Data Breach Today

NOVEMBER 20, 2024

LA County Clinic Delayed Access to Patient's Medical Records During Pandemic Federal regulators have fined a Los Angeles county mental health clinic $100,000 for failure to provide a patient with timely access to her requested health records during the COVID-19 pandemic. The case is the U.S.

Access 246

Access Government 246

Security Affairs

NOVEMBER 18, 2024

In December 2020, T-Mobile disclosed a data breach that exposed customers’ network information (CPNI). In March 2020, threat actors gained access to T-Mobile customers and employee personal info. Below is the list of previous incidents suffered by T-Mobile: In August 2021, a security breach impacted 54 million customers.

Data breaches 279

Data breaches Communications Artificial Intelligence Government 279

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., Many of the victims were U.S.

Passwords 185

Passwords Encryption Access Ransomware 185

Security Affairs

OCTOBER 23, 2024

“According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures.”

Cybersecurity 283

Cybersecurity Risk Access Government 283

Security Affairs

DECEMBER 2, 2021

The fifth issue added to the list of actively exploited vulnerabilities is the CVE-2020-11261 Improper Input Validation flaw that impacts multiple Qualcomm chipsets. There are indications that CVE-2020-11261 may be under limited, targeted exploitation” reads a note added to the January security bulletin last week. Pierluigi Paganini.

Cybersecurity 364

Cybersecurity Authentication Security Risk 364

Security Affairs

JANUARY 12, 2022

CVE-2020-5902 F5 Big-IP CVE-2020-14882 Oracle WebLogic CVE-2021-26855 Microsoft Exchange (Note: this vulnerability is frequently observed used in conjunction with CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Cybersecurity 356

Cybersecurity Risk Phishing Government 356

Security Affairs

NOVEMBER 26, 2024

It was previously known as JDA Software before rebranding to Blue Yonder in 2020 and was acquired by Panasonic Corporation in 2021 to strengthen its AI-driven supply chain solutions. The company has more than 6,000 employees and over 3,000 customers across 76 countries.

Ransomware 287

Ransomware Retail Manufacturing Cloud 287

Data Breach Today

JULY 26, 2024

The botnet campaign pushed out the PlugX remote access Trojan that has infected 3,000 machines in France since 2020. National Police Probe Botnet Campaign That Infected 3,000 Machines The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France.

Government 328

Government Access 328

Data Breach Today

OCTOBER 5, 2023

2020 Ransomware Incident Affected 13,000 Customers, Millions of Individuals Fundraising software powerhouse Blackbaud will pay $49.5 million to settle a multistate investigation into the company's data security practices and its response to a 2020 ransomware attack.

Ransomware 305

Ransomware Security IT 305

Security Affairs

OCTOBER 1, 2024

CVE-2020-15415 is an OS command injection vulnerability in DrayTek Multiple Vigor Routers. Since the second half of 2022, a variant of the Mirai bot , tracked as V3G4, targeted IoT devices by exploiting tens of flaws, including CVE-2020-15415. CVE-2019-0344 is a deserialization of untrusted data vulnerability.

Cloud 312

Cloud IT IoT Cybersecurity 312

Security Affairs

FEBRUARY 16, 2024

Cisco addressed the flaw in May 2020. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

IT 340

IT Cybersecurity Authentication Risk 340

Security Affairs

SEPTEMBER 19, 2024

CVE-2020-14644 vulnerability (CVSS score of 9.8) CVE-2020-0618 vulnerability (CVSS score of 7.8) is a remote code execution issue in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Successful attacks of this vulnerability can result in the takeover of Oracle JDeveloper. The flaw affects 12.2.1.3.0

IT 326

IT Cybersecurity Access Risk 326

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Phishing 324

Phishing Passwords Authentication Security 324

Security Affairs

MARCH 5, 2025

The group has been active since 2020, they use web shells for command execution and data theft. The group has been active since at least 2020, they use web shells for command execution and data theft.

Energy and Utilities 154

Energy and Utilities IT Cloud Passwords 154

Security Affairs

OCTOBER 16, 2024

. “A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.

Data breaches 312

Data breaches Cybersecurity Risk IT 312

Security Affairs

OCTOBER 5, 2023

“The document said the exploit worked for Android versions 9 to 11, which was released in 2020, and that it took advantage of a flaw in the “image rendering library.” In 2020 and 2021, WhatsApp fixed three vulnerabilities — CVE-2020-1890, CVE-2020-1910, and CVE-2021-24041— that all involved how the app processes images.

Marketing 348

Marketing Libraries Sales Government 348

Security Affairs

APRIL 13, 2022

According to the advisory published by Apache, the issue addressed by the organization is a critical flaw in Apache Struts linked to a previous OGNL Injection flaw ( CVE-2020-17530 ) that wasn’t properly fixed. “The fix issued for CVE-2020-17530 ( S2-061 ) was incomplete.

Security 362

Security Cybersecurity IT Information Security 362

Security Affairs

JUNE 27, 2024

Roundcube Webmail CVE-2020-13965 (CVSS score of 6.1) Roundcube addressed the flaw in June 2020, and PoC code was released shortly thereafter. is a code injection issue in the Jai-Ext open source project. The vulnerability was fixed in August 2022, however technical details and PoC were published a few weeks later. and 1.3.12.

IT 302

IT Cybersecurity Risk Security 302

Security Affairs

SEPTEMBER 21, 2023

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. collect) that launches the /var/tmp/crond file every 10 minutes.”

Libraries 309

Libraries Passwords Access Security 309

Data Breach Today

FEBRUARY 1, 2024

FTC Is Latest Agency to Rebuke Fundraising Firm for Lax Security in 2020 Attack The Federal Trade Commission is the latest regulatory agency taking action against fundraising and customer relationship management software provider Blackbaud in the aftermath of a 2020 ransomware incident that compromised the data of tens of thousands of clients and millions (..)

Ransomware 279

Ransomware Security 279

Security Affairs

JUNE 17, 2024

Two men, Thomas Pavey (aka “Dopenugget”) and Raheim Hamilton (aka “Sydney” and “Zero Angel”), have been charged in federal court in Chicago for operating the dark web marketplace “ Empire Market ” from 2018 to 2020. currency on AlphaBay before starting Empire Market.

Marketing 320

Marketing Access IT Information Security 320

Security Affairs

SEPTEMBER 12, 2023

Below is the list of affected versions: Product Track Affected Versions Platform Acrobat DC Continuous 23.003.20284 and earlier versions Windows & macOS Acrobat Reader DC Continuous 23.003.20284 and earlier versions Windows & macOS      Acrobat 2020 Classic 2020           20.005.30516 (Mac) 20.005.30514 (Win)and earlier versions Windows & (..)

Security 329

Security Information Security IT 329

Security Affairs

FEBRUARY 2, 2024

.” In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining 336

Mining Passwords Government IT 336

Data Breach Today

APRIL 30, 2024

Ransom_man' Extortionist Faces 6-Year, 3-Month Prison Term A Finnish court found Aleksanteri Tomminpoika Kivimäki guilty of hacking and leaking online the psychotherapy records of 33,000 individuals in a 2020 incident. The District Court of Länsi-Uusimaa has sentenced Kivimäki, 26, to six years and three months in prison.

283

283

Security Affairs

JULY 19, 2024

The LockBit ransomware operation has been active since January 2020, the group hit over 2,500 victims across 120 countries, including 1,800 in the U.S. “ Between 2020 and 2023, the duo targeted organizations worldwide. The group targeted individuals, businesses, hospitals, schools, and government agencies.

Ransomware 352

Ransomware Encryption Government Access 352

Data Breach Today

OCTOBER 19, 2023

Aleksanteri Kivimäki Charged for the 2020 Leak of Mental Health Clinic Database The hacker who allegedly leaked mental health records online after breaking into a Helsinki-based psychotherapy chain's patient database has been charged with multiple counts of extortion and data leak in Finnish court.

314

314

Data Breach Today

MARCH 28, 2024

Also: Hackers Target Apple Password Reset Flaw This week, Russian organizations are losing Microsoft Cloud, hackers targeted an Apple flaw, Germany warned of critical flaws in Microsoft Exchange, an info stealer targeted Indian government agencies and the energy sector, and Finland confirmed APT31's role in a 2020 breach of Parliament.

Cloud 310

Cloud Passwords Government 310

Security Affairs

SEPTEMBER 18, 2023

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. The Microsoft AI research team started publishing data in July 2020. 20, 2020 – SAS token first committed to GitHub; expiry set to Oct. ” reads the report published by Wiz.”The 5, 2021 Oct.

Risk 347

Risk Passwords Access Cloud 347

Data Breach Today

OCTOBER 31, 2023

Researchers Discover 'Prolific Puma' Service Used by Hackers, Phishers and Scammers Researchers have discovered an underground offering with the codename "Prolific Puma," which since 2020 has been the "largest and most dynamic" cybercrime link-shortening service on the market.

Phishing 305

Phishing Marketing IT 305

Krebs on Security

DECEMBER 19, 2024

In early 2020, Exorn promoted a website called “ orndorks[.]com According to DomainTools, altugsara321@gmail.com was used in 2020 to register the domain name altugsara[.]com. co as one of their projects. That user, “ Exorn ,” has posts dating back to August 2018.

IT 229

IT Data breaches Cloud Passwords 229