Cyber Attack

In May 2024, North Korean hacking group ScarCruft (APT37) exploited an Internet Explorer zero-day flaw (CVE-2024-39178) to distribute RokRAT malware through malicious toast pop-up ads. This zero-click malware campaign, dubbed "Code on Toast," compromised an advertising server, targeting systems to exfiltrate sensitive data and perform espionage activities. Despite Internet Explorer’s retirement, its components still pose a significant risk as threat actors continue exploiting these vulnerabilities.

Casio, the renowned Japanese tech company, has confirmed that a ransomware attack earlier this month compromised personal and confidential data of employees, job candidates, business partners, and some customers. The Underground ransomware group has claimed responsibility for the attack, leaking sensitive documents. Casio is urging affected individuals to remain cautious as they continue to investigate the breach.

Fidelity Investments has disclosed a data breach that exposed the personal information of more than 77,000 customers. The breach, which occurred in August, involved unauthorized access to two customer accounts and has raised concerns about the security of personal data. Fidelity is offering affected customers free credit monitoring and identity restoration services.

MoneyGram has revealed that hackers accessed their network in a September 2024 cyberattack, stealing sensitive customer information, including personal and transaction data. The breach led to a five-day service outage and exposed crucial details such as social security numbers, government IDs, and bank account information. The attack was reportedly initiated through a social engineering attempt on MoneyGram's IT help desk.

LEGO's official website was hacked briefly to promote a fraudulent cryptocurrency token, urging visitors to buy a "LEGO Coin" in exchange for Ethereum. While the breach lasted just over an hour, no user accounts were compromised, but the incident highlights the growing risks of online scams targeting high-profile platforms.

Comcast and Truist Bank customers are the latest to be affected by a massive data breach at Financial Business and Consumer Solutions (FBCS). The breach, initially reported in early 2024, compromised the personal details of millions of individuals, including Social Security numbers and account information, raising concerns about identity theft and data misuse.

A sophisticated cyberattack has crippled Uttarakhand's IT infrastructure, rendering over 90 government websites, including the CM helpline, non-functional. This unprecedented breach has halted essential online services and internal operations across the state, with cybersecurity experts working tirelessly to restore the systems.

Cyber fraudsters have devised a new tactic by misusing the 1930 toll-free helpline number, intended for reporting cybercrimes, to deceive unsuspecting individuals. In a recent case reported in Hyderabad, a complainant was duped of ₹29.55 lakh after being coerced into joining a fraudulent video call by criminals posing as law enforcement officials.

Microsoft has recently highlighted a significant security threat posed by the threat actor known as Storm-0501, marking a concerning trend in ransomware attacks that extend into hybrid cloud environments.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding ongoing cyberattacks on critical infrastructure, particularly targeting Operational Technology (OT) and Industrial Control Systems (ICS). These attacks are being executed using basic methods, such as brute force attacks and exploiting default credentials, impacting vital sectors like water and wastewater systems.