TL;DR: Christmas SMS (1st and 2nd Week)

A corporation was fined for illegal advertising; schoolchildren in the US were given three days of cyber holiday; and a British medical centre gave its patients an unwanted gift in the form of a text message. Security researchers published decryption keys for ransomware; and cybercriminals started using artificial intelligence to write malware.

Fine for advertising

The Irish Data Protection Commission imposed a fine 390 million euros on Meta for violating GDPR on its platforms. The reason for the fine was that they moved the consent clause about personalized ads in the terms and conditions instead of having a “yes/no” option for users.

Publicly available database

The social network for the cricket community, Cricketsocial, had left its database containing 100,000 records publicly available and unencrypted. Analysis of the data revealed that it was test data, though it also contained information about the platform users. The database contained emails, phone numbers, hashed passwords, dates of birth and addresses.

Involuntary holidays

The DM Public Schools in the US state of Iowa had to cancel the classes for three days due to a large-scale cyberattack (probably ransomware). IT system administrators have shut down all systems as a precaution and a gradual restoring is still underway. The school has already been resumed, but with limited network operations.

Isolated Christmas error

An “isolated computer-related error” has occurred at the Askern surgery centre in the UK. A text message was sent to all patients of the centre which, instead of wishing them a “Merry Christmas”, contained the notification “Diagnosis – aggressive lung cancer with metastasis” with a form allowing patients with terminal conditions to claim benefits quickly. An hour later, after discovering the error, the centre texted out an apology and explained the situation to its patients.


  • LockBit ransomware group responsible for the encryption of SickKids Children’s Hospital systems, has apologised to the hospital and handed over the decryption keys for free.
  • Bitdefender security researchers have released a tool to decrypt the MegaCortex ransomware. Instructions on how to proceed can be found here.
  • The Serbian Ministry of the Interior has become a target of a large-scale DDoS attack. The Ministry managed to restore the operation of the systems in cooperation with Telecom Serbia.
  • CheckPoint security researchers have noted on hacker forums that cybercriminals started testing and, in some cases, using ChatGPT artificial intelligence to write malware.
  • A hospital in Romania became a target of a ransomware attack during December 2022. The hospital’s operations remain limited and the cybercriminals are demanding 3 BTC for the decryption keys, which is approximately 51 thousand euros.
  • Unknown cybercriminals gained access to Slack‘s private GitHub account and stole the source code. The platform reports that the attackers did not gain access to the production environment or customer data.
  • The ALPHV ransomware gang creatively published one victim’s data – on a replica of the victim’s site.

« Späť na zoznam