A data breach is every hospitality company’s worst nightmare, especially if it involves exposed guest records. This is exactly what Marriott International is going through. Not just the one sector though, data breaches affect every sector in the worst possible ways. A U.S.-based debt management firm had to notify hundreds of healthcare providers of a huge data breach incident. Scammers have taken to impersonating the UAE government to target businesses and job seekers. Here’s more from the last 24 hours.

Threat Intelligence - Hacking news

Top Breaches, Malware, Vulnerabilities Reported in the Last 24 Hrs

1. Unknown threat actors hit Marriott International and claimed to have stolen 20GB of data, including credit card details and sensitive information about employees and guests.

2. Northern Colorado-based PFC USA, an accounts receivable management firm, suffered a data breach that impacted 657 healthcare providers. The information accessed includes SSNs, names, addresses, health insurance and medical treatment information, and others.

3. Solana-based liquidity protocol Crema Finance suffered a theft of $8.78 million worth of cryptocurrencies via a flash loan attack.

4. An NPM supply-chain attack—ongoing since December 2021—leveraged several malicious NPM modules containing obfuscated JS code to infect hundreds of systems. Dubbed IconBurst, the campaign used typosquatting.

5. An advanced phishing campaign was found targeting individual job seekers and businesses by masquerading as the Ministry of Human Resources of the UAE government.

6. Bangladeshi military entities are under constant attack by Bitter APT, who is using a new backdoor named ZxxZ. ongoing since mid-May, the attack spreads through a weaponized Excel document.

7. Hive RaaS has migrated its operating software to Rust for improved encryption. Being one of the fastest-growing ransomware families, Hive’s latest variant comes with several upgrades.

8. An updated version of the new PennyWise infostealer can now target over 30 browsers and cryptocurrency apps, including crypto browser extensions and cold crypto wallets. It pretends to be a Bitcoin mining app on YouTube.

9. A new ransomware, dubbed RedAlert or N13V, encrypts both Linux and Windows VMware ESXi servers on corporate networks. Currently, the group has only one victim listed on its data leak site.

10. NIST chose four quantum-resistant tools—CRYSTALS-Kyber algorithm, CRYSTALS-Dilithium, FALCON, and SPHINCS+— to incorporate into its post-quantum cryptographic standard to protect sensitive data against an attack from a quantum computer.