Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta of FireEye write: Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations…
Category: Business Sector
Watermark takes action after data security breach potentially affects people in 10 states
Kimberly Bonvissuto reports: Tucson, AZ-based Watermark Retirement Communities is the latest victim of a data security breach, in this case one that may have compromised the personal information of 208 residents and others. The company sent out a notice on Wednesday that it became aware of a “cyber intrusion” in September. The senior living operator…
PH: Cashalo hit with data breach, but says accounts not compromised
Xave Gregorio reports: Fintech platform Cashalo reported Saturday it has been hit by a data breach, but assured that accounts and passwords of their users have not been compromised as these have been encrypted. Cashalo said it discovered two days ago that there was “unauthorized access” to a database archive containing some personal data of…
Underwriters Laboratories (UL) certification giant hit by ransomware
Lawrence Abrams reports: UL LLC, better known as Underwriters Laboratories, has suffered a ransomware attack that encrypted its servers and caused them to shut down systems while they recover. […] BleepingComputer has learned that UL suffered a ransomware attack last weekend that encrypted devices in their data center. Read more on BleepingComputer.
Kroger reports Accellion data breach affecting pharmacy records, associate HR data
Updated March 9: This incident subsequently appeared on HHS’s public breach tool as having been reported to HHS on February 19 and impacting 368,100 patients. Brian Planalp reports: Kroger is informing some customers and associates that a third-party software company it uses for data services recently suffered a data breach. Kroger’s own IT systems were not…
Vendée: the Bénéteau company victim of a cyberattack
Philippe Rey-Gorez reports (translation): The Bénéteau boat company, headquartered in Saint-Gilles-Croix-de-Vie, Vendée, is the victim of a cyberattack , its communications department announced on Friday evening. This attack was detected overnight Thursday through Friday by the company’s security system. As soon as its alarms were triggered, the service immediately shut down the networks. This is a protective measure to prevent…