Ireland fines Meta $264 million over 2018 Facebook data breach 

The Irish Data Protection Commission (DPC) fined Meta €251 million ($263.6M) over General Data Protection Regulation (GDPR) violations arising from a 2018 personal data breach impacting 29 million Facebook accounts. 

Source: https://www.bleepingcomputer.com/news/security/ireland-fines-meta-264-million-over-2018-facebook-data-breach/ 

LastPass Hackers Allegedly Stole $5 Million This Week—Report 

The fallout from the LastPass data compromise in 2022 appears to be ongoing as a new investigation claims to have uncovered $5 million in cryptocurrency theft from LastPass users across Dec. 16 and 17. 

Source: https://www.forbes.com/sites/daveywinder/2024/12/18/lastpass-hackers-allegedly-stole-5-million-this-week-report/

New Gmail Security Warning For 2.5 Billion—Second Attack Wave Incoming 

As it issues a warning that a second wave of cyber threats against Gmail users is incoming from very persistent attackers, Google has detailed the specific attack methodologies involved and recommended actions that all 2.5 billion Gmail users employ to stay safe and secure.   

Source: https://www.forbes.com/sites/daveywinder/2024/12/18/new-gmail-security-warning-for-25-billion-second-attack-wave-incoming/ 

HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft 

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims’ Microsoft Azure cloud infrastructure. 

Source: https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html  

Texas Tech University System data breach impacts 1.4 million patients 

The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. 

Source: https://www.bleepingcomputer.com/news/security/texas-tech-university-system-data-breach-impacts-14-million-patients/ 

ConnectOnCall breach exposes health data of over 910,000 patients 

Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall, acquired in October 2023. 

Source: https://www.bleepingcomputer.com/news/security/connectoncall-breach-exposes-health-data-of-over-910-000-patients/ 

LockBit 4.0 Released – Ransomware Group Aimed to Launch Massive Attack Across Multiple OS 

Cybercriminal group LockBit has unveiled its latest creation, “LockBit 4.0,” which they have dramatically described as a ‘movie’ set for release soon. 

This new version introduces sophisticated tricks to amplify the group’s attacks, presenting a greater challenge for individuals and organizations worldwide. 

Source: https://cyberpress.org/lockbit-4-0/

390,000 WordPress accounts stolen from hackers in supply chain attack 

A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. 

Source: https://www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/  

Hackers Exploit Google Calendar & Drawings to Bypass Email Security 

Google Calendar, with over 500 million active users worldwide and availability in 41 languages, has long been celebrated for its efficiency in organizing schedules and managing time. However, its popularity has also made it a prime target for cybercriminals. 

Source: https://cybersecuritynews.com/exploit-google-calendar-google-drawings-in-phishing/ 

Microsoft Teams Vishing Spreads DarkGate RAT 

The DarkGate remote access Trojan (RAT) has a new attack vector: A threat actor targeted a Microsoft Teams user via a voice call to gain access to their device. 

Source: https://www.darkreading.com/cyberattacks-data-breaches/vishing-via-microsoft-teams-spreads-darkgate-rat  

Smarttech247