union Bank reveals that cyber criminals have been able to hack its systems and transfer nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.UnknownK Financial and insurance activitiesCyber CrimeINLink
54718/02/2018Flight Sim Labs (FSLabs)Microsoft Flight Simulator PlayersMod developer Flight Sim Labs (FSLabs) has been accused of embedding malware in its flight simulation add-ons to steal pirates' Chrome passwords.Malware/PoS MalwareX IndividualCyber Crime>1Link
54819/02/2018?Blac ChynaAmerican model and entrepreneur Blac Chyna falls victim of The Fappening, having intimate content posted online.Account HijackingX IndividualCyber CrimeUSLink
54920/02/2018?TeslaResearchers at security firm RedLock say hackers accessed one of Tesla's Amazon cloud accounts and used it to run currency-mining software. The breach started with a Kubernetes console left exposed.Account HijackingC ManufacturingCyber CrimeUSLink
55020/02/2018APT37 AKA ReaperMultiple TargetsSecurity Firm FireEye reveals the details of a lesser-known North Korean cyberespionage group targeting Korean Peninsula, Japan, Vietnam and the Middle East in 2017.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
55120/02/2018?The Colorado Department of Transportation (CDOT)CDOT is hit with a ransomware attack, attributed to SamSam, which forces the organization to shut down 2,000 computers.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
55220/02/2018?Los Angeles TimesTroy Mursch, a security researcher at Bad Packets Report, finds cryptojacking code hidden (based on Coinhive) on the Los Angeles Times interactive Homicide Report webpage.Malicious Script InjectionJ Information and communicationCyber CrimeUSLink
55320/02/2018?HardwareZone (HWZ) Forum websiteThe HardwareZone (HWZ) Forum website is hacked and approximately 685,000 user profiles are affected. A senior moderators account has been compromised by an unidentified hacker, and used to access the user profiles since September 2017.Account HijackingJ Information and communicationCyber CrimeSGLink
55420/02/2018APT28 AKA Fancy BearMultiple Targets in Middle East and AsiaResearchers from Kaspersky Lab publish a new report highlighting a shift in the activities of the infamous APT28 from Nato and Ukraine to Middle East and Central Asia.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
55521/02/2018?Facebook UsersResearchers at Avast report a sophisticated campaign in which attackers use Facebook and Facebook messenger to trick users into installing a highly sophisticated Android spyware. The operation is dubbed Tempting Cedar.Malware/PoS MalwareX IndividualCyber Crime>1Link
55621/02/2018?SWIFTIT security researchers at Comodo Labs discover a new phishing scam targeting SWIFT financial messaging service. The scam does not only aim at stealing banking credentials but also infects victims computers with the Adwind RAT.Account HijackingK Financial and insurance activitiesCyber Crime>1Link
55721/02/2018Attackers of likely Nigerian originMultiple Fortune 500 companiesResearchers from IBM X-Force uncover an active Business Email Compromise campaign targeting multiple Fortune 500 companies.Account HijackingY Multiple IndustriesCyber Crime>1Link
55821/02/2018?IoT and networking equipmentSecurity researchers from Fortinet spot a new variant of the Mirai malware (dubbed Mirai OMG) that focuses on infecting IoT and networking equipment with the main purpose of turning these devices into a network of proxy servers used to relay malicious traffic.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
55921/02/2018?University of Virginia Health System (uvahealth.com)The University of Virginia Health System notifies almost 2,000 patients that their health records may have been exposed when an unauthorized third party implanted malware on a staffer's computer active between May 2015 and December 2016.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
56021/02/2018?ASCDASCD is the victim of a W-2 scam.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
56122/02/2018?The Los Angeles PhilharmonicThe Los Angeles Philharmonic falls victim to a cyberattack that results in the theft of W-2 information for everyone that worked there in 2017. The security beach happened as the result of a "spear phishing" attack.Account HijackingR Arts entertainment and recreationCyber CrimeUSLink
56222/02/2018LulzSecITAMatteo Salvini BlogThe Italian elections are approaching, so Hacktivists from the collective LulzSecITA hack the blog of Matteo Salvini, the leader of right-wind Italian party "La Lega" and dump 70,000 emails.UnknownS Other service activitiesHacktivismITLink
56322/02/2018?University of AlaskaDozens of current and former employees and students of the University of Alaska are unable to access their Alaska.edu accounts. According to the investigation, user passwords have been changed by a third party.Account HijackingP EducationCyber CrimeUSLink
56422/02/2018?MobistealthA hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.UnknownJ Information and communicationCyber CrimeUSLink
56522/02/2018?Spy Master ProA hacker breaks into two consumer spyware companies, Mobistealth and Spy Master Pro and dumps a large cache of data.UnknownJ Information and communicationCyber CrimeUSLink
56622/02/2018?Curtis LumberCurtis Lumber is the victim of a spear phishing attackAccount HijackingG Wholesale and retail tradeCyber CrimeUSLink
56722/02/2018?Punjab National Bank (PNB)10,000 Credit Cards details from Punjab National Bank are leaked in the dark web.UnknownK Financial and insurance activitiesCyber CrimeINLink
56822/02/2018?Harpers MagazineHarpers Magazine, the monthly longform journalism and essay publication, warns subscribers that their passwords may have been stolen by hackers.UnknownJ Information and communicationCyber CrimeUSLink
56923/02/2018?About one dozen Connecticut government agenciesAbout one dozen Connecticut government agencies are hit with what one published report says is a WannaCry attack that knocks about 160 computers offline.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
57023/02/2018OilRig APTAn insurance agency and a financial institution in the Middle EastResearchers from Palo Alto Networks reveal that the Iran-linked OilRig APT group is now using a new Trojan called OopsIE in recent attacks against an insurance agency and a financial institution in the Middle East.Targeted AttackK Financial and insurance activitiesCyber EspionageN/ALink
57123/02/2018?Chinese WebsitesResearchers from Malwarebytes unveil the details of a drive-by attack targeting Chinese websites, and dropping an updated version of the Avzhan DDoS bot.Malware/PoS MalwareY Multiple IndustriesCyber CrimeCNLink
57223/02/2018?Childrens Aid Society of Oxford County Family and Childrens Services of Lanark, Leeds and GrenvilleTwo Ontario childrens aid societies are hit by Ransomware.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeCALink
57324/02/2018AnonymousMatteo Salvini Facebook PageAnd after the personal blog, hacktivists from Anonymous also deface Matteo Salvini's blog page.DefacementS Other service activitiesHacktivismITLink
57424/02/2018?Teesside UniversityStudents at Teesside University are warned about a possible email security breach and urged to reset their university password.UnknownP EducationCyber CrimeUSLink
57524/02/2018?Wallace Community College SelmaPersonal and financial information of current and former employees of Wallace Community College Selma is leaked through a phishing scam.Account HijackingP EducationCyber CrimeUSLink
57624/02/2018?Single IndividualsAccording to security researchers from Qihoo 360 Netlab, an advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves since December 2017.Malicious Script InjectionX IndividualCyber Crime>1Link
57725/02/2018?Jorgie PorterEnglish actress and model Jorgie Porter is the latest victim of The Fappening hackers, who manage to steal her intimate pictures and videos and post them online.Account HijackingX IndividualCyber CrimeUKLink
57825/02/2018AnonymousSome Ohio State WebsitesIn name of #opUSA, hacktivists from the Anonymous collective take down some Ohio State websites.DDoSO Public administration, defence, compulsory social securityHacktivismUSLink
57925/02/2018?Inland Revenue DepartmentThousands of Inland Revenue files are locked up after New Zealands tax department becomes the target of a Cryptolocker attack in November.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeNZLink
58026/02/2018Deep PandaSome UK think tanksCrowdstrike reveals that some UK think tanks specializing in international security were hacked by China-based group 'Deep Panda' beginning in April 2017.Targeted AttackM Professional scientific and technical activitiesCyber EspionageUKLink
58126/02/2018?Four British SchoolsHackers break into CCTV systems of at least four British schools and stream footage of pupils live on the internet.UnknownP EducationCyber CrimeUKLink
58226/02/2018?Porsche JapanThe Japanese arm of Porsche says more than 28,000 email addresses have been leaked via a hack.UnknownC ManufacturingCyber CrimeJPLink
58326/02/2018?Vulnerable Oracle WebLogic ServersSecurity researchers from Trend Micro uncover a new campaign, which involves hackers exploiting an Oracle server vulnerability (an Oracle WebLogic WLS-WSAT flaw CVE-2017-10271) to deliver two cryptominers: a 64-bit variant and a 32-bit variant of the XMRig Monero miner.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
58426/02/2018Hackers with connections to IranUnnamed Australian UniversitiesAustralian universities have been targeted by hackers with connections to Iran in recent months, and "a number of investigations" are in progress, according to cybersecurity firm Crowdstrike.Targeted AttackP EducationCyber EspionageAULink
58526/02/2018?Travel CorporationTravel Corporation falls victim of a W-2 Scam.Account HijackingR Arts entertainment and recreationCyber CrimeUSLink
58626/02/2018?U.S. Residents in 20 statesAccording to federal court documents, russian hackers operating in Colorado and 15 other states used data-mining viruses to steal thousands of credit card numbers from U.S. residents in 20 states and sold them on the darknet for more than $3.6 million.Malware/PoS MalwareX IndividualCyber CrimeUSLink
58727/02/2018?Android UsersSecurity Firm Wandera reveals the details of RedDrop, a sophisticated strain of mobile malware targeting Android devices can extract sensitive data and audio recordings, run up premium SMS charges and then tries to extort money from victims.Malware/PoS MalwareX IndividualCyber Crime>1Link
58827/02/2018?Single IndividualsResearcher from cybersecurity firm Morphisec reveal the details of a new campaign carried on via spam messages delivering a malicious Word document. The document attempts to exploit an Adobe Flash Player bug (CVE-2018-4878) to let the attackers take control of the infected machines.Malware/PoS MalwareX IndividualCyber Crime>1Link
58927/02/2018?Wordpress, Joomla and CodeIgniter websitesSecurity researchers from SiteLock warn WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware creates backdoors on vulnerable websites. The malware has been found on over 800 sites.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
59027/02/2018?Tim HortonsA computer virus is suspected of crashing cash registers at over 1,000 Tim Hortons coffee and donuts fast food restaurants.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeCALink
59127/02/2018?FastHealthFastHealth reveals that in mid-August 2017, an unauthorized party gained access to their web server and obtained patient data.UnknownQ Human health and social work activitiesCyber CrimeUSLink
59228/02/2018?Financial Services Information Sharing and Analysis Center (FS-ISAC)The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.Account HijackingU Activities of extraterritorial organizations and bodiesCyber CrimeUSLink
59328/02/2018APT28 AKA Fancy BearVarious German government agenciesAccording to a report issued by the German news agency dpa, malicious actors from APT28 AKA Fancy Bear infiltrated several German government agencies for more than a year.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageDELink
59428/02/2018APT28 AKA Fancy BearUndisclosed North American and European foreign ministry agencyAnd nearly in contemporary, researchers from Palo Alto Networks reveal that the same attackers from APT28 targeted a North American and European foreign ministry agency.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageN/ALink
59528/02/2018?GitHubGitHub suvives the largest DDoS attack recorded (so far), reching a stunning 1.35 terabits/sec. leveraging memcached servers.DDoSJ Information and communicationCyber CrimeUSLink
59628/02/2018?Undiclosed Brazilian public sector management school.Researchers from Cisco Talos identify two different versions of a RAT, dubbed CannibalRAT, written entirely in Python, impacting users of a Brazilian public sector management school.Targeted AttackP EducationCyber CrimeBRLink
59728/02/2018ChaferEntities across the Middle EastResearchers from Symantec reveal the detalils of an Iranian hacking outfit, dubbed Chafer, previously focused on domestic surveillance, expanding its scope and cyber arsenal to target entities across the Middle East.Targeted AttackY Multiple IndustriesCyber Crime>1Link
59828/02/2018?Single IndividualsResearchers from Malwarebytes reveal the details of a malvertising campaign using decoy websites pushing cryptocurrencies and to redirect users to the RIG exploit kit.MalvertisingX IndividualCyber Crime>1Link
59928/02/2018?rTorrent Client usersResearchers from F5 detect an attack actively exploiting the rTorrent client through a previously undisclosed misconfiguration vulnerability on XML-RPC for deploying a Monero (XMR) crypto-miner operation.Malware/PoS MalwareX IndividualCyber Crime>1Link
60028/02/2018?Single IndividualsA bulk breach dump is discovered totaling over 3.4 billion credentials.UnknownX IndividualCyber Crime>1Link
60101/03/2018?NIS AmericaJapanese gaming developer Nippon Ichi Software reveals that its American arm, NIS America, has suffered a major data breach compromising the personal and financial data of online customers. The breach, due to malware implanted in the checkout page, took place sometime between 23 January and 26 February.Malware/PoS MalwareR Arts entertainment and recreationCyber CrimeUSLink
60201/03/2018?FS-ISACThe Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, reveals that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.Account HijackingS Other service activitiesCyber CrimeUSLink
60301/03/2018?Hope HicksHope Hicks tells the House Intelligence Committee that one of her email accounts was hacked, according to people who were present for her testimony in the panel's Russia probe.Account HijackingX IndividualCyber EspionageUSLink
60401/03/2018?ASI Constructors, Inc.ASI Constructors, Inc. reveals to have suffered a phishing attack targeting employees' 2017 W-2 forms. The attack occurred on January 31, 2018.Account HijackingC ManufacturingCyber CrimeUSLink
60501/03/2018?Greyhealth GroupGreyhealth Group reveals to have suffered a phishing attack compromising the personal information of 683 individuals.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
60601/03/2018?Scottsboro City Board of EducationThe Payroll Department of the Scottsboro City Board of Education falls victim of a phishing scam. The attackers requested W-2 information from all employees.Account HijackingP EducationCyber CrimeUSLink
60701/03/2018?Rockdale Independent School DistrictAn email phishing scheme causes several Rockdale ISD employees' taxes to be falsely filed and compromises confidential tax information for all employees.Account HijackingP EducationCyber CrimeUSLink
60801/03/2018?b-tor[.]ru UsersResearchers from Palo Alto Networks discover a Russian BitTorrent Site distributing a Monero Miner.Malware/PoS MalwareX IndividualCyber CrimeRULink
60901/03/2018?Colorado Department of Transportation (CDOT)For the second time in two weeks, the computers at the Colorado Department of Transportation Agency shut down 2,000 computers after a ransomware infection.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
61001/03/2018?Primary Health CarePrimary Health Care notifies patients after discovering hack of employee email accounts.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
61102/03/2018?Android Phone BuyersSecurity Firm Dr.Web publishes a list of 42 Android phones sold already infected with the Triada banking trojan.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
61202/03/2018?160 Applebees RestaurantsRMH Franchise Holdings reveals that PoS systems at the Applebees network of restaurants were infected with a PoS malware. 160 restaurants are affected. The breach was discovered on February 13, and took place between November 23, 2017, and January 2, 2018.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink
61302/03/2018?Humanitarian Aid GroupsMcAfee uncovers Operation Honeybee, a malicious document campaign targeting Humanitarian Aid Groups, using North Korean political topics as bait.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
61402/03/2018?St. Peter's Surgery & Endoscopy CenterSt. Peter's Surgery & Endoscopy Center reveal that hackers potentially compromised medical records of about 135,000 patients earlier this year.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
61504/03/2018Peter Andre and wife Emily MacDonaghThe intimate photos of singer Peter Andre and wife Emily MacDonagh have reportedly been stolen and published online as part of a new episode from the Fappening saga.Account HijackingX IndividualCyber CrimeUKLink
61605/03/2018?Unidentified US Service ProviderFew days after GitHub suffered a massive 1.3 Tbps DDoS attack, Arbor Networks unveil the details of a new record DDoS attack that clocked at 1.7 Tbps. The attack was aimed at a yet-to-be-identified "US service provider."DDoSJ Information and communicationCyber CrimeUSLink
61705/03/2018?Single IndividualsResearchers from Palo Alto Networks and Proofpoint discover a new malware, dubbed Combojack, that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.Malware/PoS MalwareX IndividualCyber Crime>1Link
61805/03/2018?Single IndividualsA new report from Kaspersky Lab reveals that one cryptomining gang tracked by researchers over the past six months minted $7 million with the help of 10,000 computers infected with mining malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
61905/03/2018?ABC Bus Companies, Inc.An employee falls victim of a phising email and delivers to the attacker the personal information of ABC employees.Account HijackingH Transportation and storageCyber CrimeUSLink
62006/03/2018?Single IndividualsResearchers from Cisco Talos reveal a surge of campaigns distributing the Gozi ISFB financial malware.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
62106/03/2018?Flexible Benefit Service CorporationFlexible Benefit Service Corporation notifies 5,123 of a phishing incident occurred on February 16.Account HijackingK Financial and insurance activitiesCyber CrimeUSLink
62207/03/2018?BinanceA large scale phishing campaign causes a massive unauthorized cryptocurrency sell-off activity for the users of Binance, a Chinese cryptocurrency trader.Account HijackingV FintechCyber CrimeCNLink
62307/03/2018?Individuals in Russia, Turkey and UkraineMicrosoft says to have discovered and stopped a large attack that attempted to use variants of the Dofoil, or Smoke Loader, trojan to spread a cryptocurrency miner. In total more than 400,000 instances were recorded: 73 percent, hitting Russians with Turkey,18 percent, and the Ukraine 4 percent being the other main targets. The attack was carried on via an update server that replaced a BitTorrent client called MediaGet with a near-identical but back-doored binary.Malware/PoS MalwareX IndividualCyber Crime>1Link
62407/03/2018?Pinelands Regional School DistrictThe Pinelands Regional School District is hit by the Emotet malware.Malware/PoS MalwareP EducationCyber CrimeUSLink
62508/03/2018?Italian Ministry of EducationThe Italian branch of the Anonymous collective leaks from the Italian Ministry of Education, 26,000 emails of teachers belonging to all level of schools. They also leak 200 administrative staff addresses.UnknownO Public administration, defence, compulsory social securityHacktivismITLink
62608/03/2018Hidden CobraSeveral Financial Turkish InstitutionsResearchers from McAfee reveal that the reputed state-sponsored North Korean hacking group Hidden Cobra has once again been fingered in a malware attack against financial organizations, this time apparently targeting Turkish institutions in a spear phishing campaign in early March, leveraging CVE-2018-4878.Targeted AttackK Financial and insurance activitiesCyber EspionageTRLink
62708/03/2018?Misconfigured Redis servers, and Windows servers vulnerable to the EternalBlue NSA exploit.Researchers from Imperva reveal a new unusually sophisticated cryptojacking attack attempting to install cryptominers on both database and application servers by targeting misconfigured Redis servers, as well as Windows servers that are susceptible to the EternalBlue NSA exploit. The Campaign is dubbed RedisWannaMine.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
62808/03/2018?Dutch women's handball teamAccording to local reports in the Netherlands, hackers manage to breach the surveillance camera system in a dressing room of a sauna hosting the women handball team, and post the recordings on adult websites last December.UnknownX IndividualCyber CrimeNLLink
62908/03/2018?Former Tennessee Gov. Phil Bredesen's Senate campaignFormer Tennessee Gov. Phil Bredesen's Senate campaign tells the FBI in a letter that it fears it was hacked.UnknownX IndividualCyber CrimeUSLink
63009/03/2018Slingshot APTTargets in the Middle East and AfricaKaspersky Lab reveal the details of Slingshot, an extremely sophisticated cyber espionage campaign, leveraging malware to spy on international targets for six years. The APT group exploited zero-day vulnerabilities (CVE-2007-5633; CVE-2010-1592, CVE-2009-0824) in routers used by the Latvian network hardware provider Mikrotik.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
63109/03/2018Turkish GovernmentTurkish NationalsSecurity researchers from Citizen Lab publish a report where they reveal how deep packet inspection middleboxes are being used either to expose Turkish nationals to nation-state spyware or to redirect Egyptian Internet users to ads and browser cryptocurrency.Malware/PoS MalwareX IndividualCyber EspionageTRLink
63209/03/2018?14 unnamed countriesESET researchers reveal to have discovered a new version of the infamous Hacking Team surveillance tool, dubbed RCS (Remote Control System), active in 14 countries.Malware/PoS MalwareX IndividualCyber Espionage>1Link
63309/03/2018?Multiple IndustriesResearchers at Kroll Cyber Security reveal the details of a new family of point-of-sale malware, dubbed PinkKite, very tiny in size, potentially devastating for POS endpoints.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
63409/03/2018APT15UK government contractorResearchers at NCC Group reveal to have discovered multiple backdoors on a UK government contractors computer designed to steal sensitive government and military data. The hack is tied to China-linked cyber espionage group APT15. According to researchers, the attackers were able to deploy three backdoors identified as RoyalCli, RoyalDNS and BS2005. The networks were compromised from May 2016 until late 2017 and infected over 30 contractor controlled hosts.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUKLink
63509/03/2018APT28 AKA Fancy Bear AKA SofacyFar East TargetsResearchers at Kaspersky Lab reveal a new analysis on the infamous APT28 indicating that the group is shifting its interest to Far East TargetsTargeted AttackY Multiple IndustriesCyber Espionage>1Link
63609/03/2018?Single IndividualsResearchers from Proofpoint reveal the details of a remote access tool dubbed FlawedAmmyy, developed using the leaked source code of Ammyy Admin, a legitimate remote desktop software.Malware/PoS MalwareX IndividualCyber Crime>1Link
63709/03/2018?Unpatched Apache Solr ServersResearchers from the ISC SANS discover a campaign targeting Apache Solr servers that hadn't received patches for the CVE-2017-12629 vulnerability. The campaign is aimed to install miners.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
63809/03/2018$2a$45Florida Virtual Learning School (FVLS)Florida Virtual Learning School notifies 368,000 current and former students, after an individual with the moniker $2a$45 uploads information of 35,000 students on a forum. Leon County Schools is among the affected organizations.UnknownP EducationCyber CrimeUSLink
63909/03/2018herbapproach@protonmail.comJJ MedsJJ Meds, a medical marijuana delivery service in Canada, goes offline after having received an extortion demand.UnknownG Wholesale and retail tradeCyber CrimeCALink
64010/03/2018?National Rifle Association (NRA)According to a report released by Netlab, three different National Rifle Association (NRA) websites experienced Distributed Denial of Service (DDoS) attacks.DDoSS Other service activitiesCyber CrimeUSLink
64110/03/2018?Mississippi Valley State UniversityMississippi Valley State Universitys campus was temporary without internet service this week after university officials said the school was hit by a SamSam ransomware attack.Malware/PoS MalwareP EducationCyber CrimeUSLink
64212/03/2018MuddyWater AKA TEMP.ZagrosTargets in Turkey, Pakistan and TajikistanResearchers from Palo Alto Networks and FireEye reveal that the Iran-Linked MuddyWater campaign (AKA TEMP.Zagros) appears to be still active against targets in Turkey, Pakistan and Tajikistan.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
64312/03/2018?ATI Physical TherapyATI Physical Therapy notifies patients of a security incident that appears to have targeted employees email accounts.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
64412/03/2018?Okaloosa Water and SewerOkaloosa Water and Sewer warns its users of a security breach involving external vendors which process electronic credit/debit card payments for water and sewer bills.UnknownE Water supply, sewerage waste management, and remediation activitiesCyber CrimeUSLink
64513/03/2018OceanLotus APT aka APT32 aka APT-C-00Targets in East Asian countries such as Vietnam, the Philippines, Laos and CambodiaResearchers from ESET reveal that the suspected Vietnamese APT group OceanLotus has added a new backdoor to its repertoire of malicious tools one that includes capabilities for enabling file, registry and process manipulation, and also downloading more malicious files.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
64613/03/2018?UyghursResearchers from Palo Alto Networks reveal the details of a new Android malware family dubbed “HenBox”, targeting the Uyghurs, a minority Turkic ethnic group living in China.Malware/PoS MalwareX IndividualCyber EspionageCNLink
64713/03/2018?Multiple TargetsResearchers from Imperva identify a new but unusually distributed Monero cryptominer scam campaign hidden in a picture of Scarlett Johansson.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
64813/03/2018?Single IndividualsResearchers from AVAST reveal the details of a campaign where Criminals hosted their cryptominers in forked projects on GitHub.Malware/PoS MalwareX IndividualCyber Crime>1Link
64913/03/2018?Port of LongviewThe Port of Longview is hit by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors.UnknownH Transportation and storageCyber CrimeUSLink
65013/03/2018?Gwent PoliceGwent Police is being investigated after failing to inform up to 450 people that hackers may have accessed their confidential reports to the force.UnknownO Public administration, defence, compulsory social securityCyber CrimeUKLink
65114/03/2018?FortniteSeveral news reports surface of the suspected hacking of player accounts of popular video game Fortnite, with some gamers apparently faced with large credit card charges from fraudulent purchases.Account HijackingR Arts entertainment and recreationCyber CrimeUSLink
65214/03/2018?Visitors of download.cnet.comESET researchers discover three trojanized applications (bitcoin stealing malware) hosted on download.cnet.com, the163th most visited site in the world according to Alexa rankings. The researchers estimate that as of March 13, the attacker managed to steal the equivalent of $80,000 USD. The malware had been hosted since May 2, 2016 and had been downloaded more than 4,500 times in total.Malware/PoS MalwareX IndividualCyber Crime>1Link
65314/03/2018?Android UsersResearchers from Check Point reveal the details of RottenSys, a massive botnet composed of 5 million Android smartphones, active primarily in China.Malware/PoS MalwareX IndividualCyber CrimeCNLink
65414/03/2018?Multiple TargetsResearchers from Forcepoint publish a detailed analysis of the Qrypter Remote Access Tool. The analysis reveals that 243 organizations worldwide have been hit by the RAT.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
65514/03/2018?Queensland Transport DepartmentABC News reveals that overseas hackers breached the Queensland Transport Department's security network last year, before attempting to steal information from staff members from other sections of government.UnknownO Public administration, defence, compulsory social securityCyber EspionageAULink
65615/03/2018DragonflyWest's energy utilities and other critical infrastructuresThe US Department of Homeland Security and the Federal Bureau of Investigation issued an alert warning of ongoing cyber-attacks against the West's energy utilities and other critical infrastructures by individuals acting on behalf of the Russian government. The report points the finger at the Dragonfly group.Targeted AttackD Electricity gas steam and air conditioning supplyCyber Crime>1Link
65715/03/2018APT28 AKA Fancy Bear AKA SofacyUnnamed European GovernmentResearchers from Palo Alto Networks reveal a new campaign carried on by the infamous APT28 (AKA Fancy Bear AKA Sofacy) targeting an unnamed European Government, exploiting an updated version of DealersChoice, a platform that exploits a Flash vulnerability to stealthily deliver a malicious payload of trojan malware.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageN/ALink
65815/03/2018?Meghan MarkleThe Fappening saga continues with new photo leaks published online. The most recent victim is none other than Meghan Markle, the soon-to-be Mrs. Prince Harry. Some believe ISIS could be involved in the hack, even if no official claim is made.Account HijackingX IndividualCyber CrimeUKLink
65915/03/2018?Single Individuals in South KoreaResearchers from Symantec reveal the details of a new version of the infamous FakeBank trojan distributed via malicious Android apps in South Korea.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeKRLink
66015/03/2018?Unnamed Petrochemical Company in Saudi ArabiaThe New York Times reveals that back in August, a petrochemical company with a plant in Saudi Arabia was hit by a cyberattack aimed to sabotage the firms operations and trigger an explosion.Targeted AttackD Electricity gas steam and air conditioning supplyCyber WarfareSALink
66115/03/2018?Single IndividualsSecurity researchers from Kaspersky reveal that the PoS Malware Prilex has now evolved into a comprehensive tool suite that lets cybercriminals steal chip and PIN card data and create their own functioning, fraudulent plastic cards.Malware/PoS MalwareX IndividualCyber Crime>1Link
66215/03/2018?Nampa School DistrictThe Nampa School District informed its employees of a potential security issue involving personally identifiable information of about 3,983 of its current and past employees.UnknownP EducationCyber CrimeUSLink
66315/03/2018?SvitzerThe shipping company Svitzer suffers a significant data breach affecting almost half its Australian employees when three employees have had emails auto-forwarded in the past 11 months.Account HijackingH Transportation and storageCyber CrimeAULink
66416/03/2018TEMP.Periscope AKA LeviathanU.S. Maritime EntitiesSecurity firm FireEye reveals the details of TEMP.Periscope, a Chinese group focused on U.S. maritime entities that were either linked to -- or have clients operating in -- the South China Sea.Targeted AttackH Transportation and storageCyber EspionageUSLink
66516/03/2018?UK National LotteryThe UK National Lottery advises all 10.5million people with online accounts to change their passwords following an attempt by hackers to access accounts using credential stuffing.Brute Force (Credential Stuffing)R Arts entertainment and recreationCyber CrimeUKLink
66616/03/2018?Atrium HospitalityAtrium Hospitality notifies 376 hotel guests of a ransomware attack occurred on December 2017.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink
66716/03/2018?Frost BankFrost Bank investigates a breach after the company discovered unauthorized access to digital images stored in those customers commercial image archives.UnknownK Financial and insurance activitiesCyber CrimeUSLink
66816/03/2018?TheDarkOverlordTheDarkOverlord claims to have breached H-E Parts Morgan. The breach seems to have occurred in November.UnknownG Wholesale and retail tradeCyber CrimeUSLink
66918/03/2018?Russian Central Election CommissionThe Russian Central Election Commission is hit by a DDoS attack.DDoSO Public administration, defence, compulsory social securityCyber WarfareRULink
67020/03/2018?OrbitzOrbitz, a subsidiary of online travel agency Expedia Inc reveals that hackers may have accessed personal information from about 880,000 payment cards. The breach may have occurred between Jan. 1, 2016 and Dec. 22, 2017 for its partner platform and between Jan. 1, 2016 and June 22, 2016 for its consumer platform.UnknownJ Information and communicationCyber CrimeUSLink
67120/03/2018?David NottDavid Nott, a British surgeon who helped carry out operations in Aleppo, reveals that the hacking of his computer could have led to a hospital being bombed by suspected Russian warplanes.Targeted AttackX IndividualCyber EspionageSYLink
67220/03/2018?Puerto Ricos Power Utility, PREPAPuerto Ricos Power Utility, PREPA reveals to have been hacked over the weekend, but customer information was not compromised.UnknownD Electricity gas steam and air conditioning supplyCyber CrimePRLink
67320/03/2018?Trusted QuidTrusted Quid reports a theft of data from unauthorised access to its website. The incident relates to data directly entered by people applying for a loan only on the Trusted Quid website between 1 July 2016 and 17 February 2018. Up to 65,925 people may have been affected.UnknownK Financial and insurance activitiesCyber CrimeUKLink
67420/03/2018?Finger Lakes HealthFinger Lakes Health is functioning the old-fashioned way while its computer system remains locked up by an unspecified type of ransomware.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
67521/03/2018?Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL)Uttar Haryana Bijli Vitran Nigam Limited (UHBVNL), a power distribution company suffers a cyber attack on its Automatic Meter Reading System (AMR) in which billing data of about 4,000 industrial consumers are encrypted. The attackers demand a ransomware equivalent to $150,000.Malware/PoS MalwareD Electricity gas steam and air conditioning supplyCyber CrimeINLink
67621/03/2018?Vulnerable Cacti ServersResearchers from Trend Micro reveal that a hacker group has made nearly $75,000 by installing a Monero miner on Linux servers after exploiting a five-year-old vulnerability in the Cacti "Network Weathermap" plugin (CVE-2013-2618). The researchers believe this is the same group that recently exploited CVE-2017-1000353 to inject Monero miners into vulnerable Jenikins installations.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
67721/03/2018?SIngle IndividualsResearchers from security firm Webroot reveal the details of a new variant of the well-known Trickbot financial trojan.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
67821/03/2018OilRig APTA number of organizations across the Middle EastAccording to a new analysis by security firm Nyotron, the Iran-linked OilRig APT is back with a new more advanced malware toolkit.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
67922/03/2018?Russian Defense MinistryThe Russian Defense Ministry reveals that a total of 7 DDoS attacks are carried out against its website during the final vote of the general elections.DDoSO Public administration, defence, compulsory social securityCyber WarfareRULink
68022/03/2018?City of AtlantaIT systems used by the City of Atlanta, are hit by a SamSam ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
68122/03/2018?Android UsersResearchers from SophosLabs reveal the details of Andr/HiddnAd-AJ, a malicious app in disguise of an Ad blocker, downloaded more than 500,000 times before being pulled off the Google Play Store.Malware/PoS MalwareX IndividualCyber Crime>1Link
68222/03/2018?Some Government AgenciesResearchers from FireEye discover a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
68324/03/2018?Baltimore's Automated Dispatch System.Unknown actors temporarily cause a shutdown of Baltimore's automated dispatch system, impacting the messaging functions within the Computer Aided Dispatch (CAD) system used by both of the city's 911 and 311 services.UnknownQ Human health and social work activitiesCyber CrimeUSLink
68426/03/2018APT28 AKA Fancy BearUK Anti-Doping AgencyThe UK Anti-Doping Agency revels to have foiled an attempted cyberattack during the weekend that tried to access confidential medical and drugtesting data.Targeted AttackS Other service activitiesCyber EspionageUKLink
68526/03/2018?Vulnerable Linux-based systemsResearchers from Cisco Talos reveal the details of GoScanSSH, a new strain of malware that targets vulnerable Linux-based systems, avoiding government and military networks.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
68627/03/2018Alleged Nigerian HackersNaukri.comNigerian hackers hack into Naukri.coms servers, stealing 100,000 resumes and contacting 10,000 job seekers for fake interviews.UnknownM Professional scientific and technical activitiesCyber CrimeINLink
68727/03/2018?Stormont (Northern Ireland Parliament)Stormont (the Northern Irish Parliament)issues a warning to all staff, including political parties, after discovering its email service was hit by a cyber attack.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageIELink
68827/03/2018?YouTube UsersResearchers at Russian anti-virus vendor Dr. Web discover a dangerous malware campaign spread by cybercriminals from comments posted on YouTube. The malware is dubbed Trojan.PWS.Stealer.23012.Malware/PoS MalwareX IndividualCyber Crime>1Link
68928/03/2018?Android UsersResearchers from Trend Micro discover HiddenMiner, a new type of Android malware that infects devices and untetheredly mines Monero in the phone's background until the battery is exhausted or the device gives out.Malware/PoS MalwareX IndividualCyber Crime>1Link
69028/03/2018?BoeingA Boeing facility in South Carolina is hit by the Wannacry ransomware.Malware/PoS MalwareC ManufacturingCyber CrimeUSLink
69128/03/2018?Vulnerable MicroTik devicesAnother IoT Botnet: a new Hajime variant infects MicroTik devices vulnerable to an exploit known as "Chimay Red".Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
69228/03/2018?Single IndividualsResearchers from security company Cybereason reveal the details of "Fauxpersky", a simple and efficient keylogger impersonating the Russian antivirus software Kaspersky.Malware/PoS MalwareX IndividualCyber Crime>1Link
69328/03/2018?S.S. LazioItalian newspaper "Il Tempo" reports that Italian football team Lazio have fallen for an email scam and paid £1.75m (€2m) of the final instalment for defender Stefan de Vrij's transfer from Dutch club Feyenoord to fraudsters.Account HijackingR Arts entertainment and recreationCyber CrimeITLink
69428/03/2018?Indian Bank CustomersA complaint reveals that 1,020 bank accounts in different banks were used by fraudsters to receive money from victim's bank accounts through phishing.Account HijackingK Financial and insurance activitiesCyber CrimeINLink
69529/03/2018?Under ArmourUnder Armour, Inc. announces that it is notifying users of MyFitnessPal - the company's food and nutrition application and website, about a data security issue. On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. The company investigation reveals that approximately 150 million user accounts were affected by this issue.UnknownC ManufacturingCyber CrimeUSLink
69629/03/2018?Bank Negara MalaysiaBank Negara Malaysia reveals to have foiled cyberattack in which fraudulent messages to transfer funds were sent on the SWIFT transactions platform.UnknownK Financial and insurance activitiesCyber CrimeMYLink
69729/03/2018?Unnamed Bestiality WebsiteThousands of user account details—many related to a bestiality website—are circulating on public image boards, according to data obtained by Motherboard.UnknownS Other service activitiesCyber CrimeN/ALink
69830/03/2018?CareFirst BlueCross BlueShieldA phishing email attack on Baltimore-based CareFirst BlueCross BlueShield may have comprised nearly 6,800 members personal data. The insurer learned on March 12 that one of its employees fell victim to a phishing email that compromised his or her email account. The hacker used the email account to send spam messages to an email list of individuals not associated with CareFirst.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
69901/04/2018?Guardian Pharmacy of JacksonvilleGuardian Pharmacy of Jacksonville notifies 11,521 patients of email compromise of protected health information.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
70001/04/2018JokerStash AKA Fin7 AKA CarbanakHudson's Bay CompanyRetailer Hudson's Bay Company discloses that it was the victim of a security breach that compromised data on payment cards used at Saks and Lord & Taylor stores in North America. Millions of cards may have been compromised (5 millions are already offered for sale).UnknownG Wholesale and retail tradeCyber CrimeCALink
70102/04/2018?Four U.S. pipeline companies (Oneok Inc, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, Eastern Shore Natural Gas)At least four U.S. pipeline companies have seen their electronic systems for communicating with customers shut down, with three confirming it resulted from a cyberattack to Latitude Technology, a third-party provider. It is not clear is the outage is the result of a ransomware or DDoS attack.UnknownD Electricity gas steam and air conditioning supplyCyber CrimeUSLink
70202/04/2018?1,000 Magento SitesSecurity researchers from FlashPoint say they've identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details, perform cryptojacking, or redirect the visitors to malware distribution sites.Brute-Force/Credential StuffingY Multiple IndustriesCyber Crime>1Link
70302/04/2018?Android UsersResearchers from Trustlook reveal the details of a new strain of Android malware specifically aimed at stealing private conversations on IM applications like Facebook Messenger, Skype, Telegram, Twitter, Viber, and others.Malware/PoS MalwareX IndividualCyber Crime>1Link
70402/04/2018?Government of Sint MaartenThe entire government of Sint Maarten, an independent country within the Kingdom of the Netherlands, is taken down for a week by a cyber attack.UnknownO Public administration, defence, compulsory social securityCyber CrimeSXLink
70503/04/2018?Vadim Lavrusik Twitter and Flipboard accountsLess than an hour after tweeting about being safe during the active shooting at YouTube's headquarters, the Twitter and Flipboard accounts of Vadim Lavrusik, a product manager at Youtube, are hit by hackers.Account HijackingX IndividualCyber CrimeUSLink
70603/04/2018Dark-Coder or Th3Falcon.More than a dozen major Israeli websitesIn name of OpIsrael, more than a dozen major Israeli websites, belonging to hospitals, local authorities, the Israeli Opera, Israel Teachers Union and the IDF Widows and Orphans Organization are defaced apparently in response to clashes between the IDF and Gazan protesters the previous weekend.DefacementY Multiple IndustriesHacktivismILLink
70703/04/2018Lazarus AKA Hidden CobraOnline Casino in Central AmericaResearchers from ESET reveal that the infamous Lazarus Group, a malicious actor linked to North Korea, has used a new toolset, including the destructive KillDisk, to target the network of an online Casino in Central America.Targeted AttackR Arts entertainment and recreationCyber EspionageN/ALink
70804/04/2018APT32 AKA OceanLotusMultiple TargetsResearchers from Trend Micro reveal the details of a new backdoor affecting MacOS linked to the OceanLotus threat group. The backdoor is called OSX_OCEANLOTUS.D.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
70904/04/2018?Single IndividualsResearchers from Trend Micro discover a campaign aimed to inject the widely-used Coinhive code into an ad supplied by the AOL advertising network, in order to mine crypto currency.Malicious Code InjectionX IndividualCyber Crime>1Link
71004/04/2018?Verge CryptocurrencyAn unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid paceUnknownV FintechCyber CrimeN/ALink
71104/04/2018?Facebook UsersFacebook reveals that "malicious actors" took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.VulnerabilityX IndividualCyber CrimeUSLink
71204/04/2018?Japan Ministry EmployeesThe Japanese governments cybersecurity center reveals that the email addresses and passwords of thousands of ministry employees have been leaked and are being sold on the Internet.UnknownO Public administration, defence, compulsory social securityCyber CrimeJPLink
71304/04/2018?Oakton High SchoolA police investigation reveals that hackers attempted to change grades at Oakton High School, using an attack carried on via a malicious email.Account HijackingP EducationCyber CrimeUSLink
71405/04/2018?[24]7.ai[24]7.ai, a firm providing online customer support services based on artificial intelligence and machine learning, is breached. As consequence other companies using its services suffer a theft of customer payment information. The breach occurred between September 26, 2017 and October 12, 2017. The list of the victims include Sears, Kmart, and Delta Airlines. Even Best Buy is involved.UnknownJ Information and communicationCyber CrimeUSLink
71505/04/2018?Several Financial FirmsResearchers from Recorded Future reveal the details of the IoTroop botnet, a botnet made up of hijacked internet-connected televisions and web cameras used to target financial firms with DDoS attacks.DDoSK Financial and insurance activitiesCyber Crime>1Link
71605/04/2018?Multiple Financial TargetsResearchers from Netskope discover a new ATM jackpotting malware dubbed ATMJackpot. The malware seems to have originated from Hong Kong and to be still in development.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
71705/04/2018?Multiple TargetsResearchers from Fortinet discover a new variant of the Agent Tesla spyware, spreading via weaponized Microsoft Word Documents.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
71806/04/2018Suspected Chinese HackersIndia's Ministry of DefenceThe website of India's Ministry of Defence is defaced by suspected Chinese attackers.DefacementO Public administration, defence, compulsory social securityCyber CrimeINLink
71908/04/2018?Drake BellDrake Bell appears to be the most recent victim of hackers as part of another episode of the Fappening saga.Account HijackingX IndividualCyber CrimeUSLink
72008/04/2018?Natalie CassidyEastEnders star Natalie Cassidy is the latest celebrity to have her intimate pictures leaked online in yet another evolution of the Fappening 2018 scandal.Account HijackingX IndividualCyber CrimeUKLink
72109/04/2018JHTCisco switches around the worldThe Iranian IT Ministry reveals that Hackers have attacked networks in a number of countries including data centers in Iran where they left the image of a U.S. flag on screens along with a warning: “Dont mess with our elections”. The attack, exploiting CVE-2018-0171, affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in Iran.VulnerabilityY Multiple IndustriesHacktivism>1Link
72209/04/2018?Armed Forces Recreation Center Edelweiss Lodge and ResortThe Armed Forces Recreation Center Edelweiss Lodge and Resort investigates a data breach that left some guests open to identity theft. At least 18 guests — primarily soldiers and retirees — who stayed at the resort between November 2017 and February 2018 reported that their credit cards were misused after their stays.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeDELink
72309/04/2018?Sodexo FilmologySodexo food services and facilities management company notifies a number of customers that it was the victim of a targeted attack on its cinema vouchers platform Sodexo Filmology.Targeted AttackR Arts entertainment and recreationCyber CrimeUKLink
72409/04/2018?Telco companies in Brazil, Columbia and other Latin American countriesResearchers from Flashpoint observe a spike of activity in Telegram messaging channels being used to exchange HTTP injectors. HTTP injectors can be used to obtain free mobile internet access.HTTP InjectorsJ Information and communicationCyber Crime>1Link
72510/04/2018?Vulnerable CMS Systems.Security researchers at Malwarebytes report to have uncovered evidence of a sophisticated campaign of thousands of compromised websites running vulnerable CMS' and abused to distribute malware to visiting users via fake updates. The campaign is called FakeUpdates and is used to distribute the ZeusVM variant Chtonic banking malware or a NetSupport Remote Access ToolMalicious Code InjectionX IndividualCyber Crime>1Link
72610/04/2018KuroiSH and ProsoxVevo Youtube AccountTwo hackers manage to deface several popular YouTube music videos, changing titles and thumbnail images. The list of the victims include the most-viewed YouTube video of all time, “Despacito”. The two claim to have done it for Palestine.DefacementR Arts entertainment and recreationHacktivismUSLink
72710/04/2018?Single IndividualsResearchers from Barracuda reveal the details of a recent spate of attacks using phishing, social engineering, exploits, and obfuscation to spread a Quant Loader trojan capable of distributing ransomware and password stealers. The attack uses a “.url” file extension claiming to be billing documents but actually lead to remote script files using a variation of CVE-2016-3353Malware/PoS MalwareX IndividualCyber Crime>1Link
72810/04/2018?Victoria Independent School DistrictVictoria independent School District notifies employees that some email accounts were inappropriately accessed between July and October 2017. Some of the emails in those accounts contained employees personal information.Account HijackingP EducationCyber CrimeUSLink
72911/04/2018?Great Western RailwayGreat Western Railway reset more than a million customer accounts after discovering hackers had successfully breached a small percentage of them. According to the operator, about 1,000 of its passengers' details have been exposed.Brute-Force/Credential StuffingX IndividualCyber CrimeUKLink
73012/04/2018UKIslamic StateThe director of the intelligence agency GCHQ, Jeremy Fleming reveals that the UK has conducted a "major offensive cyber-campaign" against the Islamic State group.DDoSS Other service activitiesCyber WarfareN/ALink
73112/04/2018?Governments and high-level officials in the Middle East and North Africa (MENA)Kaspersky Labs details a large-scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions and more specifically Palestine.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionagePSLink
73212/04/2018?Single IndividualsResearchers from Menlo Security reveal the details of a new multi-stage campaign using malicious attachments to infect the endpoint with content hosted on a remote host (and exploiting CVE-2017-8570 to drop the executable in the endpoint), The campaign is used to deliver the Formbook malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
73312/04/2018?SucuriThe California based website security provider Sucuri suffers a series of massive DDoS attacks causing service outage in West Europe, South America and parts of Eastern United States.DDoSM Professional scientific and technical activitiesCyber CrimeUSLink
73412/04/2018?CoinsecureCryptocurrency exchange Coinsecure, Indias second exchange, announces that it has suffered a severe issue, 438 bitcoin, $3,3 million worth, have been transferred from the main wallet to an account that is not under their control.VulnerabilityV FintechCyber CrimeINLink
73513/04/2018?Diagnostic Radiology & ImagingDiagnostic Radiology & Imaging notifies 800 patients of phishing incident occurred in November 2017.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
73613/04/2018?Vulnerable Drupal CMS SystemsAfter the publication of PoC code, attackers start to exploit the Drupalgeddon2 vulnerability (CVE-2018-7600).VulnerabilityY Multiple IndustriesCyber Crime>1Link
73713/04/2018?Vulnerable routersSecurity researchers at Akamai discover a proxy botnet composed of more than 65,000 routers exposed to the Internet via the Universal Plug and Play (UPnP) protocol.VulnerabilityY Multiple IndustriesCyber Crime>1Link
73813/04/2018?InogenInogen, a California-based medical device manufacturer, reports that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised sometime between Jan. 2, 2018, and Mar. 14, 2018.Account HijackingC ManufacturingCyber CrimeUSLink
73913/04/2018?Mise En Place Restaurant ServicesMise En Place Restaurant Services announces that it was subject to a ransomware attack, which may have potentially exposed some information of clients and individuals.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink
74014/04/2018?Texas Health ResourcesTexas Health Resources reveals that an unauthorized party may have gained access to patient information back in October 2017 by compromising some of the organization's email accounts. The breach was discovered in January 4,000 and might impact 4,000 users.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
74115/04/2018?UnityPoint HealthUnityPoint Health notifies patients of a phishing attack occurred between November 1, 2017 and February 7, 2018Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
74204/04/2018?Single IndividualsResearchers from Palo Alto Networks reveal the details of Rarog, a previously unseen cryptomining trojan.Malware/PoS MalwareX IndividualCyber Crime>1Link
74312/04/2018?IIS 6.0 Vulnerable serversResearchers from F5 discover a massive campaign exploiting an old IIS 6.0 vulnerability (CVE-2017-7269) to mine Electroneum.VulnerabilityY Multiple IndustriesCyber Crime>1Link
74416/04/2018Russian state-sponsored actors (Grizzly Steppe)Government and private-sector organizations, critical infrastructure providers, and the internet service providers (ISPs)The UK NCSC (National Cyber Security Centre), FBI (Federal Bureau of Investigation) and DHS (Department of Homeland Security) issue a joint Technical Alert about malicious cyber activity carried out by the Russian Government. The attackers use compromised routers to conduct man-in-the-middle attacks.Man-in-the-MiddleO Public administration, defence, compulsory social securityCyber Espionage>1Link
74516/04/2018APT-C-32Middle Eastern IndividualsResearchers from Lookout reveal the details of an espionage campaign using two malware strains called Desert Scorpion and FrozenCell, to spy on targets in Palestine. The attackers are thought to be linked to Hamas.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
74616/04/2018mobile APT (mAPT)Several targetsResearchers from Lookout reveal a new campaign using a modified version of the infamous ViperRAT hosted in Google Play.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
74716/04/2018?TaskRabbitTaskRabbit, a web-based service owned by IKEA that connects freelance handymen with clients in various local US markets, emails customers admitting it suffered a security breach. The company takes down its app and website while investigating the incident and later admits that some personal information might have been compromised.UnknownN Administrative and support service activitiesCyber CrimeUSLink
74816/04/2018?Android UsersResearchers from Kaspersky Lab reveal the detail of Roaming Mantis, an operation where malware authors have hijacked DNS settings on vulnerable routers to redirect users to sites hosting Android malware on clone apps of Google Chrome and Facebook.DNS HijackingX IndividualCyber Crime>1Link
74916/04/2018?Multiple TargetsAccording to multiple sources, hackers have started to actively exploit the Drupalgeddon 2 Drupal CMS vulnerability CVE-2018-7600 to inject cryptominers.VulnerabilityY Multiple IndustriesCyber Crime>1Link
75016/04/2018?African Embassy in DublinResearchers from Lastline reveal that an African ambassador in Dublin was compromised by cyber criminals with hackers gaining access to entire nations digital data.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageN/ALink
75116/04/2018?Hong Kong Broadband NetworkHong Kong Broadband Network, the citys second largest fixed-line residential broadband provider, discovers that an inactive customer database has been accessed without authorization. The personal data of some 380,000 customers, including details for more than 40,000 credit cards, are compromised.UnknownJ Information and communicationCyber CrimeHKLink
75216/04/2018?Irvington School DistrictPartial social security numbers of more than 1,200 employees at Irvington schools are distributed via email to an unknown number of recipients by an unidentified attacker.UnknownP EducationCyber CrimeUSLink
75317/04/2018?Chrome UsersResearchers from AdGuard uncover five malicious ad-blocker extensions on the Chrome Web Store that were installed by 20 million Chrome users before Google removed them.Malware/PoS MalwareX IndividualCyber Crime>1Link
75417/04/2018?TheBottleResearchers from Palo Alto Networks reveal the details of SquirtDanger, a new strain of malware that allows hackers to take action screenshots, steal passwords, download files and even steal the contents of cryptocurrency wallets.Malware/PoS MalwareX IndividualCyber Crime>1Link
75517/04/2018?Minecraft usersAccording to Avasts Threat Labs, nearly 50,000 Minecraft users have been infected with a malware aiming at reformatting hard drives, wiping out backup data from the targeted system along with deleting other important files.Malware/PoS MalwareX IndividualCyber Crime>1Link
75617/04/2018AnoaGhostinsights.london.nhs.ukAn NHS website is defacedDefacementO Public administration, defence, compulsory social securityCyber CrimeUKLink
75718/04/2018Gold GalleonMultiple Maritime Shipping FirmsResearchers from Secureworks discover a previously unidentified "Gold Galleon" threat group, specialized in business email compromise (BEC) and business email spoofing (BES) fraud against maritime shipping firms in order to try and steal millions of dollars on an annual basis.Account HijackingH Transportation and storageCyber Crime>1Link
75818/04/2018?Single IndividualsSecurity researchers from Radware spot a new information stealer that collects Chrome login data from infected victims, along with session cookies, and appears to be looking for Facebook and Amazon details in particular. The malware is called Stresspaint and has infected so far more than 40,000 users.Malware/PoS MalwareX IndividualCyber Crime>1Link
75918/04/2018?California's Center for Orthopaedic Specialists (COS)California's Center for Orthopaedic Specialists (COS) discloses to have been hit by a ransomware attack. The incident impacts the records of approximately 85,000 patients across three facilities in West Hills, Simi Valley and Westlake Village.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
76018/04/2018?Ian BalinaIan Balina, a well-known sponsored YouTube blogger is hacked, while streaming, loosing roughly $2 million in tokens.Account HijackingX IndividualCyber CrimeUSLink
76118/04/2018?Sangamo TherapeuticsSangamo Therapeutics announces a data security incident involving compromise of a senior executives company email account.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
76218/04/2018?Minecraft and Counter-Strike: Global Offensive playersResearchers discover two strains of a fake ransomware targeting players of Minecraft and Counter-Strike: Global Offensive (CS:GO)Malware/PoS MalwareX IndividualCyber Crime>1Link
76318/04/2018?QuestarAnnual tests in several states are delayed by what appears to be a suspected hack to Questar, a K12 assessment solutions provider.UnknownP EducationCyber CrimeUSLink
76419/04/2018HighTech Brazil HackteamSupreme Court of IndiaThe website of Supreme Court of India is defaced.DefacementO Public administration, defence, compulsory social securityCyber CrimeINLink
76519/04/2018?Single IndividualsResearchers from Trend Micro discover a spam campaign delivering the Adwind RAT bundled with the XTRAT and DUNIHI Backdoors.Malware/PoS MalwareX IndividualCyber Crime>1Link
76619/04/2018?Single IndividualsResearchers at MalwareHunterTeam discover a new strain of ransomware, targeting Brazilian users, called RansSIRIA, which encrypts victims files and then states it will donate the ransom to Syrian refugees. The malware target Brazilian victims.Malware/PoS MalwareX IndividualCyber CrimeBRLink
76720/04/2018?Multiple TargetsSecurity researchers from antivirus maker Qihoo 360 Core discover a new Internet Explorer 0-day exploited by a state-sponsored threat actor. The vulnerability is called "double kill".Targeted AttackY Multiple IndustriesCyber Espionage>1Link
76820/04/2018?Multiple TargetsResearchers from Qihoo 360 Netlab and GreyNoise Intelligence discover a botnet made up of servers and smart devices exploiting the severe Drupal CMS vulnerability CVE-2018-7600 also known as Drupalgeddon 2. The botnet is dubbed Muhstik.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
76921/04/2018?Equihash mining poolsSecurity researchers at 360 Core Security detect a new type of attack which targets some Equihash mining pools.VulnerabilityY Multiple IndustriesCyber Crime>1Link
77021/04/2018?City of HamiltonThe emails of about 1,100 Hamilton residents have been compromised following a data breach of two waste collection apps, according to the city of Hamilton.UnknownO Public administration, defence, compulsory social securityCyber CrimeCALink
77122/04/2018AnonPlusilgiornale.itHackers from AnonPlus deface ilgiornale.it, one of the main newspapers in Italy, with a fake news about Mr. Silvio Berlusconi in jail.DefacementJ Information and communicationHacktivismITLink
77222/04/2018Prosox ShadeRed Bull WebsiteThe Red Bull website is defaced twice in few hours, probably exploiting the Drupalgeddon 2 vulnerability.DefacementI Accommodation and food service activitiesCyber CrimeATLink
77323/04/2018?Prince Edward Island (PEI) Government WebsiteA ransomware attack takes down the Prince Edward Island Government website.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeCALink
77423/04/2018OrangewormHealthcare organizations in the United States, Europe and AsiaResearchers from Symantec reveal the details of Orangeworm, a threat group targeting healthcare organizations in the United States, Europe and Asia via a custom backdoor dubbed Kwampirs.Targeted AttackQ Human health and social work activitiesCyber Espionage>1Link
77523/04/2018?CareemCareem, Ubers main ride-hailing app rival in the Middle East, is hit by a cyber attack that compromises the data of 14 million users. The breach was discovered on January 14.UnknownH Transportation and storageCyber CrimeAELink
77623/04/2018APT10Japanese defense companiesAccording to FireEye, the Chinese group APT10 has targeted Japanese defense companies, possibly to get information on Tokyos policy toward resolving the North Korean nuclear impasse.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageJPLink
77723/04/2018Hunter buttThai Airways WebsiteThe official website of Thai Airways is hacked by a Pakistani with the moniker “Hunter butt”. The hacker uploads a deface page on 23 subdomains.DefacementH Transportation and storageCyber CrimeTHLink
77824/04/2018?MyEtherWallet.comA hacker (or group of hackers) hijacks the Amazon DNS servers of MyEtherWallet.com, a web-based Ether wallet service. Users accessing the site are redirected to a fake version of the website. Those who logged in had their wallet private keys stolen, which the attacker used to empty accounts. The total bounty is $152,000.DNS HijackingV FintechCyber CrimeUSLink
77924/04/2018?Ukraine's Energy Ministry WebsiteUnknown hackers use ransomware to take the website of Ukraine's energy ministry offline and encrypt its files.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUALink
78024/04/2018?Single IndividualsResearchers from FortiGuard Labs uncover a new python-based Monero cryptocurrency mining malware, dubbed "PyRoMine" that uses the ETERNALROMANCE exploit to spread.Malware/PoS MalwareX IndividualCyber Crime>1Link
78124/04/2018?Brazilian companiesResearchers from FireEye identify a widespread spam campaign, dubbed Metamorfo, targeting Brazilian companies with the goal of delivering banking Trojans.Malware/PoS MalwareY Multiple IndustriesCyber CrimeBRLink
78224/04/2018?Americas CardroomPoker tournaments are disrupted after a spite of DDoS attacks on Americas Cardroom.DDoSR Arts entertainment and recreationCyber CrimeUSLink
78324/04/2018?Multiple industries including critical infrastructure, entertainment, finance, health care, and telecommunicationsResearchers from McAfee uncover a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. The campaign is dubbed Operation GhostSecret.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
78424/04/2018?WebLogic ServersAttackers start to exploit Oracle WebLogic servers for CVE-2018-2628.VulnerabilityY Multiple IndustriesCyber Crime>1Link
78525/04/2018?HPE UsersThreat actors target internet accessible HPE Integrated Lights-Out 4 (HPE iLO 4) remote management interfaces with ransomware.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
78626/04/2018?Single IndividualsResearchers from Vade Secure reveal the details of a massive phishing campaign targeting more than 550 million email users globally since the first quarter of 2018.Account HijackingX IndividualCyber Crime>1Link
78726/04/2018?Single IndividualsResearchers from Trend Micro discover a new variant of the infamous Necurs botnet using .url files (internet shortcuts) to bypass conventional detection methods.Malware/PoS MalwareX IndividualCyber Crime>1Link
78826/04/2018The Invincible The MartianSeveral targets in IndiaResearchers from Cisco Talos unveil the details of GravityRAT, a tool being used in targeted attacks, allegedly coming from Pakistan, against India with sophisticated anti-evasion techniques.Targeted AttackO Public administration, defence, compulsory social securityCyber WarfareINLink
78926/04/2018Team Kerala Cyber WarriorsPakistanTeam Kerala Cyber Warriors, a hacking group based out of India, begin to install ransomware on web sites based out of Pakistan. The ransomware is called KCW Ransomware.Malware/PoS MalwareY Multiple IndustriesCyber WarfarePKLink
79026/04/2018?Sen. Richard Pan, D-SacramentoSen. Richard Pan, D-Sacramento, claims that thieves hacked his email account and stole $46,000 from his re-election campaign in a "sophisticated" scheme earlier this year.Account HijackingX IndividualCyber CrimeUSLink
79127/04/2018?Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext)Three banks in Mexico (Grupo Financiero Banorte, Banco del Bajio SA, and Bancomext) are targeted by a cyber attack aimed to penetrate Mexicos electronic payment systems (SPEI).UnknownK Financial and insurance activitiesCyber CrimeMXLink
79227/04/2018?Zippy's RestaurantsThe Hawaii-based Zippy's Restaurants reports that its point-of-sale system at 25 of its locations have been compromised exposing customer data from November 23, 2017, to March 29, 2018.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink
79327/04/2018?Highway Sign in ArizonaSomeone hacks a highway sign in Arizona and defaces it with 'Hail Hitler' text.UnknownH Transportation and storageCyber CrimeUSLink
79427/04/2018?Leominster Schools DistrictLeominster Schools District pays $10,000 worth of Bitcoins ransom following a cyberattack on their system.Malware/PoS MalwareP EducationCyber CrimeUSLink
79527/04/2018AnonPlusCity of BolognaThe website of the City of Bologna is defaced by AnonPlusDefacementO Public administration, defence, compulsory social securityHacktivismITLink
79627/04/2018?Scenic Bluffs Community Health CentersScenic Bluffs Community Health Centers notifies 2,889 patients of a potential breach of personal patient information after discovering March 1, 2018, that one staff email account had been hacked on Feb. 28, 2018, by an unauthorized party.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
79727/04/2018?Billings ClinicBillings Clinic notifies 949 patients of a breach affecting its email security system causing an unknown individual to access patients' information back in February.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
79830/04/2018?Single IndividualsResearchers from Trend Micro reveal the details of FacexWorm, a malicious Chrome extension, targeting cryptocurrency trading platforms via Facebook Messenger in order to steal account credentials for Google MyMonero and Coinhive.Malware/PoS MalwareX IndividualCyber Crime>1Link
79901/05/2018?Rail Europe North AmericaRail Europe, a site used by Americans to buy train tickets in Europe, reveals a three-month data breach of credit cards and debit cards. Hackers implanted credit card-skimming malware on its website between late-November 2017 and mid-February 2018.Malware/PoS MalwareR Arts entertainment and recreationCyber CrimeUSLink
80001/05/2018APT28 AKA Fancy BearLojack UsersSecurity researchers from Arbor Networks reveal that malware with suspected links to Russian cyber-espionage group Fancy Bear is turning up in installations of Lojack, an anti-computer theft program used by many corporations to guard their assets.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
80101/05/2018?Vulnerable serversResearchers from AlienVault reveal the details of MassMiner, a new wave of cryptocurrency-mining malware using exploits for vulnerabilities such as CVE-2017-10271 (Oracle WebLogic), CVE-2017-0143 (Windows SMB), and CVE-2017-5638 (Apache Struts).VulnerabilityY Multiple IndustriesCyber Crime>1Link
80201/05/2018SB315City of Augusta Calvary Baptist Church Georgia Southern University, Two Augusta restaurants: Blue Sky Kitchen and Soy Noodle HouseA group of vigilante hackers going by SB315 deface some Georgia sites and threaten retaliation if the bill becomes law. The list of the targets include: the City of Augusta (that denies the hack), the website of Calvary Baptist Church, Georgia Southern University, the sites for two Augusta restaurants, Blue Sky Kitchen and Soy Noodle House.DefacementY Multiple IndustriesHacktivismUSLink
80301/05/2018?Knox County's websiteThe Tennessee county's website is taken down by a DDoS attack on election night.DDoSO Public administration, defence, compulsory social securityCyber CrimeUSLink
80402/05/2018?Drupal ServersResearchers from Imperva/Incapsula discover another strain of malware, dubbed Kitty, aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600) to mine cryptocurrencyVulnerabilityY Multiple IndustriesCyber Crime>1Link
80502/05/2018AllaniteBusiness and ICS networks at electric utilities in the US and UK.Researchers from Dragos unveil the details of a threat actor dubbed Allanite, active at least since May 2017 and still targeting both business and ICS networks at electric utilities in the US and UK.Targeted AttackD Electricity gas steam and air conditioning supplyCyber EspionageUS UKLink
80602/05/2018?Fredericksburg School SystemA Fredericksburg school system employee falls for phishing attackAccount HijackingP EducationCyber CrimeUSLink
80702/05/2018AkincilarGreek Foreign Ministry Athens-Macedonia News Agency (ANA) Greek Handball Federation Suzuki-GreeceThe Turkish hacker group Akincilar ("Invaders") starts its offensive against Greece and defaces four websites (Greek Foreign Ministry, Athens-Macedonia News Agency - ANA -, the Greek Handball Federation, and Suzuki-Greece) in response to Athens' refusal to hand over the Turkish officers who fled to Greece in July 2016.DefacementO Public administration, defence, compulsory social securityCyber WarfareGRLink
80802/05/2018DefacementI Accommodation and food service activitiesCyber WarfareGR
80902/05/2018DefacementR Arts entertainment and recreationCyber WarfareGR
81002/05/2018DefacementC ManufacturingCyber WarfareGR
81103/05/2018?Targets in Middle EastResearchers from Kaspersky reveal the details of ZooPark, a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
81203/05/2018?World Rugby Training and Education WebsiteWorld Rugby is forced to suspend its training and education website after the governing body is the target of a cyber attack that sees hackers obtain personal data from thousands of subscribers.UnknownR Arts entertainment and recreationCyber CrimeN/ALink
81303/05/2018?JavaScript usersThe Node Package Manager (npm) team discovers and blocks the distribution of a backdoor inside getcookies, a popular, albeit deprecated, JavaScript package.Malware/PoS MalwareX IndividualCyber Crime>1Link
81403/05/2018?Airbnb usersResearchers from Redscan discover a GDPR-related phishing scam with emails claiming to be from Airbnb.Account HijackingX IndividualCyber Crime>1Link
81503/05/2018?Several Florida Hospital WebsitesSeveral Florida Hospital Websites are taken offline after being affected by a malware that could have compromised patient information. The list of the affected hospitals include: FloridaBariatric.com, FHOrthoInstitute.com and FHExecutiveHealth.com.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
81603/05/2018Anonymous24TV Turk TelekomAs a retaliation for the attacks of the Turkish collective Akincilar, Greek hackers from Anonymous paralyze the 24TV Live website for several hours. They also claim to have hacked 12,987 routers of Turk Telekom.DDoSJ Information and communicationCyber WarfareTRLink
81703/05/2018?Meituan DianpingMeituan Dianping, the internet giant backed by Tencent, Chinas most valuable tech corporation, begins investigating reports of a data breach that exposed the private information of tens of thousands of users. This happens after tens of thousands of data snippets -- everything from names and mobile numbers to home addresses -- on food-delivery customers went on sale online.UnknownG Wholesale and retail tradeCyber CrimeCNLink
81803/05/2018?Fleetcor TechnologiesFleetcor Technologies, a company specializing in fuel cards and workforce payment products and services, publicly discloses that its gift card systems were accessed last month by an unauthorized party. A "significant number" of gift cards that are at least six months old, as well as PIN numbers, were accessed.UnknownR Arts entertainment and recreationCyber CrimeUSLink
81904/05/2018?Copenhagen citys bicycle sharing system “Bycyklen"Unknown hackers disrupt the Copenhagen citys bicycle sharing system “Bycyklen”, erasing the data of 1,860 bicycles.UnknownH Transportation and storageCyber CrimeDKLink
82004/05/2018AnonPlusK9 Web ProtectionHackers from the collective AnonPlus, a splinter cell of Anonymous, deface the website of K9 Web Protection (belonging to Symantec).DefacementJ Information and communicationHacktivismUSLink
82104/05/2018?Riverside Fire and Police departmentRansomware infects the servers of the Riverside Fire and Police department for the second time in a month.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
82204/05/2018?W.S. Neal High SchoolWhile finalizing end-year school rankings, W.S. Neal High School realizes that someone has been changing grades since 2016.UnknownP EducationCyber CrimeUSLink
82304/05/2018?City of TulsaThe City of Tulsa confirms that computer hackers broke into several City controlled accounts but says it appears there have been no effects on city systems.UnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
82404/05/2018?Northwest UniversityThe email account of the Northwest Universitys CFO is hacked. As a consequence $60,000 are stolen.Account HijackingP EducationCyber CrimeUSLink
82504/05/2018?Banco InterShares in Banco Inter fall as much as 11 percent after reports that a hacking attack had obtained sensitive data pertaining to clients. Banco Inter reveals it was “the victim of attempted extortion.”UnknownK Financial and insurance activitiesCyber CrimeBRLink
82605/05/2018?Vulnerable Drupal ServersResearcher Troy Mursch discovers another campaign aimed to exploit Drupalgeddon 2.0 (CVE-2018-7600 and CVE-2018-7602). In this campaign more than 350 servers are compromised to inject cryptominers.VulnerabilityY Multiple IndustriesCyber Crime>1Link
82705/05/2018?Mason Law OfficeMason Law Office discovers evidence of unauthorized access to their mycase.com instance by an unknown individual or group of individuals. Client data is potentially accessed.UnknownM Professional scientific and technical activitiesCyber CrimeUSLink
82806/05/2018?Canon Security Cameras“Im Hacked. bye2”— Thats the message left behind on most of the 60 hacked Canon security cameras in Japan with many more hacked in the previous weeks.UnknownY Multiple IndustriesCyber CrimeJPLink
82906/05/2018?Android and Windows UsersResearchers from Trend Micro identify a new spyware distributed via adult games. Dubbed as Maikspy spyware (from a famous adult film actress). The main target of this malicious new campaign are Android and Windows users, and the primary objective is to steal sensitive personal data. The malware is dubbed AndroidOS_MaikSpy.HRX.Malware/PoS MalwareX IndividualCyber Crime>1Link
83007/05/2018?SSH Decorator (Python Module) usersSSH Decorator, a Python module, is compromised by unknown attacker who inject a backdoor.Malware/PoS MalwareX IndividualCyber Crime>1Link
83107/05/2018?Roseburg Public SchoolsA ransomware attack targets Roseburg Public Schools, blocking access to the districts email, website and software.Malware/PoS MalwareP EducationCyber CrimeUSLink
83207/05/2018AkincilarHonda GreeceTurkish hackers from Akincilar launch a new cyber attack against Honda Greece. The automakers website in Greece is infiltrated with a message condemning the country for “partnering” with terrorists.DefacementC ManufacturingCyber WarfareGRLink
83308/05/2018?Marketing/Advertising/Public Relations and Retail/Manufacturing industriesProofpoint observes a campaign targeting Marketing/Advertising/Public Relations and Retail/Manufacturing industries with a new malware called Vega Stealer. The malware contains stealing functionality targeting saved credentials and credit cards in the Chrome and Firefox browsers, as well as stealing sensitive documents from infected computers.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
83408/05/2018?Sheffield Credit UnionSheffield Credit Union is the victim of a Cyber attack, which is believed to have taken place on 14 February 2018 but only recently comes to light after a blackmailing attempt by the attackers. The personal data of about 15,000 members is compromised.UnknownK Financial and insurance activitiesCyber CrimeUKLink
83508/05/2018SilverTerrierMultiple Targets Around the WorldResearchers from Palo Alto Networks reveal the details of a ring of Nigerian criminals dubbed SilverTerrier, conducting hacking campaigns against targets around the world. The researchers have attributed 181,000 attacks, using 15 families of malware, to the group in the last year, with expected losses estimated more than $3B.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
83608/05/2018?City of GoodyearThe City of Goodyear announces that its bill pay system may have been compromised. The possible breach could expose 30,000 utility customers.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
83709/05/2018?Several financial targets in the USResearchers from F5 reveal a new campaign carried on via the infamous Panda malware targeting US financials targets.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeUSLink
83809/05/2018?The SunThe Sun calls in the UK's cybersecurity authorities after detecting Russian hackers trying to access the tabloid newspaper's internal computer systems.Targeted AttackJ Information and communicationCyber EspionageUKLink
83909/05/2018?Morinaga Milk Industry Co.After receiving a report from a credit card issuer, Morinaga Milk Industry Co. says that credit card or other personal information of up to 120,000 online customers may have leaked.UnknownI Accommodation and food service activitiesCyber CrimeJPLink
84009/05/2018?The Oregon ClinicThe Oregon Clinic announces that a data security incident may have affected protected health information (PHI) after an unauthorized third party accessed an internal email account.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
84110/05/2018AnonymousOfficial website of Russias Federal Agency for International Cooperation (Rossotrudnichestvo)The Anonymous deface several subdomains of the official website of Russias Federal Agency for International Cooperation (Rossotrudnichestvo) against the ongoing censorship in the country especially the recent ban on Telegram.DefacementO Public administration, defence, compulsory social securityHacktivismRULink
84210/05/2018?Multiple TargetsResearchers from Radware reveal the details of Nigelthorn, a crypto-mining malware abusing Chrome extensions, and using Facebook to spread. The analysis reveals that the group has been active since at least March of 2018 and has already infected more than 100,000 users in over 100 countries.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
84310/05/2018?Vulnerable Dasan GPON routersResearchers from Qihoo 360 Netlab reveal that at least five IoT botnets are targeting Dasan GPON routers, exploiting the two recently discovered vulnerabilities CVE-2018-10561 and CVE-2018-10562. The five botnets are known under codenames such as Hajime, Mettle, Mirai, Muhstik, and Satori.VulnerabilityY Multiple IndustriesCyber Crime>1Link
84410/05/2018?Wasaga BeachWasaga Beach pays the ransom to hackers who took over its computer system earlier this month.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeCALink
84510/05/2018?Malleys ChocolatesMalleys Chocolates reveals that its website has been hacked, and the card information of 3,400 online customers has been breached.UnknownI Accommodation and food service activitiesCyber CrimeUSLink
84611/05/2018?Android UsersResearchers from Symantec discover a new wave of 45 malicious on the Android store known under the definition of Android.Reputation.1. Of these apps, 7 are rebranded versions of previously removed apps, whereas 38 are completely new,Malware/PoS MalwareX IndividualCyber Crime>1Link
84711/05/2018?Chili's RestaurantChili's Restaurant reveals that some restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data between March and April 2018.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink
84811/05/2018?Ubuntu UsersA user has spots a cryptocurrency miner hidden in the source code of an Ubuntu snap package hosted on the official Ubuntu Snap Store. The app's name is 2048buntu, a clone of the popular 2024 game.Malware/PoS MalwareX IndividualCyber Crime>1Link
84911/05/2018?DSBThe Danish state rail operator DSB is hit by a massive DDoS attack, paralyzing some operations, including ticketing systems and the communication infrastructure.DDoSH Transportation and storageCyber CrimeDKLink
85011/05/2018?Bemus Point School DistrictBemus Point School District Superintendent reveals that some students in the district might have been compromised amid the breach of Maia Learning by a competitor.UnknownP EducationCyber CrimeUSLink
85112/05/2018?Capitol AdministratorsCapitol Administrators notifies individuals of a phishing attack.Account HijackingN Administrative and support service activitiesCyber CrimeUSLink
85212/05/2018?Five Mexican Banks including No. 2 BanorteThieves siphon 300 million pesos ($15.4 million) out of five Mexican banks, including No. 2 Banorte, by creating phantom orders that wired funds to bogus accounts and promptly withdrew the money.Account HijackingK Financial and insurance activitiesCyber CrimeMXLink
85314/05/2018Hackers linked to the Turkish GovernmentTurkish Dissident and ProtestersAccording to a new report by digital rights organization Access Now, hackers, apparently working for the Turkish government, attempted to infect a large number of Turkish dissidents and protesters by spreading the infamous FinFisher spyware on Twitter.Malware/PoS MalwareX IndividualCyber CrimeTRLink
85414/05/2018?Family Planning NSWFamily Planning NSW tells customers their personal information may have been compromised after the not-for-profit fell victim to a ransomware attack. Around 8,000 users might be affected.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeAULink
85515/05/2018Stealth MangoGovernment officials, members of the military, and activists in Pakistan, Afghanistan, India, Iraq and the United Arab EmiratesResearchers from Lookout discover a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. The campaign is called Stealth Mango, and has been used to collect over 30 gigabytes of compromised data on attacker infrastructureMalware/PoS MalwareO Public administration, defence, compulsory social securityCyber Espionage>1Link
85610/05/2018?NuanceSpeech recognition software firm Nuance announces the breach of thousands of patient records after a former employee breached its servers and accessed the personal information of 45,000 individuals from several contracted clients between November 20 and December 9 of 2017.Account HijackingM Professional scientific and technical activitiesCyber CrimeUSLink
85711/05/2018?Multiple UsersResearchers from Qihoo 360 discover a miner campaign hidden behind a potentially unwanted program dubbed One System Care.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
85811/05/2018Satori BotnetExposed Ethereum Mining RigsThe operators of the Satori botnet are mass-scanning the Internet for exposed Ethereum mining rigs, according to three sources in the infosec community who've observed the malicious behavior —SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence.Brute-ForceV FintechCyber Crime>1Link
85915/05/2018?Multiple UsersResearchers from Qihoo 360 discover a particular miner dubbed IdleBuddyMiner, which asks nicely for permission to mine via a popup.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
86016/05/2018?SecurusA hacker provides Motherboard with 2,800 login details for Securus, a company that buys phone location data from major telecom companies and then sells it to law enforcement. The company confirms the breach few days later.UnknownX IndividualCyber CrimeUSLink
86116/05/2018?Windows UsersResearchers from Qihoo 360 discover a massive malware campaign spreading a new coinminer, which appears to have made roughly 500,000 victims in three days alone. The miner is called WinstarNssmMiner.Malware/PoS MalwareX IndividualCyber Crime>1Link
86216/05/2018?Ethereum WalletsResearchers from RiskIQ unveil the details of MEWKit, a sophisticated phishing campaign aimed at stealing credentials of Ethereum wallets, and in the same time, perform and automated transfer with the stolen details.Account HijackingX IndividualCyber Crime>1Link
86316/05/2018?ZooPark APT GroupA vigilante hacker claims to have hacked the alleged Iran-linked group behind the ZooPark campaign discovered by Kaspersky earlier this month, and dumps the files purportedly stolen from a server controlled by the attackers.UnknownO Public administration, defence, compulsory social securityCyber CrimeIRLink
86416/05/2018?LifeBridge Health and LifeBridge Potomac ProfessionalsLifeBridge Health and LifeBridge Potomac Professionals notify patients about a malware incident occurred back in March 18, 2018. The number of affected patients could be 500,000.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
86516/05/2018?Wordpress WebsitesA report from security firm Wordfence reveals that hackers have come up with a never-before-seen method of installing backdoored plugins on websites running the open-source WordPress CMS, and this new technique relies on using weakly protected WordPress.com accounts and the Jetpack plugin.Account HijackingY Multiple IndustriesCyber Crime>1Link
86616/05/2018Racoon HackerRussian-speaking Telegram usersResearchers from Cisco Talos reveal the details of TeleGrab, a malware harvesting cache and key files from Telegram.Malware/PoS MalwareX IndividualCyber CrimeRULink
86716/05/2018?Android UsersResearchers from security company Avast discover 26 apps on the Google Play Store that include adware forcing ads on compromised systems.Malware/PoS MalwareX IndividualCyber Crime>1Link
86817/05/2018?blackphoenixalchemylab.comblackphoenixalchemylab.com discovers malware inserted into the portion of the checkout page between May 1 and May 16.Malware/PoS MalwareR Arts entertainment and recreationCyber CrimeUSLink
86917/05/2018?Corporation Service Company (CSC)Hackers steal the personally identifiable information of 5,678 customers of the Corporation Service Company (CSC), according to a notice the company sent to the California attorney general's office.UnknownN Administrative and support service activitiesCyber CrimeUSLink
87017/05/2018?Fortnite PlayersResearchers at Zscalers ThreatLabZ discover malicious apps on Google Play, in disguise of a mobile version of the popular game Fortnite.Malware/PoS MalwareX IndividualCyber Crime>1Link
87117/05/2018?Vulnerable IoT devicesResearchers from Fortinet discover a new variant of the Mirai botnet dubbed Wicked MiraiMalware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
87217/05/2018?Independent Like the North State Group ForumAn online forum designated for Californias First Congressional District debate was hacked by unknown hackers, who take over the live stream to broadcast gay pornography.UnknownS Other service activitiesCyber CrimeUSLink
87318/05/2018Sun TeamNorth Korean defectors and journalistsResearchers from McAfee discover RedDawn, a new campaign on Google Play targeting North Korean defectors and journalists.Targeted AttackX IndividualCyber EspionageKRLink
87418/05/2018?DrayTek routersDrayTek, a Taiwan-based manufacturer of broadband CPE devices, announces that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.VulnerabilityX IndividualCyber Crime>1Link
87518/05/2018?University of BuffaloUniversity of Buffalo confirms to be investigating and responding to a breach of 2,690 UBITName accounts.Account HijackingP EducationCyber CrimeUSLink
87618/05/2018?TidalJay-Zs Tidal streaming platform announces to have enlisted an “independent, third party cyber-security firm” to investigate a possible data breach, after reports of inflated subscriber and streaming numbers.UnknownR Arts entertainment and recreationCyber CrimeUSLink
87718/05/2018?Mobile UsersResearchers from Kaspersky reveal a new campaign carried on using the Roaming Mantis mobile trojan, targeting Europe and Middle East, and adding new features, like a phishing option for iOS devices, and crypto-mining capabilities for the PC.Malware/PoS MalwareX IndividualCyber Crime>1Link
87818/05/2018?Shona McGartyActress Shona McGarty, who plays Whitney Carter in EastEnders, is the latest celebrity to have intimate pictures leaked on the internet. Apparently her photos were stolen from the iCloud account.Account HijackingX IndividualCyber CrimeUKLink
87918/05/2018?Bitcoin GoldAn unidentified hacker performs several "double spend" attacks on the infrastructure of the Bitcoin Gold cryptocurrency and manages to amass over $18 million worth of BTG (Bitcoin Gold) coins in the process.51% attackV FintechCyber CrimeN/ALink
88019/05/2018Two unidentified studentsBloomfield Hills High SchoolTwo students from Bloomfield Hills High School are the main suspects of a recent hack discovered at the school. The two broke into the school's MISTAR Student Information System portal where they changed grades, attendance records, and attempted to refund lunch purchases.VulnerabilityP EducationCyber CrimeUSLink
88120/05/2018?200 million JapaneseA hacker suspected to be operating out of China has put on sale the data of around 200 million Japanese users on an underground cybercrime forum, according to a FireEye iSIGHT Intelligence report. The data appears to have been assembled by hacking up to 50 smaller Japanese sites.UnknownY Multiple IndustriesCyber CrimeJPLink
88220/05/2018?Allied PhysiciansAllied Physicians reports it was hit with a SamSam ransomware attack earlier this month (May 17).Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
88320/05/2018?Manuel Delia's BlogManuel Delia's blog (a Maltese journalist and blogger) is the target of a DDoS attack. Apparently the attack comes from Ukraine.DDoSJ Information and communicationCyber CrimeMTLink
88421/05/2018?Gigabit Passive Optical Network (GPON) routersSecurity researchers from Qihoo 360 Netlab discover that the operators behind the TheMoon botnet are now leveraging a zero-day exploit to target GPON routers.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
88521/05/2018?Gigabit Passive Optical Network (GPON) routersTrend Micro researchers detect a new attack mimicking the Mirai botnet modus operandi, originating from Mexico and targeting Gigabit Passive Optical Network (GPON)-based home routers via two vulnerabilities (CVE-2018-10561 and CVE-2018-10562).VulnerabilityY Multiple IndustriesCyber Crime>1Link
88621/05/2018?Twitter account of Charlie LeeThe Twitter account of Charlie Lee, the creator of Litecoin is hacked.Account HijackingX IndividualCyber CrimeUSLink
88721/05/2018?BombasBombas notifies consumers of breach going back to 2015 when malware in the code of the e-commerce platform was identified and removed on February 9, 2015.Malware/PoS MalwareG Wholesale and retail tradeCyber CrimeUSLink
88822/05/2018?Verge CryptocurrencyA hacker finds a way around a previous patch in the Verge cryptocurrency source code and takes advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace. He is able to mine over 35 million XVG coins in just a few hours for a profit of $1.65 million.51% attackV FintechCyber CrimeN/ALink
88922/05/2018?Mac UsersAccording to researchers at Malwarebytes, many Mac users in the past weeks have been infected with a new strain of Monero miner. The owners of the infected Mac systems noticed the presence of a process named “mshelper” had been consuming a lot of CPU power and draining their batteries.Malware/PoS MalwareX IndividualCyber Crime>1Link
89022/05/2018?MonacoinMonacoin suffers a 51% attack.51% attackV FintechCyber CrimeJPLink
89123/05/2018State sponsored attackers (Russia?)500,000 organizations worldwideResearchers from Cisco Talos unveil the details of VPNFilter, a massive campaign lasting since 2016 and carried on by nation-state hackers, infecting at least 500,000 victims in at least 54 countries. The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well as QNAP NAS devices. An update of June 6 reveals new capabilities, such as the possibility to perform MITM attacks, and other vulnerable devices (ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE).Malware/PoS MalwareY Multiple IndustriesCyber Espionage>1Link
89223/05/2018?University of VermontUniversity of Vermont officials say they have no reason to believe the personal information of 37,000 current and former faculty, staff and students fell into the wrong hands following an intrusion of the schools computer systems.UnknownP EducationCyber CrimeUSLink
89324/05/2018Trisis, AKA Xenotime, AKA HatManMultiple TargetsSecurity researchers from CyberX reveal that the threat actor behind the Triton malware (aka Trisis, Xenotime, and HatMan) is now targeting organizations worldwide and safety systems.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
89424/05/2018?Android UsersAvast reveals a list of 140 Android devices whose firmware is infected with a malware called Cosiloon.Malware/PoS MalwareX IndividualCyber Crime>1Link
89524/05/2018?Screens at the Mashhad airport in IranHackers deface the screens at the Mashhad airport in Iran to protest against the Government and the militarys activities in the Middle East.DefacementH Transportation and storageHacktivismIRLink
89624/05/2018?Associates in Psychiatry and PsychologyAssociates in Psychiatry and Psychology notifies 6,546 patients and the U.S. Department of Health and Human Services (HHS) of a ransomware incident that occurred in March.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
89725/05/2018?Oxnard CityOxnard city officials are contacted by a bank representative about fraudulent purchases being made with the cards people used to pay their utility billsAccount HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
89825/05/2018?American Family Life Assurance Company of Columbus (Aflac)American Family Life Assurance Company of Columbus (Aflac) issues a press release concerning the breach of independent contractor sales agents email accounts. The breach occurred between Jan. 17 and April 2 and has reportedly affected some clients personal information.UnknownK Financial and insurance activitiesCyber CrimeUSLink
89925/05/2018?Aultman Health FoundationAbout 42,600 patients tied to AultWorks Occupational Medicine, Aultman Hospital, and some Aultman physician offices may have had personal health and identification information stolen in a data breach after unknown and unauthorized individuals gained access to certain email accounts in February and March.UnknownQ Human health and social work activitiesCyber CrimeUSLink
90026/05/2018?Afghan diplomats in PakistanAfghan diplomats in Pakistan are warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageAFLink
90126/05/2018?ArloArlo advises its customers to change their passwords after credential-stuffing attempts detected.Brute-ForceC ManufacturingCyber CrimeUSLink
90227/05/2018?Goliath and GoliathComedy and entertainment agency Goliath and Goliath suffered a loss of more than 300,000 ZAR (22,000 USD worth) in what appears to be a phishing scam.Account HijackingR Arts entertainment and recreationCyber CrimeZALink
90328/05/2018?Bank of MontrealBank of Montreal, the country's fourth bank, announces to have been contacted by fraudsters claiming to have stolen personal and financial information of a limited number of the bank's customers. According to the bank, less than 50,000 c customers are affected by the incident.UnknownK Financial and insurance activitiesCyber CrimeCALink
90428/05/2018?Canadian Imperial Bank of Commerce (CIBC)Also the Canadian Imperial Bank of Commerce (CIBC), the country's fifth largest bank is affected by the same incident, and they believe that 40,000 users could be possibly affected from its subsidiary Simplii Financial.UnknownK Financial and insurance activitiesCyber CrimeCALink
90528/05/2018?Taylor CryptocurrencyThe creators of the Taylor cryptocurrency trading app claim that an unidentified hacker has stolen around $1.35 million worth of Ether from the company's wallets.Account HijackingV FintechCyber CrimeEELink
90628/05/2018Cobalt AKA CarbanakSeveral Russian BanksGroup-IB reveals that, despite the alleged arrest of its leader, the Cobalt (AKA Carbanak) hacker group that's specialized in stealing money from banks and financial institutions is still active, even launching a new campaign.Targeted AttackK Financial and insurance activitiesCyber CrimeUSLink
90728/05/2018?Harare Institute of TechnologyA database from the Harare Institute of Technology is leaked, containing 3,500 users.UnknownP EducationCyber CrimeZWLink
90829/05/2018Hidden CobraMultiple TargetsThe FBI and Department of Homeland Security jointly release two technical alerts via the US-CERT, warning of two malware families dating back to at least 2009 that they say are tied to the suspected North Korea-sponsored APT group Hidden Cobra. The two malware families are the remote access tool (RAT) Joanap and the Server Message Block-based (SMB) worm Brambul.Targeted AttackY Multiple IndustriesCyber EspionageUSLink
90929/05/2018?Brazilian IndividualsResearchers from IBM X-Force uncover a new Brazilian, Delphi-based banking malware, dubbed MnuBot. The malware uses Microsoft SQL Server as ITS command and control server.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeBRLink
91029/05/2018?EOS Blockchain nodesThreat Intelligence firm GreyNoise discovers that a mysterious attacker is scanning the Internet for EOS blockchain nodes that are accidentally exposing private keys through an API misconfiguration.Brute-ForceV FintechCyber CrimeN/ALink
91130/05/2018IsHaKdZTicketflyThe Ticketfly website is defaced with an image of V from the film V for Vendetta. Unfortunately, after refusing to pay a 1 BTC ransom, Ticketfly reveals that the personal information of 27 million accounts, including ticket buyers and venue operators, was accessed by the attacker.VulnerabilityR Arts entertainment and recreationCyber CrimeUSLink
91230/05/2018?Purdue University Pharmacy and the Family Health Clinic of Carroll CountyPatients of the Purdue University Pharmacy and the Family Health Clinic of Carroll County receive notices that their information might be compromised because of a security breach. A malicious file was installed on some computers on September 1st.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
91331/05/2018North Korean APT actor Group123?South KoreansResearchers from Cisco Talos discover NavRAT, a remote access trojan that apparently went undiscovered for at least two years, targeting Koreans in a spam campaign using the possible upcoming U.S.-North Korea nukes summit as a phishing lure. The tool leverages the email platform from South Korea-based Naver Corporation to communicate with the attackers.Targeted AttackX IndividualCyber EspionageKRLink
91431/05/2018Andariel GroupSouth KoreansLocal media in South Korea reveal that a North Korean cyber-espionage group has exploited at least nine ActiveX zero-day vulnerabilities, including a new 0-day, to infect South Korean targets with malware or steal data from compromised systems.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageKRLink
91531/05/2018?Sooke School DistrictThe Sooke School District warns parents about a privacy invasion after an employees email was hacked.Account HijackingP EducationCyber CrimeUSLink
91601/06/2018?Buffalo Wild WingsA hacker manages to take control of the official Twitter account of Buffalo Wild Wings (@BWWings) and posts a number of crude and racist tweets, including one that claims to give out the “secret recipe” for the companys wings.Account HijackingI Accommodation and food service activitiesCyber CrimeUSLink
91701/06/2018?Several Rhode Island State AgenciesRhode Island officials say several state agencies are targeted by malware. The list of victims include: the Department of Children, Youth and Families, the Department of Human Services, and the Department of Behavioral Healthcare.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
91802/06/2018?Several Australian citizensSeveral Australian citizens are the victims of a tech support scam, through which the attackers are able to take over their webcams and upload videos to YouTube.Account HijackingX IndividualCyber CrimeAULink
91902/06/2018Todd Davis aka LifelockHolland Eye Surgery & Laser CenterHolland Eye Surgery & Laser Center notifies 42,200 patients about a hack occurred in 2016.UnknownQ Human health and social work activitiesCyber CrimeUSLink
92002/06/2018?Shiawassee CountyThe Shiawassee County financial administrator resigns after being caught in a phishing scam and mistakenly wiring $50,000 to an overseas bank account.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
92103/06/2018?ZenCashZenCash, an upcoming privacy coin, is the victim of a 51% attack.51% attackV FintechCyber CrimeUSLink
92203/06/2018?Booking.com usersAccording to multiple reports, unknown cybercriminals launch a phishing campaign targeting Booking.com customers whose information was illegally obtained, possibly by breaching certain partner hotels.Account HijackingX IndividualCyber Crime>1Link
92304/06/2018?MyHeritageMyHeritage, the genealogy website and DNA testing service, warns that the email addresses and hashed passwords of its customer database, approximately 92 million user accounts, have been found on a private server.UnknownQ Human health and social work activitiesCyber CrimeUSLink
92404/06/2018?New York Giants defensive end Avery MossExplicit videos and pictures of New York Giants defensive end Avery Moss are posted on his Twitter timeline after his account is hacked.Account HijackingX IndividualCyber CrimeUSLink
92504/06/2018?Morinaga Milk Industry Co.Morinaga Milk Industry Co. says that personal data on up to 92,822 customers may have been stolen as its health food shopping website was hacked. Credit card information belonging to up to 29,773 of the affected customers was leaked and that around 300 cases of illicit use of the information, involving some ¥20 million ($180,000), have been confirmed so far.UnknownI Accommodation and food service activitiesCyber CrimeJPLink
92605/06/2018?Undisclosed Japanese Syndicate WalletShopin, a universal shopper profile using blockchain and Artificial Intelligence, releases an official statement indicating that a significant token distributor was hacked on June 1st, resulting in a loss of more than $10 million USD of a variety of tokens, including Ethereum, Level Up, Orbs, and Shopin Tokens.Account HijackingV FintechCyber CrimeJPLink
92705/06/2018?WordPress SitesSecurity researchers from Wordfence reveal the details of BabaYaga, a malware targeting WordPress sites characterized by sophisticated self-preserving mechanisms.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
92806/06/2018?PageUpAustralia-based human resources firm PageUp confirms it found "unusual" activity on its IT infrastructure on May 23, which has resulted in the potential compromise of client data.Malware/PoS MalwareS Other service activitiesCyber CrimeAULink
92906/06/2018?Multiple TargetsResearchers from the GuardiCore security team reveal the details of Operation Prowli, a gigantic botnet of over 40,000 infected web servers, modems, and other IoT devices, used for cryptocurrency mining, and for redirecting users to malicious sites.>1Y Multiple IndustriesCyber Crime>1Link
93006/06/2018SofacyGovernment organizations dealing with foreign affairResearchers from Palo Alto Networks Unit 42 reveal the details of Zebrocy, a new campaign carried on by the Sofacy group via phishing attacks that contain malicious Microsoft Office documents with macros as well as simple executable file attachments.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
93106/06/2018?Litecoin CashLitecoin Cash is the latest crypto currency to suffer a 51% attack.51% attackV FintechCyber CrimeN/ALink
93206/06/2018?Brazilian users of online banking services.Researchers from Kaspersky Lab discover a malicious Chrome Extension available in the Chrome Web Store, targeting Brazilian users of online banking services.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeBRLink
93307/06/2018?High-profile targets in Russia and UkraineResearchers from ESET reveal the details of Invisimole, a campaign active since 2013 targeting entities in Russia and Ukraine.Targeted AttackY Multiple IndustriesCyber EspionageRU UALink
93407/06/2018?Targets in Middle EastResearchers from ICEBRG and 360 Core Security reveal a wave of attacks leveraging the unpatched CVE-2018-5002 Adobe vulnerability.VulnerabilityY Multiple IndustriesCyber Crime>1Link
93507/06/2018?Russian service centers offering maintenance and support for various electronic goods.Security researchers from Fortinet spot a series of attacks targeting Russian service centers offering maintenance and support for various electronic goods.VulnerabilityN Administrative and support service activitiesCyber CrimeRULink
93607/06/2018?City of WellingtonWellington officials reveal to have been recently notified by Superion, their software vendor, about potential unauthorized charges on credit cards used by customers to pay their utility bills.VulnerabilityX IndividualCyber CrimeUSLink
93707/06/2018?RISE WisconsinRISE Wisconsin formerly Community Partnerships and Center for Families) notifies its participants of a ransomware attack occurred on April 8, 2018.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
93808/06/2018Alleged State-sponsored Chinese hackersUS Navy ContractorChinese government hackers have compromised the computers of a Navy contractor, stealing 600+ Gb of highly sensitive data related to undersea warfare, including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials. The attack occurred in January and February.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
93908/06/2018?Elmcroft Senior LivingThe personal information of Elmcroft Senior Living residents and their family members, employees and others could have been stolen in a data breach that occurred in mid-May.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
94008/06/2018?Terros HealthTerros Health warns that 1,600 patient records were exposed in a data breach earlier this spring. The breach, due to a phishing attack, was discovered on April 12 and happened November 16, 2017.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
94108/06/2018?Multiple TargetsResearchers from Barkly reveal a malicious spam campaign distributing .IQY files, simple text files that open by default in Excel and are used to download data from the Internet. These files are highly evasive for AVs.Malware/PoS MalwareX IndividualCyber Crime>1Link
94208/06/2018?Undisclosed Italian CompaniesResearchers from Yoroi reveal the details of DMOSK, a malware targeting specifically Italian firms.Malware/PoS MalwareY Multiple IndustriesCyber CrimeITLink
94311/06/2018?Bank of ChileShares in the Bank of Chile are down after it confirms hackers siphon off $10 million of its funds, mainly to Hong Kong. However the bank says no client accounts have been impacted. Apparently a wiper malware was used to conceal the real purpose of the attack.Fraudulent SWIFT TransactionsK Financial and insurance activitiesCyber CrimeCLLink
94411/06/2018?CoinrailCoinrail, a South Korean cryptocurrency exchange, says that its systems have been hacked. It is believed that hackers stole about 40 billion won (US$37.2 million) worth of cryptocurrency from Coinrail, including 21 billion won worth of Pundi X and 14.9 billion won worth of Aston.UnknownV FintechCyber CrimeKRLink
94511/06/2018Lazarus GroupSouth Korean Think TankNorth Korea-linked Lazarus APT Group planted an ActiveX zero-day exploit on the website of a South Korean think tank focused on national security.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageKRLink
94612/06/2018?Misconfigured Ethereum Mining Rigs and applicationsAccording to Chinese internet security firm Qihoo 360 Netlab, hackers have stolen $20 million in ether from poorly configured Ethereum mining rigs and third-party applications.Misconfigured Ethereum RigsV FintechCyber Crime>1Link
94712/06/2018One or more people in Russia?ClarifaiA lawsuit filed by a former employee alleges that AI startup Clarifais computer systems were compromised by one or more people in Russia, potentially exposing technology used by the US military. The lawsuit says Clarifai learned of the breach last November, but did not promptly report it to the Pentagon.Targeted AttackM Professional scientific and technical activitiesCyber EspionageUSLink
94812/06/2018?Mexican National Action Party (PAN)The website of the Mexican National Action Party is hit by a cyber attack during the final television debate between presidential candidates ahead of the July 1 vote, after the site had published documents critical of the leading candidate.DDoSS Other service activitiesCyber CrimeMXLink
94912/06/2018?Single IndividualsResearchers from Fortinet discover PyRoMineIoT, a new strain of crypto-currency miner that exploits the NSA-linked EternalRomance exploit to spread.Malware/PoS MalwareX IndividualCyber Crime>1Link
95012/06/2018?Multiple TargetsResearchers from Kromtech reveal that over a dozen malicious docker images have been available on Docker Hub for 30 days, allowing hackers to earn $90,000 in cryptojacking profits.Malware/PoS MalwareX IndividualCyber Crime>1Link
95112/06/2018?Massachusetts Clean Energy CenterAn audit reveals that a scammer stole nearly $94,000 in public funds from the Massachusetts Clean Energy Center last year.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
95212/06/2018?National Network and Electronic Services Agency (NASES) Slovak Hydro-meteorological Institute (SHMÚ) slovensko.skSeveral Slovakian websites are hit by a wave of DDoS attacks.DDoSO Public administration, defence, compulsory social securityCyber CrimeSKLink
95313/06/2018?Dixons CarphoneDixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records. The breach began in July last year and 105,000 cards without chip-and-pin protection have been leaked.UnknownG Wholesale and retail tradeCyber CrimeUKLink
95413/06/2018LuckyMouse AKA EmissaryPanda AKA APT27MongoliaResearchers from Kaspersky reveal that the Chinese hacking group LuckyMouse broke into a national data center in Mongolia late last year and planted the HyperBro malware into government websites.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageMNLink
95513/06/2018?SyscoinMalicious actors replace the legitimate Windows installer for Syscoin's cryptocurrency with a version containing malware, which was available on the company's Github page for several days.Malware/PoS MalwareV FintechCyber CrimeCALink
95613/06/2018?Single IndividualsResearchers from Qihoo 360 Total Security reveal the details of ClipboardWalletHijacker, a malware campaign infecting over 300,000 computers. The malware's purpose is to intercept content recorded in the Windows clipboard, look for strings resembling Bitcoin and Ethereum addresses, and replace them with ones owned by the malware's authors.Malware/PoS MalwareX IndividualCyber Crime>1Link
95713/06/2018?AcFunAccording to a statement by the company, millions of user accounts of the Chinese video sharing platform AcFun are hacked. According to the same statement, the accessed data includes the user IDs, nicknames and passwords of nearly 10 million users. The company urges them to change their password.UnknownR Arts entertainment and recreationCyber CrimeCNLink
95814/06/2018Hidden CobraMultiple TargetsThe US Department of Home Security issues a new warning over a new type of malware coming from the Hidden Cobra group. The new variant is known as “TYPEFRAME".Targeted AttackY Multiple IndustriesCyber EspionageUSLink
95914/06/2018?HealthEquityAbout 23,000 accounts are compromised by a data breach that took place at HealthEquity in April when an employee fell for a phishing scam.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
96014/06/2018?Multiple TargetsResearchers from Trend Micro reveal another version of the MuddyWater campaign using a Powershell-based PRB-Backdoor. The malware is dubbed W2KM_DLOADR.UHAOEEN.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
96114/06/2018?Android usersResearchers from ThreatFabric discover a new malware strain still under development, dubbed MysteryBot, which blends the features of a banking trojan, keylogger, and mobile ransomware.Malware/PoS MalwareX IndividualCyber Crime>1Link
96214/06/2018?Med AssociatesMed Associates, notifies of a security incident that may have compromised its patients protected information.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
96315/06/2018?Vulnerable IoT devicesResearchers from Qihoo 360 Total Security discover a spike in traffic, coming from the infamous Satori botnet, and directed to port TCP 8000, attempting to exploit CVE-2018-10088.VulnerabilityY Multiple IndustriesCyber Crime>1Link
96415/06/2018?Multiple Targets in SingaporeResearchers at F5 Labs and Loryka observe a spike in the number of cyber-attacks targeting Singapore from June 11 to June 12, in the wake of the meeting between U.S. President Donald Trump and North Korean President Kim Jong-un.>1Y Multiple IndustriesCyber Warfare>1Link
96506/06/2018?Danielle LloydDanielle Lloyd, English model and former Miss England and Miss Great Britain, has her iCloud account hacked, with attackers stealing intimate images that were eventually posted online.Account HijackingX IndividualCyber CrimeUKLink
96613/06/2018?Black River Medical CenterBlack River Medical Center in Missouri notifies an unspecified number of patients potentially affected by a phishing incident discovered on April 23.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
96716/06/2018?Liberty LifeLiberty Life's IT system are attacked by unknown hackers, who reportedly obtain sensitive data about some of the insurer's top clients and ask for a ransom.UnknownK Financial and insurance activitiesCyber CrimeZALink
96817/06/2018?Andy Android Emulator usersA GPU Miner Trojan is installed along with the popular Andy Android emulator.Malware/PoS MalwareX IndividualCyber CrimeUSLink
96918/06/2018?CarepartnersCarePartners' computer system is breached and as a result patient and employee information including personal health and financial information, are inappropriately accessed.UnknownQ Human health and social work activitiesCyber CrimeCALink
97019/06/2018ThripSatellite operators, defense contractors and telecommunications companies in the United States and southeast AsiaResearchers from Symantec reveal the details of Thrip, a sophisticated hacking campaign launched from computers in China targeting satellite operators, defense contractors and telecommunications companies in the United States and southeast Asia, active from 2013.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
97118/06/2018?Flightradar24Users of the popular flight-tracking site flightradar24 are told to change their passwords after the site warns of a data breach. The breach may have compromised the email addresses and hashed passwords for a small subset of Flightradar24 users (those who registered prior to March 16, 2016).UnknownS Other service activitiesCyber CrimeSELink
97219/06/2018?Individuals in the USResearchers at Bitdefender discover Zacinlo, a newly uncovered form of stealthy and persistent malware distributing adware to victims across the world while also allowing attackers to take screenshots of infected machines' desktops. The vast majority of Zacinlo victims are in the US, with 90 percent of those infected running Microsoft Windows 10.Malware/PoS MalwareX IndividualCyber CrimeUSLink
97319/06/2018?Med AssociatesMed Associates notifies its patients that the facility suffered a data breach on March 22, when unusual activity was detected, potentially exposing PII, including medical diagnosis and payment card information of about 270,000 patients.UnknownQ Human health and social work activitiesCyber CrimeUSLink
97419/06/2018?Financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.Researchers from Kaspersky Lab reveal to have detected Olympic Destroyer infections across Europe in May and June 2018. New victims include financial organizations in Russia, and biological and chemical threat prevention laboratories in Europe and Ukraine.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
97519/06/2018?Android UsersMalware researchers from ESET discover a new strain of Android RAT, tracked as HeroRat, that leverages Telegram protocol for command and control, and data exfiltration.Malware/PoS MalwareX IndividualCyber Crime>1Link
97620/06/2018?Fortnite playersMalwarebytes reveal the details of a campaign carried on via a fake installer for the famous video game Fortnite.Malware/PoS MalwareX IndividualCyber Crime>1Link
97720/06/2018?BithumbSouth Korean cryptocurrency exchange Bithumb says that 35 billion won ($31.5 million) worth of virtual coins have been stolen by hackers.UnknownV FintechCyber CrimeKRLink
97820/06/2018?Multiple TargetsResearchers from Deep Instinct reveal the details of Mylobot, a complex botnet that uses a never before seen combination of evasion techniques,Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
97920/06/2018?Unknown target (probably an embassy)Researchers from AlienVault uncover a new Afghanistan-based attack disguised as a recent article from a Middle Eastern news, leveraging a Metasploit backdoor.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageN/ALink
98020/06/2018?Road Sign close to ICE (U.S. Immigration and Customs Enforcement)Someone hacks a road sign close to the ICE headquarter in Portland and defaces it with the “Abolish ICE” message.UnknownO Public administration, defence, compulsory social securityHacktivismUSLink
98121/06/2018?Android UsersRiskIQ reveals the details of a new malicious Android app that has infected at least 60,000 devices, gaining the ability to extract some important information from each device along with installing some ad click malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
98221/06/2018?Vulnerable Drupal serversResearchers from Trend Micro observe a series of network attacks exploiting the Drupal vulnerability CVE-2018-7602 to turn affected systems into Monero-mining bots.VulnerabilityY Multiple IndustriesCyber Crime>1Link
98321/06/2018?Magento sitesResearchers at Sucuri discover a very simple evasion technique to infect again Magento websites after their malicious code has been removed.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
98421/06/2018?HumanaHealth insurer Humana notifies an unspecified number of health plan members after detecting and blocking a credential stuffing attack against Humana.com and Go365.com. The attacks took place on June 3 and June 4 from overseas IP addresses.Credential StuffingQ Human health and social work activitiesCyber CrimeUSLink
98522/06/2018?Indian BusinessmanThe email of a city-based businessman is hacked and INR12.5 lakh (USD 18,230) stolen and transferred to two bank accounts in China.Account HijackingX IndividualCyber CrimeINLink
98622/06/2018?PDQPDQ, a fast-casual dining restaurant warns customers about a cyber attack on its computer systems in which hackers were able to access or acquire personal information from the chains customers who paid with credit cards. The breach lasted nearly a year, from May 19, 2017 to April 20, 2018.Remote accessI Accommodation and food service activitiesCyber CrimeUSLink
98722/06/2018?Entities in South East AsiaSecurity researchers at Palo Alto Networks uncover a new cyber espionage group tracked as RANCOR that has been targeting entities in South East Asia, using two previously unknown strains of malware dubbed DDKONG and PLAINTEE.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
98822/06/2018?cryptocurrency exchangesSecurity researchers at AlienVault uncover a series of cyber attacks on cryptocurrency exchanges, carried on by the infamous Lazarus Group, and leveraging weaponized HWP documents (Hangul Word Processor documents). The researchers suspect the same actors are behind the attack to Bithumb,Targeted AttackV FintechCyber Crime>1Link
98922/06/2018Tick APTSouth Korean defense companyResearchers from Palo Alto Networks uncover a new operation conducted by the cyber espionage group known as Tick APT. The campaign targets a secure USB drive built by a South Korean defense company.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageKRLink
99024/06/2018?Midwest CityMidwest City, Oklahoma, reports that about 2,300 customers are potentially affected by a breach involving Superion's software Click2Gov.VulnerabilityO Public administration, defence, compulsory social securityCyber CrimeUSLink
99126/06/2018?FastBookingThe personal details and payment card data of guests from hundreds of hotels, are stolen by an unknown attacker from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries. The breach occurred on June 14.VulnerabilityJ Information and communicationCyber CrimeFRLink
99226/06/2018?Single IndividualsSecurity researchers at Kaspersky discover an adware written in Python targeting Windows-based computers. The adware is dubbed PBot (PythonBot) and is also able to install cryptocurrency miner and ad extensions in the browser.Malware/PoS MalwareX IndividualCyber Crime>1Link
99327/06/2018?TicketmasterTicketing service Ticketmaster announces a data breach affecting roughly 5% of its entire customer base, resulting in the theft of customer data, Ticketmaster login information, and payment details. The breach didn't occur at Ticketmaster itself, but at Inbenta, a provider of AI-powered live chat widgets, which Ticketmaster was deploying on some of its localized sites across the world.UnknownR Arts entertainment and recreationCyber CrimeUSLink
99427/06/2018?Red Hen RestaurantResearchers from Malwarebytes discover that the Red Hen restaurant that refused to serve Sarah Sanders is hit by a SEO Spam cyberattackSEO SpamI Accommodation and food service activitiesCyber CrimeUSLink
99527/06/2018Apophis SquadProtonMailProtonMail is hit by a DDoS attackDDoSJ Information and communicationCyber CrimeCHLink
99627/06/2018?Connecticut Higher Education Trust (CHET)Unauthorized individuals gain access to 21 accounts of the Connecticut Higher Education Trust (CHET) and make 44 withdrawals, for a total of $1,416,635, of which, $442,540 is recovered or stopped.Account HijackingP EducationCyber CrimeUSLink
99727/06/2018?Z Energy LtdNew Zealand-based fuel supplier Z Energy Ltd says it has been presented with evidence that customer data from its Z Card Online database was accessed by a third party in November 2017.UnknownS Other service activitiesCyber CrimeNZLink
99827/06/2018?Cyanweb SolutionsDigital marketing and web provider Cyanweb Solutions looses nearly all customer data and backups after a “criminal hacking incident” that compromises one of its servers.UnknownM Professional scientific and technical activitiesCyber CrimeAULink
99928/06/2018?AdidasAdidas alerts customers about a possible data breach on its U.S. website. On June 26, the company became aware that an unauthorized party claimed to have acquired limited data associated with certain consumers. A preliminary investigation found the leaked data includes contact information, usernames and encrypted passwords.UnknownG Wholesale and retail tradeCyber CrimeUSLink
100028/06/2018?Official website of Ernakulam Siva TempleThe official website of Ernakulam Siva Temple is defaced with anti-national slogans and offensive language besides a Pakistan flag.DefacementS Other service activitiesHacktivismINLink
100128/06/2018?GitHub account of the Gentoo Linux distributionAn unknown hacker temporarily takes control over the GitHub account of the Gentoo Linux organization and embed malicious code inside the operating system's distributions that would delete user files. The malicious code fails to trigger properly and users' files remain safe.>1S Other service activitiesCyber CrimeUSLink
100228/06/2018?Single IndividualsResearchers from FireEye discover for the first time one malware campaign using the innovative PROPagate technique to inject malware into legitimate processes.Malware/PoS MalwareX IndividualCyber Crime>1Link
100328/06/2018?Multiple TargetsAfter observing attacks on customers, Cisco tells users to install the fix for CVE-2018-0296, a denial-of-service flaw, discovered on June 6, affecting a number of its security appliances.VulnerabilityY Multiple IndustriesCyber Crime>1Link
100428/06/2018?City of MidlandCity of Midland is the latest municipality being breached because of a vulnerability in the Superions Click2Gov application.VulnerabilityO Public administration, defence, compulsory social securityCyber CrimeUSLink
100528/06/2018?Middletown school districtThe Middletown School District is hit by a ransomware.Malware/PoS MalwareP EducationCyber CrimeUSLink
100628/06/2018?South Eastern Regional College (SERC)Personal information of hundreds of staff at the South Eastern Regional College is compromised after detecting suspicious email activity as the consequence of a hack.Account HijackingP EducationCyber CrimeIELink
100729/06/2018?TypeformBarcelona-based online survey and form building service Typeform announces a data breach after an unknown attacker downloaded a backup file containing sensitive customer information. The backup file contained data gathered by Typeform customers through surveys and online forms up until May 3, 2018.UnknownS Other service activitiesCyber CrimeESLink
100829/06/2018?Algonquin CollegeThe Algonquin College publishes a note indicating that the education community is still not sure how many current and former students and employees could be affected by a cyber attack that happened weeks earlier. However the note suggests that the impacted people could be thousands.UnknownP EducationCyber CrimeCALink
100930/06/2018?Single IndividualsResearchers from Bleeping Computers discover a new Clipboard Hijacker Malware able to monitor 2.3 Million bitcoin addresses.Malware/PoS MalwareX IndividualCyber Crime>1Link
101030/06/2018?Single IndividualsSecurity researchers spot a new Mac malware family, dubbed OSX.Dummy, advertised on cryptocurrency-focused Slack and Discord channels.Malware/PoS MalwareX IndividualCyber Crime>1Link
101130/06/2018?Notre Dame de Namur UniversityNotre Dame de Namur University notifies some financial aid applicants that their information may have been compromised when an employee fell prey to a phishing attack on April 23, 2018.Account HijackingP EducationCyber CrimeUSLink
101222/06/2018?Manitowoc CountyManitowoc County officials release more information about a data breach of a Manitowoc County email account in January, when an employee falls victim of a phishing attack.Account HijackingP EducationCyber CrimeUSLink
101326/06/2018?Linux-Based serversResearchers from Trend Micro uncover a malware bot that infects Linux-based servers and connected devices with a cryptominer that appears to transfer funds to the operators of a Chinese money-making scam website.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
101429/06/2018?Klook TravelKlook Travel informs its users about a data breach incident it suffered. The attackers exploited a malicious JS code associated with SOCIAPlus, a third-party tool integrated on the site.Malicious JSI Accommodation and food service activitiesCyber CrimeHKLink
101529/06/2018?Hunt Regional Medical CenterHunt Regional Medical Center notifies patients of a possible breach due to the hack of an employee email occurred on May 1st, 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
101601/07/2018?TrezorThe team behind the Trezor multi-cryptocurrency wallet service discovers a phishing attack against some of its users that took place over the weekend, carried on via DNS poisoning or BGP hijacking.BGP Poisoning or DNS HijackingV FintechCyber CrimeCZLink
101702/07/2018?Fortnum & MasonLuxury retailer Fortnum & Mason is the latest big brand to be involved in a significant data breach after the company admits the details of around 23,000 competition and survey participants have been compromised in the wake of the Typeform breach.UnknownG Wholesale and retail tradeCyber CrimeUKLink
101802/07/2018?WhitbreadWhitbreads online recruitment system has suffered a data breach, affecting a number of the companys brands including Premier Inn, and the UK outlets of Costa Coffee. The breach is a consequence of the attack to PageUp.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUKLink
101902/07/2018?Fortnite playersTens of thousands of Fortnite users are infected by malware after downloading a fake cheating app.Malware/PoS MalwareX IndividualCyber Crime>1Link
102003/07/2018?Taiwan Democratic Progressive Party's (DPP)The Democratic Progressive Party's (DPP) official website is defaced by Chinese hackers and the website is replaced with pictures and words reading "Chinese netizens are supporting Tsai Ing-wen to run for re-election" in simplified Chinese characters.DefacementS Other service activitiesHacktivismTWLink
102103/07/2018?Israeli MilitaryThe Israeli military say it had uncovered a plot by Hamas militants to spy on soldiers by befriending them on social media and then luring them into downloading fake dating applications that gave Hamas access to their smartphones.Account HijackingO Public administration, defence, compulsory social securityCyber EspionageILLink
102203/07/2018?Domain FactoryGerman hosting provider Domain Factory experiences a data breach which has exposed customer data. After an unknown threat actor posts claims that suggest they had managed to compromise the firm's systems and access information, the company launches an investigation and finds the claims to be true and says that customer data "was accessed by an outside party without authorization" on 28 January 2018.VulnerabilityJ Information and communicationCyber CrimeDELink
102303/07/2018Charming Kitten, Newscaster, or Newsbeef.Single IndividualsClearSky Security reveals that the malicious actor Charming Kitten, which the company previously exposed, built a phishing website impersonating the company and attempting to spear-phish people interested in reading reports.Account HijackingX IndividualCyber Crime>1Link
102403/07/2018?Single IndividualsResearchers from Cisco Talos discover a new version of Smoke Loader, a malicious application that can be used to load other malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
102503/07/2018?Single IndividualsResearchers at Malwarebytes reveal the details of an operation leveraging shortlinks and traffic distribution system to infect users and mine Monero using the CPN Miner.Malware/PoS MalwareX IndividualCyber Crime>1Link
102603/07/2018?Single IndividualsResearchers from Trend Micro uncover an unusual malicious macro-based malware campaign that modifies infected users' shortcut files so that they secretly download a backdoor program.Malware/PoS MalwareX IndividualCyber Crime>1Link
102705/07/2018?Yatra.comOnline travel booking website Yatra.com is compromised and attackers steal 5 Million user records that include email address & physical addresses, phone numbers & plain text passwords & PINs. The breach happened back in 2013, and it came to light now.UnknownI Accommodation and food service activitiesCyber CrimeINLink
102805/07/2018?MSK GroupMSK Group notifies patients of a data security incident that they discovered on May 7, due to an unauthorized access to certain parts of the network at times over several month.UnknownQ Human health and social work activitiesCyber CrimeUSLink
102906/07/2018Chinese GovernmentAustralian National UniversityChina-based hackers have successfully infiltrated the IT systems at the Australian National University, potentially compromising the home of Australia's leading national security college and key defence research projects.Targeted AttackP EducationCyber EspionageAULink
103006/07/2018?CVE-2018-7600 Vulnerable serversResearchers from Akamai reveal the details of DrupalGangster, yet another Monero-mining campaign based on XMRig and lukMiner exploiting the Drupalgeddon 2 vulnerability CVE-2018-7600.VulnerabilityY Multiple IndustriesCyber Crime>1Link
103106/07/2018?B&B Hospitality GroupB&B Hospitality Group (B&BHG) announces that it has identified and addressed a payment card security incident that affected nine restaurants in the New York metropolitan area.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink
103206/07/2018?VSDCResearch from Qihoo 360 Total Security reveal that hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software. Three different incidents have been recorded during which hackers changed the download links on the VSDC website with links that initiated downloads from servers operated by the attackers.Malware/PoS MalwareJ Information and communicationCyber CrimeNZLink
103306/07/2018?Lake Oswego School DistrictLake Oswego School District warns students about a phishing email after the District Twitter account and an employee email accounts are hacked.Account HijackingP EducationCyber CrimeUSLink
103407/07/2018?Blizzard EntertainmentBlizzard Entertainment is hit by a DDoS attack. Players of Overwatch, Heroes of the Storm, and World of Warcraft are affected.DDoSR Arts entertainment and recreationCyber CrimeUSLink
103508/07/2018?TimehopTimehop discloses a security breach that has compromised the personal data of 21 million users (essentially its entire user base). Around a fifth of the affected users have also had a phone number that was attached to their account breached in the attack. The breach was discovered on July 4, while the attack was in progress.Account HijackingJ Information and communicationCyber CrimeUSLink
103608/07/2018Gaza Cybergang APTInstitutions across the Middle East, specifically the Palestinian Authority.Researchers from Check Point reveal the details of Big Bang, an operation carried on by the Gaza Cybergang APT against institutions across the Middle East, specifically the Palestinian Authority.Targeted AttackY Multiple IndustriesCyber EspionagePSLink
103709/07/2018?BancorToken creation platform Bancor goes offline following a "security breach" that sees the platform lose millions of dollars worth of cryptocurrency. The company lost roughly $13.5 million in the hack and the value of the coin loses quickly 20%. The breach was carried on via the compromise of the free VPN service Hola.Account HijackingV FintechCyber CrimeCHLink
103809/07/2018?Gas Station in DetroitPolice in Detroit are looking into an apparent hack at a gas station that allowed people to steal more than 600 gallons of gas, valued at over $1,800. Authorities believe the thieves used some sort of remote device to take control of the pump. At least 10 cars filled up for free during that time.Remote Device?H Transportation and storageCyber CrimeUSLink
103909/07/2018?Macy's Inc.Macy's Inc. warns customers that hackers compromised the login information of some users of the retailer's websites. The suspicious activity took place from April 26 to June 12. A third party obtained valid usernames and passwords through websites not related to macys.com or bloomingdales.com and used those to gain access to customers' accounts.Account HijackingG Wholesale and retail tradeCyber CrimeUSLink
104009/07/2018BlackTechMultiple TargetsResearchers from ESET discover a new malware campaign misusing stolen digital certificates from D-Link Corporation and Changing Information Technology. Two different malware families that were misusing the stolen certificate the Plead malware, a remotely controlled backdoor, and a related password stealer component, allegedly used by the cyberespionage group BlackTech.Malware/PoS MalwareY Multiple IndustriesCyber Espionage>1Link
104109/07/2018Magecart APTInbenta TechnologiesResearchers from RiskIQ reveal the real extension of the third-party breach that compromised the data of several Ticketmaster UK customers. More than 800 e-commerce sites were compromised.Malicious code injectionN Administrative and support service activitiesCyber CrimeESLink
104210/07/2018?Arch LinuxYet another Linux distribution compromised. This time it's up to Arch Linux, which has three downloadable software packages in the AUR, short for Arch User Repository, rebuilt to contain malware.Malware/PoS MalwareJ Information and communicationCyber CrimeN/ALink
104310/07/2018TEMP.PeriscopeCambodiaResearchers from FireEye reveal a large scale operation from TEMP.Periscope, a Chinese cyber espionage group seeking to monitor the countrys upcoming and contentious July 29 national elections.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageKHLink
104410/07/2018?U.S. Air ForceSecurity Firm Recorded Future identifies an attempted sale of what is believed to be highly sensitive U.S. Air Force documents pertaining to the MQ-9 Reaper drone. The attack was carried on via the default FTP authentication credentials in Netgear routers.VulnerabilityO Public administration, defence, compulsory social securityCyber CrimeUSLink
104510/07/2018?Turkish Android usersResearchers from IBM X-Force discover a campaign distributing the Marcher (aka Marcher ExoBot) and BankBot Anubis mobile banking Trojans via malicious apps in Google Play. Its believed that at least 10,000 people have downloaded the malware.Malware/PoS MalwareX IndividualCyber CrimeTRLink
104610/07/2018?Career and Technology Education Centers (C-TEC)Career and Technology Education Centers (C-TEC) reveals it suffered a possible data breach earlier this year that could have exposed individuals' names and Social Security numbers. The breach happened on May 25 when an unauthorized person had access to a private file for several minutes.UnknownP EducationCyber CrimeUSLink
104710/07/2018?Cass Regional Medical CenterCass Regional Medical Center, a Missouri health care center, announces that they have been affected by an undisclosed ransomware. This incident affected their internal communications system and their electronic health record (EHR) system.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
104811/07/2018?BPBP emails about 60,000 people who applied for jobs in its retail stores since 2008 to notify them they could have had their personal information accessed by hackers. The company originally thought about 10,000 applicants' data had been breached. The breach is a consequence of the attack to PageUp.Malware/PoS MalwareD Electricity gas steam and air conditioning supplyCyber CrimeUKLink
104911/07/2018?Chlorine distillation plant in UkraineThe Ukrainian Secret Service (SBU) reveals it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region. The SBU accuses Russia of operating the malware and launching the attack.Malware/PoS MalwareD Electricity gas steam and air conditioning supplyCyber WarfareUALink
105011/07/2018?AmmyyResearchers from ESET reveal that on June 13 or 14, the Ammyy website was compromised to serve a malware-tainted version of this otherwise legitimate software bundling the Kasidet trojan. To add an interesting twist to the incident, the attackers tried to hide their malicious activity behind the brand of the ongoing FIFA World Cup.Malware/PoS MalwareJ Information and communicationCyber CrimeUSLink
105111/07/2018?Major International AirportWhile researching underground hacker marketplaces, researchers from McAfee discover that access linked to security and building automation systems of a major international airport could be bought for only US$10.Account HijackingH Transportation and storageCyber CrimeUSLink
105211/07/2018?Aviation ID AustraliaAviation ID Australia, the company that issues Aviation Security Identity Cards (ASICs) is hacked and notifies hundreds of people that their ASIC application information may have been stolen.UnknownN Administrative and support service activitiesCyber CrimeAULink
105312/07/2018?Single IndividualsA hacker gains access to a developer's npm account and injects malicious code into eslint-scope, a popular JavaScript library, sub-module of the more famous ESLint, a JavaScript code analysis toolkit.>1X IndividualCyber Crime>1Link
105412/07/2018?13 iPhones in IndiaResearchers from Cisco Talos identify an unprecedented highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices.Malicious MDMX IndividualCyber CrimeINLink
105512/07/2018?Samsung service centers in ItalySecurity researchers from TG Soft discover an ongoing malware campaign targeting Samsung service centers in Italy leveraging the CVE-2017-11882 Office Equation Editor vulnerability. The campaign appears to be the counterparts of attacks that have previously targeted similar electronics service centers in Russia this year.Targeted AttackN Administrative and support service activitiesCyber EspionageITLink
105612/07/2018?Single IndividualsResearchers from Imperva pick up on a spike in SPAM activity directed at sites powered by WordPress, launched by a botnet, with linked sites offered betting services on 2018 FIFA World Cup matches.SpambotX IndividualCyber Crime>1Link
105712/07/2018?UMC Physicians (UMCP)UMC Physicians (UMCP) notifies patients who may have been affected by a recent data breach. On May 18, the UMCP IT team discovered an employees email account was hacked on March 15, potentially compromising the personal health information of more than 18,000 patients.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
105813/07/2018?Alive HospiceAlive Hospice notifies patients whose personal and protected health information were in employee emails that were accessed by an unknown person or persons beginning on December 20, 2017 and again on April 5, 2018 after two employees fell prey to phishing attacks. The attacks were discovered on May 15, 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
105913/07/2018?Billings ClinicBillings Clinic discloses a breach exposing details of 8,400 patients. The organization detected anomalous activity on one of the employees email accounts on May 14, 2018. The investigation revealed the account was compromised while the employee was traveling overseas.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
106013/07/2018?Pennsylvania Department of HealthA government spokesman reveal that the Pennsylvania Department of Healths birth certificate system was shut down for nearly a week last month after someone hacked into an internal website but did not take or alter citizens records.UnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
106114/07/2018?LabCorpLabCorp, one of the US largest medical diagnostics companies, investigates a security breach that could have put health records of millions of patients at risk. The company, in a filing with the Securities and Exchange Commission, says it detected “suspicious activities” on its network over the weekend of July 14 and “immediately took certain systems offline as part of its comprehensive response to contain the activity.”UnknownQ Human health and social work activitiesCyber CrimeUSLink
106214/07/2018AnonymousSant' Andrea HospitalHackers from the Anonymous leak the usernames and passwords from 12,000 employees, patients, contractors from the Sant' Andrea Hospital in italy.SQLiQ Human health and social work activitiesHacktivismITLink
106315/07/2018?League of Legends Philippines'League of Legends Philippines' confirms an unauthorized modification in their client lobby code resulting in the injection of the Coinhive Monero miner.Malware/PoS MalwareX IndividualCyber CrimePHLink
106415/07/2018APT28 AKA Fancy BearItalian MilitarySecurity researchers from the Z-Lab at CSE Cybersec reveal the details of Operation "Roman Holiday" an operation carried on by APT28 (AKA Fancy Bear) and targeting the Italian Military.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageITLink
106512/07/2018Joel OrtizAround 40 victimsCalifornia authorities arrest Joel Ortiz, a 20-year-old college student, who hijacked more than 40 phone numbers and stole $5 million in bitcoins and other crypto currencies.SIM HijackingX IndividualCyber CrimeUSLink
106615/07/2018?Mahatma Gandhi Mission HospitalThe Mahatma Gandhi Mission Hospital in Mumbai is hit by a ransomware attack.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeINLink
106716/07/2018?MegaThousands of credentials for accounts associated with New Zealand-based file storage service Mega are published online. The text file contains over 15,500 usernames, passwords, and files names.Credential StuffingJ Information and communicationCyber CrimeNZLink
106816/07/2018?LabCorpLabCorp, the US' biggest blood testing laboratories network, announces that hackers breached its IT network over the weekend.UnknownQ Human health and social work activitiesCyber CrimeUSLink
106916/07/2018Andariel GroupSouth Korean targetsResearchers from Trend Micro discover a new campaign from the Andariel Group carried out via the injection of a malicious script into four compromised South Korean websites for reconnaissance purposes.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageKRLink
107016/07/2018?Sunspire HealthSunspire Health notifies an undisclosed number of individuals after several employee email accounts were accessed in a phishing attack between March 1, 2018 and May 4, 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
107116/07/2018?University of Pittsburgh Medical Center - ColeUPMC Cole has notified 790 patients treated at UPMC Cole that their personal information may have been inappropriately accessed after two phishing attacks on June 7 and June 14.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
107216/07/2018?City of BozemanThe city of Bozeman says some customers that used its Click2Gov utility payment system in 2017 may have had their credit information stolen.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
107316/07/2018?Single IndividualsResearchers from Kromtech discover an automated operation aimed to launder money from stolen credit cards, buying and selling goods for three popular games: Clash of Clans, Clash Royale, Marvel Contest of Champions.Account HijackingX IndividualCyber Crime>1Link
107416/07/2018?Southern College of OptometryThe Southern College of Optometry notifies an undisclosed number of students whose student loan information and Social Security numbers were in an employee email account that was hackedAccount HijackingQ Human health and social work activitiesCyber CrimeUSLink
107517/07/2018?Ukrainian government institutionsResearchers from ESET reveal the details of a prolonged cyber espionage campaign active against the Ukrainian Government since 2015. and carried out via three different RATs: Quasar, Sobaken and Vermin.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUALink
107617/07/2018Blackgear AKA Topgear and Comnie)Organizations in Japan, South Korea, and TaiwanResearchers from Trend Micro reveal a new activity of the Blackgear cyber espionage campaign (also known as Topgear and Comnie), targeting public sector agencies and telecommunications and other high-technology industries in Japan, South Korea, and Taiwan.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
107717/07/2018?UK and European supply companiesAction Fraud warns that malicious actors are impersonating UK universities to defraud out of vast sums of money UK and European supply companies.Account HijackingY Multiple IndustriesCyber Crime>1Link
107817/07/2018?UbisoftVideo game publisher Ubisoft suffers a series of massive DDoS attacks. As a result, several Ubisoft gaming servers face connectivity issues.DDoSR Arts entertainment and recreationCyber CrimeFRLink
107918/07/2018AnarchyVulnerable Huawei devicesSecurity researchers from NewSky Security reveal the detail of a botnet comprised of over 18,000 Huawei devices in one day, built exploiting the CVE-2017-17215 vulnerability.VulnerabilityY Multiple IndustriesCyber Crime>1Link
108018/07/2018?Single IndividualsDenis Sinegubko, a security researcher from Sucuri unveils a malware distribution campaign where the GoogleUserContent CDN is used a malicious image hiding malware code in Exchangeable Image File Format (EXIF) data. The malicious code is used to steal PayPal security tokens.Malware/PoS MalwareX IndividualCyber Crime>1Link
108119/07/2018?ComplyRightCloud-based human resources company ComplyRight reveals that a security breach of its Web site may have compromised sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the companys thousands of clients on behalf of employees. The breach happened between April 20, 2018 and May 22, 2018.UnknownM Professional scientific and technical activitiesCyber CrimeUSLink
108219/07/2018?FinlandResearchers from F5 Networks reveal a spike of attacks against IoT devices in Finland in the days leading up to the July 16 Helsinki summit between President Donald Trump and Russian President Vladimir Putin.>1Y Multiple IndustriesCyber EspionageFILink
108319/07/2018?Dasan and D-Link routersSecurity researchers from eSentire observe an increase in exploitation attempts targeting Small-Office/Home Office (SOHO) network devices manufactured by Dasan and D-Link. The attacks are carried out via a botnet composed of more than 3,000 source IPs.VulnerabilityY Multiple IndustriesCyber Crime>1Link
108419/07/2018?RobloxRoblox, a hugely popular online game for kids, is hacked by an individual who subverts the games protection systems in order to have customized animations appear. This allows two male avatars to gang rape a young girls avatar on a playground in one of the Roblox games.Malicious code injectionR Arts entertainment and recreationCyber CrimeUSLink
108519/07/2018?Liverpool FCLiverpool FC's fan database is hacked resulting in a serious data breach for around 150 supporters. The club confirms that season ticket holder information - including home addresses and bank details - were stolen from a club email account.Account HijackingR Arts entertainment and recreationCyber CrimeUKLink
108619/07/2018TA505Single IndividualsResearchers from ProofPoint discover a malicious spam campaign carried out abusing the SettingContent-ms file format.Malware/PoS MalwareX IndividualCyber Crime>1Link
108720/07/2018?SingHealthSingapore's largest health care group, SingHealth, reveals to have suffered a cyber attack to a company database in which attackers copied information belonging to roughly 1.5 million patients, including the country's prime minster, Lee Hsien Loong. The attack was discovered on July 4 and all patients who visited the clinics from May 1, 2015 through July 4, 2018 were affected.Targeted AttackQ Human health and social work activitiesCyber EspionageSGLink
108820/07/2018?Golden Heart Administrative ProfessionalsGolden Heart Administrative Professionals, a billing company and business associate of several healthcare providers in Alaska, notifies 44,600 individuals that some of their protected health information has potentially been accessed by unauthorized individuals as a result of a recent ransomware attack. Golden Heart Administrative Professionals.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
108920/07/2018?Three U.S. congressional candidatesMicrosoft reveals to have helped the U.S. government to fend off attempts by Russia to hack into the campaigns of three congressional candidates earlier this year.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
109020/07/2018MoneyTakerPIR Bank of RussiaCybercriminals part of the notorious hacking group MoneyTaker attack the PIR Bank of Russia and steal $1M. The hacking is carried out after infiltrating the banks systems by compromising an old, outdated router. The router was installed at one of the regional branches of the bank. The attack took place on July 3.VulnerabilityK Financial and insurance activitiesCyber CrimeRULink
109120/07/2018?MacOS UsersResearchers from Kaspersky Lab uncover Calisto, what appears to be an early developmental prototype of the Proton backdoor malware that typically infects macOS.Malware/PoS MalwareX IndividualCyber Crime>1Link
109220/07/2018?Boys Town National Research HospitalBoys Town National Research Hospital discloses data breach that may have exposed PHI on 105,309 individuals. The hospital, on May 23, discovered unusual activity relating to an employees email account.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
109320/07/2018?Single IndividualsResearchers from Fortinet reveal that the notorious Jigsaw ransomware has been repurposed to steal Bitcoin by altering the addresses of wallets and redirecting payments into accounts owned by the attacker.Malware/PoS MalwareX IndividualCyber Crime>1Link
109420/07/2018?Vulnerable IoT devicesResearchers from Palo Alto Networks Unit 42 find three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploits affecting Internet of Things (IoT) devices.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
109520/07/2018?NorthStar AnesthesiaNorthStar Anesthesia notifies patients after some employee email accounts are compromised between April 3 and May 24, 2018.Targeted AttackQ Human health and social work activitiesCyber CrimeUSLink
109620/07/2018?Clark UniversityClark University in Massachusetts notifies some students whose personal information, including Social Security Numbers, were in an employees email account that had been accessed between March 19 and March 23rd, amid a phishing attack.Account HijackingP EducationCyber CrimeUSLink
109720/07/2018?Ochre Health WollongongAn unspecified cyber incident at Ochre Health Wollongong medical centre leaves patients without the possibility to access their patient data.UnknownQ Human health and social work activitiesCyber CrimeAULink
109823/07/2018Dragonfly AKA Energetic BearU.S. Utility Control RoomsHomeland Security Officials reveal that attackers from the malicious actor Dragonfly AKA Energetic Bear might have accessed the control rooms of U.S. Energetic Utilities.Targeted AttackD Electricity gas steam and air conditioning supplyCyber WarfareUSLink
109923/07/2018?Etherscan.ioVisitors of the popular Ethereum blockchain explorer Etherscan.io are shown a pop-up message showing "1337" indicating the website has been compromised.Malicious code injectionV FintechCyber CrimeN/ALink
110023/07/2018APT-C-27 AKA Golden RatTargets in SyriaResearchers at CSE Cybsec ZLab discover a malicious code revealing that a long-term espionage campaign in Syria attributed to a APT-C-27 group, is still active.Targeted AttackY Multiple IndustriesCyber EspionageSYLink
110123/07/2018?Department of Corrections, DOCA “security incident” occurred on April 3 at a third-party vendor (Accreditation, Audit & Risk Management Security, LLC) may have compromised the personal information of employees, inmates and others involved with the state Department of Corrections.UnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
110224/07/2018?The National Bank of BlacksburgBrian Krebs reveals that hackers used phishing emails to break into a The National Bank of Blacksburg in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. The breaches happened in May 2016 and June 2017.Account HijackingK Financial and insurance activitiesCyber CrimeUSLink
110324/07/2018?Southern Baptist Convention's International Mission BoardThe Southern Baptist Convention's (SBC) International Mission Board announces to have suffered a data breach earlier this year (on April 11) exposing the personally identifiable information on its current and former employees, volunteers and applicants.UnknownU Activities of extraterritorial organizations and bodiesCyber CrimeINTLink
110424/07/2018?Users in Germany, Poland and JapanResearchers from Proofpoint discover an upgraded version of the Kronos banking trojan, targeting users in Germany, Poland, and Japan.Malware/PoS MalwareX IndividualCyber Crime>1Link
110524/07/2018?Vulnerable Oracle WebLogic ServersSecurity researchers from ISC SANS and Qihoo 360 Netlab reveal to be currently tracking two separate groups who appear to have automated the exploitation of Oracle WebLogic CVE-2018-2893 vulnerability at a large scale.VulnerabilityY Multiple IndustriesCyber Crime>1Link
110624/07/2018EliteLandsUnpatched AVTech devicesAnkit Anubhav, a security researcher at NewSky Security discovers a botnet named "Death" composed of vulnerable AVTech devices.VulnerabilityY Multiple IndustriesCyber Crime>1Link
110724/07/2018?Verified @AlmostHumanFOX Twitter AccountAn apparent hacker is able to hack a discontinued TV show's verified Twitter account (@AlmostHumanFOX) to impersonate Justin Sun, the founder of the decentralized Tron currency and promote a cryptocurrency scam.Account HijackingR Arts entertainment and recreationCyber CrimeUSLink
110825/07/2018?COSCOA ransomware attack severely disables the U.S. network of COSCO (China Ocean Shipping Company), one of the world's largest shipping companies.Malware/PoS MalwareH Transportation and storageCyber CrimeCNLink
110925/07/2018?Securities Investors Association Singapore (SIAS)The Securities Investors Association Singapore (SIAS) announces to have suffered a breach. The breach occurred in 2013 and that the NRIC numbers, home addresses, email addresses, mobile and landline numbers of 70,000 people were compromised in the incident.UnknownM Professional scientific and technical activitiesCyber CrimeSGLink
111025/07/2018LeafminerGovernment organizations and business verticals in various regions in the Middle EastResearchers from Symantec uncover the operations of a threat actor named Leafminer targeting a broad list of government organizations and business verticals in various regions in the Middle East since at least early 2017.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
111125/07/2018OilRig group (AKA APT34, Helix Kitten)Unnamed technology services provider and government entityResearchers from Palo Alto Networks Unit 42 reveal to have detected multiple attacks by the OilRig group appearing to originate from a government agency in the Middle East. The attacks delivered a PowerShell backdoor called QUADAGENT.Targeted AttackY Multiple IndustriesCyber EspionageN/ALink
111225/07/2018?Vulnerable SAP and Oracle ERP softwareA joint report from Onapsis and Digital Shadows forces the Department of Homeland Security's US-CERT to issue a security advisory warning organizations that attackers are increasingly exploiting vulnerabilities in Enterprise Resource Planning (ERP) software from companies like SAP and Oracle.VulnerabilityY Multiple IndustriesCyber CrimeUSLink
111325/07/2018?Targets in the information technology, healthcare, and retail industries.Researchers from ProofPoint discover a new remote access Trojan (RAT), dubbed Parasite HTTP.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
111425/07/2018?Kasikornbank (Kbank) and Krungthai Bank (KTB)Computer systems of Kasikornbank (Kbank) and Krungthai Bank (KTB) are compromised, affecting the security of the personal and corporate data of more than 120,000 customers.UnknownK Financial and insurance activitiesCyber CrimeTHLink
111525/07/2018?City of Medford1,842 Medford residents are impacted by a City of Medford data breach after the citys online utility billing service is infected with malware. The breaches happened between February 18th through March 14th and March 29th through April 16th.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
111625/07/2018Shadow BrokersSome Banks in ChileHackers from the Shadow Brokers gain access to some 14,000 credit card numbers in Chile and publish them on social media.UnknownK Financial and insurance activitiesCyber CrimeCLLink
111726/07/2018APT28 AKA Fancy BearSen. Claire McCaskillSen. Claire McCaskill is the target of a spear phishing campaign allegedly orchestrated by the infamous Fancy Bear AKA APT28.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
111826/07/2018?KICKICOKICKICO, an Initial Coin Offering (ICO) project suffers a security breach. Attackers access the private key of the smart contract and as a result, steal more than 70 million KickCoins which is around $7.7 million.VulnerabilityV FintechCyber CrimeRULink
111926/07/2018?Yale UniversityYale University notifies members of breach that took place between 2008 and 2009, when a threat actor managed to access a database and exfiltrate names, Social Security numbers, and dates of birth. The breach was discovered on June 16 this year.UnknownP EducationCyber CrimeUSLink
112026/07/2018?Blue Springs Family CareHealthcare provider Blue Springs Family Care discloses a ransomware attack resulting from an authorized access that may have also compromised 44,979 patients records.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
112126/07/2018?Vulnerable client and serversResearchers from Kaspersky Lab reveal the details of PowerGhost, a mining campaign based on a PowerShell script able to spread using the EternalBlue exploit.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
112226/07/2018?Individuals in UkraineResearchers from FireEye reveal the details of a new wave of attacks related to the FELIXROOT campaign, targeting individuals in Ukraine, and carried out via a malicious email containing a weaponized document leveraging the CVE-2017-0199 and CVE-2017-11882 exploits.Targeted AttackX IndividualCyber EspionageUALink
112326/07/2018?Single IndividualsSecurity researchers from Trend Micro reveal the details of Underminer, a new exploit kit, currently active mainly in Asian countries, used to spread rootkits and cryptocurrency-mining (coinminer) malware. The campaign exploits three vulnerabilities: CVE-2015-5119, CVE-2016-0189, CVE-2018-4878.Malware/PoS MalwareX IndividualCyber Crime>1Link
112426/07/2018?Undisclosed PDF Editor ApplicationMicrosoft reveals that hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users' computers, tampering the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor partners.UnknownJ Information and communicationCyber CrimeN/ALink
112526/07/2018?Prison-issued tabletsIdaho prison officials announce in a press release that they've identified 364 inmates who have exploited a vulnerability in their prison-issued tablets and have used it to assign nearly $225,000 worth of digital credits to their tablet accounts.VulnerabilityS Other service activitiesCyber CrimeUSLink
112627/07/2018?Several U.S. state and local government agenciesSeveral U.S. state and local government agencies report receiving strange letters via conventional mail that include malware-laden compact discs (CDs) apparently sent from China.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
112727/07/2018?Single IndividualsIvan Kwiatkowski, a French security researcher, discovers an adware delivery scheme that involves clone websites that use legitimately-looking domain names to trick victims into downloading famous apps, but which are actually laced with adware.Malware/PoS MalwareX IndividualCyber Crime>1Link
112827/07/2018DarkHydrusGovernment agency in the Middle EastResearchers from Palo Alto Networks Unit 42 unveils a targeted attack against a government agency in the Middle East carried out by a threat actor dubbed DarkHydrus.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageN/ALink
112927/07/2018Coaches for the football team at Braden RiverHudl football teamCoaches for the football team at Braden River (Bradenton, Fla.), are caught using a college Hudl account to access opponents game and practice videos.Account HijackingP EducationCyber CrimeUSLink
113027/07/2018DohaeragonKaiser Permanentes Health InnovationsKaiser Permanentes Health Innovations website is defaced byDefacementQ Human health and social work activitiesCyber CrimeUSLink
113128/07/2018@fs0c131yTelecom Regulatory Authority of India (TRAI) chairman R S SharmaAlleged personal details of the Telecom Regulatory Authority of India (TRAI) chairman R S Sharma are leaked after he tweeted his 12-digit Unique Identification Authority of India or UIDAI number and challenged hackers.Account HijackingX IndividualCyber CrimeINLink
113228/07/2018?Confluence HealthConfluence Health discloses a patient data breach after an employee email account is hacked on March 30 and May 28, 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
113328/07/2018?Some Banks in ChileAdditional 55,106 cards are leaked in Chile.UnknownK Financial and insurance activitiesCyber CrimeCLLink
113430/07/2018?UnityPoint HealthUnityPoint Health warns 1.4 million patients their information might have been breached by email hackers after a phishing attack.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
113530/07/2018?Vulnerable MikroTik RoutersSecurity researchers discover a massive cryptojacking campaign that targets MikroTik routers and changes their configuration to inject a copy of the Coinhive in-browser cryptocurrency mining script in some parts of users' web traffic.VulnerabilityY Multiple IndustriesCyber Crime>1Link
113630/07/2018SandswormSpiez LaboratoryThe state-run Spiez laboratory near Bern, which analyzed the nerve agent samples from Salisbury, reveals to have been targeted by hackers believed to be linked to the Russian government ahead of a conference of chemical and biological warfare.Targeted AttackM Professional scientific and technical activitiesCyber WarfareCHLink
113730/07/2018?Single IndividualsResearchers from Palo Alto Networks Unit 42 discover 145 Google Play apps infected with Windows malware and available since October 2017. The apps are removed by Google.Malware/PoS MalwareX IndividualCyber Crime>1Link
113830/07/2018?Single IndividualsResearchers from Check Point reveal the details of a massive malvertising campaign dubbed Master134 attempting 40,000 infections per week and distributing crypto miners.MalvertisingX IndividualCyber Crime>1Link
113930/07/2018?Single IndividualsResearchers from Proofpoint discover a large email campaign distributing an enhanced version of the AZORult information stealer and downloader.Malware/PoS MalwareX IndividualCyber Crime>1Link
114030/07/2018?Hāwera High SchoolAn anonymous computer hacker demands US$5000 from a provincial high school to return course work they are holding for ransom.Malware/PoS MalwareP EducationCyber CrimeNZLink
114131/07/2018?Single IndividualsValve Corporation, the company behind the gaming website Steam, suddenly pulls a game called Abstractism from its store. Customer complaints and the games performance metrics point to another instance of crypto jacking.Malware/PoS MalwareX IndividualCyber Crime>1Link
114231/07/2018?Borough of Matanuska-SusitnaThe Borough of Matanuska-Susitna is hit by CryptoLocker. The attack took place on July 24 but was maybe dormant since May. The IT systems are not operation with some users starting to use typewriters.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
114331/07/2018?City of ValdezAlso the City of Valdez is hit by CryptoLocker.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
114431/07/2018?Single IndividualsResearchers from Sucuri discover a new crypto mining campaign using the Crypto-Loot cryptominer and abusing RawGit, a CDN for GitHub files.Malicious code injectionX IndividualCyber Crime>1Link
114531/07/2018?Jersey Mikes SubsJersey Mikes Subs warns some of their customers to change their account passwords to ensure account security. According to the email, the firm suspected a possible data breach at some third party.UnknownG Wholesale and retail tradeCyber CrimeUSLink
114620/07/2018?MedSpring Urgent CareMedSpring Urgent Care notifies 13,000 patients after a phishing attack occurred on May 8.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
114730/07/2018?Altex ExchangeAltex Exchange acknowledges that a double-counting bug in Monero (XMR) cryptocurrency did result in a major undisclosed financial loss.Monero VulnerabilityV FintechCyber CrimeN/ALink
114801/08/2018?RedditReddit discloses a breach of its systems that compromised user data including some current email addresses and salted and hashed passwords from a 2007 database backup. The attacker gained access to several employee accounts via SMS intercept between June 14 and June 18.Account HijackingJ Information and communicationCyber CrimeUSLink
114901/08/2018?Companies and organizations associated with industrial productionKaspersky Lab ICS CERT identifies a new wave of phishing emails with malicious attachments targeting primarily companies and organizations associated with industrial production. The malware used in these attacks installs legitimate remote administration software TeamViewer or Remote Manipulator System/Remote Utilities (RMS). Around 800 computers in more than 400 countries are targeted.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
115001/08/2018?Amnesty InternationalAmnesty International reveals to have been targeted by a campaign carried out via the surveillance malware developed by the Israel surveillance vendor, NSO Group.Targeted AttackU Activities of extraterritorial organizations and bodiesCyber EspionageN/ALink
115101/08/2018boolooprecruitmilitary.comA user called booloop a publishes a database containing over 850,000 US military officers personal information.UnknownS Other service activitiesCyber CrimeUSLink
115201/08/2018?Hong Kongs Department of HealthThree Hong Kongs Department of Health computers are hit by ransomware.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeHKLink
115302/08/2018GorgonGovernmental organizations in the United Kingdom, Spain, Russia, and the United States.Researchers from Palo Alto Networks Unit 42 uncover Gorgon, a threat actor allegedly operating from Pakistan and targeting governmental organizations in the United Kingdom, Spain, Russia, and the United States leveraging spear phishing emails with Microsoft Word documents exploiting CVE-2017-0199.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
115402/08/2018RASPITEEntities in the US, Middle East, Europe, and East AsiaResearchers from Dragos identify a new activity group targeting access operations in the electric utility sector, called RASPITE.Targeted AttackD Electricity gas steam and air conditioning supplyCyber Espionage>1Link
115502/08/2018DarkCoder AKA @Th3FalconElbit SystemsDarkCoder AKA @Th3Falcon leaks 10,000 credentials for users and administrators from Elbit Systems.SQLiC ManufacturingCyber CrimeILLink
115603/08/2018?TSMC (Taiwan Semiconductor Manufacturing Co.)A computer virus, later reported to be a variant of WannaCry, halts several Taiwan Semiconductor Manufacturing Co. factories, the sole maker of the iPhones main processor.Malware/PoS MalwareC ManufacturingCyber CrimeTHLink
115703/08/2018?MentionMention CEO Matthieu Vaxelaire informs users of the occurrence of a data security breach involving a third-party provider. The breach occurred in July and Mention promptly reported details to the French data protection authorities.UnknownM Professional scientific and technical activitiesCyber CrimeFRLink
115803/08/2018?Datawire, Vantiv, Mercury Payment SystemsResearchers from Oracle publish the details of three DNS Hijacks against three payment processors.DNS hijackingK Financial and insurance activitiesCyber CrimeUSLink
115904/08/2018?RAF AirwomanAn RAF airwoman has her Tinder profile hacked. The attackers use the hacked profile to steal secrets of Britains new F-35 Lightning II stealth fighter.Account HijackingO Public administration, defence, compulsory social securityCyber EspionageUKLink
116004/08/2018?LivecoinLivecoin crypto exchange announces that it met considerable losses because crucial bug in Monero code, allowing to manipulate transaction amounts. The total amount of the funds lost is 15108 XMR (more than $1,8 million).Vulnerability in Monero CodeV FintechCyber CrimeUSLink
116106/08/2018?Single IndividualsSecurity from Duo Security release a report detailing the operations of a Twitter bot composed of 15.000 fake accounts promoting cryptocurrency giveaway scams.Twitter BotX IndividualCyber Crime>1Link
116207/08/2018?PGA of AmericaPGA of Americas computers are locked by a ransomware.Malware/PoS MalwareR Arts entertainment and recreationCyber CrimeUSLink
116307/08/2018DarkHydrusGovernment entities and educational institutions in the Middle East.Researchers from Palo Alto Networks Unit 42 reveal the detail of a new credential harvesting attack carried out by the DarkHydrus Threat Actor.Account HijackingY Multiple IndustriesCyber EspionageN/ALink
116408/08/2018?US Political OrganizationsLinkedIn reveals to have uncovered and restricted a group of less than 40 fake accounts that appeared to be engaged in efforts to connect with members in political organizations.Linkedin BotO Public administration, defence, compulsory social securityCyber EspionageUSLink
116508/08/2018?Multiple OrganizationsResearchers from Check Point discover a massive proxy botnet, called Black, infecting 100,000 machines in two months, and used as a relay to the infamous Ramnit malware.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
116609/08/2018Hidden CobraUS OrganizationsThe US-CERT issues an alert for the KeyMarble Trojan, a new threat attributed to the infamous North Korean Hidden Cobra Actor.Targeted AttackY Multiple IndustriesCyber EspionageUSLink
116709/08/2018?Hennepin CountyOfficials reveal that cyber attackers have infiltrated e-mail accounts for about 20 Hennepin County employees since late June, and may have accessed the private information of people who rely on the countys services.Account HijackingO Public administration, defence, compulsory social securityCyber CrimeUSLink
116810/08/2018?Butlin'sButlin's has confirmed that the records of up to 34,000 guests have been accessed by hackers. The stolen data does not include payment details, but customers' names, holiday dates, postal and email addresses and telephone numbers.Account HijackingR Arts entertainment and recreationCyber CrimeUKLink
116910/08/2018?Brazilian Bank CustomersThe Radware Threat Research Center identifies a hijacking campaign aimed at Brazilian bank customers via their IoT devices, attempting to gain their bank credentials via DNS hjiacking against D-Link routers.DNS hjiackingK Financial and insurance activitiesCyber CrimeBRLink
117010/08/2018?Adams CountyAdams County officials release a media statement and a detailed notification regarding a security breach affecting 258,120 individuals in the Adams County. The investigations revealed that the breach, due to an unauthorized access, lasted for around six years: from January 2013 to March 2018.UnknownO Public administration, defence, compulsory social securityCyber CrimeUSLink
117111/08/2018?Cosmos BankCyber criminals hack the systems of Indias Cosmos Bank and siphon off nearly 944 million rupees ($13.5 million) through simultaneous withdrawals across 28 countries. Unidentified hackers stole customer information through a malware attack on its ATM server.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeINLink
117211/08/2018?Hundreds of Instagram accountsHundreds of Instagram accounts are hijacked in a coordinated attack.Account HijackingX IndividualCyber Crime>1Link
117313/08/2018?Single Individuals in developing countriesMultiple researchers identify a dangerous new variant of the KeyPass ransomware, featuring a manual-control functionality, and according, targeting developing countries.Malware/PoS MalwareX IndividualCyber Crime>1Link
117414/08/2018?Office 365 UsersResearchers from Avanan discover a new phishing campaign, dubbed PhishPoint, targeting the 10% of Office 365 users globally.Account HijackingY Multiple IndustriesCyber Crime>1Link
117515/08/2018?Michael TerpinMichael Terpin, a bitcoin investor is suing AT&T for $240m after it allegedly ported his phone number to a hacker, allowing the criminal to steal $24m in cryptocurrency.SIM SwappingX IndividualCyber CrimeUSLink
117615/08/2018?Customers of large banksResearchers at Cyberbit announce they have discovered a new variant of Trickbot, a modular malware and well-known financial Trojan that targets customers of large banks and steals their credentials.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
117715/08/2018?Hans KeirsteadRolling Stone reveals that the U.S. Federal Bureau of Investigation is investigating a series of cyberattacks over the past year that targeted Dr. Hans Keirstead, a Democratic candidate in California.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
117816/08/2018Malicious Actors from ChinaAlaska Communications Systems Group Inc Ensco Plcs Atwood Oceanics, The Alaska Department of Natural Resources The Alaska governors office Regional internet service provider TelAlaskaCybersecurity firm Recorded Future said the Hackers operating from Chinas Tsinghua University targeted U.S. energy and communications companies, as well as the Alaskan state government, in the weeks before and after Alaskas trade mission to China.Account HijackingY Multiple IndustriesCyber EspionageUSLink
117916/08/2018?Augusta University HealthAugusta University Health discloses a breach affecting 417,000 patients as a consequence of two phishing attacks occurred on September 11, 2017 and July 31, 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
118016/08/2018?Several Financial InstitutionsProofpoint researchers discover a new downloader malware in a fairly large campaign (millions of messages) primarily targeting financial institutions. The malware, dubbed “Marap” (“param” backwards), is notable for its focused functionality that includes the ability to download other modules and payloads.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
118117/08/2018?Eastern Maine Community CollegeEastern Maine Community College in Bangor warns of a possible data breach that could have exposed the personal information of current and former staff and students. School officials notify 42,000 current and former students and employees that certain computers were recently infected with malware and may have been hacked. Officials said the problem could apply to students dating back to 1998, and faculty dating to 2008.Malware/PoS MalwareP EducationCyber CrimeUSLink
118217/08/2018?Individual UsersResearchers from Trustwave Spiderlabs and Cofense reveal the details of a malicious spam campaign, targeting the banking industry, and using unusual Microsoft Publisher documents, originating from the Necurs botnet.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
118317/08/2018?Compromised Wordpress SitesResearchers from Sucuri uncover a malicious campaign targeting up to 3,000 infected Wordpress sites, carried out via a URL shortener, a fake plug-in and a malicious popuplink.js.Malicious Script InjectionX IndividualCyber Crime>1Link
118418/08/2018?David MinReuters reveals that the U.S. Federal Bureau of Investigation is investigating a cyber attack on the congressional campaign of David Min, a Democratic candidate in California.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
118518/08/2018?Bossier CitySome Bossier City water customers may have had their information compromised due to a possible breach of an online billing payment system.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
118620/08/2018?Legacy HealthLegacy Health notifies 38,000 patients that a phishing attack may have breached their data. Officials discovered unauthorized access to some employee email accounts on June 21. However, the access began several weeks before in May 2018.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
118720/08/2018?SuperdrugSuperdrug confirms that hackers claim to have obtained the personal details of almost 20,000 individuals who shopped online at Superdrug.Credential StuffingG Wholesale and retail tradeCyber CrimeUKLink
118820/08/2018?Single IndividualsA new malicious spam campaign is underway that pretends to be an invoice for an outstanding payment. When these invoices are opened they install the AZORult information stealing Trojan and the Hermes 2.1 Ransomware onto the recipient's computer.Malware/PoS MalwareX IndividualCyber Crime>1Link
118920/08/2018?South Korean usersResearchers from Trend Micro discover a malicious spam campaign targeting South Korean users, carried out distributing the GrandCrab ransomware through files with .egg extension.Malware/PoS MalwareX IndividualCyber CrimeKRLink
119020/08/2018?AnimotoAnimoto, a cloud-based video maker service for social media sites, reveals a data breach. The breach occurred on July 10 but was confirmed by the company in early August, and later reported to the California attorney general. Names, dates of birth and user email addresses were accessed by hackersUnknownJ Information and communicationCyber CrimeUSLink
119121/08/2018APT28 AKA Fancy BearU.S. Senate, two conservative think tanks and Microsofts OneDrive cloud storageMicrosoft claims it thwarted a Russian-backed phishing attack by seizing control of fake copies of right-leaning American think tanks' websites including one led by a prominent Donald Trump critic.Account HijackingO Public administration, defence, compulsory social securityCyber EspionageUSLink
119221/08/2018Malicious actors from IranUS, UK, Middle East and Latin AmericaFireEye identifies a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East. This operation leverages a network of inauthentic news sites and clusters of associated accounts across multiple social media platforms to promote political narratives in line with Iranian interests.Fake News Sites and Social Network BotsO Public administration, defence, compulsory social securityCyber Warfare>1Link
119321/08/2018?Organizations in South KoreaResearchers from Trend Micro and IssueMakersLab uncover the details of Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea. The threat actors compromised the update server of a remote support solutions provider to deliver a remote access tool called 9002 RAT.Targeted AttackY Multiple IndustriesCyber EspionageKRLink
119421/08/2018?Several Organizations WorldwideResearchers from Check Point reveal the details of Ryuk, a new ransomware strain able to net over $640,000 worth of Bitcoin in a recent activity surge.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
119521/08/2018?Mexican IndividualsResearchers from Kaspersky Lab reveal the details of Dark Tequila, a complex malicious campaign targeting Mexican users, with the primary purpose of stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts and domain registrars.Malware/PoS MalwareX IndividualCyber CrimeMXLink
119622/08/2018Lazarus GroupUndisclosed cryptocurrency ExchangeKaspersky Lab reveals the details of Operation AppleJeus, an attack against cryptocurrency exchanges carried out via a trojanized cryptocurrency trading application distributing the Fallchill malware.Targeted AttackV FintechCyber EspionageN/ALink
119722/08/2018?Cheddar Scratch KitchenRestaurants in 23 states belonging to Cheddar Scratch Kitchen are affected by a cyberattack that exposed payment card information. The amount of impacted card details is estimated to be 567,000 and were stolen between November 3, 2017, and January 2, 2018, the cybercriminals accessed the Cheddar Scratch Kitchen network.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink
119822/08/2018Turla AKA Snake AKA UroburosForeign offices of two European countries Network of a major defense contractorResearchers from ESET reveal that three more entities have been hit by the infamous Turla APT.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
119922/08/2018?Six Banks in SpainResearchers from IBM X-Force reveal that the relatively new trojan BackSwap is now targeting six banks in Spain.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeESLink
120022/08/2018?Vulnerable Wordpress SitesResearchers from Sucuri uncover what they describe as a massive WordPress redirecting campaign targeting vulnerable tagDiv themes and Ultimate Member plugins.Malicious Script InjectionX IndividualCyber Crime>1Link
120123/08/2018?T-MobileT-Mobile reveals that hackers stole some of the personal data of 2 million people in a new data breach. The intrusion took place on August 20 when hackers part of “an international group” accessed company servers through an API that “didnt contain any financial data or other very sensitive data.Illegitimate API AccessJ Information and communicationCyber CrimeDELink
120223/08/2018?Vulnerable IoT devicesResearchers from Symantec discover another Mirai variant leveraging the Aboriginal Linux open source project to infect multiple devices.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
120323/08/2018?Android UsersSecurity researchers from Bitdefender discover a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities.Malware/PoS MalwareX IndividualCyber Crime>1Link
120424/08/2018TA555Single IndividualsResearchers from Proofpoint discover a new malicious spam campaign carried on via a previously undocumented downloader called AdvisorsBot.Malware/PoS MalwareX IndividualCyber Crime>1Link
120524/08/2018COBALT DICKENS76 universities located in 14 countriesSecureworks Counter Threat Unit (CTU) researchers discover a URL spoofing campaign carried out by Iranian actors. The campaign involves Sixteen domains contained over 300 spoofed websites and login pages for 76 universities located in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States.Account HijackingP EducationCyber Crime>1Link
120624/08/2018?Vulnerable Apache Struts ServersGreynoise Intelligence and Volexity, say they've detected threat actors scanning for Struts servers vulnerability CVE-2018-11776.Vulnerability (CVE-2018-11776)Y Multiple IndustriesCyber Crime>1Link
120726/08/2018Anonymous CataloniaBanco de EspañaHacktivists from Anonymous Catalonia claim to have taken down the website of Banco de España.DDoSK Financial and insurance activitiesHacktivismESLink
120827/08/2018?AtlasAtlas, a popular Brazilian cryptocurrency investment platform is hacked. The personal information of over 264,000 of its customers is leaked, including 4,500 records that detail users balances on the platform.UnknownV FintechCyber CrimeBRLink
120928/08/2018Huazhu Group Ltd.Shanghai police launches an investigation into the alleged massive data breach of Huazhu Group Ltd., one of China's largest hotel operators. An online post emerges, containing nearly 500 million pieces of information related to the hotel group's customers, including registration information, personal data and booking records of the group's wide range of hotel brands.UnknownR Arts entertainment and recreationCyber CrimeCNLink
121028/08/2018L.M.TheTruthSpyA hacker breaks into the servers of TheTruthSpy, one of the most notorious stalkerware companies out there, and stole logins, audio recordings, pictures, and text messages, among other data. The breach occurred on February 2018.App VulnerabilityM Professional scientific and technical activitiesCyber CrimeUSLink
121128/08/2018?Single IndividualsA new malicious spam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access TrojanMalware/PoS MalwareX IndividualCyber Crime>1Link
121228/08/2018?Multiple TargetsSecurity researchers from Booz Allen Hamilton discover RtPOS, a previously unseen and undocumented malware strain that targets point-of-sale (POS) systems.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
121329/08/2018?Air CanadaAir Canada says the personal information for about 20,000 customers "may potentially have been improperly accessed" via a breach in its mobile app, so the company has locked down all 1.7 million accounts as a precaution until customers change their passwords. The airline detected unusual login behavior with Air Canada's mobile App between Aug. 2224, 2018.UnknownH Transportation and storageCyber CrimeCALink
121429/08/2018?Android UsersResearchers from Doctor Web find dozens of malicious applications on Google Play designed to generate illegal revenue. Authors of these applications spread them under the guise of well-known and useful software and use them in different fraudulent schemes.Malware/PoS MalwareX IndividualCyber Crime>1Link
121529/08/2018?Android UsersResearchers from Kaspersky Lab reveal the detail of BusyGasper, a new, unsophisticated Android Spyware.Malware/PoS MalwareX IndividualCyber Crime>1Link
121629/08/2018?University of MissouriThe University of Missouri suspends email delivery after a Missouri State Democratic Party email seeking interns helps jumpstart a phishing attempt.Account HijackingP EducationCyber CrimeUSLink
121729/08/2018?University of OregonUniversity of Oregon is target of a phishing campaign.Account HijackingP EducationCyber CrimeUSLink
121829/08/2018?West VancouverWest Vancouver warns thousands of its residents after discovering hackers installed malicious software on the district server used to store personal information collected through its website. The attack was discovered on July 31.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeCALink
121929/08/2018?Cloquet School DistrictCloquet school district is hit by a ransomware attack second time in the past three years.Malware/PoS MalwareP EducationCyber CrimeUSLink
122030/08/2018?SwedenThe Swedish Security Service reveals that there has been a proliferation of new “bots” on Twitter supporting the nationalist, anti-immigration Sweden Democrats and attacking the ruling Social Democrats.Twitter BotsO Public administration, defence, compulsory social securityCyber WarfareSELink
122130/08/2018Cobalt AKA TEMP.MetastrikeNS Bank Patria BankResearchers from NetScout Arbor reveal the details of a new campaign carried out by the Cobalt Group via spear phishing.Targeted AttackK Financial and insurance activitiesCyber CrimeRU ROLink
122230/08/2018?Family OrbitAn anonymous hacker is able to find the key to the cloud servers of Family Orbit and leaks 281 Gb of pictures and videos.Account HijackingJ Information and communicationCyber CrimeUSLink
122330/08/2018?Vulnerable Magento ServersThe MagentoCore Skimmer campaign reveals all its extent. A single group is responsible for planting skimmers on 7339 individual stores in the last 6 months.Malware/PoS MalwareG Wholesale and retail tradeCyber Crime>1Link
122430/08/2018?Individuals in ChinaResearchers from Check Point uncover a new ongoing campaign aimed to distribute the CEIDPageLock browser hijacker, distributed via the RIG Exploit Kit. The victims are located primarily in China.Malware/PoS MalwareX IndividualCyber CrimeCNLink
122530/08/2018?Single IndividualsResearchers from Symantec uncover a new attack chain which exploits the Windows Management Instrumentation Command-line (WMIC) utility and eXtensible Stylesheet Language (XSL) files to be undetected and steal data.Malware/PoS MalwareX IndividualCyber Crime>1Link
122630/08/2018?Single IndividualsResearchers from Cisco Talos warn of a Chinese-language threat actor leveraging a wide array of Git repositories to infect vulnerable systems with Monero-based cryptomining malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
122731/08/2018?Americans with access to government and commercial secretsWilliam Evanina, the U.S. counter-intelligence chief reveals that Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets.LinkedIn BotX IndividualCyber EspionageUSLink
122817/08/2018?Dallas County Community CollegeDallas County Community College discloses a breach after some employees' emails credentials are compromised by a phishing attack from September 14, 2017 to December 18, 2017.Account HijackingP EducationCyber CrimeUSLink
122924/08/2018?Schneider ElectricSchneider Electric finds a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products.Malware/PoS MalwareC ManufacturingCyber CrimeFRLink
123024/08/2018?Coweta CountyCoweta County restores most of its computer servers, nearly two weeks after hackers demanded $341,000 in bitcoins.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
123129/08/2018GOBLIN PANDAVietnamResearchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group, targeting Vietnam via a spear phishing campaign using weaponized documents.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageVNLink
123230/08/2018"@joshua" from group Fatal Error CrewC&AThe Brazilian operation of international fashion retail clothing chain C&A confirms a cyberattack to its gift card platform. Data from 36,000 customers who purchased gift cards is leaked on Pastebin.UnknownG Wholesale and retail tradeCyber CrimeBRLink
123301/09/2018?Town of MidlandThe small Canadian town of Midland, Ontario plans to pay off a $35,000 ransom to the malicious actors who shut down the municipalities compute system with a ransomware attack.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeCALink
123402/09/2018?Single IndividualsResearchers discover a new ransomware that only encrypts .EXE files on a computer. It then displays a screen with a picture of President Obama that asks for a "tip" to decrypt the files.Malware/PoS MalwareX IndividualCyber Crime>1Link
123503/09/2018?South African Department of LabourThe South African Department of Labour confirms a DDoS attack which disrupted the government agency's website.DDoSO Public administration, defence, compulsory social securityCyber CrimeZALink
123603/09/2018?Vulnerable IoT devicesA new IoT botnet called Hakai comes out online.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
123703/09/2018?Hoopeston Area School DistrictThe Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families.UnknownP EducationCyber CrimeUSLink
123803/09/2018?Hoopeston Area School DistrictThe Hoopeston Area School District website is hacked with pictures and repeated emergency callout messages to district families.UnknownP EducationCyber CrimeUSLink
123904/09/2018?Vulnerable Apache Struts 2 serversResearchers from F5 detected threat actors exploiting the CVE-2018-11776 Apache Struts 2 namespace vulnerability in a new Monero crypto-mining campaign.Apache Struts 2 VulnerabilityY Multiple IndustriesCyber Crime>1Link
124004/09/2018?Mega.nzThe official Chrome extension for the MEGA.nz file sharing service is compromised with malicious code that steals usernames and passwords, but also private keys for cryptocurrency accountsMalware/PoS MalwareS Other service activitiesCyber CrimeNZLink
124104/09/2018?Major Brazilian banksIBM X-Force researchers discover a new financial malware that targets major Brazilian banks through their customers. The malware is dubbed CamuBot because it attempts to camouflage itself as a security module required by the banks it targets.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeBRLink
124204/09/2018Iran-Linked OilRig APTUndisclosed government in the Middle EastResearchers from Palo Alto Networks Unit 42 report on a wave of OilRig attacks delivering the OopsIE trojan involving a Middle Eastern government agency.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageN/ALink
124304/09/2018Fatal ErrorBoa Vista SCPCBrazilian credit bureau Boa Vista SCPC investigates a possible hack, after a group of hackers called Fatal Error claimed it accessed the database of the company which has more than 350M personal data.UnknownK Financial and insurance activitiesCyber CrimeBRLink
124405/09/2018SilenceFinancial institutions in Russia and Eastern Europe.Researchers from Group-IB reveal the details of a new Russian-speaking "Silence" group, having spent the last three years mounting silent cyber-attacks on financial institutions in Russia and Eastern Europe, stealing $800,000.Targeted AttackK Financial and insurance activitiesCyber Crime>1Link
124505/09/2018FIN6PoS systems across the United States and Europe.Researchers from IBM X-Force IRIS uncover a new malware campaign targeting point-of-sale (PoS) systems across the United States and Europe. The attacks have been attributed to the FIN6 cybercriminal group.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
124605/09/2018rogue0RousseauRousseau, the online platform of the Italian Five Star Movement is hacked again by rogue0, who leaks private data related to the donors.UnknownN Administrative and support service activitiesCyber CrimeITLink
124706/09/2018Magecart GroupBritish AirwaysBritish Airways notifies authorities, after being hacked between August 21 and September 5, with 380,000 payments compromised.Malicious JavaScript InjectionH Transportation and storageCyber CrimeUKLink
124806/09/2018PowerPoolTargets in Chile, Germany, India, Philippines, Poland, Russia, United Kingdom, United States, and Ukraine.Researchers from ESET identify a group dubbed PowerPool exploiting the recently discovered Windows ALPC LPE 0-day vulnerability.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
124906/09/2018?Cork City Park by PhoneA data breach at Cork City Park by Phone service in Ireland affects more than 5,000 people. The unauthorized access started in May.UnknownH Transportation and storageCyber CrimeIELink
125006/09/2018?Victims in the Middle East, Asia Pacific, and Southern EuropeResearchers from FireEye report a new Exploit Kit, dubbed Fallout, used to deliver GandCrab to victims in the Middle East, while also targeting the Asia Pacific region and Southern Europe with additional malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
125107/09/2018Domestic Kitten240 individuals from Iran including Kurdish and Turkish natives and ISIS supportersResearchers from Check Point uncover a mobile-based attack targeting Iranian citizens that operates under the radar of detection since 2016.Targeted AttackX IndividualCyber EspionageIRLink
125207/09/2018?U.S. State DepartmentThe State Department suffers a breach of its unclassified email system, and the compromise exposes the personal information of a small number of employees.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageUSLink
125307/09/2018Big BangPalestinian Authority and other targets in the Middle East.Researchers from Check Point detect a new surveillance attack carried out by the Big Bang gang against the Palestinian Authority and other targets in the Middle East.Targeted AttackO Public administration, defence, compulsory social securityCyber Espionage>1Link
125409/09/2018?C-CEXCryptocurrency exchange C-CEX is hacked. The attackers are successfully able to withdraw all Litecoin (LTC) and Dogecoin (DOGE) from company servers.VulnerabilityV FintechCyber CrimeDELink
125509/09/2018?Vulnerable Apache Struts 2 serversResearchers from Palo Alto Networks, for the first time discover a variant of the Mirai Internet of Things botnet that targets Apache Struts CVE-2017-5638 vulnerability.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
125609/09/2018?Vulnerable versions of the Global Management System (GMS) from SonicWallThe same researchers from Palo Alto Networks reveal a new version of the Gafgyt botnet (AKA Bashlite), targeting versions of the Global Management System (GMS) from SonicWall vulnerable to CVE-2018-9866.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
125710/09/2018?Vulnerable MikroTik RoutersResearchers find an additional 3,700 MikroTik routers running injecting CoinHive in secret. The total number of compromised devices detected exceeds 280,000, an increase of 80,000 in just over 30 days.MikroTik Router Vulnerability (CVE-2018-14847)Y Multiple IndustriesCyber Crime>1Link
125810/09/2018runningsnailDEOSGamesBetting platform DEOSGames is drained of a significant chunk of its operating funds in a heist that netted one lucky punter almost $24,000.EOS VulnerabilityR Arts entertainment and recreationCyber CrimeMTLink
125910/09/2018?European countries particularly FranceResearchers from Trend Micro spot a ransomware imitating Locky, dubbed PyLocky, characterize by strong evasion capabilities, and being spread via spam emails targeting European countries particularly France.Malware/PoS MalwareX IndividualCyber Crime>1Link
126010/09/2018LuckyMouseMultiple TargetsKaspersky Lab discovers several infections from a previously unknown Trojan, likely related to the infamous Chinese-speaking threat actor LuckyMouse. The most peculiar trait of this malware is its driver, signed with a legitimate digital certificate.Targeted AttackY Multiple IndustriesCyber Espionage>1Link
126110/09/2018?Vulnerable MikroTik RoutersSecurity researcher Troy Mursch reveal that the infected MikroTik routers abused for the CoinHive redirection campaign, are now abused for a new cryptojacking operation.MikroTik Router Vulnerability (CVE-2018-14847)Y Multiple IndustriesCyber Crime>1Link
126210/09/2018?FreshMenuThe Indian online food platform FreshMenu admits to have hidden a data breach affecting 110K users for two years. The data breach happened on July 1, 2016UnknownI Accommodation and food service activitiesCyber CrimeINLink
126311/09/2018CobaltRussian and Romanian banking customersResearchers from ProofPoint reveal that the Cobalt Gang cybercrime group has launched a new round of phishing campaigns targeting primarily Russian and Romanian banking customers with CobInt, a recently discovered malicious backdoor and downloader.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
126411/09/2018CobaltRemotely accessible and unprotected MongoDB databasesA new attack called Mongo Lock is discovered. The new attack targets remotely accessible and unprotected MongoDB databases, wiping them, and then demanding a ransom in order to get the contents back.MisconfigurationY Multiple IndustriesCyber Crime>1Link
126511/09/2018?Vulnerable Wordpress SitesResearchers from security firm Defiant reveal an uptick in scan attempts for Wordpress installations with the vulnerable plugin Duplicator.Wordpress plugin vulnerabilityY Multiple IndustriesCyber Crime>1Link
126611/09/2018?University of LouisvilleNearly 250 University of Louisville faculty and staff enrolled between 2007 and 2014 have their personal info stolen through the “Get Healthy Now” program.UnknownP EducationCyber CrimeUSLink
126711/09/2018?Pakistani WhatsApp usersWhatsApp accounts of multiple Pakistani citizens are hacked by an anonymous group of hackers asking for money to get their accounts back.Account HijackingX IndividualCyber CrimePKLink
126811/09/2018?City of TylerThe city of Tyler is the latest victim of the Click2Gov payment system breach.VulnerabilityO Public administration, defence, compulsory social securityCyber CrimeUSLink
126912/09/2018Magecart GroupFeedifyCustomer engagement service Feedify is hit by Magecart attackers, who repeatedly modified a script that it serves to a few hundred websites to include payment card skimming code.Malicious JavaScript InjectionS Other service activitiesCyber CrimeUSLink
127012/09/2018?Edinburgh University (ed.ac.uk)The website of Edinburgh University is down after the institution suffered a major DDoS attack.DDoSP EducationCyber CrimeUKLink
127112/09/2018?Monroe County School DistrictA GandCrab ransomware attack forces Monroe County School District in Florida to shut down its computer systems for at least three days.Malware/PoS MalwareP EducationCyber CrimeUSLink
127212/09/2018?Users of the Jaxx cryptocurrency wallet siteResearchers from Flashpoint take down a website spoofing the official Jaxx cryptocurrency wallet site after discovering a number of infections linked to the operation.Malware/PoS MalwareX IndividualCyber Crime>1Link
127312/09/2018Iran-Linked OilRig APTUndisclosed government in the Middle EastResearchers from Palo Alto Networks Unit 42 uncover a new campaign by the OilRig APT targeting members of an undisclosed government in the Middle East with an evolved variant of the BondUpdater trojan.Targeted AttackO Public administration, defence, compulsory social securityCyber EspionageN/ALink
127413/09/2018?Single IndividualsESET researchers discover three third-party add-ons for the popular open-source media player Kodi (XvBMC, Bubbles and Gaia), being used to distribute Linux and Windows Monero cryptocurrency-mining malware.Malware/PoS MalwareX IndividualCyber Crime>1Link
127513/09/2018?Fetal Diagnostic Institute of the Pacific (FDIP)Honolulu-based Fetal Diagnostic Institute of the Pacific (FDIP) announces to have been hit by a ransomware attack that may have compromised patient data.Malware/PoS MalwareQ Human health and social work activitiesCyber CrimeUSLink
127613/09/2018APT10Japanese media sectorResearchers from FireEye reveal a new campaign carried out by the Chinese APT10 group, targeting the Japanese media sector via the UPPERCUT backdoor.Targeted AttackJ Information and communicationCyber EspionageJPLink
127713/09/2018?Single IndividualsA huge database with 42M email addresses, passwords in clear text, and partial credit card data is uploaded to kayo.moe, a free, public hosting service.UnknownX IndividualCyber Crime>1Link
127814/09/2018aabbccddeefgEOSBetA gambling application that is based on the EOS blockchain has a flaw in its smart contract system exploited. The attacker is able to make off with $200,000 worth of EOS due to the vulnerability.DEOS VulnerabilityR Arts entertainment and recreationCyber CrimeN/ALink
127914/09/2018?Bristol AirportFlight information screens are blacked out over the weekend at the Bristol Airport. Airport officials blame the incident on a ransomware infection that affected the computers running the airport's in-house TV.Malware/PoS MalwareH Transportation and storageCyber CrimeUKLink
128014/09/2018?Colorado TimberlineColorado Timberline, a Colorado printing company claims to have been forced out of business after being hit with a severe ransomware attack from which it could not recover.Malware/PoS MalwareS Other service activitiesCyber CrimeUSLink
128114/09/2018?Victims in Japan, France, and other locationsThe Fallout Exploit KIT starts to distribute a new ransomware called SAVEfile via malicious spam campaigns.Malware/PoS MalwareX IndividualCyber Crime>1Link
128214/09/2018?Guardant HealthGuardant Health suffered a phishing attack in July 2018 according to an SEC filing for the firms initial public offering, where private information from about 1,100 individuals was compromised.Account HijackingQ Human health and social work activitiesCyber CrimeUSLink
128314/09/2018LulzSecITAItalian National Institute for Social Assistance (INAS)The portal of the Italian National Institute for Social Assistance (INAS) is hacked, compromising the information of 37,500 individuals.UnknownO Public administration, defence, compulsory social securityHacktivismITLink
128412/09/2018?SMEG UKThe UK branch of the appliance manufacturer SMEG reveals to have been hit by a "targeted cyber attack".UnknownC ManufacturingCyber CrimeUKLink
128514/09/2018MagecartGroopdealzGroopdealz joins the list of the victims of the Magecart group.Malware/PoS MalwareG Wholesale and retail tradeCyber CrimeUSLink
128617/09/2018?Saverspy.comBob Diachenko, a security researcher, identifies an unsecured MongoDB server leaking the personal details of nearly 11 million users. The database seems to have been ransomed back in June.Unsecured MongoDBG Wholesale and retail tradeCyber CrimeUSLink
128717/09/2018LulzSecITAUnuci.org (Union of Italian Retired Military Officials)LulzSecITA leaks the personal details of about 300 retired military officials.UnknownS Other service activitiesHacktivismITLink
128817/09/2018Iron cybercrime group (AKA Roke)Vulnerable Windows and Linux ServersResearchers from Palo Alto Networks discover a new malware strain dubbed XBash that combines features from four types of malware categories: ransomware, coinminers, botnets, and worms.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
128917/09/2018?Multiple targetsResearchers from Qihoo's 360Netlab discover Fbot, a strange botnet based on Satori, which instead of infecting devices, appears to be actually wiping them clean of cryptocurrency mining malware. The botnet also hides its C&C behind a blockchain-based DNS service.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
129017/09/2018?Perth MintA data breach at Perth Mint sees hackers take the personal details of about 3200 customers, far more than initially suspected. The breach occurred on the system of a third-party technology provider and only involved 13 customer initially.UnknownO Public administration, defence, compulsory social securityCyber CrimeAULink
129117/09/2018?Multiple government websites in India.Security researchers discover that multiple government websites in the country are infected with cryptojackers.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeINLink
129217/09/2018?Nonresident aliens in the U.S.Researchers at Fortinet discover a phishing campaign claiming to be from the IRS but reportedly sent from a server originating in Italy. The campaign appears to be targeting nonresident aliens.Account HijackingX IndividualCyber CrimeUSLink
129318/09/2018MagecartABS-CBN213 customers of ABS-CBN, a Filipino media conglomerate, have their financial data stolen data due to a payment skimmer discovered in the broadcaster's online store.Malware/PoS MalwareJ Information and communicationCyber CrimePHLink
129418/09/2018?45 countries, including the US, France, Canada, Switzerland, and the UKA report published by Citizen Lab researchers reveals the existence of 36 different groups who deployed the Pegasus spyware against targets located in 45 countries, including the US, France, Canada, Switzerland, and the UK.Malware/PoS MalwareX IndividualCyber Espionage>1Link
129519/09/2018MagecartNeweggResearchers from RiskIQ, together with Volexity, reveal that California-based retailer Newegg is the latest well-known merchant to succumb to the Magecart group.Malware/PoS MalwareG Wholesale and retail tradeCyber CrimeUSLink
129619/09/2018?Click2GovFireEye has revealed reveals that a yet-to-be-identified hacker group is behind the hack against the Click2Gov servers, used to plant malware that stole payment card details.Malware/PoS MalwareN Administrative and support service activitiesCyber CrimeUSLink
129719/09/2018?3,000 breached websitesResearchers from Flashpoint reveal that hackers are selling access to over 3,000 breached websites on an underground hacking forum called MagBO for Russian-speaking users.UnknownY Multiple IndustriesCyber Crime>1Link
129819/09/2018?Android UsersESET researchers discover malicious apps impersonating various financial services and the Austrian cryptocurrency exchange Bitpanda on Google Play.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
129919/09/2018?City of BeatriceA virus shuts down many city operations including phone and internet services for several departments.Malware/PoS MalwareO Public administration, defence, compulsory social securityCyber CrimeUSLink
130020/09/2018?ZaifYet another Japan-based cryptocurrency exchange is hacked, losing a 6.7 billion yen (about $60 million worth of cryptocurrency), including 5,966 bitcoins.UnknownV FintechCyber CrimeJPLink
130120/09/2018?Port of BarcelonaThe land operations of the Port of Barcelona are impacted by a ransomware attack.Malware/PoS MalwareH Transportation and storageCyber CrimeESLink
130220/09/2018?Multiple platformsSecurity researchers discover a new botnet dubbed Torii, able to infect multiple hardware platforms. The botnets has no clear purpose.Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
130320/09/2018?Vulnerable Wordpress SystemsResearchers from Malwarebytes reveal a massive campaign compromising vulnerable WordPress sites and redirecting users to tech scams.Malicious Script InjectionY Multiple IndustriesCyber Crime>1Link
130420/09/2018?Arran BreweryArran Brewery says it was locked out of its own computer system after being duped into opening an email attachment that contained a ransomware. The attackers then demanded a 2BTC ransom.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUKLink
130520/09/2018Lucy GangMultiple TargetsResearchers uncover a new Russian-speaking threat actor hawking a proprietary cyber-weapon, malware-as-a-service, dubbed “Black Rose Lucy.”Malware/PoS MalwareY Multiple IndustriesCyber Crime>1Link
130621/09/2018?Some European CountriesResearchers from ESET discover a new DanaBot campaign targeting a number of European countries.Malware/PoS MalwareK Financial and insurance activitiesCyber Crime>1Link
130721/09/2018?AdGuardAdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, resets all user passwords, after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords.Credential StuffngJ Information and communicationCyber CrimeUSLink
130821/09/2018?Infinite CampusInfinite Campus, one of the largest student information management systems used by schools in America, is coping with the latest in a string of Distributed Denial-of-Service (DDoS) attacks.DDoSJ Information and communicationCyber CrimeUSLink
130921/09/2018?freelance workersMalwareHunterTeam discovers a new campaign targeting freelance workers spreading malware via malicious documents masquerading as job briefs and offers.Malware/PoS MalwareX IndividualCyber Crime>1Link
131021/09/2018?Single IndividualsResearchers from Trend Micro reveal the detail of Virobot, a multi-strain malware working as ransomware, keylogger, and botnet.Malware/PoS MalwareX IndividualCyber Crime>1Link
131121/09/2018?Bryan Caforios websiteA DDoS attack takes down California Democratic Bryan Caforios website just hours before he steps onto the debate stage to face fellow Democrats.DDoSX IndividualCyber CrimeUSLink
131224/09/2018?Android UsersResearchers from Sophos discover two-dozen Android apps able to urns users' phones into cryptocurrency miners. Combined, they have been downloaded more than 120,000 times.Malware/PoS MalwareX IndividualCyber Crime>1Link
131324/09/2018?Targets in TurkeyResearchers from Cisco Talos and ReversingLabs reveal the detail of a new spam campaign spreading the Adwind 3.0 remote access tool (RAT).Malware/PoS MalwareY Multiple IndustriesCyber CrimeTRLink
131424/09/2018?Oklahoma City Public School DistrictThe Oklahoma City Public School District is affected by a DDoS attack on their parent portal.DDoSP EducationCyber CrimeUSLink
131525/09/2018?Port of San DiegoService to the public in the Port of San Diego are impacted by a ransomware attack.Malware/PoS MalwareH Transportation and storageCyber CrimeUSLink
131625/09/2018?NewsNowOnline news aggregation service NewsNow admits that it has suffered a security breach and an encrypted version of the passwords may have been accessed.UnknownJ Information and communicationCyber CrimeUKLink
131725/09/2018?DoordashFood delivery startup DoorDash receives dozens of complaints from customers who say their accounts have been hacked. The users are the target of a credential stuffing attack.Credential StuffngS Other service activitiesCyber CrimeUSLink
131825/09/2018?CheggEducational technology company Chegg resets the passwords for 40 million of its users after news broke that the firm was breached in April of this year.UnknownJ Information and communicationCyber CrimeUSLink
131925/09/2018?RWEUnknown attackers launch a large-scale DDoS attack that takes down RWEs website.DDoSD Electricity gas steam and air conditioning supplyHacktivismDELink
132025/09/2018?Aspire HealthAspire Health, is hacked earlier this month and loses at least some patient information to an unknown cyber attacker.UnknownQ Human health and social work activitiesCyber CrimeUSLink
132126/09/2018?pigeoncoinThe developers behind the pigeoncoin cryptocurrency confirm that an unknown attacker successfully took advantage of a bitcoin bug, printing 235 million pigeoncoins worth about $15,000.Bitcoin VulnerabilityV FintechCyber CrimeUSLink
132226/09/2018?Several Android Users in EuropeResearcher Lukas Stefanenko from ESET reveals the details of a malicious app impersonating a phone call recording utility in Google Play Store (Qrecorder) able to steal thousands of euros from a couple of bank customers in Europe.Malware/PoS MalwareX IndividualCyber Crime>1Link
132326/09/2018?Multiple businesses in the city of ConwayMultiple businesses in Conway, Arkansas, are hit by ransomware.Malware/PoS MalwareY Multiple IndustriesCyber CrimeUSLink
132427/09/2018?FacebookFacebook says a breach affected 50 million people on the social network. The vulnerability stemmed from the "view as" feature, which lets people see what their profiles look like to others. Attackers exploited code associated with the feature that allowed them to steal access tokens."view as" vulnerabilityJ Information and communicationCyber CrimeUSLink
132527/09/2018APT28 (AKA Fancy Bear, Sednit, Strontium, and Sofacy)Undisclosed TargetResearchers from ESET find the first evidence of a rootkit, called LoJax, for the Unified Extensible Firmware Interface (UEFI) being used in the wild by the infamous APT28.Targeted AttackY Multiple IndustriesCyber EspionageN/ALink
132627/09/2018Malicious Actors from North Korea?Politically-motivated victims in Eurasia and Southeast Asia.Researchers from Palo Alto Networks publish an analysis of NOKKI, a new RAT named so because of the significant links with KONNI, a previously discovered threat. The operation shows similarities with the modus operandi of Reaper, a malicious actor tied to North Korea.Targeted AttackX IndividualCyber Espionage>1Link
132727/09/2018?Vulnerable RDP serversThe Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, issues a security alert regarding attacks being conducted through the Windows Remote Desktop Protocol.RDP Vulnerabilities/MisconfigurationsY Multiple IndustriesCyber Crime>1Link
132827/09/2018CobaltHigh-value financial organizations around the worldResearchers from the Secureworks Counter Threat Unit (CTU) disclose the latest operation of the Cobalt threat actor, targeting high-value financial organizations around the world through the SpicyOmelette malware.Targeted AttackK Financial and insurance activitiesCyber Crime>1Link
132927/09/2018?Single IndividualsResearchers discover a new campaign aimed to distribute the GandCrab ransomware via the Phorpiex worm.Malware/PoS MalwareX IndividualCyber Crime>1Link
133028/09/2018?Single IndividualsMotherboard reveals that hackers have hijacked the accounts of at least four high profile Instagrammers recently, locking them out and demanding a bitcoin ransom.Account HijackingX IndividualCyber Crime>1Link
133128/09/2018?SHEINA criminal cyber-attack is thought to have affected roughly 6.42 million customers of fashion brand SHEIN. The attack took place on August 22, and gained access to email addresses and encrypted password credentials of customers who registered on the company website.Malware/PoS MalwareG Wholesale and retail tradeCyber CrimeUSLink
133228/09/2018?Toyota Industries North AmericaToyota Industries North America notifies individuals of a phishing incident, potentially impacting approximately 19,000 current/former employees and health plan participants.Account HijackingC ManufacturingCyber CrimeUSLink
133328/09/2018?Recipe UnlimitedRecipe Unlimited, a Canadian restaurant chain that operates over 20 restaurant brands, suffers a country-wide outage of its IT systems over the weekend in a ransomware incident.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeCALink
133428/09/2018?Developers of Google Chrome extensionsDevelopers of Google Chrome extensions are targeted by a massive phishing campaign.Account HijackingX IndividualCyber Crime>1Link
133529/09/2018CyberSecurity & Intelligence (CSI)Virat Kohlis official websiteFollowing the defeat of the Bangladeshi cricket team against India at the 2018 Asia Cup final, a group of Bangladeshi hackers defaces Virat Kohlis official website (the current captain of India's team) to protest against an 'unfair decision' during the match.DefacementX IndividualCyber CrimeINLink
133629/09/2018?Customers of Brazilian BanksSecurity researchers from Qihoo 360 NetLab uncover an ongoing hacking campaign leveraging the GhostDNS malware. Attackers have already hijacked over 100,000 home routers (70+ types). The malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites.Malware/PoS MalwareK Financial and insurance activitiesCyber CrimeBRLink
133729/09/2018baidu3250617231Gwinnett Medical Center (GMC)Gwinnett Medical Center(GMC) is hacked and the patient data is posted online.UnknownQ Human health and social work activitiesCyber CrimeUSLink
133830/09/2018FIN7BurgervilleBurgerville reveals a data breach impacting the chain which may have led to the theft of detailed credit card information belonging to customers.Malware/PoS MalwareI Accommodation and food service activitiesCyber CrimeUSLink