Internet Archive suffers from cyberattack affecting 31m users 

Internet Archive, the US non-profit behind the popular ‘Wayback Machine’ and a library of free archival data is currently suffering from a wave of cyberattacks which have compromised the data of 31m users and disrupted its website. 

Source: https://www.siliconrepublic.com/enterprise/internet-archive-cyber-attack-2024   

LEGO Website Hacked to Promote a Crypto Scam 

Cryptocurrency scammers temporarily compromised the LEGO website to deceive fans into buying a fake “LEGO Coin” cryptocurrency. The breach occurred on October 4, 2024, when an unauthorized banner appeared on the LEGO.com homepage, claiming to offer “secret rewards” to those who purchased the bogus coin. 

Source: https://cybersecuritynews.com/lego-website-hacked/ 

China’s Salt Typhoon Hacked AT&T, Verizon: Report 

The China-linked threat group known as Salt Typhoon has hacked into the networks of several major broadband providers in the United States, potentially compromising wiretap systems. 

Source: https://www.securityweek.com/chinas-salt-typhoon-hacked-att-verizon-report/  

Casio reports IT systems failure after weekend network breach 

Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. 

https://www.bleepingcomputer.com/news/security/casio-reports-it-systems-failure-after-weekend-network-breach

American Water shuts down online services after cyberattack 

American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. 

In a filing with the U.S. Securities and Exchange Commission (SEC), American Water said it has already hired third-party cybersecurity experts to help contain and assess the incident’s impact. 

Source: https://www.bleepingcomputer.com/news/security/american-water-shuts-down-online-services-after-cyberattack/  

New Mamba 2FA bypass service targets Microsoft 365 accounts 

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. 

Source: https://www.bleepingcomputer.com/news/security/new-mamba-2fa-bypass-service-targets-microsoft-365-accounts/  

European govt air-gapped systems breached using custom malware 

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. 

Source: https://www.bleepingcomputer.com/news/security/european-govt-air-gapped-systems-breached-using-custom-malware/  

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks 

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. 

Source: https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html  

MoneyGram confirms hackers stole customer data in cyberattack 

MoneyGram has confirmed that hackers stole customers’ personal information and transaction data in a September cyberattack that caused a five-day outage. 

Source: https://www.bleepingcomputer.com/news/security/moneygram-confirms-hackers-stole-customer-data-in-cyberattack/  

Comcast Data Breach: 237,000+ Customers’ Personal Data Exposed 

A data breach has impacted more than 237,000 Comcast customers, exposing their personal information such as names, addresses, Social Security numbers, dates of birth, and Comcast account numbers. 

Source: https://cybersecuritynews.com/comcast-data-breach/  

Smarttech247