Users of Atomic, Trust Wallet, Metamask, Ronin, TronLink, Exodus, and other prominent wallets in the crypto ecosystem.
Researchers at Checkmarx uncovered a series of new supply chain attacks that exploit the Python Package Index (PyPI) using malicious packages to target cryptocurrency wallets.
Malware
Fintech
Cyber Crime
>1
Supply Chain Compromise
2
01/10/2024
Since 28/10/2024
28/10/2024
?
Undisclosed organizations
Researchers at Proofpoint observe attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers.
Malware
Unknown
Unknown
Unknown
CVE-2024-45519 Vulnerability
3
01/10/2024
Since January 2023
Since January 2023
Key Group
Multiple organizations
Researchers at Kaspersky reveal that the Russian ransomware group Key Group is now using the .NET-based Chaos ransomware builder.
Researchers at Cyble discover an ongoing sophisticated cyber-espionage campaign using Visual Studio Code (VS Code) to distribute a Python-based malware that gives attackers unauthorized and persistent remote access to infected machines.
Targeted Attack
Unknown
Cyber Espionage
Unknown
Phishing Email
5
01/10/2024
–
–
?
Multiple e-commerce sites
Researchers at Sansec disclose that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting CVE-2024-34102, a security vulnerability dubbed CosmicSting.
Malicious Script Injection
Wholesale and retail
Cyber Crime
>1
CVE-2024-34102 Vulnerability
6
01/10/2024
–
–
?
Individuals
Researchers at Malwarebytes discover a campaign where a fake Disney+ activation page redirects to a pornographic scam.
Scam
Individual
Cyber Crime
>1
SEO Poisoning
7
01/10/2024
–
–
?
Android users
Researchers at ThreatDown discover a campaign spreading MobiDash adware for Android using phishing emails, links on social media posted by people or bots, and at least one pornography website.
Malware
Individual
Cyber Crime
>1
>1 (Phishing Email, Social Media, Bots)
8
01/10/2024
Between August 2023 and April 2024
Between August 2023 and April 2024
Eight individuals
Swiss citizens
The Interpol arrests eight suspected cybercriminals in Côte d’Ivoire as part of an ongoing international operation against a “large-scale” phishing scams targeting Swiss citizens.
Account Takeover
Individual
Cyber Crime
CH
Phishing Email
9
01/10/2024
–
–
Threat actors from North Korea
Multiple organizations in Germany
The German Federal Office for the Protection of the Constitution warns that German companies have fallen for the scam, in which North Korean IT workers use fake identities and VPNs to conceal their true nature to obtain foreign currency.
Account Takeover
Multiple Industries
Cyber Crime
DE
Recruitment Sites
10
02/10/2024
Mid-September 2024
Mid-September 2024
Prince
Organizations in the U.S. and U.K.
Researchers at Proofpoint identify a new campaign in which threat actors impersonated the British postal carrier Royal Mail to target victims in the U.S. and the U.K. with Prince ransomware.
Ransomware
Multiple Industries
Cyber Crime
GB
US
Phishing Email
11
02/10/2024
During August 2024
During August 2024
Andariel, sub-cluster of Lazarus Group, a.k.a. APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy, Silent Chollima, and Stonefly
Three undisclosed organizations in the U.S.
Researchers at Symantec reveal that three different organizations in the U.S. were targeted in August 2024 by the North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack.
Malware
Unknown
Cyber Crime
US
Phishing Email
12
02/10/2024
Since at least the beginning of 2022
Since at least the beginning of 2022
CeranaKeeper
Governmental institutions in Thailand
Researchers at ESET discover a newly identified China-aligned threat group named CeranaKeeper, targeting governmental institutions in Thailand.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
TH
Unknown
13
02/10/2024
Since May 2024
Since May 2024
?
Apple iOS and Android users across multiple regions
Researchers at Group-IB uncover a large-scale fraud campaign involving fake trading apps targeting Apple iOS and Android users across multiple regions through the UniApp framework, and distributed through official app stores and phishing sites.
Scam
Individual
Cyber Crime
>1
>1 (Phishing Email, App Store)
14
02/10/2024
Since mid 2023
Since Mid 2023
?
Multiple organizations
Researchers at Sekoia reveal the details of an infrastructure controlling compromised edge devices transformed into Operational Relay Boxes via the GobRAT and Bulbature malware, and used to launch offensive cyber attack.
Malware
Multiple Industries
Cyber Crime
>1
Misconfiguration
15
02/10/2024
–
–
FIN7 (a.k.a. Sangria Tempest)
Individuals
Researchers at Silent Push observed the FIN7 group (aka Sangria Tempest) creating at least seven websites serving malware to visitors looking to use an AI adult-based generator.
Malware
Individual
Cyber Crime
>1
Fake websites
16
02/10/2024
Late August 2024
Late August 2024
?
Talent search lead working in the engineering sector
Researchers from Trend Micro discover a spear-phishing email campaign targeting recruiters with a JavaScript backdoor called More_eggs.
Malware
Professional, scientific and technical
Cyber Crime
N/A
Phishing Email
17
02/10/2024
Since early September
Since early September
?
multiple organizations in the financial services, Internet, and telecommunication industries, among others
Researchers at Cloudflare disclose that the company mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.
DDoS
Multiple Industries
Unknown
Unknown
N/A
18
02/10/2024
–
–
?
Unknown organization(s)
The U.S. CISA warns that CVE-2024-29824, a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances, is now actively exploited in attacks.
Unknown
Unknown
Unknown
US
CVE-2024-29824 Vulnerability
19
02/10/2024
–
–
?
Red Barrels
Canadian video game developer Red Barrels warns that the development of its Outlast games will likely be delayed after the company suffered a cyberattack impacting its internal IT systems and data.
Unknown
Arts entertainment, recreation
Cyber Crime
CA
Unknown
20
02/10/2024
‘Recently’
‘Recently’
?
ADT
Home and small business security company ADT discloses it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data.
Account Takeover
Professional, scientific and technical
Cyber Crime
US
Stolen Credentials
21
02/10/2024
Since 10/09/2024
Since 10/09/2024
?
Crypto users in the U.S.
Researchers at Netcraft warn of a new wave of investment scams attempting to cash in on public awareness of the presidential debate.
Scam
Fintech
Cyber Crime
US
Social Media
22
02/10/2024
During September 2024
During September 2024
?
Multiple organizations
Researchers from Check Point detect over 5,000 emails masquerading as Microsoft notifications.
Account Takeover
Multiple Industries
Cyber Crime
>1
Phishing Email
23
03/10/2024
–
–
APT37 (a.k.a InkSquid, RedEyes, BadRAT, Reaper, ScarCruft, and Ricochet Chollima)
Organizations in Cambodia and other Southeast Asian countries
Researchers at Securonix uncover SHROUDED#SLEEP, a campaign where threat actors with ties to North Korea deliver a previously undocumented backdoor and remote access trojan (RAT) called VeilShell as part of a campaign targeting Cambodia and likely other Southeast Asian countries.
Targeted Attack
Multiple Industries
Cyber Espionage
KH
>1
Unknown
24
03/10/2024
–
–
?
Multiple organizations
Researchers at Cofense discover a credential phishing scheme targeting Microsoft accounts through legitimate Zoom Docs links.
Account Takeover
Multiple Industries
Cyber Crime
>1
Phishing Email
25
03/10/2024
‘over the past 3-4 years”
‘over the past 3-4 years’
?
Organizations in the US, Russia, Germany, Indonesia, Korea, China, Spain
Researchers at Aqua shed light on perfctl, a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers.
Malware
Multiple Industries
Cyber Crime
CN
DE
ES
IN
KR
RU
US
Misconfiguration
26
03/10/2024
–
–
ColdRiver a.k.a. Callisto Group, Seaborgium, and Star Blizzard
Former members of the U.S. intelligence community, former and current Department of Defense and State Department employees, as well as a coterie of military contractors and staff at the Department of Energy.
41 domains and websites are taken down by the Justice Department and Microsoft after investigators tied the tools to an espionage campaign by the Russian government.
Account Takeover
Multiple Industries
Cyber Espionage
US
Fake websites
27
03/10/2024
Since at least 2022
‘Recently’
?
Multiple organizations
Researchers from Cisco Talos observe a financially-motivated threat actor targeting organizations globally with “BabyLockerKZ, a MedusaLocker ransomware variant.
Ransomware
Multiple Industries
Cyber Crime
AR
AU
BR
CA
CL
CO
DE
ES
FR
GB
HK
IT
JP
MX
NL
KR
US
Unknown
28
03/10/2024
Since June 2024
Since June 2024
CyberVolk
Multiple organizations
Researchers at Rapid7 expose CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024.
Ransomware
Multiple Industries
Hacktivism
>1
Unknown
29
03/10/2024
03/10/2024
03/10/2024
?
American Water
American Water, the largest publicly traded U.S. water and wastewater utility company, is forced to shut down some of its systems after a cyberattack.
Unknown
Water supply, waste mgmt, remediation
Unknown
US
Unknown
30
03/10/2024
–
03/10/2024
?
Wayne County
Wayne County in Michigan is dealing with an alleged ransomware attack that has shut down all government websites and limited the operations of several offices.
Ransomware
Public admin and defence, social security
Cyber Crime
US
Unknown
31
03/10/2024
15/07/2024
30/08/2024
?
Universal Music Group
Universal Music Group informs hundreds of individuals about a recent data breach impacting their personal information.
Unknown
Arts entertainment, recreation
Cyber Crime
US
Unknown
32
03/10/2024
–
–
?
Bloom Hearing Specialists
Bloom Hearing Specialists warns thousands of customers about a ransomware attack stealing sensitive data.
Ransomware
Human health and social work
Cyber Crime
AU
Unknown
33
04/10/2024
–
–
LemonDuck
Multiple organizations
Researchers from NetsbyteSec discover a new campaign exploiting the EternalBlue vulnerability (CVE-2017-0144) to install the LemonDuck cryptomining malware.
Malware
Multiple Industries
Cyber Crime
Unknown
CVE-2017-0144 Vulnerability
34
04/10/2024
Between 17/07/2024 and 04/10/2024
–
?
Multiple organizations
Okta urges its customers to check for exploitation of a recently patched sign-on policy bypass vulnerability for Okta Classic that could have resulted in unauthorized access to applications, especially if organizations had misconfigured or weak policies in place.
Account Takeover
Multiple Industries
Cyber Crime
Unknown
Misconfiguration
35
04/10/2024
Since May 2024
Since May 2024
Trinity
Healthcare Organizations and Public Healthcare in the U.S.
The U.S. Department of Health and Human Services publishes an advisory warning hospitals of the threat posed by the Trinity ransomware group, noting that it is “a significant threat” to the U.S. healthcare and public health sector.
EigenLayer team says it is investigating an “unapproved selling activity” of about 1.6 million of EigenLayer’s EIGEN tokens, worth about $5.7 million. In a subsequent update the company reveals that the unapproved token-selling incident was due to a hack, after a malicious attacker compromised an email thread involving an investor’s token transfer into custody.
Account Takeover
Fintech
Cyber Crime
US
Stolen Credentials
37
04/10/2024
10/09/2024
10/09/2024
BianLian
Boston Children’s Health Physicians
Boston Children’s Health Physicians (BCHP) discloses to have suffered a cyber attack The BianLian ransomware operation claims responsibility for the attack.
Ransomware
Human health and social work
Cyber Crime
US
Supply Chain Compromise
38
04/10/2024
‘In recent months’
‘In recent months’
?
Organizations in the finance and healthcare sectors
Researchers at Palo Alto Networks reveal the details of FinHealthXDS, a campaign abusing DNS tunneling to target organizations in the finance and healthcare sectors.
Malware
Multiple Industries
Cyber Crime
Unknown
Unknown
39
04/10/2024
‘In recent months’
‘In recent months’
Threat actors from Russia
10 organizations from higher education
Researchers at Palo Alto Networks reveal the details of RussianSite, a campaign abusing DNS tunneling to target organizations in the higher education.
Malware
Education
Cyber Crime
Unknown
Unknown
40
04/10/2024
‘In recent months’
‘In recent months’
?
Undisclosed organization(s)
Researchers at Palo Alto Networks reveal the details 8NS, an additional campaign abusing DNS tunneling.
Malware
Unknown
Cyber Crime
Unknown
Unknown
41
04/10/2024
‘In recent months’
‘In recent months’
?
Individuals
Researchers at Palo Alto Networks reveal the details of NSFinder, an additional campaign abusing DNS tunneling.
Malware
Education
Cyber Crime
Unknown
Adult Websites
42
05/10/2024
05/10/2024
05/10/2024
?
LEGO
Cryptocurrency scammers briefly hack the LEGO website to promote a fake Lego token that could be purchased with Ethereum.
Unknown
Manufacturing
Cyber Crime
DK
Unknown
43
07/10/2024
–
–
?
Undisclosed individuals or organizations
Qualcomm confirms that threat actors exploited CVE-2024-43047, a zero-day in dozens of its chipsets found in popular Android devices. Amnesty International’s Security Lab confirms the statement.
Malware
Unknown
Cyber Espionage
Unknown
CVE-2024-43047 Vulnerability
44
07/10/2024
07/10/2024
07/10/2024
Threat Actors from Ukraine
VGTRK
Russian state media company VGTRK, which owns and operates the country’s main national TV stations, is targeted in a DDoS cyberattack on Putin’s birthday, which a Ukrainian government source said Kyiv’s hackers had caused.
DDoS
Information and communication
Hacktivism
RU
N/A
45
07/10/2024
End of September 2024
End of September 2024
?
Multiple organizations
Researchers at Malwarebytes discover a malvertising campaign dropping malware disguised as software downloads, such as Slack, Notion, Calendly, Odoo, Basecamp, and others.
Malware
Multiple Industries
Cyber Crime
>1
Malvertising
46
07/10/2024
From May 2022 to March 2024
During May 2022
GoldenJackal
Governmental entities in Europe, the Middle East, and South Asia
Researchers at ESET unearthed two sophisticated toolsets that a nation-state hacking group, dubbed GoldenJackal, and possibly from Russia, used to steal sensitive data stored on air-gapped devices.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
>1
Unknown
47
07/10/2024
Since at least late May 2024
During late May 2024
?
Multiple organizations
Researchers at Sekoia detail a new AitM phishing kit called Mamba 2FA that’s sold as phishing-as-a-service (PhaaS) to other threat actors to conduct email phishing campaigns that propagate HTML attachments impersonating Microsoft 365 login pages.
Account Takeover
Multiple Industries
Cyber Crime
>1
Phishing Email
48
07/10/2024
–
–
?
Multiple organizations
Researchers at ANY.RUN reveal that threat actors exploited the 360 Total Security antivirus software to distribute a Rust-based malware known as SSLoad, through the use of a new loader called PhantomLoader, disguised as a legitimate module of the antivirus program.
Malware
Multiple Industries
Cyber Crime
>1
Fake Software
49
07/10/2024
05/10/2024
05/10/2024
Underground
Casio
Japanese electronics giant Casio suffers a ransomware attack that resulted in the theft of customer data.
Ransomware
Manufacturing
Cyber Crime
JP
Unknown
50
07/10/2024
Between June and August 2024
Between June and August 2024
Awaken Likho (a.k.a. Core Werewolf and PseudoGamaredon)
Russian government agencies and industrial entities
Researchers at Kaspersky discover a campaign dubbed Awaken Likho, targeting Russian government agencies and industrial entities.
Targeted Attack
Multiple Industries
Cyber Espionage
RU
Phishing Email
51
07/10/2024
–
04/10/2024
?
Uttarakhand State Data Center
India’s state of Uttarakhand is hit with a ransomware attack, targeting the Uttarakhand State Data Center.
Ransomware
Public admin and defence, social security
Cyber Crime
IN
Unknown
52
07/10/2024
07/10/2024
07/10/2024
NoName057(16)
Websites of the Senate of the Federal Parliament of Belgium, and the local authority in the southern Belgian region of Wallonia
The websites of the Senate of the Federal Parliament of Belgium, and the local authority in the southern Belgian region of Wallonia are hit with a DDoS attack by the Pro-Russia collective NoName057(16).
DDoS
Public admin and defence, social security
Hacktivism
BE
N/A
53
07/10/2024
–
–
?
Vermilion Parish Schools
The Vermilion Parish Schools is hit with a cyber attack.
Unknown
Education
Cyber Crime
US
Unknown
54
08/10/2024
–
–
?
Undisclosed organization(s)
Microsoft patches CVE-2024-43572 and CVE-2024-43573, two zero-day vulnerabilities under active exploitation.
Unknown
Unknown
Unknown
Unknown
CVE-2024-43572 and CVE-2024-43573 Vulnerabilities
55
08/10/2024
Since at least March 2024
During March 2024
?
Educational Sector in North America, South America, Europe, Asia, and Australia
Researchers at Morphisec uncover multiple variants of Lua malware specifically targeting the educational sector.
Malware
Education
Cyber Crime
>1
SEO Poisoning
56
08/10/2024
08/10/2024
08/10/2024
?
Individuals and organizations in Florida
Researchers at Verity reveal that cybercriminals are exploiting disaster relief efforts to target vulnerable individuals and organizations in Florida, via scams, phishing attacks, and malicious files disguised as FEMA documents.
>1 (Account Takeover, Malware, Scam)
Multiple Industries
Cyber Crime
US
Phishing Email
57
08/10/2024
–
–
?
Users in Russia. Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan and Turkey
Researchers at Dr.Web discover a new campaign targeting over 28,000 users across Russia and neighbouring countries with a malware dubbed Trojan.AutoIt.1443, disguised as office programs, game cheats, and online trading bots, and infecting computers with cryptomining and cryptostealing malware.
Malware
Individual
Cyber Crime
BY
KG
KZ
RU
TR
UA
UZ
Fake Software
58
08/10/2024
Since November 2023
Since November 2023
?
Multiple organizations
Researchers at Trustwave’s discover a new malware dubbed Pronsis Loader.
Malware
Multiple Industries
Cyber Crime
>1
Unknown
59
08/10/2024
–
–
?
Multiple organizations
Ivanti releases security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
CreditRiskMonitor, a provider of intelligence and analytics for credit and supply chain professionals, discloses a data breach impacting employees and contractors.
Unknown
Administration and support service
Cyber Crime
US
Unknown
61
08/10/2024
–
–
Threat actors linked to the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC)
individuals associated with national political entities
The US cybersecurity agency CISA and the FBI issue a warning about Iranian threat actors targeting and breaking into the email accounts of individuals associated with national political entities.
Account Takeover
Individual
Cyber Espionage
US
Phishing Email
62
08/10/2024
28/02/2024
28/02/2024
?
Dohman, Akerlund & Eddy
Accounting firm Dohman, Akerlund & Eddy (“DA&E”) announces a data incident that impacted some protected health information of 82,000 people.
Unknown
Administration and support service
Cyber Crime
US
Unknown
63
08/10/2024
–
–
?
Del Valle Independent School District
Del Valle Independent School District notifies the Texas AG of a breach affecting 5,214 Texans
Unknown
Education
Cyber Crime
US
Unknown
64
09/10/2024
Since mid-April 2024
Since mid-April 2024
?
Multiple organizations
Researchers at Microsoft warn of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic.
Business Email Compromise
Multiple Industries
Cyber Crime
>1
Phishing Email
65
09/10/2024
–
–
?
Unknown organization(s)
Mozilla reveals that CVE-2024-9680, a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
Unknown
Unknown
Unknown
Unknown
CVE-2024-9680 Vulnerability
66
09/10/2024
During late Q2 2024
During late Q2 2024
?
Organizations in the financial space
Researchers at Cofense discover a new campaign targeting financial organizations via the Remcos RAT hidden in GitHub Repository Comments.
Malware
Finance and insurance
Cyber Crime
>1
Phishing Email
67
09/10/2024
–
–
?
Multiple organizations
Researchers at Barracuda discover a new generation of QR code phishing (quishing), designed to evade traditional security defenses by including QR codes built from text-based ASCII/Unicode characters rather than the standard static image, or using binary large object universal resource identifiers (URIs).
Account Takeover
Multiple Industries
Cyber Crime
>1
Phishing Email
68
09/10/2024
–
–
?
Unknown organization(s)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reveals that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild.
Unknown
Unknown
Unknown
US
CVE-2024-23113 Vulnerability
69
09/10/2024
Since the start of 2024
Since the start of 2024
Multiple threat actors including SweetSpecter, Cyber Av3ngers, and Storm-0817
Multiple organizations
OpenAI says it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year.
>1
Multiple Industries
Cyber Crime
Cyber Warfare
>1
Unknown
70
09/10/2024
Since July 2024
Since July 2024
Threat Actors from North Korea
Multiple organizations
Researchers from Palo Alto Networks discover a new variant of the CL-STA-240 Contagious Interview campaign where threat actors associated with the Democratic People’s Republic of Korea (DPRK) pose as fake recruiters in an effort to get victims to download the BeaverTail malware and the InvisibleFerret backdoor.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
Social Media
71
09/10/2024
09/10/2024
09/10/2024
?
The Wayback Machine
Internet Archive’s “The Wayback Machine” suffers a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
Unknown
Information and communication
Cyber Crime
US
Unknown
72
09/10/2024
09/10/2024
09/10/2024
BlackMeta
The Wayback Machine
Internet Archive’s “The Wayback Machine” suffers a wave of DDoS attacks.
DDoS
Information and communication
Hacktivism
US
N/A
73
09/10/2024
17/08/2024
19/08/2024
?
Fidelity Investments
Fidelity Investments, a Boston-based multinational financial services company, discloses that the personal information of over 77,000 customers was exposed after its systems were breached in August.
Account Takeover
Finance and insurance
Cyber Crime
US
Stolen Credentials
74
09/10/2024
‘Few weeks before’
‘Few weeks before’
?
Undisclosed e-Commerce organization
Researchers from Jscrambler discover a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer.
Malicious Script Injection
Wholesale and retail
Cyber Crime
Unknown
Unknown
75
09/10/2024
–
08/10/2024
?
AI-powered cloud call center solutions in Middle East
Researchers at Resecurity discover a posting on the Dark Web related to the monetization of stolen data from one of the major AI-powered cloud call center solutions in Middle East.
Unknown
Administration and support service
Cyber Crime
Unknown
Unknown
76
09/10/2024
Since early August 2024
Since early August 2024
?
Individuals in Moldova
Researchers at Check Point reveal the details of a new disinformation campaign, dubbed “Operation MiddleFloor” targeting Moldova ahead of its October elections.
Coordinated Inauthentic Behavior
Individual
Cyber Warfare
MD
Phishing Email
77
09/10/2024
–
09/03/2023
?
Family Medical Center in Mount Airy
Family Medical Center in Mount Airy reports a ransomware attack.
Ransomware
Human health and social work
Cyber Crime
US
Unknown
78
09/10/2024
08/10/2024
08/10/2024
?
Massachusetts Employee Self-Service Time and Attendance (SSTA)
Massachusetts suffers a cyberattack that forces it to shut down its statewide payroll system.
Credential Harvesting
Public admin and defence, social security
Cyber Crime
US
Stolen Credentials
79
09/10/2024
Early October 2024
Early October 2024
?
Sonoma County Superior Court
Sonoma County Superior Court documents are exposed in a data breach this week.
Unknown
Public admin and defence, social security
Cyber Crime
US
Unknown
80
10/10/2024
–
–
?
Unknown organization(s)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.
Unknown
Unknown
Unknown
US
F5 BIG-IP Vulnerability
81
10/10/2024
–
–
APT29 a.k.a. BlueBravo, Cloaked Ursa, Cozy Bear, and Midnight Blizzard
Diplomatic, defense, technology, and finance sectors
Cybersecurity agencies from the U.K. and the U.S. publish a joint bulletin detailing Russian state-sponsored actors’ attempts to target diplomatic, defense, technology, and finance sectors to collect foreign intelligence and enable future cyber operations.
Targeted Attack
Multiple Industries
Cyber Espionage
GB
US
Misconfiguration
CVE-2022-27924 and CVE-2023-42793 Vulnerabilities
82
10/10/2024
Since July 2024
Since July 2024
?
Users of popular accommodation booking platforms like Booking.com and Airbnb
Researchers at ESET discover that the organized scammer network Telekopye has expanded its operations to target users of popular accommodation booking platforms like Booking.com and Airbnb.
Scam
Accommodation and food service
Cyber Crime
>1
Stolen Credentials
83
10/10/2024
–
–
Akira
Fog
Multiple organizations
Researchers at Sophos reveal that ransomware gangs are exploiting CVE-2024-40711, a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers.
Ransomware
Multiple Industries
Cyber Crime
>1
CVE-2024-40711 Vulnerability
84
10/10/2024
‘Recently’
‘Recently’
?
Multiple organizations
Researchers at G DATA uncover a sophisticated malware campaign leveraging Bitbucket, a popular code hosting platform, to deploy AsyncRAT, a well-known remote access trojan (RAT).
Malware
Multiple Industries
Cyber Crime
>1
Unknown
85
10/10/2024
Since July 2024
Since July 2024
Lynx
Multiple organizations in retail, real estate, architecture, and financial and environmental services in the U.S. and UK.
Researchers at Palo Alto Networks discover a successor to INC ransomware named Lynx
Ransomware
Multiple Industries
Cyber Crime
GB
US
Phishing Email
86
10/10/2024
During July 2024
During July 2024
?
Multiple organizations
Researchers at Zscaler disclose a new malware campaign that leverages a malware loader named PureCrypter to deliver a commodity remote access trojan (RAT) called DarkVision RAT.
Malware
Unknown
Cyber Crime
>1
Unknown
87
10/10/2024
–
–
Rhysida
Axis Health System
Axis Health System is hit with a Rhysida ransomware attack.
Ransomware
Human health and social work
Cyber Crime
US
Unknown
88
10/10/2024
–
07/08/2024
?
Omni Family Health
Omni Family Health notifies close to 470,000 individuals that their personal information was stolen in a cyberattack earlier this year.
Organizations in the energy space in the Middle East
Researchers at Trend Micro observe the Iranian threat actor known as OilRig exploiting CVE-2024-30088, a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.
Targeted Attack
Electricity, gas steam, air conditioning
Cyber Espionage
>1
Vulnerability
90
11/10/2024
‘Recently’
‘Recently’
?
Android banking users
Researchers at Zimperium discover 40 new variants of the TrickMo Android banking trojan in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs.
Malware
Finance and insurance
Cyber Crime
>1
App Store
91
11/10/2024
Since mid-September 2024
Since mid-September 2024
?
Multiple organizations
Researchers at HarfangLab discover a new malware campaign delivering Lumma Stealer via the Hijack Loader artifacts signed with legitimate code-signing certificates.
Malware
Multiple Industries
Cyber Crime
>1
Malicious Captcha
92
11/10/2024
Early October 2024
Early October 2024
?
Multiple organizations
Researchers at SonicWall warn of a surge in cyber attacks infecting Windows machines with a malware dubbed CoreWarrior.
Malware
Multiple Industries
Cyber Crime
>1
Unknown
93
11/10/2024
07/09/2024
09/09/2024
State-sponsored threat actor
Undisclosed organization
Researchers from Fortinet detect a suspected nation-state adversary weaponizing CVE-2024-8190, CVE-2024-8963, and CVE-2024-9380 three security flaws in Ivanti Cloud Service Appliance (CSA) to perform a series of malicious actions.
Targeted Attack
Unknown
Cyber Espionage
Unknown
CVE-2024-8190, CVE-2024-8963, and CVE-2024-9380 Vulnerabilities
94
11/10/2024
–
–
BO Team
Russian general jurisdiction courts
The websites of Russian general jurisdiction courts are down for several days following a cyberattack claimed by pro-Ukrainian hackers from BO Team.
Unknown
Public admin and defence, social security
Hacktivism
RU
Unknown
95
11/10/2024
–
–
Ukraine’s main Intelligence Directorate of the Ministry of Defense
North Caucasus Federal University
Ukraine’s military intelligence announced that they hacked the systems of North Caucasus Federal University, the Russian university that trains drone operators, digital communication specialists, engineers, and physicists for its army.
Unknown
Education
Cyber Warfare
RU
Unknown
96
11/10/2024
11/10/2024
11/10/2024
?
Calgary Public Library
Calgary Public Library is forced to provide limited access to services following a cyberattack.
Unknown
Education
Cyber Crime
CA
Unknown
97
11/10/2024
–
–
?
America First Policy Institute
America First Policy Institute, a conservative think tank, is targeted with a cyber attack.
Unknown
Other service activities
Unknown
US
Unknown
98
11/10/2024
03/07/2024
06/09/2024
?
Gryphon Healthcare
Gryphon Healthcare notifies 393,358 individuals of an incident which involved an unnamed partner “that Gryphon provides medical billing services for.”
Unknown
Human health and social work
Cyber Crime
US
Supply Chain Compromise
99
11/10/2024
08/11/2023
27/09/2024
?
Tri-City Healthcare District
Tri-City Healthcare District notifies that 108,149 people were impacted by a year-old data breach.
Unknown
Human health and social work
Cyber Crime
US
Unknown
100
11/10/2024
‘Over the past 12 months’
‘Over the past 12 months’
Threat actors from Russia
UK Ambulance Services
Threat actors from Russia targeted key suppliers to The UK Ambulance Services and Ministry of Defence (MoD).
Unknown
Human health and social work
Cyber Espionage
GB
Unknown
101
12/10/2024
During August 2024
During August 2024
?
Game Freak
Japanese video game developer Game Freak confirms it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online.
Unknown
Arts entertainment, recreation
Cyber Crime
JP
Supply Chain Compromise
102
12/10/2024
12/10/2024
12/10/2024
Israel?
Government sites and nuclear facilities in Iran
Government sites and nuclear facilities in Iran are hit by disruptive cyberattacks.
Unknown
Multiple Industries
Cyber Warfare
IR
Unknown
103
13/10/2024
Since at least June 2023
Since at least June 2023
Threat actors from North Korea (Hidden Cobra)
Organizations in the financial space
Threat actors from North Korea are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals.
Malware
Finance and insurance
Cyber Crime
>1
Unknown
104
14/10/2024
‘Recently’
‘Recently’
?
Gmail users
A sophisticated, AI-augmented phishing scheme targets Gmail users in disguise of a Gmail account recovery attempt.
Account Takeover
Individual
Cyber Crime
>1
Phishing Email
105
14/10/2024
‘Recently’
‘Recently’
Water Makara
Banking users in Brazil
Researchers at Trend Micro discover a new spear-phishing campaign targeting Brazil, delivering the banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.
Malware
Finance and insurance
Cyber Crime
BR
Phishing Email
106
14/10/2024
During 2024
During 2024
?
Multiple organizations
Researchers at Ironscales observe a “major spike” in RTF-based phishing campaigns.
Malware
Multiple Industries
Cyber Crime
>1
Phishing Email
107
14/10/2024
During September and October 2024
During September and October 2024
?
Android Banking Users
Researchers at Cyble discovered the “ErrorFather”, delivering an undetected “Cerberus” Android trojan payload.
Malware
Finance and insurance
Cyber Crime
>1
App Store
108
14/10/2024
–
–
27 people
Individuals in Hong Kong
Hong Kong police arrest 27 people for allegedly carrying out romance scams using deepfake face-swapping technology that swindled victims out of $46 million.
Scam
Individual
Cyber Crime
HK
Social Media
109
14/10/2024
06/10/2024
14/10/2024
IntelBroker
EnergyWeaponUser
zjj
Cisco
Cisco confirms to be investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. Few days later the company confirms the breach and takes offline the DevHub portal.
Unknown
Manufacturing
Cyber Crime
US
Unknown
110
14/10/2024
During June 2024
During September 2024
?
Unspecified governmental organization located in one of the Commonwealth of Independent States (CIS) countries
Researchers from Positive Technologies observe unknown threat actors, attempting to exploit CVE-2024-37383, a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials.
Targeted Attack
Public admin and defence, social security
Cyber Espionage
Unknown
CVE-2024-37383 Vulnerability
111
14/10/2024
22/05/2024
24/05/2024
?
Varsity Brands
The apparel company Varsity Brands discloses a data breach impacting 65,000 individuals.
Unknown
Wholesale and retail
Cyber Crime
US
Unknown
112
14/10/2024
During July 2024
–
?
Central Tickets
Central Tickets confirms a data breach occurred in July 2024.
Unknown
Arts entertainment, recreation
Cyber Crime
GB
Unknown
113
15/10/2024
–
–
?
Multiple organizations
Researchers at Trend Micro say that attackers are trying to integrate EDRSilencer in attacks to evade detection.
Malware
Multiple Industries
Cyber Crime
>1
Unknown
114
15/10/2024
–
–
?
Unknown organization(s)
The U.S. CISA adds CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Unknown
Unknown
Cyber Crime
US
CVE-2024-30088 Vulnerability
115
15/10/2024
–
–
?
Unknown organization(s)
The U.S. CISA adds the CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Unknown
Unknown
Cyber Crime
US
CVE-2024-9680 Vulnerability
116
15/10/2024
–
–
?
Unknown organization(s)
The U.S. CISA adds the CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
High-profile entities and strategic infrastructures in the Middle East and Africa
Researchers at Kaspersky discover a new wave of attacks by the India-based APT group SideWinder using an advanced post-exploitation toolkit dubbed “StealerBot” to further its cyber-espionage activity.
Targeted Attack
Multiple Industries
Cyber Espionage
>1
Phishing Email
118
15/10/2024
‘In the past two weeks’
‘In the past two weeks’
?
Individuals in the U.K.
Action Fraud, the UK’s national fraud and cyber reporting center, reveal that a wave of malicious emails masquerading as Starbucks offers have been circulating, promising coffee drinkers a free Starbucks Coffee Lovers Box.
Malware
Individual
Cyber Crime
GB
Phishing Email
119
15/10/2024
‘Recently’
‘Recently’
UAC-0050
Nearly 60 Ukrainian embassies around the world, as well as media outlets and state agencies
Ukraine’s computer emergency response team (CERT-UA) links a threat group known as UAC-0050 to a psychological operation with the name Fire Cells Group consisting in a large-scale information campaign targeting Ukrainian institutions with emails warning of a terrorist attack.
Email campaign
Multiple Industries
Cyber Warfare
UA
N/A
120
15/10/2024
–
–
8Base
Volkswagen Group
The Volkswagen Group issues a statement after the 8Base ransomware group claims to have stolen valuable information from the carmaker’s systems.
Trusted source for breaking news and journalism.
Avice News Trust is a leading media organization dedicated to delivering reliable news coverage and journalism. As a digital news platform, we focus on breaking news, current events, and in-depth news reporting. Our commitment to media trust ensures our audience receives accurate and timely updates. Explore a wide range of news articles and stay informed with Avice News Trust, your dependable news network.
