Several important events happened that merit your attention:
Ransomware hits new high with $450 million in 2024: Ransomware attacks have amassed $459.8 million in the first half of 2024, setting a record despite increased law enforcement efforts. Cybercriminals are focusing on larger organizations, causing average ransom payments to soar. Cryptocurrency theft has also surged, reaching $1.58 billion by July.
Lawmakers suspect Chinese routers are spying: US lawmakers are calling for an inquiry into Chinese Wi-Fi routers, especially those from TP-Link, due to hacking and espionage concerns. The investigation aims to assess risks and demand a mitigation strategy from the Department of Commerce by August 30.
Microsoft's Mac apps had some sneaky spying flaws: Researchers from Cisco Talos have uncovered eight vulnerabilities in Microsoft's macOS applications, such as Teams, Outlook, and Word, which could let attackers secretly access microphones and cameras. Microsoft has since updated Teams and OneNote, though other apps still pose potential risks.
Google Pixel app flaw puts millions at risk, experts warn: A severe seven-year-old vulnerability in the pre-installed Showcase[.]apk on Google Pixel phones exposed millions to remote code execution threats. This app, meant for demo purposes, has high system privileges that could be exploited through man-in-the-middle attacks. Google's delayed response has raised concerns about security risks tied to pre-installed apps and user trust.
Biotech firm's lax security causes $4.5M payout: A biotech company has paid$4.5 million to New York, New Jersey, and Connecticut for failing to safeguard the personal data of 2.5 million individuals after a ransomware attack in April 2023 exposed weak security practices.
T-Mobile’s $60 million fine highlights growing government scrutiny: T-Mobile has been slapped with a $60 million penalty by CFIUS due to lapses in national security, reflecting a sharp increase in oversight. The fine addresses breaches in data security and reporting failures from August 2020 to June 2021.
Security researchers uncover massive extortion plot targeting cloud services: A massive extortion scheme exploited publicly available .env files, exposing sensitive data. Researchers at Palo Alto’s Unit 42 found attackers scanned over 230 million targets, compromising 110,000 domains and accessing 90,000 unique variables tied to cloud services.
OpenAI catches Iranian plot to sway U.S. elections: OpenAI has halted an Iranian influence campaign named "Storm-2035," which exploited ChatGPT to create U.S. election propaganda. The covert operation aimed at both political sides through fake news and social media but gained minimal traction.
Is Iran targeting both US presidential campaigns? The FBI has launched an investigation into hacking attempts against both the Trump and Biden-Harris campaigns, including breaches involving three Biden-Harris staffers and former Trump advisor Roger Stone.
Elon Musk’s X quits Brazil after judge’s shocking threat: X, formerly Twitter, has abruptly exited Brazil after a judge’s censorship demands and alleged threats of arrest.
Industry news: Kitework, a San Mateo-based tech firm specializing in secure content communication, has raised $456 million. Aurascape AI, a cybersecurity firm based in Santa Clara, CA, has raised $12.8 million. Anjuna, a universal confidential computing platform, has raised $25 million. Mimecast acquired Aware. OPSWAT acquired InQuest. Fortinet acquired NextDLP.
Aphinia CISO Mastermind dinners are ramping up! We have quite a calendar planned for 2025, stay tuned! If you would like to attend or host a CISO Mastermind Dinner in a particular city or around a specific event, DM me on Linkedin.
These are virtual and live events for the cyber community you may find interesting:
Toyota US reportedly hit by a massive data breach, with 240 GB of sensitive information leaked online by hackers, including customer profiles, financial records, and more.
Unicoin's Google Workspace was hacked, leading to password changes for all employees and revealing compromised accounts, but no customer funds were stolen.
The Qilin ransomware group, infamous for crippling NHS services in the UK, now claims to have hacked the California child fostering non-profit, Promises2Kids.
FlightAware has confirmed a security breach exposing all customer data, including names, emails, passwords, and billing information, due to a misconfigured server.
Flint's government services are paralyzed by a ransomware attack, forcing cash-only payments and prompting an FBI investigation.
National Public Data admits a huge data breach exposing millions' personal details, now up for sale on the dark web.
The Washington Times falls victim to Rhysida ransomware, with the gang reportedly auctioning stolen data for 5 bitcoin.
Central Bank of Iran and several other banks have been hit by one of the biggest cyberattacks ever, just as international scrutiny on Tehran intensifies.
AutoCanada, which just recovered from the CDK Global IT outage, was hit by another cyberattack over the weekend, disrupting network operations.
Orion falls victim to a $60 million BEC scam after an employee was duped into making fraudulent wire transfers.
A hacker leaked unreleased Netflix and Crunchyroll episodes, with Netflix pointing fingers at a post-production company, though Iyuno, denies responsibility.
Hackers have leaked over 50,000 sensitive files from Poland's anti-doping agency, POLADA, with Poland suspecting Russia or Belarus behind the breach.
But a handful of them were nabbed 👮♀️:
Sneaky Engineer Caught Red-Handed in Cyber Extortion Plot: US authorities have charged Daniel Rhyne, a New Jersey engineer, for allegedly hacking his employer's network. Rhyne reportedly created a hidden virtual machine, altered passwords, deleted backups, and demanded $750,000 in ransom, leading the FBI to trace the attack back to him.
Dublin man nabbed in €6.5 million dark web scandal: A 23-year-old Dublin resident, Kevin Daniel Andrei, has been arrested for allegedly operating the Bohemia dark web marketplace. Irish authorities seized €6.5 million in cryptocurrency and luxury cars during the arrest.
Cybercrime kingpin arrested during luxury vacation: A dual-national from Belarus and Ukraine has been charged by the US for his involvement in two major cybercrime operations. Maksim Silnikau, 38, led the Angler exploit kit operation and founded the Ransom Cartel ransomware service.
Crypto thieves caught in Italy after $14.4 million heist: Two suspects were arrested by Italian police for allegedly stealing $14.4 million from the cryptocurrency platform Holograph. The company reported the June hack to French authorities, leading to the arrest and impending extradition of the culprits.
Slilpp kingpin finally caught: A notorious Russian cybercriminal has been sentenced to 40 months in prison for selling stolen financial data on the Slilpp forum. Georgy Kavzharadze, who operated under the alias TeRorPP, reportedly earned over $1.2 million before his arrest.
