The Breach News

Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments

On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.

Microsoft Averts Chinese Cyber Espionage Targeting Western European Governments On July 11, 2023, Microsoft disclosed its successful defense against a sophisticated cyber attack orchestrated by a Chinese state-sponsored group. This operation targeted approximately two dozen organizations, including several governmental entities across Western Europe, in an effort to extract confidential information.…

Read More

Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments

On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.

Why Are HIPAA Risk Analyses Frequently Incomplete?

Governance & Risk Management, Healthcare, HIPAA/HITECH Prevailing Weaknesses in Healthcare Security: Navigating Regulatory Scrutiny Marianne Kolbasuk McGee (HealthInfoSec) • August 19, 2025 Federal regulators frequently find that many HIPAA-regulated entities conduct inadequate security risk analyses, if any. (Image: Getty Images) Regulatory bodies have persistently urged HIPAA-regulated organizations to enhance their…

Read MoreWhy Are HIPAA Risk Analyses Frequently Incomplete?

BianLian and RansomExx Exploit SAP NetWeaver Vulnerability to Deploy PipeMagic Trojan

Date: May 14, 2025
Categories: Ransomware / Vulnerability

Recent reports indicate that at least two cybercrime groups, BianLian and RansomExx, have taken advantage of a newly revealed security vulnerability in SAP NetWeaver, designated as CVE-2025-31324. This suggests that various threat actors are leveraging the flaw for nefarious purposes. Cybersecurity firm ReliaQuest has released an update today, detailing evidence of activity linked to both the BianLian data extortion group and the RansomExx ransomware faction, also known as Storm-2460 by Microsoft. Investigations show BianLian’s involvement in at least one incident, with infrastructure connections to previously identified e-crime IP addresses. “We located a server at 184[.]174[.]96[.]74 running reverse proxy services initiated by the rs64.exe executable,” the firm stated. “This server is associated with another IP, 184[.]174[.]96[.]70, managed by the same hosting provider, which had previously been flagged as a command-and-control (C2) server.”

Cybercrime Groups BianLian and RansomExx Exploit SAP NetWeaver Vulnerability to Distribute PipeMagic Trojan On May 14, 2025, cybersecurity experts revealed that two distinct cybercriminal organizations, BianLian and RansomExx, have exploited a recently identified vulnerability in SAP NetWeaver, designated as CVE-2025-31324. This finding underscores a growing trend among threat actors leveraging…

Read More

BianLian and RansomExx Exploit SAP NetWeaver Vulnerability to Deploy PipeMagic Trojan

Date: May 14, 2025
Categories: Ransomware / Vulnerability

Recent reports indicate that at least two cybercrime groups, BianLian and RansomExx, have taken advantage of a newly revealed security vulnerability in SAP NetWeaver, designated as CVE-2025-31324. This suggests that various threat actors are leveraging the flaw for nefarious purposes. Cybersecurity firm ReliaQuest has released an update today, detailing evidence of activity linked to both the BianLian data extortion group and the RansomExx ransomware faction, also known as Storm-2460 by Microsoft. Investigations show BianLian’s involvement in at least one incident, with infrastructure connections to previously identified e-crime IP addresses. “We located a server at 184[.]174[.]96[.]74 running reverse proxy services initiated by the rs64.exe executable,” the firm stated. “This server is associated with another IP, 184[.]174[.]96[.]70, managed by the same hosting provider, which had previously been flagged as a command-and-control (C2) server.”

Greater Western Water Billing System Update Results in Over 320 Data Breaches

Greater Western Water Experiences Significant Data Breaches Following Billing System Overhaul Greater Western Water, a Victorian Government-owned utility provider, has reported at least 320 breaches of customer privacy subsequent to a transition to a new billing system. This overhaul involved the consolidation of systems from City West Water and Western…

Read MoreGreater Western Water Billing System Update Results in Over 320 Data Breaches

Ransomware Groups Exploit Unpatched SimpleHelp Vulnerabilities for Double Extortion Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on Thursday that ransomware criminals are taking advantage of unpatched SimpleHelp Remote Monitoring and Management (RMM) systems to compromise clients of an unnamed utility billing software provider. “This incident highlights a growing trend of ransomware groups exploiting unpatched versions of SimpleHelp RMM since January 2025,” the agency stated in an advisory. Earlier this year, SimpleHelp identified several vulnerabilities (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that could lead to information disclosure, privilege escalation, and remote code execution. These vulnerabilities have been actively exploited, including by ransomware groups like DragonForce, to breach specific targets. In a recent report, Sophos revealed that a Managed Service Provider’s SimpleHelp system was compromised by threat actors using these flaws.

Ransomware Groups Exploit Unpatched SimpleHelp Vulnerabilities, Targeting Utility Billing Software Clients On June 13, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported a growing threat posed by ransomware actors leveraging unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software to compromise victims associated with an unnamed utility…

Read More

Ransomware Groups Exploit Unpatched SimpleHelp Vulnerabilities for Double Extortion Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on Thursday that ransomware criminals are taking advantage of unpatched SimpleHelp Remote Monitoring and Management (RMM) systems to compromise clients of an unnamed utility billing software provider. “This incident highlights a growing trend of ransomware groups exploiting unpatched versions of SimpleHelp RMM since January 2025,” the agency stated in an advisory. Earlier this year, SimpleHelp identified several vulnerabilities (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that could lead to information disclosure, privilege escalation, and remote code execution. These vulnerabilities have been actively exploited, including by ransomware groups like DragonForce, to breach specific targets. In a recent report, Sophos revealed that a Managed Service Provider’s SimpleHelp system was compromised by threat actors using these flaws.

Sensitive Medical Cannabis Patient Data Compromised Due to Unsecured Database

In a significant data breach impacting medical marijuana patients in Ohio, security researcher Jeremiah Fowler discovered a publicly accessible database that allegedly contained highly sensitive personal information. This incident has raised concerns over data security within the burgeoning legal cannabis sector, where businesses have accumulated extensive customer data for both…

Read MoreSensitive Medical Cannabis Patient Data Compromised Due to Unsecured Database

Rethinking Pen Testing: Beyond Compliance for Enhanced Security

May 15, 2025
Compliance / Penetration Testing

Picture this: Your organization checks off its annual penetration test in January with high scores for compliance. By February, a routine software update goes live. Fast forward to April, and attackers have exploited a vulnerability from that update, compromising customer data long before it’s detected. This scenario is all too common, highlighting that one-time compliance assessments won’t safeguard against vulnerabilities introduced afterward. According to Verizon’s 2025 Data Breach Investigation Report, the exploitation of vulnerabilities surged by 34% year-over-year. While compliance frameworks offer essential security guidance, organizations must embrace continuous security validation to identify and address new vulnerabilities proactively. Here’s what you need to understand about penetration testing for compliance requirements—and the necessity of transitioning to ongoing penetration testing for real security resilience.

Reevaluating Penetration Testing: Beyond Compliance to Continuous Security In an age where cyber threats evolve at a rapid pace, relying solely on annual penetration testing for compliance can leave organizations vulnerable to devastating breaches. A stark example illustrates this point: an organization may achieve high compliance scores after its annual…

Read More

Rethinking Pen Testing: Beyond Compliance for Enhanced Security

May 15, 2025
Compliance / Penetration Testing

Picture this: Your organization checks off its annual penetration test in January with high scores for compliance. By February, a routine software update goes live. Fast forward to April, and attackers have exploited a vulnerability from that update, compromising customer data long before it’s detected. This scenario is all too common, highlighting that one-time compliance assessments won’t safeguard against vulnerabilities introduced afterward. According to Verizon’s 2025 Data Breach Investigation Report, the exploitation of vulnerabilities surged by 34% year-over-year. While compliance frameworks offer essential security guidance, organizations must embrace continuous security validation to identify and address new vulnerabilities proactively. Here’s what you need to understand about penetration testing for compliance requirements—and the necessity of transitioning to ongoing penetration testing for real security resilience.

Details of Major Allianz Life Data Breach Reportedly Uncovered – AOL.com

Allianz Life Data Breach Exposes Sensitive Information: Key Details Emerge Recent reports have surfaced regarding a significant data breach involving Allianz Life, a major player in insurance and financial services. The breach has raised alarms, as sensitive information related to customers and their policies may have been compromised. Initial investigations…

Read MoreDetails of Major Allianz Life Data Breach Reportedly Uncovered – AOL.com