California Cryobank Data Breach Exposes Sensitive Customer Information
California Cryobank, the largest sperm bank in the US, suffered a data breach exposing sensitive customer information, including names, Social Security numbers, and bank details. The breach, discovered in April 2024, has prompted the company to offer one year of free credit monitoring to affected individuals. The full extent of the breach remains unclear, raising concerns about potential exposure of donor information. Read more
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
A supply chain attack on the tj-actions/changed-files GitHub Action compromised CI/CD secrets from approximately 23,000 repositories. The attackers exploited a malicious commit that dumped sensitive information into repository logs. GitHub removed the compromised action swiftly and recommended that users rotate any exposed secrets and switch to specific commit hashes to enhance security. Read more
Western Alliance Bank Data Breach Impacts 21,899 Customers
Western Alliance Bank reported a data breach affecting 21,899 customers, exposing sensitive personal and financial data due to a third-party vendor’s software vulnerability. The Clop ransomware group claimed responsibility for the breach, and the bank is offering identity protection services to affected individuals while enhancing security measures. Read more
$6.1 Million Crypto Stolen in WEMIX Hack
WEMIX, a blockchain gaming platform, suffered a $6.1 million theft, with hackers exploiting stolen authentication keys to withdraw funds. The attack was planned over two months, resulting in unauthorized access to customer accounts. The platform is currently offline for security upgrades following the incident. Read more
The Mirai Botnet: The Infamous DDoS Weapon
The Mirai botnet, known for its massive DDoS attacks, continues to be a significant threat as it exploits vulnerable IoT devices. Originating from a group of young developers, Mirai has evolved into a potent weapon for cybercriminals, targeting various organizations globally. The blog highlights its history, impact, and methods of infiltration. Read more
Qilin/Agenda Ransomware: The Credential Stealers
The Qilin ransomware group, also known as Agenda, has been active since 2022, targeting various industries with opportunistic attacks. Utilizing double extortion tactics, Qilin has claimed responsibility for numerous ransomware incidents, particularly in the healthcare sector. The group uses sophisticated techniques for initial access and lateral movement within networks. Read more
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
Lingnan University in Hong Kong experienced a significant data breach, affecting thousands of records, including personal information of faculty and students. The university has taken steps to enhance security and is providing support to affected individuals while investigating the incident. Read more
Florida Hospital Data Breach Impacts Over 120,000 Patients
A data breach at the Center for Digestive Health in Florida exposed the personal and medical information of over 120,000 patients. The BianLian ransomware group claimed responsibility for the breach, highlighting the vulnerability of healthcare organizations to cyberattacks. The hospital is offering identity protection services to affected individuals. Read more
BlackBasta Ransomware Uses Automated Tool ‘BRUTED’ to Brute-Force VPNs
The BlackBasta ransomware group has developed an automated tool called BRUTED to compromise VPNs and firewalls, facilitating initial access for ransomware attacks. This tool has been used to conduct large-scale brute-forcing attacks, underscoring the need for robust security measures, including multi-factor authentication. Read more
