Cybersecurity
Incident Report

DDoS Attacks Continue, Post-Election, Against Russian Independent Media SiteMeduzaSource

In April, Meduza faced two large-scale distributed denial-of-service (DDoS) attacks, prompting it to reach out to Qurium to investigate their origin and composition, the researchers said.

Source: The Record Date: April 29, 2024

North Korean Hackers Targeted Dozens of South Korean Defense Companies

Local reports claimed that the hackers targeted as many as 83 defense contractors and subcontractors, and managed to steal sensitive information from 10 of them between October 2022 and July 2023, although the campaign lasted over a year.

Source: Infosecurity Magazine Date: April 24, 2024

Hackers Publish Fake Story About Ukrainians Attempting To Assassinate Slovak President

An unidentified attacker hacked a Czech news service's website and published a fake story on Tuesday claiming that an assassination attempt had been made against the newly elected Slovak president Petr Pellegrini.

Source: The Record Date: April 24, 2024

This Website is Selling Billions of Private Messages of Discord Users

The website Spy.pet has been involved in a major privacy breach, selling billions of private messages from Discord users. This breach exposes personal information, private photos, financial details, and potentially company secrets.

Source: Hackread Date: April 23, 2024

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Cybersecurity researchers have discovered a new campaign exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices. The attackers utilize this vulnerability to deliver ScreenConnect and Metasploit Powerfun payloads, posing a significant threat to affected systems.

Source: The Hacker News Date: April 18, 2024

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Talos has issued a warning regarding a global surge in brute-force attacks targeting VPN and SSH services. These attacks employ both generic and valid usernames and indiscriminately target a wide range of sectors across various geographical locations.

Source: The Hacker News Date: April 18, 2024

Iran-Backed Hackers Blast Out Threatening Texts to Israelis

The Handala threat group, allegedly backed by Iran, has sent 500,000 threatening text messages to Israeli citizens. These messages contain anti-government rhetoric, posing a potential risk to national security.

Source: Dark Reading Date: April 16, 2024

New SteganoAmor Attacks Use Steganography to Target 320 Organizations Globally

A series of SteganoAmor attacks utilizing steganography has targeted 320 organizations globally. These attacks begin with malicious emails containing seemingly innocuous document attachments exploiting the CVE-2017-11882 flaw in Microsoft Office Equation Editor.

Source: Bleeping Computer Date: April 16, 2024

Hackers Deploy Crypto Drainers on Thousands of WordPress Sites

Hackers have deployed crypto drainers on thousands of WordPress sites, monetizing compromised platforms to promote fake NFT offers and crypto discounts. This poses a significant risk to site visitors' security and privacy.

Source: Bleeping Computer Date: April 9, 2024

UK: Police Launch Inquiry After MPs Targeted in Apparent ‘Spear-Phishing’ Attack

A police investigation has been launched after UK MPs were targeted in a spear[1]phishing attack. Security experts believe this attack could be an attempt to compromise the UK Parliament's security and integrity.

Source: The Guardian Date: April 8, 2024

Missouri County Declares State of Emergency Amid Suspected Ransomware Attack

A suspected ransomware attack has led to a state of emergency declaration in a Missouri county. Critical systems, including tax and online property payments, have been rendered inoperable, causing significant disruptions.

Source: ARS Technica Date: April 3, 2024

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

Highly sensitive files have disappeared from EUROPOL headquarters, posing a serious risk to ongoing investigations and agency operations. EUROPOL has notified impacted individuals and initiated an investigation into the incident.

Source: Security Affairs Date: April 3, 2024

INC Ransom Claims 'Cyber Incident' at UK City Council

The INC Ransom group has claimed responsibility for a cybersecurity incident at Leicester City Council. This underscores the disruptive impact of ransomware attacks on public services and institutions.

Source: The Register Date: April 3, 2024

OWASP Discloses a Data Breach Due to Wiki Misconfiguration

OWASP has disclosed a data breach resulting from a misconfiguration of its old Wiki web server. This breach compromised old member resumes, emphasizing the importance of robust security measures for protecting sensitive information.

Source: Security Affairs Date: April 2, 2024

Activision Recommends Users Enable 2FA to Secure Accounts

Recently Stolen by Malware An infostealer malware campaign has apparently collected millions of logins from users of various gaming websites, including players that use cheats and pay-to-cheat services

Source: Bleeping Computer Date: April 1, 2024

CONCLUSION

The incidents reported in April 2024 demonstrate the diverse range of cyber threats facing organizations and individuals globally. These incidents underscore the critical importance of implementing proactive cybersecurity measures, including patch management, employee training, and incident response planning, to mitigate the risks posed by cyber attacks. Organizations must remain vigilant and proactive in safeguarding their digital assets against evolving threats in the cybersecurity landscape.