Home Depot Data Breached, Fake Facebook Midjourney AI Pages Infect 1 Million, D-Link NAS exploited, Targus Cyberattack Data Theft, US Environmental Protection Agency Data Breached, CVS Cyberattack Disrupts Veterinary Operations
Home Depot Data Breach Leaks Over 10,000 Employee Records
Home Depot has reported a data breach where the personal information of around 10,000 employees was exposed. The breach was linked to a threat actor IntelBroker, who posted limited data on an underground hacking forum. Home Depot confirmed that a Software-as-a-Service (SaaS) vendor published a sample dataset containing employee names, emails, and IDs during a testing activity. Cybersecurity experts warn that the information could be used for spear phishing campaigns. Read more
Hackers Use Fake Facebook Midjourney AI Pages to Infect Over 1 Million with Malware
Hackers have used fake Facebook pages impersonating popular AI services like Midjourney to infect over 1 million people with malware. They create fraudulent communities on Facebook, gaining followers by sharing realistic-looking images and news updates. By taking control of genuine profiles, they convert them into seemingly official pages for AI tools. Users are directed to these pages where they are deceived into downloading malicious files that steal sensitive information. The campaigns primarily target men aged 25-55 in European countries. Read more
Critical Flaw in D-Link NAS Devices Under Active Exploitation
A critical flaw in D-Link NAS devices is currently being actively exploited, leaving over 92,000 devices vulnerable to remote code execution. The flaw, identified as CVE-2024-3273, involves a hard-coded backdoor account with blank credentials that allows arbitrary command execution. Threat actors are leveraging this vulnerability to deploy variants of the Mirai botnet malware, potentially leading to large-scale DDoS attacks. D-Link has not yet released a patch for the flaw and advises users to discontinue the use of affected devices. Read more
Targus Hit by Cyberattack, File Systems Compromised
Mobile device accessory manufacturer, Targus, experienced a cyberattack that compromised its file systems. The attack was detected on April 5th, and Targus promptly activated its incident response plan to investigate and contain the breach. While the extent of the data compromise is still unknown, there is a risk of customer information, such as orders, shipping addresses, and payment details, being exposed. Law enforcement has been notified, and investigations are ongoing to identify the attackers and their motives. Read more
Major Data Breach at US Environmental Protection Agency, Over 8.5 Million Records Leaked by USDoD
The US Environmental Protection Agency (EPA) has experienced a data breach resulting in the unauthorized disclosure of personal information belonging to over 8.5 million individuals. The breach has been claimed by the hacker group known as USDoD, which has a history of targeting critical infrastructure organizations in the United States. The leaked data includes CSV documents containing names, addresses, phone numbers, and email addresses. This breach poses a risk of identity theft and scams, as well as potential cyber espionage activities. The EPA and cybersecurity agencies are currently investigating the incident to determine the extent of the breach. Read more
CVS Cyberattack Disrupts Veterinary Operations
CVS Group, a veterinary services provider in the UK, has experienced a cyberattack that has disrupted its IT services across its nationwide practices. The attack involved unauthorized access to certain IT systems, prompting CVS Group to temporarily shut down the affected systems. The impact is limited to UK practices, and operations outside the UK remain unaffected. No ransomware groups have claimed responsibility for the attack. Read more
