Sergiu Gatlan has more on a claimed zero-day attack on Fortra’s GoAnywhere file transfer software. The attack, which Clop claimed responsibility for, has been linked to at least one confirmed victim, Community Health Systems, as first reported by DataBreaches.net. Gatlan reports that Fortra (formerly known as HelpSystems) disclosed to its customers last week that a new vulnerability (CVE-2023-0669)…
Category: Breach Incidents
Second verse, same as the first: Minuteman Senior Services reports another breach of an employee email account
Minuteman Senior Services (“MSS”) in Massachusetts notified the U.S. Department of Health and Human Services on January 27 that they experienced a breach affecting 500 patients. The “500” is simply a marker that indicates that the reporting entity knows they have to report a breach to HHS within 60 days of discovery but they do…
If you’re going to “attack” a public school district, learn what FERPA permits districts to make public anyway
An established forum user on Breached.vc uploaded what they claim is the [SPPS] Saint Paul Public Schools District Directory for free download. In describing what they refer to as an attack on February 13 to February 14 leading to a data breach, they write: Reasons for leak: Insecuring their Google Directory; Not Forcing stronger passwords…
Arizona Priority Care and AZPC Clinics notify 10,978 patients of malware attack
Arizona Health Advantage, Inc. d/b/a Arizona Priority Care and AZPC Clinics, LLC (“APC”) are healthcare providers and business associates. On February 1, they notified HHS of an incident that affected 10,978 patients. As a business associate, their report to HHS was filed on behalf of Alignment Health Plan of Arizona, Inc. and Alignment Health Insurance…
B&G Foods attacked by Daixin Team; files leaked
B&G Foods describes itself as a “multibillion dollar company with more than 50 brands and one purpose: Delicious food from our family to yours.” Some of the California firm’s brands are Crisco, Green Giant, Cinnamon Toast Crunch, Cream of Wheat, and Vermont Maid Syrup. But a recent cyberattack by Daixin Team has allegedly resulted in…
Clop ransomware claims to be behind GoAnywhere zero-day attacks
Sergiu Gatlan reports: The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations. The security flaw, now tracked as CVE-2023-0669, enables attackers to gain remote code execution on unpatched GoAnywhere MFT instances with their administrative…