On 23 November 2022, the pro-Russian hacktivist group Noname057 claimed to have launched a series of DDoS attacks on the Polish airport of Rzeszów-Jasionka. As of 17:00, the site was accessible in France but possibly unreachable from other countries and continents.   Read more about it : here

On Monday 7 November 2022, the company Continental acknowledged that following the cyber attack they suffered in August, approximately 40 terabytes of data had been exfiltrated. The investigation by cyber experts after the incident continues as the company also announced that no data had been encrypted, allowing business to continue.  It should be noted that on 4 November, LockBit 3.0 claimed responsibility for an attack on Continental, although it is not known whether this is the same attack as the one that took place in August.  Read more about it : here

On November 12, 2022, the cyber criminal group Kelvin Security claimed on Breach Forums a cyberattack against Norgine Italia. In this claim, it is stated that 3.15 GB of data has been exfiltrated from the system and that this data contains documents of various types, such as PDFs, DOCXs and XLSs. A link has also been provided to contact the seller and make purchase arrangements. This message was not only posted on Breach Forums, but also on the gang's Telegram channels.  Read more about it : here

On 9 November 2022, the cybercriminal group Hive ransomware added the Natherland-based company APM Terminals, a harbor operator, subsidiary of Maersk, to its list of victims. No details are given about the nature of the stolen data or the direct consequences of the attack on the company. The attack is believed to have taken place on 17 October and the stolen data will be released on 11 November.  Read more about it : here

On November 8, 2022, cybercriminal ransomware group LockBit 3.0 claimed to have attacked Richard Wolf Gmbh. Some of the company's data is said to be encrypted and the management has until 10 November to comply with LockBit 3.0. Some of the company's data is said to be encrypted and the management has until 10 November to comply with LockBit 3.0. Experts are reportedly working on the company's systems to assess the exact damage.  Read more about it : here

On 15 November 2022, according to a Kaspersky study, North Korean hackers Lazarus are using a new version of the DTrack backdoor to attack organisations in Europe and Latin America.  DTrack is a modular backdoor with a keystroke logger, screenshot logger, browser history retriever, running process spy, IP address logger, network connection information logger and more.  In addition to spying, it can also execute commands to perform file operations, retrieve additional payloads, steal files and data and run processes on the compromised device. Finally, Dtrack hides in an executable that looks like a legitimate program, and there are several decryption steps before the malware payload begins.  Targeted sectors include government research centres, policy institutes, chemical manufacturers, IT service providers, telecommunication providers, utility providers and education.  Read more about it : here

On November 5, 2022, an unknown threat actor announced on a hacker forum on the darkweb that the German company Scm-Pc-Card and the website of Evas Schatztruhe had suffered major data breach that would have affected about 1900 users for Scm-Pc-Card, and 1400 users for Evas Schatztruhe. The stolen data includes phone numbers, physical addresses, email addresses and password hashes for Scm-Pc-Card. For Evas Schatztruhe, the stolen data includes Nicknames, Usernames, UID, User Country, User Websites, User Email and Passwords.No details are given in the claim as to how the data was obtained, but it is announced that the data will be made available online for free. The impact of this attack could be significant for the users of the companies site who thus see their data exposed, with now a risk of possible future phishing campaigns or other various attacks more serious and more malicious than the original leak.  Read more about it : here and here

On 10 November 2022, the AlphV ransomware group added the French company Conforama to its list of victims. Conforama is a major European home furnishings retailer. The group claims to have stolen 1 terabyte of data, including financial documents, customer credit card data, marketing data, analytical strategies, logistics data, but also personal data of customers. The group has given Conforama 48 hours to contact them or all the data will be published and used for malicious purposes.  Read more about it : here

On 8 November 2022, the cybercriminal group BlackBasta, which specialises in ransomware, claimed responsibility for an attack on the wholesale company Metro. The data they claimed to have stolen contained ID cards, agreements and passports. Metro's IT infrastructure was effectively blocked by the attack and the company was experiencing problems with in-store payments and delivery of online orders.  Read more about it : here

On 15 November 2022, the pro-Russian hacktivist group KIlNet called on its affiliates to carry out a DDoS attack campaign on all possible organisations and entities in Poland and keep them inaccessible until 20 November 2022. In order to select targets, Killnet advises to perform a google search including "Online Poland, Login Poland, Poland commerce Online, Poland Health, Poland gov".  Read more about it : here