Tag Archive for: Confirmed

Ransomware exploitation of Atlassian Confluence flaw confirmed


Canadian nonprofit shared service provider TransForm has confirmed being impacted by a ransomware attack, which resulted in the exfiltration of a database that included information from its five co-founding hospitals across Ontario, reports BleepingComputer.

Source…

Another huge US medical data breach confirmed after Fortra mass-hack


Hackers stole another half a million people’s personal and health information during a ransomware attack on a technology vendor earlier this year.

Intellihartx, a Tennessee-based company that handles patient payment balances and collections, said in a notice filed with the Maine attorney general’s office that 489,830 patients had information stolen in the cyberattack targeting its vendor, Fortra.

According to the notice, the hackers stole patient names, addresses, dates of birth and Social Security numbers. The breach also compromised patient medical billing and insurance information, as well as diagnoses and medication.

Intellihartx is the latest company to come forward as a victim of the mass ransomware attack targeting Fortra’s GoAnywhere file-transfer software, which organizations use for sharing large data sets across the internet. The Clop ransomware group claimed responsibility for mass-exploiting a previously undisclosed security flaw in Fortra’s GoAnywhere software in February, which affected more than a hundred companies and organizations, including digital financier Hatch Bank, security giant Rubrik, and the City of Toronto.

Millions of patients across the United States also had their health information stolen in the cyberattack, including children’s data.

The impact of Clop’s ransomware attack prompted the U.S. Department of Health and Human Services to publish an alert warning that the ransomware group was targeting the healthcare industry.

Clop has targeted other vendors of file transfer tools, including Accellion’s file transfer appliance and more recently, a mass-hack involving MOVEit, a file transfer tool developed by Progress Systems.

Source…

Ransomware attack confirmed by Sun Pharmaceuticals



Sun Pharmaceuticals, the largest pharmaceutical firm in India and fourth largest specialty generic pharmaceutical company worldwide, has disclosed having some of its file systems compromised in a …

Source…

Record-breaking number of record-breaking DDoS attacks confirmed • The Register


Dozens of companies over the weekend were hit by distributed denial-of-service (DDoS) attacks, including the largest one yet recorded, or so Cloudflare says.

That record-breaking HTTP/2-based DDoS tsunami soared to more than 71 million requests-per-second, more than the previous record of 46 million rps blocked by Google in June 2022. It’s just record after record being broken, huh. Most of the other network flooding over the weekend peaked at between 50 million and 70 million rps.

The attacks, according to Cloudflare, originated from more than 30,000 IP addresses and targeted such businesses as gaming providers, hosting providers, cloud computing platforms, and cryptocurrency companies.

They also continued a growing trend of network traffic originating from cloud providers rather than residential ISPs, the more typical tools used by DDoS attackers who tend to roll IoT devices and home gateways into botnets.

“Over the past year, we’ve seen more attacks originate from cloud computing providers, Cloudflare researchers wrote in a report, adding that the network traffic used in the attacks over the weekend came from “numerous cloud providers.”

Given the increasing number of DDoS attacks coming from cloud providers, Cloudflare is trialing – what convenient timing – a free botnet threat feed to monitor attacks. Those interested in can sign up here to join the early access waiting list.

Script kiddies going for pay-to-play, for us all

HTTP DDoS attacks overwhelm websites with bogus traffic, and they’re efficient and inexpensive for miscreants to run.

The larger the botnet, the larger an attack can be. And DDoS-as-a-service platforms make it even easier and cheaper for cybercriminals to launch an attack, removing the time and cost of building a botnet by offering the platform for as little as $30 a month, Cloudflare said.

DDoS attacks are also increasingly lucrative, with crooks demanding payment from victims in return for shutting off the flood of traffic. According to Cloudflare, in the fourth quarter 2022, 16 percent of victims said they were targeted by ransom DDoS attacks, compared with 10 percent in Q1 2022.

Cloudflare said the weekend incidents from unknown…

Source…