Security News

Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer server. "On June 30, 2023, Serco was made aware that our third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach," the company explained.

Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability. The biz now joins PwC and Ernst and Young - all three big accounting firms - among the hundreds of organizations compromised by Clop via a security hole in vulnerable deployments of the file-transfer tool MOVEit.

Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have breached using the MOVEit file transfer hack. "Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor's security updates and performed mitigating actions in accordance with the vendor's guidance," a Deloitte Global spokesperson explained.

The number of known Cl0p victims resulting from its Memorial Day attack on vulnerable internet-facing MOVEit Transfer installations has surpassed 420, according to IT market research company KonBriefing Research. Cl0p's attack resulted in the cybercriminal group exfiltrating sensitive information from MOVEit Transfer installations run either by the victim organizations or third-party service providers.

The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom. This stolen data is used as leverage in double-extortion attacks, warning victims that the data will be leaked if a ransom is not paid.

The chart shows that extortion attacks with the lowest complexity and automation have the least impact on victims and cost to the attackers. On May 27th, the Clop ransomware gang began widespread data-theft attacks exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform.

As of today, the number of affected organizations is closing is on 400 and include some really big names: the US Department of Energy and other federal agencies as well as huge corporations like energy company Shell, Deutsche Bank, consulting and business services firm PwC, and retail giant TJX Companies, which confirmed to The Register on Wednesday that "Some files were downloaded by an unauthorized third party before Progress notified us of the vulnerability." As the infosec team notes, some of the companies whose MOVEit installations were breached provide services to many other organizations.

Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer.The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized access to the MOVEit Transfer database.

"An SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database," reads Progress's security bulletin. "An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content" - MOVEit Transfer advisory.

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company.