Sergiu Gatlan reports: Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data. The company says an ongoing investigation found that the bug (tracked as CVE-2023-2868) was first exploited…
Category: Malware
Another hospital hit by ransomware: Mission Community Hospital
Mission Community Hospital in California allegedly experienced a ransomware attack on April 29. On Wednesday, RansomHouse threat actors claimed responsibility for the attack and provided a number of files as proof. They claim to have downloaded 2.5 TB of data. From the proof files, it appears that RansomHouse accessed the imaging system and image files…
Clinical test data of 2.5 million people stolen from biotech company Enzo Biochem
Jonathan Greig reports: An April ransomware attack on a biotech company resulted in the compromise of test information and personal data of nearly 2.5 million people, according to regulatory filings. Enzo Biochem, a New York-based biosciences and diagnostics company, said that on April 6 it experienced a ransomware attack that involved the “unauthorized access to…
New York county still dealing with ransomware eight months after attack
Brandon Vigliaro reports: The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on. Suffolk County was hit with a ransomware attack in early September 2022, which led county executive Steve Bellone to issue nine separate emergency…
Infostealers: a threat that is still largely (too) stealthy
In September, Britton White and PogoWasRight.org teamed up to produce an explainer and caution about infostealers that was oriented to the public. Our article, Redline: Storing Passwords in your Browser Can Ruin Your Life (But Will Make Criminals VERY Happy!) included cautions about employees who work from home and who might have their login credentials…
Two ransomware groups claimed to have attacked Albany ENT & Allergy Services and leaked data, but AENT doesn’t mention that at all in their notification?
On April 28, DataBreaches reported that two different ransomware groups claimed to have attacked Albany ENT & Allergy Services, P.C. in Albany, New York. This week, Albany ENT & Allergy Services notified regulators and 224,486 affected employees and patients about a breach. Their notification is stunning, however, for its lack of certain details. In their…