When Grab PH bought motorcycle taxi app Move It, I thought I would become a 1st-time customer of that service. I use Grab, so it already has my info. I wouldn't need to sign up and type all my details. How convenient.
But Move It wasn't integrated into the Grab app. Instead, I would have to download a new app.
That's true, and its because the motorcycles are under the Grab brand, while in PHL, it's a different brand.
I only tried motorcycles taxis in Indonesia, because I was advised that's the best way to get around, though I think the Jakarta BRT is awesome if it happens to be close to your origin/destination
Also, because I don't want to register/install another app 😆, just like @jikodesu
This time, it's (get this...) my employer's Canadian subsidiary's group health plan's provider's banking partner's provider of file transfer services, #MOVEit.
"The type of #data accessed could include any of..." <everything needed for #identity#theft>, and as an extra-special bonus, "#Health information relating to a claim"!
"We have been closely monitoring this situation and have found no #evidence of any #data involved in this #incident being further disclosed or misused".
Stop. The first part sounded like almost-an-apology, but this kind of weasel-language just throws that in the toilet.
Just #admit that 1) you don't have sufficient audit records to know what information was accessed or for which clients, 2) you done screwed up, and 3) that anyone might have it by now, and you'd have no way to know it.
The breach, as outlined in Delta Dental of California’s notification, involved unauthorized access by threat actors who exploited a zero-day SQL injection flaw in the MOVEit file transfer software (CVE-2023-34362).
CBIZ KA notified nine Prime Healthcare hospitals that some of their patient data was caught up in the #MOVEit#databreach. As I report this morning on databreaches.net, here are the 9 hospitals:
Saint Michael’s Medical Center,
Roxborough Memorial Hospital,
Garden City Hospital,
Landmark Medical Center,
Lower Bucks Hospital,
Saint Clare's Hospital,
Lake Huron Medical Center,
St. Mary's General Hospital, and
Suburban Community Hospital
According to a spokesperson for Prime Healthcare, it was just these hospitals and not any of their other 36 hospitals or more than 300 outpatient locations in 14 states.
In light of yet more #MOVEit breach disclosures, @censys researchers took another look at MOVEit exposure across the Internet. In early May, prior to Progress Software's disclosure of the initial vulnerability, we saw just under 3,000 MOVEit instances online. Over the next few months, we saw the number drop slightly, and as of August, we observe a fairly consistent presence of around 2,200 instances online.
We have no way to know whether these instances are all patched and remediated, but based on recent MOVEit breach disclosures from AutoZone, Welltok, and others, it's possible some unpatched instances (and undiscovered intrusions 😓) remain.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #47/2023 is out! It includes the following and much more:
➝ 🔓 🇬🇧 University of Manchester #CISO Speaks Out on Summer Cyber-Attack
➝ 🔓 🇺🇸 Hacktivists breach U.S. nuclear research lab, steal employee data
➝ 🔓 👀 Sumo Logic Completes Investigation Into Recent Security #Breach
➝ 🔓 🇺🇸 Auto parts giant AutoZone warns of #MOVEit data breach
➝ 🔓 🇨🇦 Canadian government discloses data breach after contractor hacks
➝ 🇦🇫 New 'HrServ.dll' Web Shell Detected in #APT Attack Targeting Afghan Government
➝ 🇬🇧 🇰🇷 UK and South Korea: Hackers use zero-day in supply-chain attack
➝ 🇵🇸 🇮🇱 #Hamas-Linked #Cyberattacks Using Rust-Powered SysJoker #Backdoor Against #Israel
➝ 🇷🇺 😱 “They are tired of him, but they are afraid”: what is known about the leader of the hacker group Killnet
➝ 🇰🇵 N. Korean Hackers Distribute Trojanized #CyberLink Software in Supply Chain Attack
➝ ▶️ 🛒 Play #Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
➝ 🇮🇳 Indian Hack-for-Hire Group Targeted U.S., #China, and More for Over 10 Years
➝ 🇷🇺 Russian hackers use #Ngrok feature and #WinRAR exploit to attack embassies
➝ 🇺🇸 🩺 #CISA Releases Cybersecurity Guidance for #Healthcare, Public Health Organizations
➝ 🇬🇧 🙏🏻 Thanking the vulnerability research community with #NCSC Challenge Coins
➝ 🧅 #Tor Network Removes Risky Relays Associated With #Cryptocurrency Scheme
➝ 🇺🇦 👋🏻 #Ukraine fires top cybersecurity officials
➝ 🩹 Johnson Controls Patches Critical #Vulnerability in Industrial Refrigeration Products
➝ 🦠 🦀 New WailingCrab #Malware Loader Spreading via Shipping-Themed Emails
➝ 🦠 📨 New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks
➝ 🦠 🎠 NetSupport #RAT Infections on the Rise - Targeting Government and Business Sectors
➝ 🚫 Google #Chrome will limit ad blockers starting June 2024
➝ 🐛 ☁️ 3 Critical Vulnerabilities Expose #ownCloud Users to Data Breaches
➝ 🔓 ☁️ Researchers Discover Dangerous Exposure of Sensitive #Kubernetes Secrets
➝ 🔓 ☝🏻 New Flaws in Fingerprint Sensors Let Attackers Bypass #Windows Hello Login
➝ 🔓 🩸 ‘#CitrixBleed’ vulnerability targeted by nation-state and criminal hackers: CISA
➝ 🐡 Researchers extract RSA keys from #SSH server signing errors
📚 This week's recommended reading is: "How I Rob Banks: And Other Such Places" by FC a.k.a. Freakyclown
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️