April 28, 2023 New Data Breaches from Cl0p and Lockbit Ransomware Groups Executive Summary Ransomware-as-a-service (RaaS) groups Cl0p and Lockbit recently conducted several distinct attacks, exploiting three known vulnerabilities (CVE-2023-27351, CVE-2023-27350, and CVE-2023-0669). The Cybersecurity and Infrastructure Security Agency (CISA) added the latter two vulnerabilities to its Known Exploited Vulnerabilities Catalog but has not yet…
Category: U.S.
U. of Iowa Health Care denies sharing patient data with Facebook, but are they right?
DataBreaches never accused U. of Iowa Health Care of sharing patient data with Facebook, but it seems that someone did. Clark Kaufmann reports: The University of Iowa Hospitals & Clinics is denying that it shares any confidential patient information with Facebook. Last week, lawyers for an Iowa woman, Eileen Yeisley, filed suit against UIHC in…
Court records online include private information for thousands of Missouri residents
Josh Renaud reports: Documents containing Social Security numbers and other private information for thousands of Missourians are accessible to anyone using the Casenet website, the state’s judicial records system, the Post-Dispatch recently discovered. Missouri Supreme Court officials have acknowledged the issue after being alerted by the Post-Dispatch, and they fixed one vulnerability on Casenet. But…
Some ‘sensitive information’ potentially compromised: Diocese of Las Vegas reports cybersecurity breach
Alyssa Roberts reports: The Diocese of Las Vegas on Friday announced a cybersecurity breach that potentially compromised “sensitive information of its volunteers, parishioners, donors and other stakeholders,” a news release states. A spokesperson noted there was “no indication that personal information has been misused,” but said the Diocese would notify those who may have been…
United HealthCare reports a data breach that may have revealed the customer’s personal information
The CBS reports: United HealthCare made customers aware of a data breach on Friday, which temporarily allowed access to personal information for those enrolled in the company’s healthcare plans. According to a statement, “suspicious activity” was noticed on the UHC mobile application “that may have led to the disclosure of member information.” The company says…
Many Public Salesforce Sites are Leaking Private Data
Brian Krebs reports: A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging…