Tennessee Consolidated Retirement System was impacted by #MOVEit with the breach impacting 171,836 retirees and/or their beneficiaries.
Like #CalPERS and #CalSTRS, #TCRS was breached via service provider #PBI which works with multiple other pension plans. How many, if any, more were impacted is not yet clear.
There are now 141 known MOVEit victims, with the related breaches impacting the info of 15,659,731 people. Note that this number is based only on the disclosures of the 10 orgs which have actually confirmed the number of people affected.
#Cl0p has listed K&L Gates. In this case, Cl0p included screenshots of the allegedly stolen data in the listing. There are now 135 known #MOVEit victims, and the breaches have impacted >15 million individuals.
This past weekend, I decided to write a post about how to #reverseengineer and #debug#ISAPI applications (inspired by the #MOVEit vuln from a couple weeks back - CVE-2023-34362). Enjoy!
Probably the weirdest thing of the #moveIT thing has been the people who got upset as I pointed out members of the Ransomware Task Force (and JRTF) were impacted. Somebody told me they "wouldn't have it".
Are we supposed to make members of the Ransomware Task Force immune from ransomware groups? Maybe allowing ransomware groups financial means to buy zero days is a bad idea.
Metro Vancouver Transit Police is notifying the public that a limited number of its files were accessed during a cyberattack <-- #MVTP is one of 89 organizations known to have been affected by the #MOVEit vulnerability
#Cl0p has listed #Telos Corporation. Telos "offers advanced technology solutions that empower and protect the world’s most security-conscious enterprises." #MOVEit.
#Cl0p has listed Santa Clara University. #SCU is the 6th US university known to have been impacted out of a total of 82 organizations known to have been impacted by #MOVEit.
A bunch of people have alerted me to a vulnerability in #MoveIT, a secure file transfer app used heavily in the UK.
I did some digging and it looks like it’s a zero day under active exploitation. Not 100% on threat actor yet but it may be one of the ransomware/extortion groups.
Really serious, impacted orgs should shut down the server. Thread follows. #threatintel