Furthermore, a sensitive breach in the police network of Shanghai has apparently caused chaos after samples tested against the claims of stealing billions of data were found true. The data trove is allegedly available to anyone who can shell out 10 BTC.
Top Breaches Reported in the Last 24 Hours
Nearly one billion exposed in China
A threat actor was found offering billions of records, including sensitive details, on Chinese citizens for 10 BTC. The data being advertised through online forums and social media platforms were stolen from the servers of the Shanghai National Police. The database also has information such as the location of the crimes and a brief description of the related incidents.
Third-party breach hits healthcare clinic
Mattax Neu Prater Eye Center, Missouri, suffered a data breach through myCare Integrity, an electronic medical records platform. It was observed that hackers deleted databases and system configuration files after infiltrating the systems. According to HIPAA, over 90,000 people were impacted by the incident.
Top Malware Reported in the Last 24 Hours
AstraLocker shuts down
AstraLocker ransomware actor has announced to quit its operation and shared decryptors with the VirusTotal malware analysis platform. It was based on the source code of the Babuk Locker that had suffered a major leak last year. Last week, Astralocker released a new variant that would spread via phishing emails.
Dozens of malicious JS packages
Security researchers at ReversingLabs laid bare a widespread software supply chain attack offered via the NPM package manager. The campaign is active since December 2021 and has been designed to pilfer data entered in forms by online users via mobile applications and websites. The campaign is being tracked as IconBurst.
Top Vulnerabilities Reported in the Last 24 Hours
Google’s urgent update
A new version of Chrome 103 was released with the fixes of several security vulnerabilities, including an actively exploited zero-day bug. The flaw tracked as CVE-2022-2294 is a heap buffer overflow condition in WebRTC, the engine that powers the browser’s real-time communications. The zero-day bug affected both Windows and Android versions of the browser.
Top Scams Reported in the Last 24 Hours
Fake employment drive in the UK
Malwarebytes uncovered a scam campaign that lays bait for individuals interested to work in the United Kingdom. The gang sends out recruitment drive messages, via WhatsApp, impersonating staff from the UK government. Visitors may lose their personal data, including their names, email addresses, marital status, contact details, and employment status.