The Record
60 credit unions facing outages due to ransomware attack on popular tech provider
The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
SecurityWeek
Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals
ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts Dollar Tree.
Infosecurity News
Hackers Exploit Critical Vulnerability in ownCloud
Zero-day bug could allow remote control of servers
Ars Technica
ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
Easy-to-exploit flaw can give hackers passwords and cryptographic keys to vulnerable servers.
SC Magazine
Thanksgiving week ransomware attack hits Ardent Health hospitals in 6 states
More than 200 sites of care and 30 hospitals in Ardent Health Services' system were affected by the ransomware attack, which was discovered Thanksgiving morning.
Security Affairs
Welltok data breach impacted 8.5 million patients in the U.S.
Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 million patients in the U.S.
Security Affairs
Automotive parts giant AutoZone disclosed data breach after MOVEit hack
American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack
Bleeping Computer
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
SecurityWeek
185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack.
Bleeping Computer
Auto parts giant AutoZone warns of MOVEit data breach
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks.
CyberNews
AutoZone adds itself to MOVEit victim list
US automotive parts giant says up to nearly 185,000 people may have been affected by cyberattack earlier this year.
CSO
MOVEit carnage continues with over 2600 organizations and 77M people impacted so far
The number of companies impacted by one of the biggest cyberattack incidents of the year continues to grow.
CyberNews
Welltok MOVEit hack impacts 1.6M individuals
Welltok MOVEit Trasnfer breach impacted millions of individuals.
Security Affairs
Security Affairs newsletter Round 446 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Bleeping Computer
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
The Record
More than 330,000 Medicare recipients affected by MOVEit breach
In the latest disclosures related to a Russian ransomware gang’s exploitation of the popular MOVEit file transfer service, more than 330,000 Medicare recipients were confirmed affected in a leak of sensitive data from the government agency that oversees the program.
The Record
FCC adopts new rules for wireless providers to rein in SIM swapping
The new rules are an attempt to curb the practice of SIM swapping, a scam tactic that has caused billions in losses.
CyberNews
MESVision attack exposes nearly 350K individuals
MESVision fell victim in MOVEit Trasnfer hack, exposing hundreds of thousands of victims.
The Record
Long Beach is latest California city facing cybersecurity incident
Long Beach's office of the city manager released a statement saying officials within the government were investigating the issue alongside a cybersecurity firm and had contacted the FBI for assistance.
CyberSecurity Dive
File-transfer services, rich with sensitive data, are under attack
This year has seen a trio of supply-chain attacks that created turmoil for thousands of corporate victims and their customers.
SecurityWeek
Mr. Cooper Says Customer Data Compromised in Cyberattack
US mortgage giant Mr. Cooper announced over the weekend that customer data was compromised in an October 31 cyberattack.
Cyber Security News
MOVEit Hackers Turn to SysAid Servers Zero-Day Vulnerability
SysAid disclosed a zero-day which was affecting on-premises SysAid servers. The vulnerability was found to be a path traversal vulnerability.
Bleeping Computer
Maine govt notifies 1.3 million people of MOVEit data breach
The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population.
CyberSecurity Dive
For Maine, the MOVEit attack is personal
With 1.3 million individuals compromised, the level of exposure on an individual basis is one that's representative of a compromise of its entire population.
Infosecurity News
MOVEit Gang Targets SysAid Customers With Zero-Day Attacks
Lace Tempest looks to spread Clop malware to victims
CyberNews
1.3M impacted in the State of Maine data breach
The State of Maine data breach exposed over a million of its residents.
CyberNews
Allen & Overy law firm breached, LockBit takes credit
Top global law firm Allen & Overy (A&O) said some of its systems have been impacted due to a “data incident” claimed by the LockBit ransomware group.
The Hacker News
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
Microsoft exposes Lace Tempest's latest move: exploiting a zero-day flaw in SysAid IT support software.
Bleeping Computer
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
The Record
Ransomware gang behind MOEVit attacks are targeting new zero-day, Microsoft says
The Russian ransomware gang behind the exploitation of several popular file transfer tools is now exploiting a new vulnerability in SysAid IT support software, according to a new report.
CSO
NetRise releases Trace solution with AI-powered semantic search aimed at protecting firmware
The platform analyzes XIoT firmware using large language model capabilities to follow compromised or vulnerable assets back to their source.
CSO
Eclypsium launches supply chain security guide to track risks and incidents
The guide offers supply chain risk intelligence for IT infrastructure including endpoints, servers, network devices, and cloud infrastructure products.
The Record
California community college Río Hondo dealing with cybersecurity incident
The LockBit ransomware gang added the school to its list of victims, giving officials until November 20 to pay an undisclosed ransom.
Cyber Security News
Over 700 Zero-Day Vulnerabilities Identified in Q3 2023: Mitigation Methods on WAAP
A "zero-day vulnerability" is a security flaw or weakness in a software application, operating system, or hardware device unknown to the vendor or the public.
Bleeping Computer
September was a record month for ransomware attacks in 2023
Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.
CyberSecurity Dive
US data compromises hit all-time high
Supply-chain attacks and zero-day exploits, such as the widespread attacks against the MOVEit file-transfer service, are surging, according to the Identity Theft Resource Center.
Infosecurity News
Ransomware Targets Unpatched WS_FTP Servers
The threat actors attempted to escalate privileges using the open-source GodPotato tool
The Hacker News
Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023?
Ransomware attacks have evolved in Q3-2023, employing new techniques to bypass defenses. Discover the strategies ransomware groups have been adopting.
Bleeping Computer
Ransomware attacks now target unpatched WS_FTP servers
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks.
SecurityWeek
SEC Investigating Progress Software Over MOVEit Hack
Progress Software confirms the SEC has launched its own investigation into costly ransomware zero-days in the MOVEit file transfer software.
Infosecurity News
US Smashes Annual Data Breach Record With Three Months Left
Volume of data compromises already exceeds previous high by 14%
CSO
SEC to investigate Progress Software over mass MOVEit hack
Progress has been served a notice to turn in various documents and information relating to MOVEit vulnerability.
The Record
Progress Software facing dozens of class action lawsuits, SEC investigation following MOVEit incident
The company told the Securities and Exchange Commission that it is facing 58 class action lawsuits, as well as inquiries from a variety of agencies, in relation to the MOVEit cyberattacks.
The Record
European Commission demands X account for disinformation in wake of Hamas attacks
The European Commission (EC) has sent X a formal request for information, following the spread of disinformation related to violence in Israel that is potentially illegal under European Union law.
CyberSecurity Dive
Progress Software’s financial hit from MOVEit cuts deeper
With insurance coverage dwindling, and class-action lawsuits and financial restitution claims piling up, more trouble could be on the way for the software company.
Infosecurity News
Flagstar Bank MOVEit Breach Affects 800K Customer Records
The incident occurred between May 27 and 31 2023, before MOVEit Transfer vulnerability was publicly disclosed
Bleeping Computer
Third Flagstar Bank data breach since 2021 affects 800,000 customers
Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider.
Infosecurity News
Record Numbers of Ransomware Victims Named on Leak Sites
A new Secureworks report finds that 2023 is on course to be the biggest year on record for victim naming on ‘name and shame’ sites
SecurityWeek
Sony Confirms Data Stolen in Two Recent Hacker Attacks
Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups.
-1.webp)
Cyber Security News
Sony Breached Via MOVEit Zero-Day Vulnerability
Sony Interactive Entertainment (SIE) discloses a cybersecurity breach caused by the exploitation of a zero-day vulnerability in MOVEit.
The Record
Microsoft: Human-operated ransomware attacks tripled over past year
Human-operated attacks typically involve the active abuse of remote monitoring and management tools. Microsoft said its data could point to a shift in how the cybercrime underground works.
Bleeping Computer
Sony confirms data breach impacting thousands in the U.S.
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.
Ars Technica
Active attacks exploiting WS_FTP pose a grave threat to the Internet
Will attacks be as big as those targeting MOVEit? Maybe not, but they still can be plenty bad.
DarkReading
Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far
While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology.
CyberSecurity Dive
Multiple exploits hit Progress Software’s WS_FTP Server
A Progress spokesperson criticized unnamed third parties for releasing a proof of concept that "provided threat actors a roadmap on how to exploit the vulnerabilities."
The Record
Hackers seen exploiting bugs in browsers and popular file transfer tool
One flaw is in open source code known as "libvpx," which is involved with handling media such as images. The other issue is with software known as WS_FTP.
Bleeping Computer
Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform.
SecurityWeek
Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure.
Bleeping Computer
The Week in Ransomware - September 29th 2023 - Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed.
DarkReading
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
In the wake of Cl0p's MOVEit rampage, Progress Software is sending file-transfer customers scrambling again — this time to patch a critical bug that is easily exploitable with a specially crafted HTTPS POST request.
CyberSecurity Dive
Progress Software discloses 8 vulnerabilities in one of its other file-transfer services
The company behind the beleaguered MOVEit service has another vulnerable tool — WS_FTP Server. While there are no known exploits, two of the CVEs are critical.
Infosecurity News
MOVEit Developer Patches Critical File Transfer Bug
CVSS 10.0 flaw was found in the WS_FTP Server software
The Hacker News
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Progress Software releases hotfixes for critical CVE-2023-40044 and 7 other vulnerabilities in WS_FTP Server
Bleeping Computer
Progress warns of maximum severity WS_FTP Server vulnerability
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.
SecurityWeek
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
Critical flaws in Progress Software's WS_FTP product allows pre-authenticated attackers to wreak havoc on the underlying operating system.
CyberSecurity Dive
Progress Software says business impact ‘minimal’ from MOVEit attack spree
While the company reported $951,000 in cyber incident and vulnerability response expenses for its third quarter, they represent just a sliver of its revenue.
The Record
MOVEit maker announces new critical vulnerability affecting a different file transfer tool
The company behind a popular file transfer service that was exploited by ransomware hackers has announced a new set of vulnerabilities affecting another file transfer tool.
Bleeping Computer
SickKids impacted by BORN Ontario data breach that hit 3.4 million
The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN Ontario "related to pregnancy, birth and newborn care."
Bleeping Computer
BORN Ontario child registry data breach affects 3.4 million people
The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware's MOVEit hacking spree.
SecurityWeek
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
Nearly 900 US schools are impacted by the MOVEit hack at the educational nonprofit National Student Clearinghouse.
Infosecurity News
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
The Record
MOVEit fallout continues as National Student Clearinghouse says nearly 900 schools affected
The National Student Clearinghouse (NSC) reported the full tally of colleges and universities across the U.S. which had data stolen in ransomware attacks targeting the popular MOVEit file-sharing tool.
Bleeping Computer
National Student Clearinghouse data breach impacts 890 schools
U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting 890 schools using its services across the United States.
SecurityWeek
In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
Noteworthy stories that might have slipped under the radar: Snowden file analysis, Yubico starts trading, election hacking event.
Infosecurity News
#mWISE: Why Zero Days Are Set for Highest Year on Record
Experts at the mWISE conference discussed who is behind the surge in zero-day exploits
The Record
Nova Scotia says all victims of MOVEit breach have been notified
One of the first North American organizations to suffer a data breach because of a vulnerability in the MOVEit file-transfer software says it has notified more than 165,000 people that their personal information was stolen.
The Record
Cyber insurance claims spiked in first half of 2023 as ransomware attacks surged: report
A cyber insurance firm reported a significant jump in the number of claims during the first half of the year, adding that damages caused by attacks has also increased.
Infosecurity News
Clorox Struggling to Recover From August Cyber-Attack
US manufacturer can’t say when operations will return to normal
The Hacker News
The Interdependence between Automated Threat Intelligence Collection and Humans
From optimization to detecting new threats, here's why humans are needed in automated threat intel
CyberSecurity Dive
Generative AI, contactless tech make hotels vulnerable to cyberattacks
Guest and worker turnover, as well as new technology adoption, make the hospitality industry an appealing target for cybercriminals, according to Trustwave SpiderLabs.
Bleeping Computer
Johnson & Johnson discloses IBM data breach impacting patients
Johnson & Johnson Health Care Systems ("Janssen") has informed its CarePath customers that their sensitive information has been compromised in a third-party data breach involving IBM.
Bleeping Computer
University of Michigan requires password resets after cyberattack
The University of Michigan (UMICH) warned staff and students on Tuesday that they're required to reset their account passwords after a recent cyberattack.
SecurityWeek
Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data
British mesh fencing systems maker Zaun discloses LockBit ransomware attack potentially impacting data related to UK military
CyberSecurity Dive
SEC cyber disclosure rules are taking effect: Here’s what to expect
With enforcement on the horizon, much of the SEC's rules for material disclosures are subject to interpretation.
The Record
Paramount confirms data breach after cyberattack
The movie studio and streaming giant Paramount confirmed a data breach this week involving the personal information of fewer than 100 people.
Bleeping Computer
Paramount discloses data breach following security incident
American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII).
The Record
How did Clop get its hands on the MOVEit zero day?
Dustin Childs, the head of threat awareness for the Zero Day Initiative, explains to the Click Here podcast team how zero-day vulnerabilities make it into the hands of cybercriminals.
Bleeping Computer
University of Michigan shuts down network after cyberattack
The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started.
CyberSecurity Dive
MOVEit attack victim count surpasses 1,000 organizations
Months after the campaign was discovered, victims are still coming forward and, in most cases, breaches at third-party vendors are to blame.
SecurityWeek
10 Million Likely Impacted by Data Breach at French Unemployment Agency
The personal information of roughly 10 million individuals might have been compromised in a data breach at Pole Emploi.
Security Affairs
French employment agency Pôle emploi data breach impacted 10M people
Pôle emploi, the French government employment agency suffered a data breach that impacted 10 million individuals. The French government employment agency Pôle emploi suffered a data breach and is notifying 10 million individuals impacted by the security breach. At the end of last week, the agency was informed of the compromise of the information system of […]
The Hacker News
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
The leak of LockBit 3.0 ransomware builder has led to the emergence of various new cyber threats: Bl00dy, Buhti, and NATIONAL HAZARD AGENCY.
Bleeping Computer
Data breach at French govt agency exposes info of 10 million people
Pôle emploi, France's governmental unemployment registration and financial aid agency, is informing of a data breach that exposed data belonging to 10 million individuals.
SecurityWeek
Nearly 1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack
Nearly 1,000 organizations and 60 million individuals are impacted by the MOVEit hack, and the Cl0p ransomware gang is leaking stolen data.
Infosecurity News
Sensitive Data of 10m at Risk After French Employment Agency Breach
The data breach is suspected to be linked to the Clop MOVEit hack
DarkReading
Ransomware Reaches New Heights
It's not going anywhere: Easy-to-exploit bugs like MOVEit, leaks of stolen data, and rapid-fire escalation are keeping ransomware attacks as painful as ever.
SecurityWeek
Cybersecurity Companies Report Surge in Ransomware Attacks
Cybersecurity companies have released a dozen ransomware reports in recent weeks and most of them show a surge in attacks.
Bleeping Computer
The MOVEit hack and what it taught us about application security
When a cyberattack like the 2023 MOVEit hack makes global news headlines, attention often focuses on the names of the affected organizations. This article from @Outpost24 overviews the Moveit hack and aims to draw some important actionable takeaways for your business.
Security Affairs
Carderbee APT targets Hong Kong orgs via supply chain attacks
A previously unknown APT group, tracked as Carderbee, was behind a supply chain attack against Hong Kong organizations. Symantec Threat Hunter Team reported that a previously unknown APT group, tracked as Carderbee, used a malware-laced version of the legitimate Cobra DocGuard software to carry out a supply chain attack aimed at organizations in Hong Kong. […]
The Record
University of Minnesota confirms data breach
The University of Minnesota confirmed that the sensitive personal information of students, faculty and employees was leaked in a data breach, following a report last month from security researchers.
Infosecurity News
Continued MOVEit Exploitation Drives Record Ransomware Attacks
NCC Group researchers observed 502 ransomware attacks in July 2023, with a large proportion made up of Clop’s continued exploitation of MOVEit
DarkReading
Chinese APT Targets Hong Kong in Supply Chain Attack
Dubbed Carderbee, the group used legitimate software and Microsoft-signed malware to spread the Korplug/PlugX backdoor to various Asian targets.
CyberScoop
Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack
The unknown and unattributed hackers compromised legitimate software in apparent focused attack, researchers said.
CyberSecurity Dive
MOVEit attack spree makes Clop this summer’s most-prolific ransomware group
The financially-motivated threat actor was responsible for one-third of all ransomware attacks in July, according to NCC Group and Flashpoint.
The Record
Legitimate software tainted in attacks on Hong Kong organizations, report says
Symantec says it found abuse of the legitimate Cobra DocGuard software by a previously unknown advanced persistent threat (APT) group that it's labeling as Carderbee.
Security Affairs
Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection WinRAR flaw enables remote […]
Bleeping Computer
The Week in Ransomware - August 18th 2023 - LockBit on Thin Ice
While there was quite a bit of ransomware news this week, the highlighted story was the release of Jon DiMaggio's third article in the Ransomware Diaries series, with the focus of this article on the LockBit ransomware operation.
SecurityWeek
Rapid7 Says ROI for Ransomware Remains High; Zero-Day Usage Expands
Rapid7 says criminal ransomware gangs could easily be able to purchase and use bevy of zero-day exploits for vulnerable enterprise software.
Infosecurity News
Ransomware Surges With 1500 Confirmed Victims This Year
A Rapid7 report finds there have been at least 1500 ransomware victims in the first half of 2023
Bleeping Computer
Triple Extortion Ransomware and the Cybercrime Supply Chain
Ransomware attacks continue to grow both in sophistication and quantity. Learn more from Flare about ransomware operation's increasing shift to triple extortion.
Infosecurity News
CISA Urges Patching of Actively Exploited Citrix Bug
Citrix ShareFile vulnerability dates back to June
The Hacker News
CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks
Citrix ShareFile under attack! Learn about ongoing exploitation of CVE-2023-24489 and how to defend your systems.
Bleeping Computer
CISA warns of critical Citrix ShareFile flaw exploited in the wild
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild.
Naked Security
“Grab hold and give it a wiggle” – ATM card skimming is still a thing
The rise of tap-to-pay and chip-and-PIN hasn’t rid the world of ATM card skimming criminals…
SecurityWeek
1.5 Million Impacted by Ransomware Attack at Canadian Dental Service
The personal information of 1.5 million individuals was compromised in a ransomware attack at Alberta Dental Service Corporation (ADSC).
SecurityWeek
Colorado Health Agency Says 4 Million Impacted by MOVEit Hack
Colorado’s health programs administrator says the personal information of 4 million individuals was compromised in the recent MOVEit hack.
Security Affairs
Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach
The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM. The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. The incident is the result of a MOVEit attack on IBM, threat actors accessed the […]
Bleeping Computer
Colorado warns 4 million of data stolen in IBM MOVEit breach
The Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million individuals of a data breach that impacted their personal and health information.
Bleeping Computer
The Week in Ransomware - August 11th 2023 - Targeting Healthcare
While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care.
Bleeping Computer
Missouri warns that health info was stolen in IBM MOVEit data breach
Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack.
Infosecurity News
Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients
Information involved in the incident includes names, dates of birth and medical claims information
CyberSecurity Dive
The MOVEit spree is as bad as — or worse than — you think it is
The mass exploit has compromised more than 600 organizations, but that only scratches the surface of the potential number of downstream victims. Security experts project years of fallout.
Cyber Security News
Top 5 Security Vulnerabilities of 2023: Apache and OpenSSH Are The Most Vulnerable
The top 5 security vulnerabilities for 2023 have been revealed by a recent study, with Apache and OpenSSH services being the most vulnerable.
Security Affairs
LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems
The LockBit ransomware group threatens to leak medical data of cancer patients stolen from Varian Medical Systems. The LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and threatens to leak the medical data of cancer patients. Varian Medical Systems, Inc. designs, manufactures, sells, and services medical devices and software products […]
The Record
Missouri says some Medicaid health information was compromised in MOVEit breach
Missouri’s Department of Social Services (DSS) this week became the latest state agency to confirm it had data stolen through a vulnerability affecting the MOVEit file transfer tool.
Bleeping Computer
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities.
DarkReading
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits
Threat actors such as the operators of the Cl0p ransomware family increasingly exploit unknown and day-one vulnerabilities in their attacks.
Trend Micro
Cybersecurity Threat 1H 2023 Brief with Generative AI
How generative AI influenced threat trends in 1H 2023
CyberSecurity Dive
White House rolls out millions in funding to combat K-12 cyberattacks
Federal officials are meeting with key administrators and technology providers to address a surge in ransomware and other malicious activity facing K-12 schools.
SecurityWeek
Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach
Colorado Department of Higher Education targeted in a ransomware attack that resulted in a data breach impacting many students and teachers.
Infosecurity News
Clop Gang Offers Data Downloads Via Torrents
Latest innovation designed to speed up download process
The Record
Hackers accessed 16 years of Colorado public school student data in June ransomware attack
A ransomware attack resulted in a data breach affecting every student who attended Colorado public schools between 2004 and 2020.
Bleeping Computer
Clop ransomware now uses torrents to leak data and evade takedowns
The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in MOVEit attacks.
Bleeping Computer
The Week in Ransomware - August 4th 2023 - Targeting VMware ESXi
Ransomware gangs continue to prioritize targeting VMware ESXi servers, with almost every active ransomware gang creating custom Linux encryptors for this purpose.
CSO
Ransomware victim numbers surge as attackers target zero-day vulnerabilities
Ransomware groups are also prioritizing the exfiltration of files, which has become the primary source of extortion.
Bleeping Computer
US govt contractor Serco discloses data breach after MoveIT attacks
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server.
Infosecurity News
Cyber-Attacks Targeting Government Agencies Increase 40%
BlackBerry found that public services now rank as the second most targeted industry by threat actors
Infosecurity News
Manufacturing Sector Reeling From Financial Costs of Ransomware
Analysis by Comparitech found that manufacturers have lost $46.2bn from ransomware attacks in downtime alone since 2018
Trend Micro
New SEC Cybersecurity Rules: What You Need to Know
The US Securities and Exchange Commission (SEC) recently adopted rules regarding mandatory cybersecurity disclosure. Explore what this announcement means for you and your organization.
Infosecurity News
Capita Boss to Step Down Following Cyber Incident
AWS VP Adolfo Hernandez will replace Jon Lewis as CEO
SecurityWeek
Bedding Giant Tempur Sealy Takes Systems Offline Following Cyberattack
Bedding products provider Tempur Sealy says it has shut down certain systems following a cyberattack, possibly ransomware.
Naked Security
SEC demands four-day disclosure limit for cybersecurity breaches
When is a ransomware attack a reportable matter? And how long have you got to decide?
CyberSecurity Dive
MoveIT breach exposes data of 612K Medicare beneficiaries, CMS says
The data was compromised as part of a breach at third-party provider Maximus. The government contractor said the data of as many as 11 million individuals was affected in the incident.
Security Affairs
Security Affairs newsletter Round 430 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Now Abyss Locker also targets VMware ESXi servers Russian APT BlueBravo targets diplomatic entities with GraphicalProton […]
Bleeping Computer
The Week in Ransomware - July 28th 2023 - New extortion tactics
With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims.
Cyber Security News
Hackers Stole Over 8 Million Users Data From U.S. Government Services Contractor
Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals' 'Users Data' protected health information.
Infosecurity News
MOVEit Campaign Claims Millions More Victims
US government services firm is latest to reveal compromise
Security Affairs
DepositFiles exposed config file, jeopardizing user security
DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials. The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic “the cloud is just someone else’s computer” analogy. DepositFiles, a service boasting that it’s the […]
Bleeping Computer
8 million people hit by data breach at US govt contractor Maximus
U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.
SecurityWeek
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus
Maximus Inc says that the personal information of 8 to 11 million individuals was stolen in the MOVEit cyberattack.
Latest Hacking News
Ivanti Mobile Management Software Zero-Day Under Active Attack
Organizations using the Ivanti EPMM mobile management software must update their systems immediately as hackers have started exploiting a zero-day vulnerability. Ivanti Mobile Management Software Zero-Day According to a recent advisory from Ivanti, the vendors have detected
The Record
US contractor says info of up to 10 million leaked in MOVEit breach
An IT firm that provides services to Medicaid, Medicare, U.S. student loan servicers and other government programs confirmed that the information of up to 10 million people may have been accessed by hackers exploiting the MOVEit file transfer software.
Bleeping Computer
ALPHV ransomware adds data leak API in new extortion strategy
The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks.
CSO
Network Resilience Coalition launches to improve patch, vulnerability management
Coalition aims to enhance hardware and software security with founding members including cybersecurity vendors Cisco and Fortinet as well as BT Group and VMware
Cyber Security News
MOVEit Hack: Over 400 Organizations' Hacked by CL0P Ransomware Group
The Russian ransomware group ‘Clop’ exploits a flaw in Progress Software's MOVEit product suite in late May to steal data from unprotected networks.
SecurityWeek
MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows
Experts believe the Cl0p ransomware gang could earn as much as $100 million from the MOVEit hack, with hundreds of confirmed victims
Infosecurity News
Clop Could Make $100m from MOVEit Campaign
Coveware claims small number of victims paid very high ransoms
CSO
Vast majority of organizations are no longer vulnerable to MOVEit
Organizations are remediating MOVEit vulnerabilities 21 times faster compared wit other vulnerabilities, according to research by Bitsight.
Bleeping Computer
Clop now leaks data stolen in MOVEit attacks on clearweb sites
The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom.
Bleeping Computer
The Week in Ransomware - July 21st 2023 - Avaddon Back as NoEscape
This edition of the Week in Ransomware covers the last two weeks of news, as we could not cover it last week, and includes quite a bit of new information, including the return of the Avaddon ransomware gang.
Bleeping Computer
Clop gang to earn over $75 million from MOVEit extortion attacks
The Clop ransomware gang is expected to earn between $75-100 million from extorting victims of their massive MOVEit data theft campaign.
Bleeping Computer
CISA: Citrix RCE bug exploited to breach critical infrastructure org
Threat actors have breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.
Bleeping Computer
Netscaler ADC bug exploited to breach US critical infrastructure org
The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week.
Infosecurity News
Clop Drives Record Ransomware Activity in June
Scores of victims hit by MOVEit campaign
The Record
DHL investigating MOVEit breach as number of victims surpasses 20 million
The shipping company confirmed that one of its software providers was impacted by the widespread vulnerability affecting MOVEit, a file-sharing tool from Progress Software.
DarkReading
Mallox Ransomware Group Activity Shifts Into High Gear
Malicious activity targeting vulnerable SQL servers has surged 174% compared to 2022, Palo Alto's Unit 42 says.
Security Affairs
ALPHV/BlackCat and Clop gangs claim to have hacked cosmetics giant Estée Lauder
The American cosmetics giant company Estée Lauder was hacked by two distinct ransomware groups, the ALPHV/BlackCat and Clop gangs. Yesterday the cybersecurity expert @sonoclaudio first alerted me about a strange circumstance, two ransomware actors, ALPHV/BlackCat and Clop, claim to have hacked the cosmetics giant company Estée Lauder and added the company to their Tor leak […]
SecurityWeek
Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups
Estée Lauder has confirmed suffering a data breach just as two ransomware groups claimed to have targeted the company
Infosecurity News
Estee Lauder Breached by Two Ransomware Groups
Cosmetics giant confirms data was taken
The Record
BlackCat, Clop claim ransomware attack on cosmetics maker Estee Lauder
U.S. cosmetics manufacturer Estee Lauder has suffered a cyberattack, the company confirmed on Tuesday.
Bleeping Computer
Estée Lauder beauty giant breached in two separate ransomware attacks
Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks.
Bleeping Computer
Estée Lauder beauty giant breached by two ransomware gangs
Two ransomware actors, ALPHV/BlackCat and Clop, have listed beauty company Estée Lauder on their data leak sites as a victim of separate attacks.
CyberSecurity Dive
Estée Lauder takes down some systems following cyberattack
ALPHV, the ransomware threat actor taking credit for the attack, threatened to reveal more information about the data it claims to have stolen.
Ars Technica
Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns
The exploited code-execution flaws are the kind coveted by ransomware and nation-state hackers.
Bleeping Computer
Google Cloud Build bug lets hackers launch supply chain attacks
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with almost nearly-full and unauthorized access to Google Artifact Registry code repositories.
The Record
Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service
Google said it has fixed a vulnerability in its Cloud Build service that allowed hackers to tamper with application images and infect users.
SecurityWeek
MOVEit Hack: Number of Impacted Organizations Exceeds 340
The number of entities impacted by the MOVEit hack — either directly or indirectly — exceeds 340 organizations and 18 million individuals.
The Record
TJ Maxx, Shutterfly, TomTom latest organizations to confirm MOVEit breaches
Several companies came forward in recent days to say that they were impacted by the exploitation of a vulnerability in the MOVEit file transfer software.
Bleeping Computer
Colorado State University says data breach impacts students, staff
Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks.
CyberSecurity Dive
MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims
The slow-moving disaster has ensnared some of the world's largest enterprises. Cybersecurity experts expect further damage to come.
CyberSecurity Dive
FCC chair proposes $200M investment to boost K-12 cybersecurity
The funds would go toward a three-year pilot program aimed at enhancing cybersecurity protections for school and library networks.
Bleeping Computer
Shutterfly says Clop ransomware attack did not impact customer data
Shutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware. Over the last few months, Clop ransomware gang has been exploiting a vulnerability in the MOVEit File Transfer utility to breach hundreds of companies to steal their data and attempt extortion against them.
CSO
Deutsche Bank customer data exposed in latest MOVEit exploit
A data breach at an account switching service provider has also affected Postbank, Comdirect, and ING.
Security Affairs
Cl0p hacker operating from Russia-Ukraine war front line – exclusive
CyberNews researchers discovered that at least one of the Cl0p ransomware gang masterminds is still residing in Ukraine. Original post at: https://cybernews.com/security/cl0p-hacker-hides-in-ukraine/ As the Cl0p ransomware gang continues to sow anxiety worldwide, affecting prominent companies like the BBC and Deutsche Bank, at least one of the gang masterminds, Cybernews discovered, is still residing in Ukraine. […]
Infosecurity News
Financial Industry Faces Soaring Ransomware Threat
Banks and financial service providers have emerged as attractive targets for the most prominent ransomware groups
Cyber Security News
ICS/OTICS Patch Tuesday: Siemens and Schneider Electric Releases Patch for 50 vulnerabilities
Siemens and Schneider Electric published nine new security warnings that together addressed 50 vulnerabilities impacting its industrial devices.
The Hacker News
Ransomware Extortion Skyrockets in 2023, Reaching $449.1 Million and Counting
💰 Ransomware attacks continue to rise in 2023, with cybercriminals extorting a staggering $449.1 million in the first half of the year alone.
Bleeping Computer
Ransomware payments on record-breaking trajectory for 2023
Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small.
SecurityWeek
MOVEit: Testing the Limits of Supply Chain Security
The objective of cyber resilience is to ensure that an adverse cyber event doesn't negatively impact the confidentiality, integrity, and availability
CyberSecurity Dive
Johns Hopkins hit with class action suit following MOVEit data breach
The suit alleges that the health system failed to implement safeguards to secure patients’ health information and provided insufficient details about the stolen data.
The Hacker News
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited.
The Record
Ransomware gangs have extorted $449 million this year: Chainalysis
Ransomware gangs have operated at a near-record profit in the first six months of the year, extorting more than $449 million from victims, according to blockchain research firm Chainalysis.
SecurityWeek
Microsoft Warns of Office Zero-Day Attacks, No Patch Available
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.
Bleeping Computer
Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws
Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.
Infosecurity News
Clop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat Group
David Wallace, a senior threat intelligence analyst at Sophos, took a deep dive into Clop’s background and intrusion techniques
Bleeping Computer
Deutsche Bank confirms provider breach exposed customer data
Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its customers' data in a likely MOVEit Transfer data-theft attack.
SecurityWeek
ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities
ICS Patch Tuesday: Siemens and Schneider Electric release nine new security advisories and fix 50 vulnerabilities in their products.
The Record
Radisson Hotels, major insurance firms become latest MOVEit victims to disclose breaches
The number of organizations affected by a recently exploited vulnerability in a popular file transfer tool surpassed 250 on Monday as major corporations like Radisson Hotels and two major insurance companies confirmed that their data was accessed by hackers exploiting a vulnerability in the software.
Cyber Security News
New Critical and High-Severity SQL Injection Flaw in MOVEit Transfer Software
A critical-severity SQL injection flaw and two other high-severity vulnerabilities have been fixed in MOVEit Transfer, the software at the focus of the recent widespread Clop ransomware outbreaks.
Security Affairs
Security Affairs newsletter Round 427 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Google addressed 3 actively exploited flaws in Android Iran-linked APT TA453 targets Windows and macOS systems […]