Tag: investigating | Page 2

SEC is investigating MOVEit mass-hack, says Progress Software

October 12, 2023/in Internet Security

U.S. securities regulators have opened a probe into the MOVEit mass-hack that has exposed the personal data of at least 64 million people, according to the company that made the affected software.

In a regulatory filing this week, Progress Software confirmed it had received a subpoena from the U.S. Securities and Exchange Commission (SEC) seeking “various documents and information” relating to the MOVEit vulnerability. “The SEC investigation is a fact-finding inquiry, the investigation does not mean that Progress or anyone else has violated federal securities laws,” Progress said, adding that it intends to “cooperate fully” with the investigation.

Progress also said in the filing that it expects to see minimal financial impact from the MOVEit mass-hacks, despite the broad scale of the incident.

The company said it incurred $1 million of costs related to the MOVEit vulnerability, once it had taken into account received and expected insurance payouts of approximately $1.9 million.

However, Progress notes that a loss from this incident remains possible after 23 affected customers launched legal action against the company and “intend to seek indemnification.” Progress said that a further 58 class action lawsuits have been filed by individuals who claim to be affected.

While it’s almost six months on from the discovery of the MOVEit zero-day vulnerability, the exact number of impacted MOVEit Transfer customers remains unknown, though cybersecurity company Emsisoft reports that 2,546 organizations have so far confirmed to be affected, impacting more than 64 million individuals.

New victims continue to come forward. Last week, Sony confirmed that more than 6,000 employees had data accessed in a MOVEit-related incident, and Flagstar Bank said more than 800,000 customer records had been stolen.

November security incident

Progress Software said in the filing that it expects to incur additional costs of $4.2 million related to a separate cybersecurity incident in November 2022.

The filing doesn’t reveal any details about the incident, but John Eddy, a Progress spokesperson representing the company via a third-party agency, confirmed that Progress Software at the time uncovered…

Source…

Sony Investigating After Hackers Offer to Sell Stolen Data

September 26, 2023/in Computer Security

Sony has launched an investigation after a cybercrime group claimed to have compromised the company’s systems, offering to sell stolen data.

A representative of the Japanese electronics and entertainment giant told SecurityWeek that it’s currently investigating the situation and has no further comments at this time.

The probe was launched after a relatively new ransomware group named RansomedVC listed Sony on its Tor-based website, claiming to have compromised all Sony systems.

“We won’t ransom them,” the hackers said. “We will sell the data due to Sony not wanting to pay. Data is for sale.”

The cybercriminals have provided several files in an effort to demonstrate their claims, including some Java files and screenshots apparently showing access to source code and applications associated with Sony’s Creators Cloud media production solution.

One leaked file, a PowerPoint slideshow, is marked ‘confidential’ and appears to be from Sony’s quality department, but it’s dated 2017.

A majority of the leaked files seem to originate from servers associated with Creators Cloud and the hackers have not provided evidence that all Sony systems have been compromised. It’s not uncommon for these types of cybercrime groups to make exaggerated claims.

Threat intelligence group VX-Underground reported on X (formerly Twitter) that the cybercriminals did not deploy file-encypting ransomware or steal any corporate data. They allegedly exfiltrated data from Jenkins, SVN, SonarQube, and Creator Cloud development systems.

Advertisement. Scroll to continue reading.

The RansomedVC group’s website currently lists nearly 40 victims, with ransom demands ranging between a few thousand dollars and $1 million, depending on the targeted organization’s size and revenue. The group announced its first victim in early 2023.

On the same day it announced Sony as a target, RansomedVC also listed Japanese mobile phone operator NTT Docomo as a victim on its website.

The gang claims they do not target Russian and Ukrainian organizations as most of its members are from these countries.

Cybersecurity firm Flashpoint described RansomedVC’s activities in August, pointing…

Source…

U of M investigating data breach; scope of hack still unclear

August 23, 2023/in Internet Security

U of M investigating data breach; scope of hack still unclear

The University of Minnesota has been investigating a potentially significant data breach for the past month, a spokesperson confirmed on Tuesday.

It’s the third major public institution in the Twin Cities to be targeted with suspicious activity recently. Minneapolis Public Schools and the Minnesota Department of Education were recently attacked by hackers, exposing thousands of Minnesotans’ data.

The University of Minnesota has been working with law enforcement and has notified state and federal officials about the alleged breach since officials first learned just over a month ago “that an unauthorized party claimed to possess sensitive data allegedly taken from the university’s systems,” spokesperson Jake Ricker said in a statement.

The university immediately started investigating and hired digital forensics professionals to figure out if the hacker’s claims were true and to secure the school’s computer systems, according to Ricker.

It wasn’t until late Tuesday afternoon that a similar notice went out to students, faculty and staff.

Officials have not said how they were alerted to the possible breach, only saying officials learned about it on July 21.

On that same day, news site The Cyber Express wrote about the alleged hacker’s claims, including that they gained unauthorized access to 7 million or more Social Security numbers from digitized records dating back to 1989.

Responding to questions from 5 EYEWITNESS NEWS, Ricker said, “We are aware of the claims and are working to verify if any or all of the claims made might be true.”

“The preliminary assessment is that the data at issue is from 2021 and earlier,” the initial statement read.

After a call from 5 EYEWITNESS NEWS, Computer Forensic Services Chief Technology Officer Mark Lanterman checked out the hacker’s claims for himself.

“He hasn’t shared proof that he actually did this. Now, based on the university’s statements, I believe that he did,” Lanterman said in an interview Tuesday afternoon. “It’s not credit card information. It’s our personal information. And then just with the sheer volume of 7 million, this is a…

Source…

Germany’s national bar association investigating ransomware attack

August 18, 2023/in Internet Security

A bar association representing German lawyers nationwide is investigating a cyberattack on its office in Brussels.

The German Federal Bar (BRAK) Association discovered the attack on August 2. The group is an umbrella organization overseeing 28 regional bars across Germany and representing about 166,000 lawyers nationally and internationally.

On Monday, the NoEscape ransomware group claimed it attacked the organization after BRAK announced last week that it was investigating a cyberattack. The organization did not respond to requests for an update on the situation, instead referring Recorded Future News to last week’s news release.

The German Federal Bar Association (#BRAK) has been reportedly #hacked by #NoEscape #ransomware group… pic.twitter.com/f9gRwkn5C8

— BetterCyber (@_bettercyber_) August 14, 2023

In the statement they said they were working with a forensic firm to investigate the ransomware attack, which was discovered on August 2, on its Brussels office. They have been able to restore access to their email system and plan to contact anyone who had data accessed during the incident.

“The Brussels office… fell victim to a criminal cyberattack, which led to a failure of the IT systems,” they wrote. Once discovered, “all network connections were immediately severed.”

“BRAK is currently working with an external service provider for IT security on a forensic analysis of the IT systems in order to clarify the incident and repair the damage… BRAK reported the incident to the Federal Commissioner for Data Protection and is in contact with the Belgian police, the Berlin State Criminal Police Office and the Cyber Emergency Response Team of the Belgian Center for Cyber Security,” they added.

The hackers encrypted BRAK’s mail server and exfiltrated 160 gigabytes of data. The organization is still trying to figure out how much information was taken involving communications from people contacting the Brussels office. The organization is operating under the assumption that such information was leaked.

The organization runs a special email service for lawyers but said that mailbox is on a completely separate system.

Officials said the ransomware gang…

Source…

Tag Archive for: investigating

November security incident