jikodesu, to apps
@jikodesu@mastodon.social avatar

We don't need another app to install.

When Grab PH bought motorcycle taxi app Move It, I thought I would become a 1st-time customer of that service. I use Grab, so it already has my info. I wouldn't need to sign up and type all my details. How convenient.

But Move It wasn't integrated into the Grab app. Instead, I would have to download a new app.

Bummer. One fewer customer for the company.

#Apps #Grab #MoveIt #Transport #MotorcycleTaxi #SuperApp

thenewoil, to Cybersecurity

, , and more: The biggest of 2023

https://techcrunch.com/2023/12/27/moveit-capita-citrixbleed-biggest-data-breaches-2023/

cazabon, to Health

Another day, another #breach #notification #letter in the #mail...

This time, it's (get this...) my employer's Canadian subsidiary's group health plan's provider's banking partner's provider of file transfer services, #MOVEit.

It's 6 #degrees of #separation, but not in a good way.

"The type of #data accessed could include any of..." <everything needed for #identity #theft>, and as an extra-special bonus, "#Health information relating to a claim"!

And then they trigger my pet #peeve

[...]

ai6yr, to Cybersecurity

Hmm, I wonder how many times my info has been leaked due to MOVEit now.... https://www.bleepingcomputer.com/news/security/delta-dental-says-data-breach-exposed-info-of-7-million-people/

Freemind, to Cybersecurity
@Freemind@mastodon.online avatar

The breach, as outlined in Delta Dental of California’s notification, involved unauthorized access by threat actors who exploited a zero-day SQL injection flaw in the MOVEit file transfer software (CVE-2023-34362).

https://cybersec84.wordpress.com/2023/12/15/massive-data-breach-delta-dental-reveals-sensitive-information-of-7-million-patients/

mle, to infosec

In light of yet more breach disclosures, @censys researchers took another look at MOVEit exposure across the Internet. In early May, prior to Progress Software's disclosure of the initial vulnerability, we saw just under 3,000 MOVEit instances online. Over the next few months, we saw the number drop slightly, and as of August, we observe a fairly consistent presence of around 2,200 instances online.

We have no way to know whether these instances are all patched and remediated, but based on recent MOVEit breach disclosures from AutoZone, Welltok, and others, it's possible some unpatched instances (and undiscovered intrusions 😓) remain.

clarinette, to security
@clarinette@mastodon.online avatar

https://www-csoonline-com.cdn.ampproject.org/c/s/www.csoonline.com/article/1248857/moveit-carnage-continues-with-over-2600-organizations-and-77m-people-impacted-so-far.html/amp/

cybernews, to Cybersecurity

Health activation company Welltok has suffered a breach of its MOVEit Transfer server, exposing the health data of members of several health plan providers.

https://cybernews.com/news/welltok-moveit-breach-impacts-millions/?utm_source=mastodon&utm_medium=social&utm_campaign=cybernews&utm_content=post

majorlinux, to infosec
@majorlinux@toot.majorshouse.com avatar

Couldn't be me, though

Ransomware attack leaks nearly every Maine resident's data - Desk Chair Analysts

https://dcanalysts.net/ransomware-attack-leaks-nearly-every-maine-residents-data/

avoidthehack, to Cybersecurity

Basically all of Maine had data stolen by a gang

Add another to the list of those impacted by the MOVEit vulnerability/exploit.

Data compromised depends on the person and their interaction with Maine state entities. But data compromised could include:

  • social security numbers
  • taxpayer IDs
  • date of birth
  • medical information
  • driver’s license/state ID numbers
  • full names

https://www.engadget.com/basically-all-of-maine-had-data-stolen-by-a-ransomware-gang-061407794.html

brett, to random

About 250,000 construction workers are potentially victims of an international data leak that affects a medical insurance provider of the Commission de la construction du Québec.

https://www.lapresse.ca/actualites/2023-11-06/250-000-travailleurs-de-la-construction-victimes-d-une-fuite-de-donnees.php

brett, to random

>2.5k organizations are now known to have been impacted by .

https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/

cybernews, to privacy

CCleaner, a popular software for cleaning files and Windows Registry entries, has confirmed that attackers accessed some of its customer data.

https://cybernews.com/news/ccleaner-confirms-data-breach/?utm_source=mastodon&utm_medium=social&utm_campaign=cybernews&utm_content=post

brett, to random

Latest stats.

https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/

douglevin, to ukteachers

MDE Receives National Recognition for Response to Data Breach (10/10/23) https://www.einnews.com/pr_news/662301167/mde-receives-national-recognition-for-response-to-data-breach-10-10-23 @PogoWasRight @brett @funnymonkey @michaelfklein

brett, to random

Almost 800k holders of H&R Block's Emerald Card were impacted by a breach via the company's service provider .

Stats in the link.

https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/

YourAnonRiots, to Sony Japanese
@YourAnonRiots@mstdn.social avatar

Sony confirms a data breach affecting thousands in the US after hackers exploited the infamous MOVEit vulnerability.


https://www.hackread.com/sony-data-breach-moveit-vulnerability-us/

cybernews, to Software

Transfer-maker Progress Software said that third parties provided attackers with tools to exploit a level 10 critical in its WS_FTP Server .

https://cybernews.com/news/wsftp-vulnerability-attacks-surge-poc/?utm_source=mastodon&utm_medium=social&utm_campaign=cybernews&utm_content=post

brett, to Sony

Interactive Entertainment has disclosed a breach impacting former employees and their families.

Stats in the link.

https://www.emsisoft.com/en/blog/44123/unpacking-the-moveit-breach-statistics-and-analysis/

PogoWasRight, to random

Another report: Aretis Health is business associate to NorthStar Anesthesia. Notified on behalf of 50 entities/clients listed at https://www.arietishealth.com/notice-of-security-incident/

They notified HHS, but listing isn't up there yet.

@brett

mle, to infosec

Last week I chatted with @mattburgess at WIRED about the long tail of fallout from . Read my comments and the excellent article by Matt and @lhn here:

https://www.wired.com/story/moveit-breach-victims/

mattburgess, to Cybersecurity

New: The number of victims of the MOVEit breach by Clop keeps on growing—more than 2,000 have come forward now.

However, most haven't revealed how many people's data was lost or told people about it yet. This one is going to rumble on for years

By me and @lhn

https://www.wired.com/story/moveit-breach-victims/

mle, to infosec

Progress Software is having an interesting time. First , now multiple disclosures for their product. The silver lining here is that it doesn’t look like any of these are known to have been exploited in the wild. (Yet?)

But out of curiosity, we looked at the Internet exposure of WS_FTP instances with the Ad Hoc Transfer module installed, read about it here ⬇️

(No, this isn’t MFT but it all feels very…related.)

https://censys.com/cve-2023-40044/

brett, to random

The BIG question is: why the heck did BORN have a decade of patient health info. stored - presumably unencrypted - on a file transfer app?

https://techcrunch.com/2023/09/25/decade-of-newborn-child-registry-data-stolen-in-moveit-mass-hack/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • slotface
  • ngwrru68w68
  • everett
  • mdbf
  • modclub
  • rosin
  • khanakhh
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • Youngstown
  • GTA5RPClips
  • InstantRegret
  • provamag3
  • kavyap
  • ethstaker
  • osvaldo12
  • normalnudes
  • tacticalgear
  • cisconetworking
  • cubers
  • Durango
  • Leos
  • anitta
  • tester
  • megavids
  • lostlight
  • All magazines
    •