This time, it's (get this...) my employer's Canadian subsidiary's group health plan's provider's banking partner's provider of file transfer services, #MOVEit.
"The type of #data accessed could include any of..." <everything needed for #identity#theft>, and as an extra-special bonus, "#Health information relating to a claim"!
The breach, as outlined in Delta Dental of California’s notification, involved unauthorized access by threat actors who exploited a zero-day SQL injection flaw in the MOVEit file transfer software (CVE-2023-34362).
CBIZ KA notified nine Prime Healthcare hospitals that some of their patient data was caught up in the #MOVEit#databreach. As I report this morning on databreaches.net, here are the 9 hospitals:
Saint Michael’s Medical Center,
Roxborough Memorial Hospital,
Garden City Hospital,
Landmark Medical Center,
Lower Bucks Hospital,
Saint Clare's Hospital,
Lake Huron Medical Center,
St. Mary's General Hospital, and
Suburban Community Hospital
According to a spokesperson for Prime Healthcare, it was just these hospitals and not any of their other 36 hospitals or more than 300 outpatient locations in 14 states.
In light of yet more #MOVEit breach disclosures, @censys researchers took another look at MOVEit exposure across the Internet. In early May, prior to Progress Software's disclosure of the initial vulnerability, we saw just under 3,000 MOVEit instances online. Over the next few months, we saw the number drop slightly, and as of August, we observe a fairly consistent presence of around 2,200 instances online.
We have no way to know whether these instances are all patched and remediated, but based on recent MOVEit breach disclosures from AutoZone, Welltok, and others, it's possible some unpatched instances (and undiscovered intrusions 😓) remain.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #47/2023 is out! It includes the following and much more:
➝ 🔓 🇬🇧 University of Manchester #CISO Speaks Out on Summer Cyber-Attack
➝ 🔓 🇺🇸 Hacktivists breach U.S. nuclear research lab, steal employee data
➝ 🔓 👀 Sumo Logic Completes Investigation Into Recent Security #Breach
➝ 🔓 🇺🇸 Auto parts giant AutoZone warns of #MOVEit data breach
➝ 🔓 🇨🇦 Canadian government discloses data breach after contractor hacks
➝ 🇦🇫 New 'HrServ.dll' Web Shell Detected in #APT Attack Targeting Afghan Government
➝ 🇬🇧 🇰🇷 UK and South Korea: Hackers use zero-day in supply-chain attack
➝ 🇵🇸 🇮🇱 #Hamas-Linked #Cyberattacks Using Rust-Powered SysJoker #Backdoor Against #Israel
➝ 🇷🇺 😱 “They are tired of him, but they are afraid”: what is known about the leader of the hacker group Killnet
➝ 🇰🇵 N. Korean Hackers Distribute Trojanized #CyberLink Software in Supply Chain Attack
➝ ▶️ 🛒 Play #Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
➝ 🇮🇳 Indian Hack-for-Hire Group Targeted U.S., #China, and More for Over 10 Years
➝ 🇷🇺 Russian hackers use #Ngrok feature and #WinRAR exploit to attack embassies
➝ 🇺🇸 🩺 #CISA Releases Cybersecurity Guidance for #Healthcare, Public Health Organizations
➝ 🇬🇧 🙏🏻 Thanking the vulnerability research community with #NCSC Challenge Coins
➝ 🧅 #Tor Network Removes Risky Relays Associated With #Cryptocurrency Scheme
➝ 🇺🇦 👋🏻 #Ukraine fires top cybersecurity officials
➝ 🩹 Johnson Controls Patches Critical #Vulnerability in Industrial Refrigeration Products
➝ 🦠 🦀 New WailingCrab #Malware Loader Spreading via Shipping-Themed Emails
➝ 🦠 📨 New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
➝ 🦠 🎠 NetSupport #RAT Infections on the Rise - Targeting Government and Business Sectors
➝ 🚫 Google #Chrome will limit ad blockers starting June 2024
➝ 🐛 ☁️ 3 Critical Vulnerabilities Expose #ownCloud Users to Data Breaches
➝ 🔓 ☁️ Researchers Discover Dangerous Exposure of Sensitive #Kubernetes Secrets
➝ 🔓 ☝🏻 New Flaws in Fingerprint Sensors Let Attackers Bypass #Windows Hello Login
➝ 🔓 🩸 ‘#CitrixBleed’ vulnerability targeted by nation-state and criminal hackers: CISA
➝ 🐡 Researchers extract RSA keys from #SSH server signing errors
📚 This week's recommended reading is: "How I Rob Banks: And Other Such Places" by FC a.k.a. Freakyclown
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
About 250,000 construction workers are potentially victims of an international data leak that affects a medical insurance provider of the Commission de la construction du Québec. #CCQ#MOVEit
A Russian-speaking hacking group obtained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice as part of the sprawling #MOVEit hack last summer, according to a report on the wide-ranging attack obtained through a Freedom of Information Act request.
Hackers Accessed 632,000 Email Addresses at US Justice, Defense Departments (www.bloomberg.com)
The eight-page report said hackers were able to obtain access to the data by exploiting vulnerability in the MOVEit file transfer program