Breaches at one company can and often do cascade to other firms associated. Something like this happened to LastPass, which has already suffered another major data breach this year. These are indeed risky times for Android users as a new campaign is attempting to steal their Facebook credentials. Medibank hackers finally dumped every bit of data they had in their possession and closed the case, or so they said. Read along for more from the past 24 hours.
01
Remote access and collaboration firm GoTo confirmed suffering a data breach where the attackers gained access to its development environment, also affecting some customer information related to LastPass.
02
Schoolyard Bully Trojan, a new Android threat campaign, victimized over 300,000 users across 71 countries. The malware steals Facebook credentials pretending to be educational apps.
03
The RansomHouse ransomware gang attacked the Keralty multinational healthcare provider, impacting IT operations, websites, and scheduling of medical appointments.
04
North Korea-linked APT37, aka ScarCruft, was found leveraging a previously undocumented backdoor, named Dolphin, against South Korean entities.
05
Lookout spotted around 300 iOS and Android apps that are tricking victims located in Mexico, India, Colombia, Kenya, and other countries, into unfair loan terms through predatory and extortionist tactics.
06
Hackers behind the Medibank breach leaked the remainder—a compressed file worth 5GB—of the customer data they stole from the healthcare insurer and declared “case closed.”
07
Research published by Sophos disclosed that LockBit 3.0 features new capabilities and takes functionalities from the BlackMatter ransomware.
08
McAfee analyzed a new payment fraud malware targeting mobile payment users in Japan by pretending to be a legitimate mobile security app on the Google Play Store.
09
Akamai researchers accidentally took down the KmsdBot cryptomining botnet that was used for DDoS attacks.
10
A new bill approved by the Australian parliament will now charge AUD50 million ($34 million) for companies suffering from large-scale data breaches.
