RockYou2024 Data Breach, Volcano Demon Ransomware Extorts Through Phone, Formula 1 Data Breach and more.
The RockYou2024 Security Breach: 10 Billion Credentials Compromised
On July 4, hacking group ObamaCare published a password collection dubbed “RockYou2024” containing nearly 10 billion unique plaintext passwords. Experts warn this represents the largest password dump in history. While some question the actual risk, it serves as an important reminder of the dangers of password reuse. Read more
OVHcloud Mitigated Record-Breaking DDoS Attack Reaching 840 Million Packets Per Second Powered By MikroTik Botnet
Cloud services provider OVHcloud recently revealed mitigating a massive DDoS attack in April 2024 that set a new record of 840 million packets per second. The company observed an increase in attack sizes from 2023, with some exceeding 1 terabit per second. Investigation found extensive use of compromised MikroTik routers, including models vulnerable to exploits. Read more
Airtel India Denies Massive Data Breach Claims Involving 375 Million Users
Airtel India has denied claims of a data breach compromising personal information of 375 million customers that surfaced online. However, security experts advise vigilance as no evidence currently proves or disproves the alleged dark web leak. Considering Airtel’s vast customer base, bolstering user confidence in data security remains key. Read more
Volcano Demon Ransomware Threat Emerges as Group Extort Victims Directly Through Phone Calls
A new ransomware group called Volcano Demon has been infecting organizations using the LukaLocker ransomware variant and directly calling victims to demand ransom payments. This novel approach of phone-based extortion increases risks and challenges for incident response. The ransomware utilizes evasion techniques and the group threatens data leaks if not paid. Read more
Formula 1 Governing Body FIA Discloses Massive Data Breach After Email Hacks
The governing body for Formula 1, FIA, disclosed a data breach affecting a large number of individuals after hackers compromised two email accounts through a phishing attack. The breach exposed personal data of racing drivers, teams and other stakeholders. Details like the scope and data involved are still under investigation. Read more
CISA Director Says Banning Ransomware Payments Is an Unlikely Possibility
The director of CISA, Jen Easterly, has clarified in an interview that banning ransomware payments in the US is unlikely based on practical concerns raised by experts. Concerns include harming victims and hampering law enforcement. CISA focuses instead on prevention through security practices and response through reporting, intelligence and investigations. Read more
Major Data Breach at Angel One Impacts Over 8 Million Users
Indian broker Angel One confirmed a massive data breach impacting over 8 million users, where leaked data contained sensitive personal information of customers. The breach resulted from insider credentials misuse and raised concerns over security practices. Regulatory penalties and lawsuits are expected against Angel One due to user privacy risks. Read more
Hackers Leak Taylor Swift Tickets Data, Increase Ticketmaster Extortion Demands
Hackers leaked 166,000 Taylor Swift concert barcode tickets after Ticketmaster failed to pay a $2 million ransom demand. The same hackers previously stole data from Snowflake and Ticketmaster, and are threatening to leak more user records and 30 million event barcodes. Ticketmaster disputes the leaked barcodes can be used but privacy risks remain. Read more
Avast Releases Free Decryptor for DoNex Ransomware and Past Variants
Avast discovered a vulnerability in the encryption scheme of DoNex ransomware that allows free decryption. A public decryptor tool was released after the flaw was disclosed. DoNex is a rebrand of DarkRace and Muse ransomware active since 2022 targeting weaknesses in encryption implementation. Read more=
