Tag: Including | Page 2

Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities

June 15, 2023/in Internet Security

Clop, the ransomware gang responsible for exploiting a critical security vulnerability in a popular corporate file transfer tool, has begun listing victims of the mass-hacks, including a number of U.S. banks and universities.

The Russia-linked ransomware gang has been exploiting the security flaw in MOVEit Transfer, a tool used by corporations and enterprises to share large files over the internet, since late May. Progress Software, which develops the MOVEit software, patched the vulnerability — but not before hackers compromised a number of its customers.

While the exact number of victims remains unknown, Clop on Wednesday listed the first batch of organizations it says it hacked by exploiting the MOVEit flaw. The victim list, which was posted to Clop’s dark web leak site, includes U.S.-based financial services organizations 1st Source and First National Bankers Bank; Boston-based investment management firm Putnam Investments; the Netherlands-based Landal Greenparks; and the U.K.-based energy giant Shell.

GreenShield Canada, a non-profit benefits carrier that provides health and dental benefits, was listed on the leak site but has since been removed.

Other victims listed include financial software provider Datasite; educational non-profit National Student Clearinghouse; student health insurance provider United Healthcare Student Resources; American manufacturer Leggett & Platt; Swiss insurance company ÖKK; and the University System of Georgia (USG).

A USG spokesperson, who did not provide their name, told TechCrunch that the university is “evaluating the scope and severity of this potential data exposure. If necessary, consistent with federal and state law, notifications will be issued to any individuals affected.”

Florian Pitzinger, a spokesperson for German mechanical engineering company Heidelberg, which Clop listed as a victim, told TechCrunch in a statement that the company is “well aware of its mentioning on the Tor website of Clop and the incident connected to a supplier software.” The spokesperson added that the “incident occurred a few weeks ago, was countered fast and effectively and based on our analysis did not lead to any data breach.”

None of…

Source…

Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

April 12, 2023/in Internet Security

Apr 12, 2023Ravie LakshmananPatch Tuesday / Software Updates

It’s the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild.

Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20 elevation of privilege vulnerabilities. The updates also follow fixes for 26 vulnerabilities in its Edge browser that were released over the past month.

The security flaw that’s come under active exploitation is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation bug in the Windows Common Log File System (CLFS) Driver.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the issue.

CVE-2023-28252 is the fourth privilege escalation flaw in the CLFS component that has come under active abuse in the past year alone after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8). At least 32 vulnerabilities have been identified in CLFS since 2018.

According to Russian cybersecurity firm Kaspersky, the vulnerability has been weaponized by a cybercrime group to deploy Nokoyawa ransomware against small and medium-sized businesses in the Middle East, North America, and Asia.

“CVE-2023-28252 is an out-of-bounds write (increment) vulnerability that can be exploited when the system attempts to extend the metadata block,” Larin said. “The vulnerability gets triggered by the manipulation of the base log file.”

In light of ongoing exploitation of the flaw, CISA added the Windows zero-day to its catalog of Known Exploited Vulnerabilities (KEV), ordering Federal Civilian Executive Branch (FCEB) agencies to secure their systems by May 2, 2023.

Also patched are critical remote code execution flaws impacting DHCP Server Service, Layer 2 Tunneling Protocol, Raw Image Extension, Windows Point-to-Point Tunneling Protocol, Windows Pragmatic General Multicast, and Microsoft Message Queuing (

Source…

Estonian National Charged with Helping Russian Military Acquire U.S. Electronics, Including Radar Components; Sought-Computer Hacking Software

April 7, 2023/in Computer Security

An eighteen-count indictment was unsealed today in Brooklyn charging Andrey Shevlyakov, an Estonian national, with conspiracy and other charges related to procuring U.S.-made electronics on behalf of the Russian government and military.

Shevlyakov was arrested on March 28, 2023 in Estonia. As alleged in the indictment and other court filings, at the time of his arrest, the Estonian seized inbound shipments addressed to Shevlyakov’s front companies, including one that contained approximately 130 kilograms (286 pounds) of radio equipment.

Breon Peace, United States Attorney for the Eastern District of New York, James Smith, Special Agent in Charge, FBI Houston and Trey McClish, Special Agent in Charge of the U.S. Department of Commerce, Bureau of Industry and Security – Office of Export Enforcement’s Dallas Field Office announced the charges.

“As alleged, for more than a decade, the defendant has been acquiring sensitive electronics from U.S. manufacturers on behalf of the Russian government, in defiance of U.S. export controls,” stated United States Attorney Peace. “Our Office will not relent in its efforts to stop those who unlawfully procure U.S. technology for Russia or any other sanctioned countries, entities or individuals.”

Mr. Peace expressed his appreciation for Task Force KleptoCapture, the Department of Justice’s Office of International Affairs, and the Estonian Internal Security Service (KAPO) for their valuable assistance.

“For years, Mr. Shevlyakov’s elaborate web of deceit allowed him to allegedly procure sensitive American-made electronics on behalf of the Russian military,” said FBI Houston Special Agent in Charge James Smith. “His illegal acquisitions of sophisticated U.S. technology endangered citizens in both Ukraine and the United States. FBI Houston will continue to work with our valued international partners, especially the Estonian Internal Security Service (KAPO), to investigate and disrupt actors who illicitly support the unprovoked invasion of Ukraine by Russian armed forces.”

“As these actions have proven, BIS will continue to hunt down and bring to justice those who harm our national security and illicitly supply the…

Source…

CentraState hack stole data from 617,000, including some Social Security numbers

February 10, 2023/in Computer Security

FREEHOLD TOWNSHIP – CentraState Healthcare System is notifying 617,000 patients that information including names, addresses and Social Security numbers were part of a cyberattack that hit the hospital network in December, company officials said Friday.

The hacker obtained a copy of an archived database that also included dates of birth, health insurance information, medical record numbers and patient account numbers. No financial account or payment card information was involved, officials said.

CentraState, which largely serves western Monmouth and Ocean counties, said in late December that it discovered unusual activity in its computer system, forcing it to temporarily divert ambulances to other hospitals and halt outpatient care.

It joined a lengthy list of hospitals nationwide that have been targeted by hackers. The reason: The health care industry has lots of information that can affect the health of its patients, experts say.

CentraState cyberattack: Why are hospitals so vulnerable to hackers?

CentraState Medical Center in Freehold Township is shown Tuesday, April 14, 2020.

CentraState said it immediately took steps to contain the breech. It brought in a forensics firm to investigate and reported the incident to the FBI. The investigation found that an unauthorized person on Dec. 29 obtained a copy of the database.

In addition to the personal information, the database included information related to care, including physician names, diagnoses and treatment plans, the health system said.

A CentraState spokeswoman said Friday company’s computer system has been restored.

‘Highlight of my career’: Saxophonist who survived COVID plays for hospital that saved him

CentraState said it began mailing letters Friday to patients affected by the incident. It said it would provide credit monitoring and identity theft protection services to patients whose Social Security numbers were taken, And it encouraged patients to review statements from their health providers and insurers and report to them any inaccuracies.

“CentraState deeply regrets any concern this incident may have caused and is continually enhancing the security of its electronic systems and the patient data it maintains to help prevent…

Source…

Tag Archive for: Including