Waqas reports: Cloudflare stated that it had managed to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP addresses. According to a recent blog post by Cloudflare, a vendor specializing in DDoS attack mitigation, its customers were targeted by a series of volumetric DDoS (Distributed Denial of Service) attacks over the past weekend. These…
Healthcare giant CHS reports first data breach in GoAnywhere hacks
Sergiu Gatlan has more on a claimed zero-day attack on Fortra’s GoAnywhere file transfer software. The attack, which Clop claimed responsibility for, has been linked to at least one confirmed victim, Community Health Systems, as first reported by DataBreaches.net. Gatlan reports that Fortra (formerly known as HelpSystems) disclosed to its customers last week that a new vulnerability (CVE-2023-0669)…
Royal Mail refused to pay ‘absurd’ LockBit ransom, chat logs say
Carly Page reports: The LockBit ransomware gang has published what it claims is the full transcript of its negotiations with Royal Mail, which continues to experience disruption due to last month’s cyberattack. The chat logs negotiating the ransom is the first data that LockBit has published following the cyberattack on Royal Mail, which left the British postal service…
FL: Brooks Rehabilitation notifies patients of pixel tracking breach
On January 30, Brooks Rehabilitation (“Brooks”) in Florida disclosed that in December, they discovered tracking technology vendors that provide services to Brooks were able to view/access individually identifiable health information (IIHI) provided when a website user provided contact information or feedback via a Brooks website. The data transmitted could have included information such as name;…
Second verse, same as the first: Minuteman Senior Services reports another breach of an employee email account
Minuteman Senior Services (“MSS”) in Massachusetts notified the U.S. Department of Health and Human Services on January 27 that they experienced a breach affecting 500 patients. The “500” is simply a marker that indicates that the reporting entity knows they have to report a breach to HHS within 60 days of discovery but they do…
If you’re going to “attack” a public school district, learn what FERPA permits districts to make public anyway
An established forum user on Breached.vc uploaded what they claim is the [SPPS] Saint Paul Public Schools District Directory for free download. In describing what they refer to as an attack on February 13 to February 14 leading to a data breach, they write: Reasons for leak: Insecuring their Google Directory; Not Forcing stronger passwords…