No items found.
No items found.
Resources
Blog
June Hacker Tracker
No items found.

June Hacker Tracker

Written By
Husnain Bajwa
Published On
Jun 29, 2023

Welcome to the June 2023 Hacker Tracker, where we provide a breakdown of the most high-profile recent cyberattacks.

Credential theft and ransomware attacks were both popular last month. In fact, the 2023 Verizon Data Breach Report shows both have become significantly more common over the past year.  

Read on to find out how these attacks happened and the damage they’ve done.

NextGen Healthcare 

When it happened 

The breach occurred from March 29 - April 14, and was disclosed on April 28. 

What happened 

NextGen Healthcare, an American electronic health record software provider, experienced a major cyberattack. The personal data of more than a million patients was stolen.

Method of attack

Cybercriminals infiltrated NextGen Healthcare's cloud-based EHR and practice management platform with stolen client credentials. According to the company, these were obtained from another, unrelated breach.

The fallout so far 

This is the second breach NextGen has suffered this year—they were targeted by the ALPHV ransomware gang in January—which can only compound the damage to the company’s reputation. The breach exposed data like addresses and Social Security numbers, meaning its many victims have been put at risk of identity fraud. As a result, the company is now facing a class action lawsuit.  

Brightly 

When it happened 

The attack happened on April 20, and was disclosed on 11 May.

What happened 

US tech company Brightly had its educational operations management platform, SchoolDude, hit by a data breach. This attack led to the theft of almost 3 million users’ personal information and login details.

Method of attack

The company has provided few details about how exactly the attackers were able to breach their IT systems. 

The fallout so far

The data stolen included names, email addresses, passwords, phone numbers, and school district names, leaving the victims at risk of phishing attacks. While the company might be relieved that more sensitive data wasn’t stolen, the sheer number affected—3 million—makes this a massive incident. 

Discord 

When it happened 

Discord began informing users in mid-May. 

What happened 

Popular messaging and gaming platform Discord revealed that user data was exposed by a cybersecurity breach at one of its external customer service providers.

Method of attack 

The hackers breached the third-party customer service agent's support ticket queue, allowing them to access user email addresses and customer service communications. Discord’s notification to affected users (shared online here) suggests this was possible because the attackers illicitly gained credentials for the third-party provider's account.

The fallout so far

The company stated that the risk stemming from this breach is likely to be low. However, back in 2021, researchers discovered that Discord was being abused to spread multi-function malware. This attack highlights that Discord and its 200 million users have become an attractive target for cyberattackers. 

Toyota

When it happened 

From November 2013 - April 2023

What happened 

Toyota revealed that a data breach within its cloud infrastructure caused the vehicle location data of around 2.15 million customers to be exposed for nearly ten years.

Method of attack

This wasn’t an attack as such, but a leak caused by a database misconfiguration that inadvertently allowed anyone to gain access without a password. 

The fallout so far

There's no evidence that hackers exploited the data, which also didn’t include any personally identifiable information. However, the fact that the historical location data, and possibly also real-time locations, of so many vehicles were available for so long is concerning. Worse, this is the second data leak Toyota has disclosed over the past year. In October 2022, it was revealed that customer data was exposed by one of the company’s GitHub access keys being publicly available for nearly five years.

PharMerica

When it happened 

The attack occurred between March 12-13; the company disclosed it on May 12. 

What happened 

US pharmacy chain PharMerica revealed that it was hacked in March, leading to highly-sensitive data belonging to over 5.8 million individuals being exposed.

Method of attack

This was a ransomware attack carried out by the Money Message group, which gained notoriety for targeting Taiwanese PC parts maker MSI.  

The fallout so far

The ransomware gang has leaked all of the stolen data—4.7 terabytes in total—meaning that the social security numbers (SSNs), medications, and health insurance information are now visible online. This leaves the attack’s many victims at risk of identity fraud and blackmail for years to come. 

SuperMailer

When it happened 

Ongoing

What happened 

Since January 2023, a phishing campaign using the legitimate SuperMailer newsletter distribution app has been doubling in size every month and successfully getting past anti-phishing defenses.

Method of attack

This campaign is using phishing techniques that aren’t new—open redirects, diverse senders, URL randomization, and email reply chains. However, cybercriminals are combining these tactics in a way that bypasses phishing defenses from Microsoft ATP, Cisco, and Fortinet and makes the emails seem legitimate to recipients.

The fallout so far

It’s unclear how many have fallen prey to this phishing campaign, but it could be quite a few given that it successfully delivered thousands of emails to inboxes in May.

City of Augusta

When it happened 

May 21

What happened 

The City of Augusta suffered a cyberattack, causing significant disruption to its IT systems and potentially also the theft of sensitive data. 

Method of attack

This was a ransomware attack, with the BlackByte gang claiming responsibility. Exactly how they were able to infiltrate Augusta’s computer systems is as yet unclear. 

The fallout so far

BlackByte claims to have stolen a huge amount of sensitive data from Augusta's computers and has released a 10GB sample. This sample includes payroll, contact information, personal details, contracts, and city budget data, but its authenticity hasn’t been confirmed. The gang is demanding $400,000 to delete the data. This is the latest in a string of attacks on US and Canadian city governments, which are proving to be lucrative targets for hackers.

Other news

Nvidia AI leak

Researchers demonstrated that Nvidia’s artificial intelligence software can be made to ignore safety guardrails and leak confidential data, including personally identifiable information. 

MSI breach fallout 

The consequences of the major ransomware attack on computer hardware manufacturer MSI—where firmware, source code, and databases were stolen—continue to mount:

  • According to one researcher, there’s now a big risk of supply chain attacks using malicious updates, signed with company keys, to infect a vast number of end-user devices.
  • The attack has affected Intel, which is investigating a leak of private keys for its Boot Guard security system.

Man charged over huge gambling hack

Joseph Garrison, an 18-year-old from Wisconsin, was charged with hacking into approximately 60,000 accounts on the DraftKings sports betting website. He is alleged to have done this using credentials obtained from other breaches. 

KeePass vulnerability 

A security researcher found that the widely-used KeePass password manager has a vulnerability allowing the extraction of the master password from its memory, enabling attackers to access it even when the database is locked.

Microsoft Azure Serial Console hacked

Mandiant observed a threat actor, dubbed UNC3944, exploiting privileged accounts to access Microsoft Azure Serial Console. By doing this, UNC3944 circumvented Azure's defense and detection mechanisms, gaining full administrative access to the text-based console of Windows virtual machines (VMs).

New ‘Greatness’ phishing service

A new report details how the new Greatness Phishing-as-a-Service platform—which contains all of the tools needed to carry out phishing attacks successfully—saw a surge in activity in December 2022, followed by another spike in March 2023.

Phishing is still the top identity-related threat

A new study has highlighted that phishing topped the list of identity-related incidents in 2022. Email phishing, spear phishing, and vishing/smishing were found to be the most prevalent types.

Verizon Data Breach Investigations Report 

The Verizon Data Breach Investigations Report (DBIR) 2023 has just been published, and as always it contains some critical insights into the cybersecurity landscape. You can read our summary of the key takeaways here.

Scam QR codes

Cybercriminals are using QR codes to target unsuspecting victims. In Singapore, a woman allegedly lost $20,000 by scanning a QR code to participate in a “survey,” while in the US and UK, there have been instances of fraudulent car parking tickets using QR codes.

Get started with Device360 today
Weekly newsletter
No spam. Just the latest releases and tips, interesting articles, and exclusive interviews in your inbox every week.
Popular blogs
No items found.

June Hacker Tracker

Download

Welcome to the June 2023 Hacker Tracker, where we provide a breakdown of the most high-profile recent cyberattacks.

Credential theft and ransomware attacks were both popular last month. In fact, the 2023 Verizon Data Breach Report shows both have become significantly more common over the past year.  

Read on to find out how these attacks happened and the damage they’ve done.

NextGen Healthcare 

When it happened 

The breach occurred from March 29 - April 14, and was disclosed on April 28. 

What happened 

NextGen Healthcare, an American electronic health record software provider, experienced a major cyberattack. The personal data of more than a million patients was stolen.

Method of attack

Cybercriminals infiltrated NextGen Healthcare's cloud-based EHR and practice management platform with stolen client credentials. According to the company, these were obtained from another, unrelated breach.

The fallout so far 

This is the second breach NextGen has suffered this year—they were targeted by the ALPHV ransomware gang in January—which can only compound the damage to the company’s reputation. The breach exposed data like addresses and Social Security numbers, meaning its many victims have been put at risk of identity fraud. As a result, the company is now facing a class action lawsuit.  

Brightly 

When it happened 

The attack happened on April 20, and was disclosed on 11 May.

What happened 

US tech company Brightly had its educational operations management platform, SchoolDude, hit by a data breach. This attack led to the theft of almost 3 million users’ personal information and login details.

Method of attack

The company has provided few details about how exactly the attackers were able to breach their IT systems. 

The fallout so far

The data stolen included names, email addresses, passwords, phone numbers, and school district names, leaving the victims at risk of phishing attacks. While the company might be relieved that more sensitive data wasn’t stolen, the sheer number affected—3 million—makes this a massive incident. 

Discord 

When it happened 

Discord began informing users in mid-May. 

What happened 

Popular messaging and gaming platform Discord revealed that user data was exposed by a cybersecurity breach at one of its external customer service providers.

Method of attack 

The hackers breached the third-party customer service agent's support ticket queue, allowing them to access user email addresses and customer service communications. Discord’s notification to affected users (shared online here) suggests this was possible because the attackers illicitly gained credentials for the third-party provider's account.

The fallout so far

The company stated that the risk stemming from this breach is likely to be low. However, back in 2021, researchers discovered that Discord was being abused to spread multi-function malware. This attack highlights that Discord and its 200 million users have become an attractive target for cyberattackers. 

Toyota

When it happened 

From November 2013 - April 2023

What happened 

Toyota revealed that a data breach within its cloud infrastructure caused the vehicle location data of around 2.15 million customers to be exposed for nearly ten years.

Method of attack

This wasn’t an attack as such, but a leak caused by a database misconfiguration that inadvertently allowed anyone to gain access without a password. 

The fallout so far

There's no evidence that hackers exploited the data, which also didn’t include any personally identifiable information. However, the fact that the historical location data, and possibly also real-time locations, of so many vehicles were available for so long is concerning. Worse, this is the second data leak Toyota has disclosed over the past year. In October 2022, it was revealed that customer data was exposed by one of the company’s GitHub access keys being publicly available for nearly five years.

PharMerica

When it happened 

The attack occurred between March 12-13; the company disclosed it on May 12. 

What happened 

US pharmacy chain PharMerica revealed that it was hacked in March, leading to highly-sensitive data belonging to over 5.8 million individuals being exposed.

Method of attack

This was a ransomware attack carried out by the Money Message group, which gained notoriety for targeting Taiwanese PC parts maker MSI.  

The fallout so far

The ransomware gang has leaked all of the stolen data—4.7 terabytes in total—meaning that the social security numbers (SSNs), medications, and health insurance information are now visible online. This leaves the attack’s many victims at risk of identity fraud and blackmail for years to come. 

SuperMailer

When it happened 

Ongoing

What happened 

Since January 2023, a phishing campaign using the legitimate SuperMailer newsletter distribution app has been doubling in size every month and successfully getting past anti-phishing defenses.

Method of attack

This campaign is using phishing techniques that aren’t new—open redirects, diverse senders, URL randomization, and email reply chains. However, cybercriminals are combining these tactics in a way that bypasses phishing defenses from Microsoft ATP, Cisco, and Fortinet and makes the emails seem legitimate to recipients.

The fallout so far

It’s unclear how many have fallen prey to this phishing campaign, but it could be quite a few given that it successfully delivered thousands of emails to inboxes in May.

City of Augusta

When it happened 

May 21

What happened 

The City of Augusta suffered a cyberattack, causing significant disruption to its IT systems and potentially also the theft of sensitive data. 

Method of attack

This was a ransomware attack, with the BlackByte gang claiming responsibility. Exactly how they were able to infiltrate Augusta’s computer systems is as yet unclear. 

The fallout so far

BlackByte claims to have stolen a huge amount of sensitive data from Augusta's computers and has released a 10GB sample. This sample includes payroll, contact information, personal details, contracts, and city budget data, but its authenticity hasn’t been confirmed. The gang is demanding $400,000 to delete the data. This is the latest in a string of attacks on US and Canadian city governments, which are proving to be lucrative targets for hackers.

Other news

Nvidia AI leak

Researchers demonstrated that Nvidia’s artificial intelligence software can be made to ignore safety guardrails and leak confidential data, including personally identifiable information. 

MSI breach fallout 

The consequences of the major ransomware attack on computer hardware manufacturer MSI—where firmware, source code, and databases were stolen—continue to mount:

  • According to one researcher, there’s now a big risk of supply chain attacks using malicious updates, signed with company keys, to infect a vast number of end-user devices.
  • The attack has affected Intel, which is investigating a leak of private keys for its Boot Guard security system.

Man charged over huge gambling hack

Joseph Garrison, an 18-year-old from Wisconsin, was charged with hacking into approximately 60,000 accounts on the DraftKings sports betting website. He is alleged to have done this using credentials obtained from other breaches. 

KeePass vulnerability 

A security researcher found that the widely-used KeePass password manager has a vulnerability allowing the extraction of the master password from its memory, enabling attackers to access it even when the database is locked.

Microsoft Azure Serial Console hacked

Mandiant observed a threat actor, dubbed UNC3944, exploiting privileged accounts to access Microsoft Azure Serial Console. By doing this, UNC3944 circumvented Azure's defense and detection mechanisms, gaining full administrative access to the text-based console of Windows virtual machines (VMs).

New ‘Greatness’ phishing service

A new report details how the new Greatness Phishing-as-a-Service platform—which contains all of the tools needed to carry out phishing attacks successfully—saw a surge in activity in December 2022, followed by another spike in March 2023.

Phishing is still the top identity-related threat

A new study has highlighted that phishing topped the list of identity-related incidents in 2022. Email phishing, spear phishing, and vishing/smishing were found to be the most prevalent types.

Verizon Data Breach Investigations Report 

The Verizon Data Breach Investigations Report (DBIR) 2023 has just been published, and as always it contains some critical insights into the cybersecurity landscape. You can read our summary of the key takeaways here.

Scam QR codes

Cybercriminals are using QR codes to target unsuspecting victims. In Singapore, a woman allegedly lost $20,000 by scanning a QR code to participate in a “survey,” while in the US and UK, there have been instances of fraudulent car parking tickets using QR codes.

June Hacker Tracker

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Welcome to the June 2023 Hacker Tracker, where we provide a breakdown of the most high-profile recent cyberattacks.

Credential theft and ransomware attacks were both popular last month. In fact, the 2023 Verizon Data Breach Report shows both have become significantly more common over the past year.  

Read on to find out how these attacks happened and the damage they’ve done.

NextGen Healthcare 

When it happened 

The breach occurred from March 29 - April 14, and was disclosed on April 28. 

What happened 

NextGen Healthcare, an American electronic health record software provider, experienced a major cyberattack. The personal data of more than a million patients was stolen.

Method of attack

Cybercriminals infiltrated NextGen Healthcare's cloud-based EHR and practice management platform with stolen client credentials. According to the company, these were obtained from another, unrelated breach.

The fallout so far 

This is the second breach NextGen has suffered this year—they were targeted by the ALPHV ransomware gang in January—which can only compound the damage to the company’s reputation. The breach exposed data like addresses and Social Security numbers, meaning its many victims have been put at risk of identity fraud. As a result, the company is now facing a class action lawsuit.  

Brightly 

When it happened 

The attack happened on April 20, and was disclosed on 11 May.

What happened 

US tech company Brightly had its educational operations management platform, SchoolDude, hit by a data breach. This attack led to the theft of almost 3 million users’ personal information and login details.

Method of attack

The company has provided few details about how exactly the attackers were able to breach their IT systems. 

The fallout so far

The data stolen included names, email addresses, passwords, phone numbers, and school district names, leaving the victims at risk of phishing attacks. While the company might be relieved that more sensitive data wasn’t stolen, the sheer number affected—3 million—makes this a massive incident. 

Discord 

When it happened 

Discord began informing users in mid-May. 

What happened 

Popular messaging and gaming platform Discord revealed that user data was exposed by a cybersecurity breach at one of its external customer service providers.

Method of attack 

The hackers breached the third-party customer service agent's support ticket queue, allowing them to access user email addresses and customer service communications. Discord’s notification to affected users (shared online here) suggests this was possible because the attackers illicitly gained credentials for the third-party provider's account.

The fallout so far

The company stated that the risk stemming from this breach is likely to be low. However, back in 2021, researchers discovered that Discord was being abused to spread multi-function malware. This attack highlights that Discord and its 200 million users have become an attractive target for cyberattackers. 

Toyota

When it happened 

From November 2013 - April 2023

What happened 

Toyota revealed that a data breach within its cloud infrastructure caused the vehicle location data of around 2.15 million customers to be exposed for nearly ten years.

Method of attack

This wasn’t an attack as such, but a leak caused by a database misconfiguration that inadvertently allowed anyone to gain access without a password. 

The fallout so far

There's no evidence that hackers exploited the data, which also didn’t include any personally identifiable information. However, the fact that the historical location data, and possibly also real-time locations, of so many vehicles were available for so long is concerning. Worse, this is the second data leak Toyota has disclosed over the past year. In October 2022, it was revealed that customer data was exposed by one of the company’s GitHub access keys being publicly available for nearly five years.

PharMerica

When it happened 

The attack occurred between March 12-13; the company disclosed it on May 12. 

What happened 

US pharmacy chain PharMerica revealed that it was hacked in March, leading to highly-sensitive data belonging to over 5.8 million individuals being exposed.

Method of attack

This was a ransomware attack carried out by the Money Message group, which gained notoriety for targeting Taiwanese PC parts maker MSI.  

The fallout so far

The ransomware gang has leaked all of the stolen data—4.7 terabytes in total—meaning that the social security numbers (SSNs), medications, and health insurance information are now visible online. This leaves the attack’s many victims at risk of identity fraud and blackmail for years to come. 

SuperMailer

When it happened 

Ongoing

What happened 

Since January 2023, a phishing campaign using the legitimate SuperMailer newsletter distribution app has been doubling in size every month and successfully getting past anti-phishing defenses.

Method of attack

This campaign is using phishing techniques that aren’t new—open redirects, diverse senders, URL randomization, and email reply chains. However, cybercriminals are combining these tactics in a way that bypasses phishing defenses from Microsoft ATP, Cisco, and Fortinet and makes the emails seem legitimate to recipients.

The fallout so far

It’s unclear how many have fallen prey to this phishing campaign, but it could be quite a few given that it successfully delivered thousands of emails to inboxes in May.

City of Augusta

When it happened 

May 21

What happened 

The City of Augusta suffered a cyberattack, causing significant disruption to its IT systems and potentially also the theft of sensitive data. 

Method of attack

This was a ransomware attack, with the BlackByte gang claiming responsibility. Exactly how they were able to infiltrate Augusta’s computer systems is as yet unclear. 

The fallout so far

BlackByte claims to have stolen a huge amount of sensitive data from Augusta's computers and has released a 10GB sample. This sample includes payroll, contact information, personal details, contracts, and city budget data, but its authenticity hasn’t been confirmed. The gang is demanding $400,000 to delete the data. This is the latest in a string of attacks on US and Canadian city governments, which are proving to be lucrative targets for hackers.

Other news

Nvidia AI leak

Researchers demonstrated that Nvidia’s artificial intelligence software can be made to ignore safety guardrails and leak confidential data, including personally identifiable information. 

MSI breach fallout 

The consequences of the major ransomware attack on computer hardware manufacturer MSI—where firmware, source code, and databases were stolen—continue to mount:

  • According to one researcher, there’s now a big risk of supply chain attacks using malicious updates, signed with company keys, to infect a vast number of end-user devices.
  • The attack has affected Intel, which is investigating a leak of private keys for its Boot Guard security system.

Man charged over huge gambling hack

Joseph Garrison, an 18-year-old from Wisconsin, was charged with hacking into approximately 60,000 accounts on the DraftKings sports betting website. He is alleged to have done this using credentials obtained from other breaches. 

KeePass vulnerability 

A security researcher found that the widely-used KeePass password manager has a vulnerability allowing the extraction of the master password from its memory, enabling attackers to access it even when the database is locked.

Microsoft Azure Serial Console hacked

Mandiant observed a threat actor, dubbed UNC3944, exploiting privileged accounts to access Microsoft Azure Serial Console. By doing this, UNC3944 circumvented Azure's defense and detection mechanisms, gaining full administrative access to the text-based console of Windows virtual machines (VMs).

New ‘Greatness’ phishing service

A new report details how the new Greatness Phishing-as-a-Service platform—which contains all of the tools needed to carry out phishing attacks successfully—saw a surge in activity in December 2022, followed by another spike in March 2023.

Phishing is still the top identity-related threat

A new study has highlighted that phishing topped the list of identity-related incidents in 2022. Email phishing, spear phishing, and vishing/smishing were found to be the most prevalent types.

Verizon Data Breach Investigations Report 

The Verizon Data Breach Investigations Report (DBIR) 2023 has just been published, and as always it contains some critical insights into the cybersecurity landscape. You can read our summary of the key takeaways here.

Scam QR codes

Cybercriminals are using QR codes to target unsuspecting victims. In Singapore, a woman allegedly lost $20,000 by scanning a QR code to participate in a “survey,” while in the US and UK, there have been instances of fraudulent car parking tickets using QR codes.

June Hacker Tracker

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Subscribe on SpotifySubscribe on Apple

Welcome to the June 2023 Hacker Tracker, where we provide a breakdown of the most high-profile recent cyberattacks.

Credential theft and ransomware attacks were both popular last month. In fact, the 2023 Verizon Data Breach Report shows both have become significantly more common over the past year.  

Read on to find out how these attacks happened and the damage they’ve done.

NextGen Healthcare 

When it happened 

The breach occurred from March 29 - April 14, and was disclosed on April 28. 

What happened 

NextGen Healthcare, an American electronic health record software provider, experienced a major cyberattack. The personal data of more than a million patients was stolen.

Method of attack

Cybercriminals infiltrated NextGen Healthcare's cloud-based EHR and practice management platform with stolen client credentials. According to the company, these were obtained from another, unrelated breach.

The fallout so far 

This is the second breach NextGen has suffered this year—they were targeted by the ALPHV ransomware gang in January—which can only compound the damage to the company’s reputation. The breach exposed data like addresses and Social Security numbers, meaning its many victims have been put at risk of identity fraud. As a result, the company is now facing a class action lawsuit.  

Brightly 

When it happened 

The attack happened on April 20, and was disclosed on 11 May.

What happened 

US tech company Brightly had its educational operations management platform, SchoolDude, hit by a data breach. This attack led to the theft of almost 3 million users’ personal information and login details.

Method of attack

The company has provided few details about how exactly the attackers were able to breach their IT systems. 

The fallout so far

The data stolen included names, email addresses, passwords, phone numbers, and school district names, leaving the victims at risk of phishing attacks. While the company might be relieved that more sensitive data wasn’t stolen, the sheer number affected—3 million—makes this a massive incident. 

Discord 

When it happened 

Discord began informing users in mid-May. 

What happened 

Popular messaging and gaming platform Discord revealed that user data was exposed by a cybersecurity breach at one of its external customer service providers.

Method of attack 

The hackers breached the third-party customer service agent's support ticket queue, allowing them to access user email addresses and customer service communications. Discord’s notification to affected users (shared online here) suggests this was possible because the attackers illicitly gained credentials for the third-party provider's account.

The fallout so far

The company stated that the risk stemming from this breach is likely to be low. However, back in 2021, researchers discovered that Discord was being abused to spread multi-function malware. This attack highlights that Discord and its 200 million users have become an attractive target for cyberattackers. 

Toyota

When it happened 

From November 2013 - April 2023

What happened 

Toyota revealed that a data breach within its cloud infrastructure caused the vehicle location data of around 2.15 million customers to be exposed for nearly ten years.

Method of attack

This wasn’t an attack as such, but a leak caused by a database misconfiguration that inadvertently allowed anyone to gain access without a password. 

The fallout so far

There's no evidence that hackers exploited the data, which also didn’t include any personally identifiable information. However, the fact that the historical location data, and possibly also real-time locations, of so many vehicles were available for so long is concerning. Worse, this is the second data leak Toyota has disclosed over the past year. In October 2022, it was revealed that customer data was exposed by one of the company’s GitHub access keys being publicly available for nearly five years.

PharMerica

When it happened 

The attack occurred between March 12-13; the company disclosed it on May 12. 

What happened 

US pharmacy chain PharMerica revealed that it was hacked in March, leading to highly-sensitive data belonging to over 5.8 million individuals being exposed.

Method of attack

This was a ransomware attack carried out by the Money Message group, which gained notoriety for targeting Taiwanese PC parts maker MSI.  

The fallout so far

The ransomware gang has leaked all of the stolen data—4.7 terabytes in total—meaning that the social security numbers (SSNs), medications, and health insurance information are now visible online. This leaves the attack’s many victims at risk of identity fraud and blackmail for years to come. 

SuperMailer

When it happened 

Ongoing

What happened 

Since January 2023, a phishing campaign using the legitimate SuperMailer newsletter distribution app has been doubling in size every month and successfully getting past anti-phishing defenses.

Method of attack

This campaign is using phishing techniques that aren’t new—open redirects, diverse senders, URL randomization, and email reply chains. However, cybercriminals are combining these tactics in a way that bypasses phishing defenses from Microsoft ATP, Cisco, and Fortinet and makes the emails seem legitimate to recipients.

The fallout so far

It’s unclear how many have fallen prey to this phishing campaign, but it could be quite a few given that it successfully delivered thousands of emails to inboxes in May.

City of Augusta

When it happened 

May 21

What happened 

The City of Augusta suffered a cyberattack, causing significant disruption to its IT systems and potentially also the theft of sensitive data. 

Method of attack

This was a ransomware attack, with the BlackByte gang claiming responsibility. Exactly how they were able to infiltrate Augusta’s computer systems is as yet unclear. 

The fallout so far

BlackByte claims to have stolen a huge amount of sensitive data from Augusta's computers and has released a 10GB sample. This sample includes payroll, contact information, personal details, contracts, and city budget data, but its authenticity hasn’t been confirmed. The gang is demanding $400,000 to delete the data. This is the latest in a string of attacks on US and Canadian city governments, which are proving to be lucrative targets for hackers.

Other news

Nvidia AI leak

Researchers demonstrated that Nvidia’s artificial intelligence software can be made to ignore safety guardrails and leak confidential data, including personally identifiable information. 

MSI breach fallout 

The consequences of the major ransomware attack on computer hardware manufacturer MSI—where firmware, source code, and databases were stolen—continue to mount:

  • According to one researcher, there’s now a big risk of supply chain attacks using malicious updates, signed with company keys, to infect a vast number of end-user devices.
  • The attack has affected Intel, which is investigating a leak of private keys for its Boot Guard security system.

Man charged over huge gambling hack

Joseph Garrison, an 18-year-old from Wisconsin, was charged with hacking into approximately 60,000 accounts on the DraftKings sports betting website. He is alleged to have done this using credentials obtained from other breaches. 

KeePass vulnerability 

A security researcher found that the widely-used KeePass password manager has a vulnerability allowing the extraction of the master password from its memory, enabling attackers to access it even when the database is locked.

Microsoft Azure Serial Console hacked

Mandiant observed a threat actor, dubbed UNC3944, exploiting privileged accounts to access Microsoft Azure Serial Console. By doing this, UNC3944 circumvented Azure's defense and detection mechanisms, gaining full administrative access to the text-based console of Windows virtual machines (VMs).

New ‘Greatness’ phishing service

A new report details how the new Greatness Phishing-as-a-Service platform—which contains all of the tools needed to carry out phishing attacks successfully—saw a surge in activity in December 2022, followed by another spike in March 2023.

Phishing is still the top identity-related threat

A new study has highlighted that phishing topped the list of identity-related incidents in 2022. Email phishing, spear phishing, and vishing/smishing were found to be the most prevalent types.

Verizon Data Breach Investigations Report 

The Verizon Data Breach Investigations Report (DBIR) 2023 has just been published, and as always it contains some critical insights into the cybersecurity landscape. You can read our summary of the key takeaways here.

Scam QR codes

Cybercriminals are using QR codes to target unsuspecting victims. In Singapore, a woman allegedly lost $20,000 by scanning a QR code to participate in a “survey,” while in the US and UK, there have been instances of fraudulent car parking tickets using QR codes.

Book

June Hacker Tracker

Phishing resistance in security solutions has become a necessity. Learn the differences between the solutions and what you need to be phishing resistant.

Download the book

Download the book

Download the book
suggested resources
Zero Trust
Passwordless
DevOps
CIAM
Workforce
Infographic
Secure Workforce
Thought Leadership
Product
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept