Security News

Colorado warns 4 million of data stolen in IBM MOVEit breach
2023-08-14 12:42

The Colorado Department of Health Care Policy & Financing is alerting more than four million individuals of a data breach that impacted their personal and health information. The data breach was possible after Clop ransomware exploited the MOVEit Transfer zero-day in a hacking campaign that impacted hundreds of organizations worldwide.

Missouri warns that health info was stolen in IBM MOVEit data breach
2023-08-09 19:50

Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered a MOVEit data theft attack. Yesterday, the Missouri Department of Social Services disclosed a data breach that exposed health information related to Medicaid services in the state.

US govt contractor Serco discloses data breach after MoveIT attacks
2023-08-03 16:39

Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer server. "On June 30, 2023, Serco was made aware that our third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach," the company explained.

Medical files of 8M-plus people fall into hands of Clop via MOVEit mega-bug
2023-07-27 20:01

Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability. The biz now joins PwC and Ernst and Young - all three big accounting firms - among the hundreds of organizations compromised by Clop via a security hole in vulnerable deployments of the file-transfer tool MOVEit.

Deloitte and Chuck E. Cheese join 500+ orgs as MOVEit victims
2023-07-27 20:01

Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have breached using the MOVEit file transfer hack. "Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor's security updates and performed mitigating actions in accordance with the vendor's guidance," a Deloitte Global spokesperson explained.

Has the MOVEit hack paid off for Cl0p?
2023-07-24 14:14

The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. Cl0p's attack resulted in the cybercriminal group exfiltrating sensitive information from MOVEit Transfer installations run either by the victim organizations or third-party service providers.

Clop now leaks data stolen in MOVEit attacks on clearweb sites
2023-07-23 19:10

The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom. This stolen data is used as leverage in double-extortion attacks, warning victims that the data will be leaked if a ransom is not paid.

Clop gang to earn over $75 million from MOVEit extortion attacks
2023-07-21 16:34

The chart shows that extortion attacks with the lowest complexity and automation have the least impact on victims and cost to the attackers. On May 27th, the Clop ransomware gang began widespread data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.

MOVEit body count closes in on 400 orgs, 20M+ individuals
2023-07-20 21:01

As of today, the number of affected organizations is closing is on 400 and include some really big names: the US Department of Energy and other federal agencies as well as huge corporations like energy company Shell, Deutsche Bank, consulting and business services firm PwC, and retail giant TJX Companies, which confirmed to The Register on Wednesday that "Some files were downloaded by an unauthorized third party before Progress notified us of the vulnerability." As the infosec team notes, some of the companies whose MOVEit installations were breached provide services to many other organizations.

Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
2023-07-07 14:01

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer.The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database.