Last week, breaches and cyberattacks occurred across several industries from the healthcare, banking, software, automotive, to the public sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as Singing River Health System ransomware attack compromised 900,000 individuals' personal information, and that WebTPA data breach impacts 2.4 million insurance policyholders in the U.S. Furthermore, new vulnerabilities and patches for Chrome and D-Link routers have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. MediSecure, an e-script provider, hit by ‘large-scale ransomware’ breach.
The Australian national cyber security coordinator announced on Thursday that MediSecure is at the centre of the large-scale ransomware data breach. MediSecure’s website has been pulled, and the company has posted a statement that they had identified a cyber security incident that impacts ‘the personal and health information of individuals’. A MediSecure spokesperson stated that it is too early to respond to detailed questions about the nature and extent of the incident, and that an investigation is currently underway. Furthermore, the company stated that they have taken immediate measures to mitigate any potential impact on their systems, and are engaging with relevant agencies to manage the incident’s impact. The Australian government had convened a national coordination mechanism in response to this incident. Europol investigating a data breach after IntelBroker offers to sell classified data. Europol has launched an investigation after IntelBroker, a well-known hacker, announced on 10 May that he gained access to Europol systems and obtained For Official Use Only (FOUO) and classified data. This includes employee information, source code, and “recon” and guideline documents. The hacker also claimed the data came from several “agencies” within Europol. However, it is noted that most of these “agencies” appear to be projects within the Europol Platform for Experts (EPE), a platform where law enforcement experts share knowledge, best practices and crime data. On 11 May, the hacker updated and claimed that the data had been sold. Europol confirmed that the incident “concerns a EPE closed user group”, and that an investigation is being conducted. The EPE website is currently down, displaying a “under maintenance” message. However, it was stated that no operational information was processed on this EPE application, and that no core systems of Europol are affected, and hence no operational data from Europol has been compromised. Firstmac, Australian largest non-bank mortgage lender, suffered a ransomware attack: Over 500GB data exposed. Firstmac has reported a ransomware attack that led to the exposure of over 500GB of data. The company stated that the breach was identified when an unauthorised actor gained access to a specific portion of Firstmac’s IT infrastructure. The company stated that they responded immediately by securing the compromised system, and engaged with cybersecurity experts to investigate the breach. The company has stated that their business operations have not been impacted. However, it has been found that certain Firstmac customers’ personal information have been compromised during the breach. Firstmac is directly contacting impacted customers, and assisting affected customers by enlisting the help of IDCARE, Australia’s dedicated national service for identity and cyber support. The company has also informed the relevant authorities about the breach, and is keeping them updated as the investigation progresses. Australia’s Iress, a software company, disclosed a GitHub security breach. Tech firm, Iress, is investigating an unauthorised access into their GitHub user space, which was first detected on 13 May 2024. The breach is confined to Iress’ user space on GitHub, which does not store any client information. To date, the investigation has not identified any malware or other security threats in its internal systems or software. The unauthorised access is believed to be linked to the misuse of a specific GitHub only security credential, which does not affect other Iress systems or protocols. For most clients, Iress advises that no immediate action is necessary. However, the company will notify certain clients who might need to update their security settings as a preventative step, with further instructions provided by their relationship managers. From their investigation so far, they have not detected any evidence of their clients’ data or software environments being compromised. Furthermore, it was stated that upon detecting the unauthorised access, they have suspended the ability for any code to be committed into Iress’ production environment from GitHub. Banco Santander, one of the largest banks globally, disclosed a data breach that exposed customers’ data. Banco Santander disclosed a data breach incident that impacted customers and current and some former employees in Spain, Chile and Uruguay. The breach was caused by an unauthorised actor that managed to access a database that was hosted by one of their 3rd party service providers. The organisation took immediate action to contain the incident and block the compromised access to the database. The bank did not disclose any details about the types of data exposed but did state that no transaction information or online banking account credentials were impacted. This includes online banking details and passwords. The bank asserted that their systems and operations in the mentioned countries remain unaffected, hence customers can still carry out their transactions. The bank will also be notifying affected customers and employees, as well as the relevant authorities. Nissan North America discovered 2023 data breach impacts over 53,000 employees . Nissan North America discovered recently that the November 2023 data breach has exposed the personal data of more than 53,000 current and former employees. The exposed personal data includes a personal identifier (e.g. name) and social security numbers. No financial details were present in the compromised files. Nissan also notes that it is not aware of the exposed data having been misused. In the letter sent to recipients, Nissan stated that they are providing a free 24 month credit monitoring and identity theft protection service to mitigate the risk of data exposure. Mississippi healthcare provider ransomware attack compromised 900,000 individuals’ personal information. Singing River Health System (SRHS), a Mississippi healthcare provider, in an incident notice on their website revealed that their systems were compromised on 16 August 2023, and that ransomware was deployed 3 days later on 19 August 2023. During this timeframe, the attackers managed to access personal information such as names, addresses, birth dates, social security numbers, health and medical information. Last Monday, the company updated that this breach is estimated to impact 895,204 individuals, and told the Maine AGO that they have started notifying the roughly 900,000 individuals about the breach on 13 May. SRHS is providing the impacted individuals with 12 months of free credit monitoring services, and providing guidance on how to protect themselves against identity theft and fraud, such as reporting any suspicious activity. WebTPA Employer Services data breach impacts 2.4 million insurance policyholders. The US Department of Health and Human Services notes that WebTPA data breach that was disclosed earlier this month impacts 2,429,175 individuals. Impacted individuals include customers at large insurance companies such as The Hartford, Transamerica, and Gerber Life Insurance. WebTPA is a subsidiary of Guidewell Mutual Holding Corporation and a 3rd party administrator. The breach occurred last year but it was discovered last December, when the company found evidence of suspicious activity on their network. According to WebTPA, the threat actor had access to personal data for 5 days - 18 April - 23 April 2023, and after investigation it was concluded that the unauthorised actor may have obtained personal information. WebTPA informed benefit plan providers and insurance companies of the breach on 25 March 2024. The company sent notices to affected individuals on 8 May 2024. The exposed data includes customers’ full name, contact details, birth date (and death where applicable), social security number, and insurance information. Companies affected by the WebTPA breach include Dean Health Plan, APA Voluntary Supplemental Medical Plan, The Hartford, Transamerica, and Gerber Life Insurance. In the data breach notification, WebTPA included instructions on how to enrol for 2 years of credit monitoring, identity theft protection, and fraud consultation services. Affected individuals are highly recommended to be vigilant for communications from potential fraudsters, and refrain from sharing any personal and financial information. CISA added 3 vulnerabilities that impact Chrome and D-Link routers. CISA has added 3 security vulnerabilities to their ‘Known Exploited Vulnerabilities’ catalogue. 1 impacts Google Chrome, and the other 2 impacts some D-Link routers. The vulnerability in Google Chrome (CVE-2024-4761) has been confirmed by the vendor as actively exploited on 13 May. It is an out of bounds write vulnerability, and has a high severity rating. A 10 year old vulnerability impacting D-Link DIR-600 routers (tracked as CVE-2014-100005) is still being exploited, and it’s a cross-site request forgery issue. This will allow attackers to hijack administrator authentication requests, create their own admin accounts, change the configuration, and take control of the device. The vendor released a fix 4 years ago in firmware version 2.17bo2 along with a security bulletin containing mitigation recommendations. Another vulnerability impacting D-Link products (tracked as CVE-2021-40655) affects D-Link DIR-605 routers that have been out of support since 2015. This allows attackers to grab admin’s username and password without authentication. In the case of D-Link vulnerabilities, it is recommended to replace the device with newer models that the vendor still supports with performance and security updates. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Last week, breaches and cyberattacks occurred across several industries from the public, technology, watch, physical security to the healthcare sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as the University System of Georgia determined that the 2023 Clop Moveit breach led to 800,000 individuals’ data stolen, and that the Ohio Lottery ransomware attack has led to over 500,000 individuals’ data compromised. Additionally, a massive webshop fraud ring has stolen credit card information from over 850,000 people. Furthermore, new vulnerabilities and patches for Citrix have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|