Mother of All Breaches (MOAB) Exposes 26 Billion Records
Researchers found a data breach containing 26 billion records from various sources, dubbed “Mother of All Breaches”. Cybersecurity experts uncovered 12 terabytes of records from sites like LinkedIn and Twitter, organized into 3,800 folders. Data was compiled from over 2,500 past breaches of 15 billion records. Some records were unpublished. The risk of reused credentials across sites endangers users to widespread identity theft and phishing via the MOAB data. Read more
Jason’s Deli Breach Exposes Data of Over 350K Users in Credential Stuffing Attack
Jason’s Deli recently notified over 350,000 customers of a data breach from credential stuffing attacks on their website in December. Hackers used credentials obtained from external breaches to access accounts containing personal details like names, addresses, phone numbers, and reward points. The company is prompting password resets and restoring any points used improperly due to breached accounts. Read more
Veolia North America Water Service Provider Hit by Ransomware Attack
Veolia North America, a major water services provider, was hit by a ransomware attack affecting their online billing systems. The company took immediate action to contain the breach by shutting down backend systems. Normal payment operations have resumed and critical infrastructure was unaffected. Some individual data was compromised and Veolia is working with experts to fully assess the impact. Read more
SEC Says Sim Swapping Attack Caused X Account Hack
SE confirmed that the SEC’s X account hack was due to a SIM swapping attack, whereby the hacker gained control of the phone number linked to the account. They then used this access to reset passwords and tweet falsely claiming SEC approval of Bitcoin ETFs. The SEC is investigating with carriers how the SIM swap occurred given lack of MFA on the account. Read more
loanDepot Cyberattack Results in Data Breach of 16.6 Million
Mortgage lender loanDepot was hit by a ransomware attack on January 6th, resulting in the theft of sensitive personal data for over 16.6 million customers. Systems were shut down to contain the breach, though payments continued with delays. loanDepot confirmed the incident and will provide affected individuals with credit monitoring. They have yet to specify what exact data was taken in the massive data breach. Read more
Ukraine’s Monobank DDoS Attack Hits ‘Non Stop’ and Cripples Bank’s Operations
Ukraine’s largest mobile-only bank, Monobank, was hit by a massive DDoS attack over the weekend, with over 580 million service requests in just 3 days according to their CEO. This attack crippled Monobank’s operations and is part of a series targeting Ukrainian financial institutions. No issues were reported by app users. The bank did not disclose the attackers but such targets face frequent cyberattacks amid wider conflict with Russia. Read more
CISA Issues Emergency Directive on Ivanti Zero-Day, Demands Immediate Action from Federal Agencies
CISA issued an emergency directive demanding federal agencies take immediate action regarding two actively exploited zero-day vulnerabilities in Ivanti’s Connect Secure and Policy Secure products. Threat groups have compromised over 2,100 devices to deploy cryptominers and other malware payloads. The vulnerabilities allow network navigation, data extraction, and installing backdoors. Read more
Tietoevry Ransomware Attack Causes Widespread Disruptions for Swedish Customers, Akira Ransomware Behind the Incident
Finnish IT services provider Tietoevry experienced a ransomware attack affecting one of its data centers in Sweden. The incident disrupted services for customers in the region and was caused by the prolific Akira ransomware group. Major Swedish companies and government agencies relying on Tietoevry faced outages to payroll, HR, and health systems. Tietoevry is working to restore services while investigating the ransomware attack in coordination with police. Read more
Trezor Security Breach Affects 66k Users in a Phishing Scam
Hardware wallet manufacturer Trezor reported that contact details for around 66,000 users were exposed due to unauthorized access to a third-party support portal. 41 users received phishing emails directly, while 8 others had accounts on the compromised platform. No funds were stolen but Trezor warned of increased phishing risk and is investigating the breach along with the vendor to improve security. Read more
Ukraine Blackjack Hackers Steal 500 Russian MoD’s Objects
Ukrainian hacker group Blackjack, believed to be associated with Ukraine’s security service, breached a Russian state enterprise responsible for military construction, stealing over 1.2TB of data including details on 500 defense sites. The hackers reportedly encrypted 150 computers and took down 7 servers, dealing a significant blow. Read more
Kansas State University Cyberattack Disrupts Email, Phone, Payment Systems
Kansas State University suffered disruptions to email, phone, and payment systems due to a cyberattack. Investigations revealed the disruptions resulted from a cyberattack. Systems were taken offline and experts were engaged to assist the investigation. Daily news emails were temporarily restored with delays. The full scope remains under review, though no ransomware group has claimed responsibility yet. The university is working to restore normal operations. Read more
Bigpanzi Botnet Targets 170k Android TV Set Top Boxes with Bigpanzi’s Custom Malware
Researchers report that the Bigpanzi cybercrime gang has built a 170,000-device botnet infecting Android TV boxes and set-top boxes globally since 2015 using custom malware. The gang exploits devices and tricks users into installing malicious apps to spread “pandoraspear” and “pcdn”, which hijack DNS, communicate with C2 servers, and turn devices into nodes for illegal streaming, proxy networks, and DDoS attacks. Over 1.3 million unique IPs have been associated with Bigpanzi since August. Read more