According to security researchers at Have I Been Pwned, over 310 gigabytes of data from spyware maker mSpy, including 2.4 million unique emails, was leaked online in June.  The researchers noted that the data, reportedly leaked online by hacktivists, includes 142 GB of user data, such as email addresses, IP addresses, and names, obtained from support tickets filed by individuals seeking help to install the application.  An additional 176 GB of attachments, including screen captures of financial transactions, photos of credit cards, and selfies, were also leaked.

US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, allegedly paid a member of the hacking team more than $300,000 to delete the data.  The hacker, who is part of the notorious ShinyHunters hacking group, tells WIRED that AT&T paid the ransom in May.  The hacker provided the address for the cryptocurrency wallet that sent the currency to him, as well as the address that received it.

Rite Aid has recently fallen victim to ransomware actors after revealing a “limited” cybersecurity incident that occurred last month.  RansomHub has claimed to be behind the incident.  The group claims to have obtained 10GB of data from the pharmacy, equating to “45 million lines” of personal information on customers.  This information includes names, addresses, ID numbers, dates of birth, and Rite Aid reward numbers.  Rite Aid is the third-largest pharmacy chain in the US, with over 2000 locations countrywide and more than $24bn in revenue.

The "Akira" and "EstateRansomware" cybercrime groups have been exploiting a year-old Veeam Backup and Replication vulnerability to steal data. The exploited security flaw, tracked as CVE-2023-27532 with a CVSS score of 7.5, was patched in March 2023. Proof-of-Concept (PoC) code for the vulnerability was published shortly after, and the first exploitation of unpatched Veeam Backup and Replication instances was observed in April 2023. According to Veeam, the bug could be used to extract encrypted credentials stored in the configuration database.

NATO members have agreed to construct a new cyber defense facility to strengthen the military alliance and better combat digital threats. The new NATO Integrated Cyber Defense Centre (NICC) will include civilian and military experts from across member states and use advanced technology to improve situational awareness, cyber resilience, and defense. This article continues to discuss plans surrounding the new cyber defense facility.

A County in Indiana has recently filed a disaster declaration following a ransomware attack on local government networks, which has prevented the administration of critical services.  Clay County made the declaration after confirming the incident, which resulted in an inability to operate Clay County Courthouse and Clay County Probation/Community Corrections facilities.  No group has so far been identified as being behind the attack, which was first detected on July 9.

AT&T recently announced that almost all its wireless subscribers were exposed in a massive hack that occurred between April 14 and April 25, 2024, where a hacker exfiltrated files containing “records of customer call and text interactions” between approximately May 1 and October 31, 2022, as well as on January 2, 2023.

A new end-to-end phishing toolkit called "FishXProxy" makes it easier for cybercriminals to launch and manage malicious email attacks that bypass security. SlashNext Security researchers discovered that FishXProxy, marketed as "The Ultimate Powerful Phishing Toolkit" on underground cybercriminal forums, has advanced features and integration with the Cloudflare Content Delivery Network (CDN).

Symantec reports that in the first quarter of 2024, successful ransomware attacks advertised on leak sites increased 9 percent despite high-profile law enforcement takedowns of major groups. The security vendor reported 962 claimed attacks in the first quarter of 2024, down from 1,190 in the previous three months but up from 886 in 2023. In December 2023 and February 2024, global law enforcement went after the "ALPHV/BlackCat" and "LockBit" groups. This article continues to discuss the increase in ransomware despite law enforcement disruptions.

GitLab has made security updates that address six vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including a critical-severity bug. The bug tracked as CVE-2024-6385, with a CVSS score of 9.6, allows an attacker to trigger a pipeline as another user. Contrast Security CISO David Lindner warns that the exploitation of the bug could enable attackers to run malicious code, access sensitive data, and compromise software integrity.