brett, 10 months ago to random

Tennessee Consolidated Retirement System was impacted by #MOVEit with the breach impacting 171,836 retirees and/or their beneficiaries.

Like #CalPERS and #CalSTRS, #TCRS was breached via service provider #PBI which works with multiple other pension plans. How many, if any, more were impacted is not yet clear.

There are now 141 known MOVEit victims, with the related breaches impacting the info of 15,659,731 people. Note that this number is based only on the disclosures of the 10 orgs which have actually confirmed the number of people affected.

https://treasury.tn.gov/Portals/0/Documents/Retirement/PBIIncidentFAQ.pdf

PogoWasRight, 11 months ago to infosec

National Student Clearinghouse notifies schools of MOVEit breach: https://www.databreaches.net/national-student-clearinghouse-notifies-schools-of-moveit-breach/

They still haven't answered the question as to whether they paid Clop or not.

#DataBreach #MOVEit #infosec #ITsec #EduSec #transparency #incidentresponse

@douglevin @brett @allan @funnymonkey @mkeierleber

brett, 11 months ago to random

#Cl0p has listed K&L Gates. In this case, Cl0p included screenshots of the allegedly stolen data in the listing. There are now 135 known #MOVEit victims, and the breaches have impacted >15 million individuals.

HonkHase, 11 months ago to random German

#Siemens Energy confirms data breach after #MOVEit #datatheft attack

"Siemens Energy has confirmed that data was stolen during the recent Clop #ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform."
https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/

itnewsbot, 11 months ago to security

Casualties keep growing in this month’s mass exploitation of MOVEit 0-day - Enlarge (credit: Getty Images)

The dramatic fallout continues ... - https://arstechnica.com/?p=1950451 #security #zero-day #biz⁢ #moveit #clop

iagox86, 11 months ago to random

This past weekend, I decided to write a post about how to #reverseengineer and #debug #ISAPI applications (inspired by the #MOVEit vuln from a couple weeks back - CVE-2023-34362). Enjoy!

https://www.skullsecurity.org/2023/how-to-reversing-and-debugging-isapi-modules

AAKL, 11 months ago to Cybersecurity

Attackers steal data of 45,000 New York City students in #MOVEit breach #cybersecurity #infosec https://www.bleepingcomputer.com/news/security/hackers-steal-data-of-45-000-new-york-city-students-in-moveit-breach/ @BleepingComputer @serghei

TechDesk, 11 months ago to random

Around 45,000 students in New York have had their data compromised in the recently reported MOVEit hack, according to the city's department of education.
https://www.engadget.com/clop-ransomware-gang-obtained-personal-data-of-45000-new-york-city-students-in-moveit-hack-204655820.html?utm_source=flipboard&utm_content=user%2FEngadget

List of some of the hack victims:
https://thecyberexpress.com/cl0p-lists-more-moveit-hack-victims/

#CyberAttack #MOVEit

brett, 11 months ago to random

Wilton Reassurance Company was impacted by #MOVEit. As of today, 106 organizations have disclosed being affected and/or been listed by #Cl0p.

https://apps.web.maine.gov/online/aeviewer/ME/40/f74d0aa0-eb90-46c1-8093-58aabe65a9d6.shtml

PogoWasRight, 11 months ago to infosec

NYC schools disclose student and staff information affected by MOVEit breach; National Student Clearinghouse silent on question of extortion payment:
https://www.databreaches.net/nyc-schools-disclose-student-and-staff-information-affected-by-moveit-breach-national-student-clearinghouse-silent-on-question-of-extortion-payment/

#MOVEit #Clop #extortion #databreach #thirdparty #infosec #cybersecurity #transparency #incidentresponse

@brett @douglevin @funnymonkey @mkeierleber

AAKL, 11 months ago to Cybersecurity

#MOVEIt breach impacts GenWorth, CalPERS as data for 3.2 million exposed #cybersecurity #infosec https://www.bleepingcomputer.com/news/security/moveit-breach-impacts-genworth-calpers-as-data-for-32-million-exposed/ @BleepingComputer @billtoulas

brett, 11 months ago to random

Southern Illinois University may have been impacted by #MOVEit and, if so, will be the 96th known victim and the 6th US university. #SIU

https://www.stltoday.com/news/local/education/southern-illinois-university-investigating-cyberattack-tied-to-russian-hackers/article_8286173e-109c-11ee-915d-13fa11026a6f.html

0x58, 11 months ago to IBM

Great post on how to detect the #MOVEit Transfer Zero-Day with #IBM #QRadar Log Insights, by Gladys Koskas 🚀

#cybersecurity #infosec

https://community.ibm.com/community/user/security/blogs/gladys-koskas1/2023/06/19/detect-moveit-transfer-zero-day-with-qradarli

g0rb, 11 months ago to random German

Just asking the #DFIR-People: Do you know of any cases where #Cl0p accessed Azure-Storages during the #moveit Spree?

brett, 11 months ago to random

Seems the Alaska Department of Health and Social Services may have been using #MOVEit. #Cl0p #ADHSS.

brett, 11 months ago to random

#Cl0p have responded to the Beeb's story. #MOVEit

https://www.bbc.com/news/technology-65965453

GossiTheDog, 11 months ago (edited 11 months ago) to random

Probably the weirdest thing of the #moveIT thing has been the people who got upset as I pointed out members of the Ransomware Task Force (and JRTF) were impacted. Somebody told me they "wouldn't have it".

Are we supposed to make members of the Ransomware Task Force immune from ransomware groups? Maybe allowing ransomware groups financial means to buy zero days is a bad idea.

brett, 11 months ago to random

Metro Vancouver Transit Police is notifying the public that a limited number of its files were accessed during a cyberattack <-- #MVTP is one of 89 organizations known to have been affected by the #MOVEit vulnerability

https://transitpolice.ca/news-posts/cyberattack-on-third-party-software-impacts-transit-police/

AAKL, 11 months ago to Cybersecurity

Oh, boy. #cybersecurity #infosec

#Norton Parent Says Employee Data Stolen in #MOVEit #Ransomware Attack https://www.securityweek.com/norton-parent-says-employee-data-stolen-in-moveit-ransomware-attack/ @SecurityWeek

brett, 11 months ago to random

#Cl0p has released data allegedly taken from #Shell. #MOVEit

brett, 11 months ago to random

#Cl0p has listed #Telos Corporation. Telos "offers advanced technology solutions that empower and protect the world’s most security-conscious enterprises." #MOVEit.

brett, 11 months ago to random

#Cl0p has listed Santa Clara University. #SCU is the 6th US university known to have been impacted out of a total of 82 organizations known to have been impacted by #MOVEit.

GossiTheDog, 11 months ago to random

A bunch of people have alerted me to a vulnerability in #MoveIT, a secure file transfer app used heavily in the UK.

I did some digging and it looks like it’s a zero day under active exploitation. Not 100% on threat actor yet but it may be one of the ransomware/extortion groups.

Really serious, impacted orgs should shut down the server. Thread follows. #threatintel