8 Latest Data Breaches and Cyber Attacks
Share
Stay informed with our daily alerts tailored for boardroom and C-suite executives, CIOs, CSOs, CISOs, IT leaders, and cybersecurity professionals. When there’s a significant cyberattack, hack, or data breach, we’re on it, delivering the critical news you need to know.
Halliburton Hit by Cyberattack: Operations Disrupted as Oilfield Giant Investigates
Halliburton, a leading U.S. oilfield services firm, has been struck by a cyberattack affecting its systems, particularly those at its north Houston campus and some global networks. The company is collaborating with external experts to identify and resolve the issue, while advising staff to avoid connecting to internal networks. This attack is the latest in a series of cyberattacks targeting major U.S. companies, raising concerns about the vulnerability of critical infrastructure in the energy sector. The extent of the attack’s impact remains unclear, though it draws parallels to previous high-profile ransomware incidents, including the Colonial Pipeline breach in 2021. Full Story
Microsoft to Host Cybersecurity Summit Following CrowdStrike-Induced Global IT Outage
In response to a widespread IT outage caused by a faulty update from CrowdStrike, Microsoft has announced a cybersecurity summit scheduled for September 10 at its Redmond, Washington headquarters. The outage, which impacted nearly 8.5 million Windows devices on July 19, disrupted operations across various sectors, including airlines, banks, and healthcare. The summit will gather industry leaders and government representatives to discuss strengthening cybersecurity systems and addressing the vulnerabilities highlighted by the incident. The event underscores the critical need for more resilient IT ecosystems, especially as reliance on single-vendor security solutions exposes significant risks. CrowdStrike, now facing lawsuits and a $9 billion loss in market value, will also participate in the discussions. Full Story
Audit Reveals Major Security Flaws in FBI’s Handling of Classified Media
A recent audit by the Department of Justice’s Office of the Inspector General (OIG) has uncovered significant security gaps in the FBI’s management of electronic storage media containing sensitive and classified information. The audit revealed that the FBI lacks adequate procedures for tracking and disposing of storage media, such as hard drives and thumb drives, after they are extracted from larger devices. Additionally, the FBI has been found to inconsistently label these media with the correct classification levels, raising the risk of unauthorized access to sensitive information. The report also identified weaknesses in the physical security of the facility where media destruction occurs, including unsecured storage and non-functioning surveillance cameras. In response, the FBI has acknowledged these issues and is working on implementing corrective actions, including revising procedures, improving classification labeling, and enhancing physical security measures. The agency is developing a new directive titled Physical Control and Destruction of Classified and Sensitive Electronic Devices and Material Policy Directive to address these shortcomings. The OIG expects the FBI to provide an update on the implementation of these measures within 90 days. Full Story
U.S. Warns of Escalating Iranian Cyber Influence Operations Targeting Elections
The U.S. government has issued a warning about Iran’s escalating cyber efforts to influence upcoming elections, including targeting Presidential campaigns and the American public. A joint statement from the Office of the Director of National Intelligence (ODNI), FBI, and Cybersecurity and Infrastructure Security Agency (CISA) highlights Iran’s aggressive cyber activities, including attacks to access sensitive election information and spread misinformation. The advisory emphasizes Iran’s intent to undermine confidence in U.S. democratic institutions, particularly as Tehran perceives this election as crucial to its national security interests. Recent reports confirm Iranian state-backed hackers breached former President Trump’s campaign, stealing and leaking confidential data. Microsoft and OpenAI have also identified increased Iranian cyber activities, such as password spraying, spear-phishing, and covert influence operations using AI-generated content. Meta’s latest report ranks Iran as the second most frequent source of foreign interference after Russia. U.S. authorities are urging election stakeholders to report suspicious activities, assuring that voting infrastructure security remains resilient against potential disruptions. Full Story
Study Reveals Major Security Gaps in Political Donation Sites Ahead of Election Season
A study by DataDome has revealed that two out of three major political donation websites in the U.S. lack critical security measures, making them prime targets for cybercriminals as the election season approaches. The research found that only one platform utilized two-factor authentication, while none had adequate protections against bot traffic or credential stuffing. The lack of robust security measures exposes users to risks such as identity theft, financial fraud, and compromised personal information. Additionally, a breach could result in chargebacks, legal fees, and damage to the platform’s reputation, potentially affecting fundraising efforts. The report urges these platforms to strengthen their security to safeguard donor information and maintain trust as political donations increase. Full Story
McDonald’s Instagram Hacked by Crypto Scammers: $700K Stolen in Rug Pull Scam
McDonald’s official Instagram account was hacked by cryptocurrency scammers who used the platform to promote a fake digital currency, claiming to have stolen $700,000. The hackers, identifying themselves as India_X_Kr3w, changed the account’s caption to announce the scam to over 5.1 million followers. The scam involved a rug pull, where the scammers created and hyped a fake cryptocurrency, GRIMACE, on the Solana network. The coin’s value skyrocketed to $25 million within 30 minutes before plummeting to zero. McDonald’s quickly resolved the issue and apologized for the offensive content. The incident also involved the hacking of a senior McDonald’s marketing director’s social media accounts, which were used to further promote the fake coin. The posts were later removed, but the incident highlights the growing risks of cryptocurrency scams on social media platforms. Full Story
Toyota Confirms 240GB Data Breach, Sensitive Customer Information Leaked by Hackers
Toyota has confirmed a significant data breach involving approximately 240GB of information, which was leaked by the hacker group ZeroSevenGroup. The stolen data, reportedly originating from a Toyota outlet in the U.S., includes personal information of customers and staff, financial documents, and details about the company’s network infrastructure. While Toyota stated that the breach was limited in scope, it has not disclosed the number of affected customers or the full extent of the data exposure. This incident follows a previous cyberattack in November that compromised millions of customer records at Toyota’s financial services arm. The breach highlights ongoing cybersecurity challenges within the automotive industry, underscored by recent disruptions at CDK Global, which impacted thousands of U.S. car dealerships. Full Story
Ukraine’s Monobank Hit by Massive DDoS Attack Amid Ongoing Cyber Warfare
Ukraine’s largest mobile-only bank, Monobank, experienced a massive denial of service (DDoS) attack on August 16, with approximately one billion service requests flooding its servers within three hours. Despite the scale of the attack, Monobank’s co-founder and CEO, Oleh Horokhovskyi, reassured the public that the situation was under control. This is not the first time Monobank has been targeted; a similar attack in January sent over 580 million service requests to its website. While the perpetrators of the recent attack remain unidentified, it follows a pattern of cyberattacks linked to Russian hackers amid the ongoing conflict between Ukraine and Russia. Ukrainian hackers have also retaliated, with Ukraine’s IT Army claiming responsibility for previous DDoS attacks against Russian financial institutions. Full Story