Genetic testing provider 23andMe suffered credential stuffing attacks that led to a major data breach, exposing the data of 6.9 million users.
The company states that the attackers only breached a small number of accounts during the credential-stuffing attacks.
Hosting firm says it lost all customer data after ransomware attack.
Two Danish hosting providers were forced to shut down after a ransomware attack encrypted the majority of customer data, and data restoration was not successful.
The increasing DDoS attacks and their impact led the U.S. Cybersecurity and Infrastructure Security Agency to release an advisory about these incidents.
New acoustic attack steals data from keystrokes with 95% accuracy.
PayPal accounts breached in large-scale credential stuffing attack.
PayPal suffered a credential stuffing attack between December 6 and December 8, 2022, allowing attackers to access 34,942 accounts.
Credential stuffing is an attack where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
DISH later confirmed that the outage was caused by a ransomware attack, with BleepingComputer first to report that the Black Basta ransomware gang was behind the attack.
DISH data breach notifications confirmed that data was stolen in the attack and hinted that a ransom was paid not to release the stolen data.
Web hosting giant GoDaddy says it suffered a multi-year breach allowing unknown attackers to steal source code and install malware on its servers.
While the attack was significant, it also brought wide attention to a loose-knit group of hackers known as Scattered Spider.
Hackers compromise 3CX desktop app in a supply chain attack.
The attackers pushed out a malicious software update that installed a previously unknown information-stealing malware to steal data and credentials stored in Chrome, Edge, Brave, and Firefox user profiles.
The true origins of the attack remain unknown, and there is no proof that the U.S. government is behind the attacks.
The attacks start with the hackers sending a malicious iMessage attachment that, when processed by iOS, automatically triggers a zero-click exploit chain.
While the Operation Triangulation attacks did not impact many devices, it could be one of the most sophisticated iOS attacks seen to date.
While it's still unknown who is behind the attacks, their sophistication has led cybersecurity researchers to believe that a government-sponsored hacking group is behind them.
The attacks were soon claimed by the Clop ransomware gang, who previously launched similar attacks through zero-day vulnerabilities in Accellion FTA and GoAnywhere.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 01 Jan 2024 21:29:04 +0000