Skip to content
Get weekly news collection

Latest Security News Collection

Security news collection - current edition

01

Record Leak? 10 Billion Passwords Released in Massive Data Breach

#RockYou2024Leak #PasswordBreach #CredentialStuffingRisk #CyberSecurityThreat #DataLeakDiscovery #OnlineAccountSafety #BruteForceAttacks #PrivacyViolationConcerns #FinancialFraudWarning #IdentityTheftAlert #cybercrime #cybersecurity

Security researchers have uncovered a file named “rockyou2024.txt” containing nearly 10 billion unique plaintext passwords, posted online on July 4th by a user with the pseudonym “ObamaCare” on a hacker forum.

Analysis using a “Leaked Password Checker” tool revealed that the passwords are compiled from both old and new data breaches. The “RockYou2024” collection represents a significant risk for “Credential Stuffing” attacks, where cybercriminals attempt to gain unauthorized access to various online accounts using leaked credentials.

Recent attacks on companies like Santander and Ticketmaster highlight the dangers of this method.

The collection could also be used for brute-force attacks on a wide range of targets, potentially leading to a cascade of privacy violations, financial fraud, and identity theft when combined with other leaked databases containing email addresses.

→ Read more on it-daily.net


02

Ransomware Strike on Patelco Credit Union Sparks Pre-Holiday Turmoil

#PatelcoRansomware #CreditUnionAttack #FinancialDisruption #CyberAttackRecovery #ATMOutages #OnlineBankingIssues #CustomerConfusion #LateFeeReimbursement #DirectDepositAccess #CreditScoreAssistance #cybercrime #cybersecurity

Patelco Credit Union, a major West Coast financial institution with over $9 billion in assets, is grappling with the aftermath of a ransomware attack that disrupted its operations. The attack, which started on Saturday, has led to intermittent ATM outages and online account access issues for its nearly 500,000 members.

Patelco has assured customers that it will reimburse late fees incurred due to the incident and is working on recovery. However, customers are experiencing confusion and frustration, particularly on social media, due to conflicting information. The credit union has stated that while certain transfers will be halted, direct deposits will be processed before withdrawals.

Patelco is also offering to assist with credit score impacts and will waive overdraft and late payment fees during the recovery period, though no specific timeline for full restoration of services has been provided.

→ Read more on therecord.media


03

ShinyHunters Hack Exposes 440K Taylor Swift Eras Tour Tickets in Ticketmaster Breach

#ShinyHuntersBreach #TicketmasterHack #TaylorSwiftErasTourLeak #CybersecurityIncident #PIIDataExposure #LiveNationDataBreach #CustomerDataCompromise #HackerGroupRevelation #EmailAddressesLeaked #CreditCardInfoAtRisk #cybercrime #cybersecurity

The hacker group ShinyHunters has made headlines again by releasing details of their breach of Ticketmaster - LiveNation, specifically targeting tickets for Taylor Swift’s Eras Tour.

On the Breach Forums, they claim to have stolen 440,000 tickets, hinting at the potential for a high-profile public fallout.

The data compromised in the breach includes 980 million sales orders, 680 million order details, 1.2 billion party lookup records, 440 million unique email addresses, and 400 million encrypted credit card details with partial information.

ShinyHunters boasts that this is the largest non-scrape breach of customer Personally Identifiable Information (PII) ever publicly disclosed, raising serious concerns about data security and privacy.

→ Read more on hackread.com


04

#CyberIncidents #LambertzRansomware #BlackBastaHack #TÜVRheinlandCyberBreach #RansomexxGang #DataTheft #CybersecurityIrony #ITInfrastructureUpdate #ForensicInvestigation #CyberProtectionServices #cybercrime #cybersecurity

This week witnessed notable cyber incidents, including a ransomware attack on the cookie manufacturer Lambertz by the BlackBasta criminal group, who claim to have stolen 800 GB of data, including employee, financial, and HR information.

Lambertz confirmed the breach and is working on forensic investigations and updating their IT infrastructure. Meanwhile, TÜV Rheinland AG experienced a cyber intrusion by the Ransomexx gang, with an alleged theft of 650 GB of data, particularly affecting TÜV Rheinland Akademie GmbH’s training network.

Although data was leaked, initial investigations suggest no sensitive information was compromised. Interestingly, TÜV Rheinland AG offers services to protect against cyber intrusions and ransomware, adding a layer of irony to the situation.

→ Read more on heise.de


05

Cancer Patient Faces Harrowing Choice Amid Qilin Cyberattack on London Hospitals

#QilinCyberattack #LondonHospitalsRansomware #PatientDilemma #CancerCareDisruption #MedicalProcedureCancellations #SynnovisPathologyServices #HER2Positive #HealthcareCybersecurity #UrgentCancerTreatment #SurgeryDecisionPressure #cybercrime #cybersecurity

In the wake of the Qilin ransomware attack on Synnovis, which provides pathology services to London hospitals, approximately 1,500 medical procedures have been cancelled.

Johanna Groothuizen, a 36-year-old King’s College London employee and former health sciences researcher, faced a particularly distressing situation. Diagnosed with aggressive HER2-positive breast cancer, Hanna was scheduled for a skin-sparing mastectomy on June 7, which would have allowed for immediate cosmetic reconstruction.

However, just four days after the cyberattack, she was forced to make a rapid decision: proceed with a simple mastectomy or postpone the crucial surgery. This dilemma highlights the profound personal impact of cyberattacks on healthcare services.

→ Read more on theregister.com


06

Hacker Pilfers Trade Secrets from OpenAI

#OpenAISecurityBreach #AIConfidentialityLeak #CybersecurityDebate #AGISafetyConcerns #InternalWhistleblower #NationalSecurityAI #TechCompanyDilemmas #ArtificialGeneralIntelligence #EmployeeForumHack #CyberAttackAftermath #cybercrime #cybersecurity

OpenAI experienced a security breach where an attacker stole internal discussions from an employee forum, as reported by the NYT. The systems responsible for building the AI were not compromised, and no customer or partner information was taken.

OpenAI chose not to report the incident to the FBI, deeming it not a threat to national security and attributing it to an individual unaffiliated with any foreign government. The breach sparked internal debate about the company’s security measures. Leopold Aschenbrenner, a former technical program manager, was dismissed after sending a memo to the board and allegedly leaking a document, which he contends was a non-sensitive brainstorming piece on AGI safety.

The incident reflects broader concerns within OpenAI about its direction and the potential risks associated with artificial general intelligence (AGI), which is capable of original reasoning, as opposed to gen-AI, which learns from existing information.

→ Read more on securityweek.com


07

Formula 1 Organisers’ Email Accounts Compromised in Cyber Hack

#FIADataBreach #Formula1CyberAttack #PhishingIncident #EmailAccountCompromise #F1BritishGrandPrix #CyberSecurityAlert #RacingIndustryThreat #PersonalDataLeak #AutomotiveCyberRisk #SilverstoneCircuitHack #cybercrime #cybersecurity

The Fédération Internationale de l’Automobile (FIA), responsible for overseeing Formula 1, has reported a data breach after a phishing attack compromised two email accounts.

While the FIA confirmed that personal information was involved, the specifics of the data and the affected individuals have not been disclosed. Swift action was taken to secure the breach, and data protection authorities in France and Switzerland have been informed.

With the F1 British Grand Prix and other races approaching, the incident serves as a reminder of the persistent cyber threats facing the sports industry. Fans and businesses linked to racing are advised to remain vigilant against suspicious communications and fraudulent activities.

The luxury automotive industry, in particular, is often targeted by cybercriminals due to its financial allure, as evidenced by a previous ransomware attack on the UK’s Silverstone Circuit.

→ Read more on heise.de


08

Hackers Claim Taylor Swift Ticket Leak: Fans Cautioned Against False Hope

#ProtonEncryptedDocs #ApplePrivateCloudCompute #InternetFreedomThreat #CybersecurityDiplomacy #3DPrintedGunInvestigation #TicketmasterDataBreach #TaylorSwiftTicketLeak #CybercrimeMarketplace #SnowflakeCloudAttack #LiveNationHack #cybercrime #cybersecurity

Proton has introduced an end-to-end encrypted alternative to Google Docs, enhancing privacy in cloud services. Meanwhile, Apple is adopting a privacy-centric AI approach with its Private Cloud Compute.

Concerns are rising over US bans on TikTok and Kaspersky, which could impact internet freedom. US diplomats are receiving training on cybersecurity and digital threats, and an investigation has uncovered the troubling background of a 3D-printed gun creator.

In security news, a hacker on BreachForums, known as Sp1d3rHunters, has threatened to release 170,000 barcodes for Taylor Swift’s upcoming concerts unless Ticketmaster pays a $2 million ransom. The hacker also claims to have access to data for other major events, posing a significant threat to the ticketing giant and its customers.

→ Read more on wired.com


09

EU Invites Applications for Funding in Cybersecurity and Digital Skills Enhancement

#EUCyberFunding #DigitalEuropeProgramme #CybersecurityInfrastructure #AIIntelligenceSharing #EUCyberSolidarityAct #SecurityOperationCenters #NIS2Directive #CyberResilienceAct #EUThreatDetection #DigitalSkillsEnhancement #cybercrime #cybersecurity

The Ann & Robert H. Lurie Children’s Hospital of Chicago has reported a significant data breach affecting 791,784 individuals due to a ransomware attack by the Rhysida group in January.

The cybercriminals accessed sensitive health information, including Social Security numbers, medical records, and treatment details. The attack, which resulted in the theft of data later sold for over $3 million, forced the hospital to shut down its electronic health record system, email, and phone services, as well as the patient records portal.

The hospital is now offering two years of identity protection services to the victims and is taking steps to bolster its cybersecurity measures in response to the growing threat landscape.

→ Read more on infosecurity-magazine.com


10

Rise in Industrial Cyberattacks Spurs Increased Spending on OT Cybersecurity

#OTCybersecurityGrowth #IndustrialCyberattacks #CybersecurityInvestment #criticalInfrastructureProtection #IoTCyberRisks #OperationalTechnologySecurity #ManufacturingCyberDefense #EnergySectorCybersecurity #UtilitiesCyberThreats #CyberExtortionPrevention #cybercrime #cybersecurity

The OT cybersecurity market is set to expand by over 9% annually, reaching $21.6 billion by 2028, as reported by ABI Research.

This growth is a response to an increasing number of cyberattacks on internet-connected industrial devices across vital sectors such as water, energy, agriculture, and manufacturing. The need for operational continuity and historically weaker defenses in these sectors make them prime targets for extortion.

As cyber risks rise and the demand for connectivity grows, industrial enterprises are expected to shift their IT budgets towards OT and IoT security, potentially outpacing traditional IT spending.

Industries like mining, quarrying, oil and gas, utilities, and manufacturing, especially those implementing remote-access controls, are leading this surge in cybersecurity investment.

→ Read more on cybersecuritydive.com


Contact us

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.