The ransomware gang known as Clop created massive headaches for numerous entities with attacks involving the exploitation of vulnerabilities in file transfer software. Since December 2020, the same gang exploited vulnerabilities in Accellion, Fortra’s GoAnywhere software, and Progress Software’s MOVEit software. Christopher Brown reports a litigation update in cases stemming from the GoAnywhere breach disclosed…
Search Results for: accellion
Hackers Using MOVEit Flaw to Deploy Web Shells, Steal Data
Exploiting vulnerabilities in file transfer software for businesses and medical practices can result in a treasure trove of valuable data and the opportunity to try to extort oh, so many victims. First it was an Accellion vulnerability, exploited by Cl0p (past coverage). Then it was a Fortra GoAnywhere vulnerability, exploited by Cl0p (past coverage). Now…
The Fortra/GoAnywhere breach also affected healthcare entities. Here’s what we know so far, Part 2.
More than two months after Fortra first began notifying clients that threat actors had exploited a vulnerability in GoAnywhere, many patients whose protected health information was stolen may still have no clue. In Part 1, we noted six entities that have disclosed the breach. Five of them are listed on Clop’s leak site with their…
Hotel WiFi across MENA compromised and exposing private data
Kareem Chehayeb reports: Pakistani cybersecurity researcher Etizaz Mohsin was in a hotel room in Qatar when he unexpectedly discovered a technical vulnerability in its internet system that exposed the private information of hundreds of hotels and millions of guests worldwide. […] “I found out that there is a service running rsync [file synchronization tool], which…
Washington State Data Breaches in 2021 – Analysis
The Washington State Attorney General report on data breaches reported to their office in 2021 shows a significant increase over previous years. No surprise there, right? From the Executive Summary: 2021 set a new record for the highest number of data breach notices sent to Washingtonians (6.3 million). This represents approximately an 80% increase on…
Nearly 30K former and current CU Boulder students’ personal information hacked
Alex Rose reports: The University of Colorado Boulder is sending emails to roughly 30,000 former and current students that have been impacted by a data breach, according to a release from the university. Most of the people impacted are no longer CU students or employees, according to the release. The university said the third-party software, provided…