CBIZ KA is a third-party vendor for Prime Healthcare that was affected by the MOVEit breach. They have issued the following notice: CBIZ KA, a third-party vendor for Prime Healthcare (Prime), discovered a security incident involving CBIZ’s use of MOVEit Transfer software, which has recently reported a security vulnerability. Prime takes the responsibility of safeguarding […]
Engadget reports: The state agencies of Maine had fallen victim to cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, making them the latest addition to the growing list of entities affected by the massive hack involving the software. In a notice the government has published about the cybersecurity incident, it said the event impacted […]
Bleeping Computer reports Flagstar Bank in Michigan is notifying 837,390 customers whose personal information, including Social Security numbers, was acquired by the Clop hacking gang in May. The breach was not of Flagstar’s systems but at FISERV, a vendor they use for payment processing and mobile banking services. FISERV was one of thousands of entities […]
The figures for the MOVEit data breach continue to rise to alarming heights. The Record reports: The National Student Clearinghouse (NSC) reported that nearly 900 colleges and universities across the U.S. had data stolen during attacks by a Russia-based ransomware gang exploiting the popular MOVEit file-sharing tool. The nonprofit manages educational reporting, data exchange, verification, […]
One of the biggest breaches of 2023 involves the 0-day attack by Clop threat actors on file transfer software called MOVEit by Progress Software. The attack was launched in May and June. It affected more than 1,100 entities and more than 56 million people according to statistics compiled by Emsisoft. One of the most recent […]
The MOVEit data breach, discussed in an earlier post, continues to make headlines. As SDX reports: Orchestrated by ransomware gang CL0P exploiting a zero-day vulnerability, it is now considered one of the largest hacks of 2023 — and potentially in recent history. To date, it is known to have impacted more than 1,150 organizations and nearly 56 million individuals, […]
Omkhar Arasaratnam writes that the same type of attack that took advantage of poor security in 1998 is still taking advantage of poor security in 2023. He writes: SQL injection — among the lowest hanging of security fruit — is still included in the Open Worldwide Application Security Project (OWASP) Top 10 list of security […]
Makers of vulnerable apps that are exploited in wide-scale supply chain attacks such as the MOVEit breach need to improve software security or face steep fines and settlement fees. Read more of this article at Darkreading.com.
Most data breaches involve some level of victim human error, which theoretically employee training can address. Human error can take the form of clicking on a link, where the email address of the sender is unknown to the person clicking on the link. Malware then enters the scene. Another common human error scenario involves phishing […]
