US government contractor says #MOVEit#hackers accessed health data of ‘at least’ 8 million individuals | TechCrunch
Virginia-based #Maximus contracts with federal, state, and local governments to manage and administer government-sponsored programs, such as #Medicaid, #Medicare, healthcare reform, and welfare-to-work. #privacy
Datenleck bei Banken: Hackerangriff betrifft auch ING und Comdirect
Der Hackangriff bei einer Arvato-Tochter betrifft nicht nur Kunden der Deutschen Bank. Auch die ING und Comdirect haben einen unbefugten Zugriff eingeräumt.
MOVEit, the file-transfer software #exploited in recent weeks in one of the biggest #cyberattacks ever, has received yet another #security update that fixes a critical vulnerability that could be exploited to give #hackers access to vast amounts of sensitive data #privacy
With so many organizations in the education sector impacted by #MOVEit - #TIAA, #NSC, #CalSTRS, #UHCSR etc - it's possible that pretty much every school in the US will also have been impacted, either directly or indirectly.
More US universities have disclosed #MOVEit-related breaches via #NSC and/or #TIAA: Chapman, Xavier, Southern Utah, Utah Tech, St Mary’s and Lake-Sumter State College. #CU#XU#SUU#UTU#SMU#LSSC
Current victim count: 187
Individuals impacted: 17.552.619
US schools impacted: 17
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #26/2023 is out! It includes, but not only:
➝ 🦠 🇺🇸 Schools say US teachers’ retirement fund was breached by #MOVEit hackers
➝ 🇨🇳 🇺🇸 Chinese spy #balloon did not collect information over US, #Pentagon says
➝ 🇨🇳 🦠 #TSMC Says Supplier Hacked After #Ransomware Group Claims Attack on Chip Giant
➝ 🇷🇺 Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
➝ 🇷🇺 🛰️ Hackers attack Russian #satellite telecom provider, claim affiliation with #WagnerGroup
➝ 🇬🇧 ⚕️ More than a million #NHS patients’ details compromised after cyber attack
➝ 📊 🐛 #MITRE releases new list of top 25 most dangerous software #bugs
➝ 🇷🇺 Pro-Russia DDoSia hacktivist project sees 2,400% membership increase
➝ 💻 🛡️ #Brave Browser boosts privacy with new local resources restrictions
➝ 🦠 🏦 Anatsa Banking #Trojan Targeting Users in US, UK, Germany, Austria, and Switzerland
➝ 🇺🇸 💵 White House releases cybersecurity budget priorities for FY 2025
➝ 🇺🇸 🇧🇷 8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
➝ 🇬🇧 🔐 #Apple speaks out against bill that could mandate #CSAM scanning in iMessage
➝ 🇵🇭 2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in #philippines
➝ 🇩🇪 ⚡️ #Siemens Energy confirms data breach after MOVEit data-theft attack
➝ 🕵🏻♂️ 📱 #LetMeSpy, a phone tracking app spying on thousands, says it was hacked
➝ 🦠 💰 Prominent #cryptocurrency exchange infected with previously unseen Mac #malware
➝ 🤖 📝 #LLMs and #IncidentResponse? It Starts with Summarization
➝ 🇺🇸 👨🏻🎓Hackers steal data of 45,000 New York City students in MOVEit breach
➝ 🇨🇦 ⛽️ Suncor Energy cyberattack impacts Petro-Canada gas stations
➝ 🦠 🕹️ Trojanized Super Mario Game Installer Spreads SupremeBot Malware
➝ 🇩🇪 💾 SSD missing from #SAP datacenter turns up on #eBay, sparking security investigation
CalPER, CalSTRS, TCRS & TIAA were impacted by a #MOVEit breach at PBI. Trinity & Middlebury colleges were impacted via TIAA. Middlebury was also impacted via NSC's MOVEit breach.
Known victim count = 162
Individuals impacted = 16,312,552
#Cl0p has listed more victims including FIS. According to Wikipedia, "FIS facilitates the movement of roughly $9 trillion through the processing of approximately 75 billion transactions in service to more than 20,000 clients around the globe."
There are now 158 known #MOVEit victims. Only 11 victims have confirmed the number of individuals impacted, but the total for those 11 incidents currently stands at >16 million.
So an investigator from #HHSOCR contacted me to ask if I still had unredacted data from a breach I reported last year and if I did, could I share it with them?
And to my shock, they told me they still have no way for folks to upload databases. They could take fax or postal mail or an encrypted email.
I was told last year that they were getting an upload system. Where is it?
Luckily, what they requested wasn't too big and could be attached to an encrypted email. But if it was a database.... ?
I really hope they get the resources they need to investigate data security breaches. They've issued a few settlements involving data security very recently and I hope that's a good sign of more to come.
Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities | CISA (www.cisa.gov)
Massive Data Breach Exposes Millions to Hacks: The MOVEit Vulnerability (readwrite.com)
Hackers targeted a flaw in the file transfer utility MOVEit; concerns about the safety of sensitive data once again come to the fore.