US telecom giant AT&T, which disclosed Friday that hackers had stolen the call records for tens of millions of its customers, allegedly paid a member of the hacking team more than $300,000 to delete the data.  The hacker, who is part of the notorious ShinyHunters hacking group, tells WIRED that AT&T paid the ransom in May.  The hacker provided the address for the cryptocurrency wallet that sent the currency to him, as well as the address that received it.

Rite Aid has recently fallen victim to ransomware actors after revealing a “limited” cybersecurity incident that occurred last month.  RansomHub has claimed to be behind the incident.  The group claims to have obtained 10GB of data from the pharmacy, equating to “45 million lines” of personal information on customers.  This information includes names, addresses, ID numbers, dates of birth, and Rite Aid reward numbers.  Rite Aid is the third-largest pharmacy chain in the US, with over 2000 locations countrywide and more than $24bn in revenue.

The "Akira" and "EstateRansomware" cybercrime groups have been exploiting a year-old Veeam Backup and Replication vulnerability to steal data. The exploited security flaw, tracked as CVE-2023-27532 with a CVSS score of 7.5, was patched in March 2023. Proof-of-Concept (PoC) code for the vulnerability was published shortly after, and the first exploitation of unpatched Veeam Backup and Replication instances was observed in April 2023. According to Veeam, the bug could be used to extract encrypted credentials stored in the configuration database.

NATO members have agreed to construct a new cyber defense facility to strengthen the military alliance and better combat digital threats. The new NATO Integrated Cyber Defense Centre (NICC) will include civilian and military experts from across member states and use advanced technology to improve situational awareness, cyber resilience, and defense. This article continues to discuss plans surrounding the new cyber defense facility.

A County in Indiana has recently filed a disaster declaration following a ransomware attack on local government networks, which has prevented the administration of critical services.  Clay County made the declaration after confirming the incident, which resulted in an inability to operate Clay County Courthouse and Clay County Probation/Community Corrections facilities.  No group has so far been identified as being behind the attack, which was first detected on July 9.

AT&T recently announced that almost all its wireless subscribers were exposed in a massive hack that occurred between April 14 and April 25, 2024, where a hacker exfiltrated files containing “records of customer call and text interactions” between approximately May 1 and October 31, 2022, as well as on January 2, 2023.

A new end-to-end phishing toolkit called "FishXProxy" makes it easier for cybercriminals to launch and manage malicious email attacks that bypass security. SlashNext Security researchers discovered that FishXProxy, marketed as "The Ultimate Powerful Phishing Toolkit" on underground cybercriminal forums, has advanced features and integration with the Cloudflare Content Delivery Network (CDN).

Symantec reports that in the first quarter of 2024, successful ransomware attacks advertised on leak sites increased 9 percent despite high-profile law enforcement takedowns of major groups. The security vendor reported 962 claimed attacks in the first quarter of 2024, down from 1,190 in the previous three months but up from 886 in 2023. In December 2023 and February 2024, global law enforcement went after the "ALPHV/BlackCat" and "LockBit" groups. This article continues to discuss the increase in ransomware despite law enforcement disruptions.

GitLab has made security updates that address six vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE), including a critical-severity bug. The bug tracked as CVE-2024-6385, with a CVSS score of 9.6, allows an attacker to trigger a pipeline as another user. Contrast Security CISO David Lindner warns that the exploitation of the bug could enable attackers to run malicious code, access sensitive data, and compromise software integrity.

Dallas County is notifying over 200,000 people that the Play ransomware attack in October 2023 exposed their personal data to cybercriminals.  In October 2023, the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening to leak data it stole during an attack on its systems, including private documents from various departments.  It was taking a long time for Dallas to finish their investigation into the incident, so it created a dedicated call center in January 2024 to help answer people's questions.