As we enter into September, the CYFOR Secure team is eager to present the first episode of this month’s Breach Breakdown. Our goal is to keep you informed about the latest developments in data breaches, cyber attacks, and related news, serving as your go-to source for recapping the month’s key reports.

This week, attackers were observed impacting:

CYFOR Secure - Canvey Island Infant School

Canvey Island Infant School

Canvey Island Infant School, serving young pupils, is grappling with a cyber attack that has compromised its IT system. The school will remain closed an extra day on September 3rd to address the breach and allow teachers to prepare for the new term.

Despite taking precautionary measures, the attack has hindered access to essential resources. The school, supported by Essex County Council, is working diligently to resolve the issue.

Read more here
PostgreSQL Database Attack - CYFOR Secure

PostgreSQL Database Attack

Cryptojacking attackers are targeting poorly protected PostgreSQL databases on Linux. They brute-force credentials, then create high-privilege user roles, remove superuser privileges from the compromised role, and deploy two payloads: PG_Core (to remove competing malware) and PG_Mem (which installs the XMRIG cryptominer).

PostgreSQL’s widespread use and common misconfigurations make it a prime target. To protect your PostgreSQL databases, use firewalls, VPNs, SSH tunnels, strong passwords, and secure configurations.

Full Piece here
Toyota Third-Party Breach - CYFOR Secure

Toyota Third-Party Breach

Toyota confirms customer data exposure due to a third-party breach, following the leak of 240GB of stolen data on a hacking forum. While Toyota assures the issue is limited and their systems weren’t compromised, the data includes sensitive employee, customer, and financial information.

The company is working with those impacted, though details on the data breach remain undisclosed. This incident follows a series of recent data breaches affecting the automaker.

Learn more here
Cicada3301 Rise - CYFOR Secure

Cicada3301 Rise

A new ransomware group, Cicada3301, is making waves by targeting Windows and Linux/ESXi systems with sophisticated encryption techniques. Using Rust, the group operates as a Ransomware-as-a-Service platform, offering tools for double extortion.

First observed in June 2024, the group has quickly gained popularity by listing multiple victims on their data leak site.

Learn more here
FBI Data Breach - CYFOR Secure

FBI Data Breach

RansomHub ransomware affiliates have breached over 200 critical U.S. infrastructure sectors since February 2024, focusing on data theft-based extortion.

Major victims include Patelco Credit Union, Rite Aid, and Frontier Communications. A new joint advisory from federal agencies highlights RansomHub’s tactics and urges enhanced security measures.

full report here

Each month, our experts will keep you updated with the latest news on data breaches, recent cybersecurity developments, and in-depth updates on previously reported attacks.

Want to learn more? Episode Four of Breach Breakdown can be found here.