Adventist Health Tulare has issued a press release about a breach at a business associate in Nebraska. The June 7 press release states, “A data security incident was recently discovered by Signature Performance, an agency working on behalf of Adventist Health Tulare to collect payment for services.” Their investigation determined that an unknown party accessed…
Category: Commentaries and Analyses
What Snowflake isn’t saying about its customer data breaches
Zack Whittaker reports: Snowflake’s security problems following a recent spate of customer data thefts are, for want of a better word, snowballing. After Ticketmaster was the first company to link its recent data breach to the cloud data company Snowflake, loan comparison site LendingTree has now confirmed its QuoteWizard subsidiary had data stolen from Snowflake. “We…
PruittHealth was hacked back in November. Here’s what we STILL don’t know.
What happens when threat actors leak data on the dark web but the victim entity doesn’t access it in time to figure out what was leaked? That’s what happened to PruittHealth in Georgia last year. How many people are they notifying because they can’t figure out what was accessed, acquired, or leaked? In November 2023,…
HC3: Analyst Note: Healthcare Sector DDoS Guide
May 30, 2024 HC3: Analyst Note TLP:CLEAR Report: 20240530120 Executive Summary A Distributed-Denial-of-Service (DDoS) attack is a type of cyber attack in which an attacker uses multiple systems, often referred to as a botnet, to send a high volume of traffic or requests to a targeted network or system, overwhelming it and making it unavailable…
RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks
Jai Vijayan reports: In recent attacks involving the ominously growing RansomHub ransomware, attackers have exploited the so-called ZeroLogon flaw in the Windows Netlogon Remote Protocol from 2020 (CVE-2020-1472) to gain initial access to a victim’s environment. Prior to deploying the ransomware, the attackers have used several dual-use tools, including remote access products from companies like Atera…
Google Database Reveals Thousands of Privacy Incidents
Joseph Cox reports: Google has accidentally collected childrens’ voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and…