Security News

According to the UK's Times, the information posted "Is primarily limited to name and/or contact information, as well as information on the product you purchased from us. No banking details, credit card numbers or high-risk data such as login information or account details were taken." The Virgin Pulse-owned company has sent notification letters to more than 1.6 million patients alerting them that their names, addresses, dates of birth, and health information may have been stolen by miscreants abusing MOVEit, according to a November 18 filing with the Maine Attorney General's office.

The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population. Various Maine state agencies were among the thousands of organizations worldwide using the Progress Software data transfer product.

A critical zero-day vulnerability in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. The group has also similarly leveraged zero days in the Accellion file transfer appliance and Fortra's GoAnywhere file transfer solution.

Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate The cybercriminals behind the rampant MOVEit exploits from...

Infosec in brief The fallout from the exploitation of bugs in Progress Software's MOVEit file transfer software continues, with the US Securities and Exchange Commission now investigating the matter, and lots of affected parties seeking compensation. Per the disclosure, it received a subpoena from the SEC on October 2, in which the Commission asked for "Various documents and information relating to the MOVEit Vulnerability."

Infosec in brief Progress Software, maker of the mass-exploited MOVEit document transfer tool, is back in the news with more must-apply security patches, this time for another file-handling product: WS FTP. We're told this software's ad hoc transfer module and WS FTP's server management interface were found to have eight vulnerabilities, with CVSS severity scores ranging from 5.3 all the way to 10 out of 10. At their most severe, all versions of WS FTP Server prior to 8.7.4 and 8.8.2 are vulnerable to a.NET deserialization attack from a pre-authenticated attacker.

BORN, which collates and uses information on "Pregnancy, birth, the newborn period and childhood to improve care," says it became aware of the incident on May 31 and notified relevant authorities, including the Ontario Provincial Police and the province's Information and Privacy Commissioner. The perinatal and child registry collects data from healthcare providers, labs, and hospitals that provide pregnancy and child services.

The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. "The most heavily impacted sectors are finance and professional services and education, which account for 13.8 percent and 51.1 percent of incidents respectively," Emsisoft researchers have shared on Monday.

US educational nonprofit organization National Student Clearinghouse has revealed that the breach of its MOVEit server ended up affecting almost 900 colleges and universities, and resulted in the theft of personal information of their students. NSC has filed a breach notification letter with the California Attorney General's Office on behalf of the affected schools.

The MOVEit hack was not the same as classic ransomware attacks for which groups like Clop initially gained notoriety. Emerging digital forensic analysis from the aftermath of MOVEit suggests the hackers knew about the zero-day flaw in MOVEit as far back as 2021 when they tested it out covertly to see how much access they could get.