SecureFact - Cyber Security News - Week of August 05, 2024
Data Breach
1. HealthEquity says data breach impacts 4.3 million people
HealthEquity, a major provider of health savings accounts, has confirmed that a cybersecurity incident has compromised the personal information of approximately 4.3 million individuals. The breach, which occurred on March 9, 2024, was linked to the theft of credentials from a partner organization. The exposed data includes full names, addresses, phone numbers, Social Security numbers, and general dependent information, among other sensitive details. HealthEquity has secured the affected data repository and implemented a global password reset for the compromised vendor account. Affected individuals will receive notifications on August 9, 2024, along with two years of credit monitoring and identity theft protection services.
2. Cencora confirms patient health info stolen in February attack
Cencora, a healthcare logistics company, has confirmed that sensitive patient health information was stolen during a cyberattack in February 2024. The breach affected the data of approximately 3.3 million individuals, including names, addresses, dates of birth, Social Security numbers, and health insurance information. The company has stated that it has implemented enhanced security measures and is cooperating with law enforcement and regulatory bodies. Affected individuals are being notified, and Cencora is offering credit monitoring services to help mitigate potential identity theft risks.
3. City of Columbus Offers Credit Monitoring to Employees After Massive Cyberattack Hits Government Facilities
The city of Columbus, Ohio, recently experienced a ransomware attack that disrupted several municipal services. The attack occurred on July 3, 2024, impacting the city's information technology systems and services. City officials confirmed the attack but did not provide details on the specific ransomware variant used or the extent of the data breach. The attack affected various city departments, including the Department of Public Service, the Department of Public Utilities, and the Department of Public Safety. Citizens were advised to use alternative methods to access city services, as the attack caused intermittent disruptions.
4. WSU Data Breach Impact Grows, Sensitive Information Exposed
Western Sydney University (WSU) has disclosed a significant data breach involving unauthorized access to its Isilon storage platform, which contained personal information of students, staff, and alumni. Approximately 580 terabytes of data across 83 out of 400 directories in Isilon were accessed between July 2023 and March 2024. Compromised data includes names, contact details, dates of birth, health information, sensitive workplace conduct details, government IDs, tax file numbers, superannuation details, and bank account information. WSU has engaged digital forensics experts, relevant authorities, and the NSW Supreme Court to investigate the incident and prevent further data misuse. The university has implemented security measures like password resets, enhanced monitoring, and additional firewall protection to mitigate the breach. Affected individuals will be notified in the coming weeks, and free identity protection services are being offered through IDCARE.
5. Dark Web Actor Claims ADT Data Breach; Company Aware and Investigating Incident
ADT, a major American security firm, has suffered a significant data breach, with a dark web actor claiming responsibility. The threat actor, known as "netnsher," has publicly announced their involvement and released over 30,812 records, including approximately 30,400 unique email addresses, physical addresses, user IDs, and purchase history of ADT customers. This breach follows a previous incident on July 8, 2024, where another threat actor, "Abu_Al_Sahrif," disclosed internal ADT documents from 2020 to 2023. It remains unclear if the recent breach by "netnsher" involved data from this earlier leak or was obtained through a different method. ADT has confirmed the incident and stated that it is under investigation. The company is evaluating the full extent of the breach and its implications for affected customer
领英推荐
6. McDowall Affleck Confirms ‘Cyber Incident’ After RansomHub Claims Access to 470 GB Data
The McDowall Affleck law firm in Australia has been targeted by a cyberattack that resulted in the theft of sensitive client data. The attack was carried out by a group known as "RansomHouse," which has demanded a ransom for the stolen information. The stolen data includes personal information of clients, such as names, addresses, dates of birth, and financial details. The law firm has confirmed the breach and is working with cybersecurity experts to assess the situation and mitigate any potential damage. McDowall Affleck is also cooperating with law enforcement agencies in their investigation of the incident. The firm has advised affected clients to monitor their accounts for any suspicious activity and has implemented additional security measures to protect their systems
Malware and Vulnerabilities
1. CISA warns of VMware ESXi bug exploited in ransomware attacks
CISA warns of VMware ESXi vulnerability CVE-2024-37085 being exploited in ransomware attacks. The vulnerability allows attackers to add a new user to the 'ESX Admins' group with full administrative privileges. Successful exploitation requires user interaction and high privileges. Several ransomware gangs are exploiting CVE-2024-37085 to steal data from VMs, move laterally, and encrypt ESXi hypervisors.
2. Malicious Packages Hidden in PyPI
Fortinet's FortiGuard Labs has discovered numerous malicious packages hidden in the Python Package Index (PyPI) that deploy various types of malwares, including info stealers, coin miners, and remote access tools. These packages are often uploaded by threat actors using fake identities and similar code to increase their reach before being taken down. Packages like "syssqlitedbmodules" contain encrypted code in init.py that steals sensitive data like credit cards, wallets, and account logins using Discord webhooks
3. Ubuntu Fixes Two OpenVPN Vulnerabilities
Ubuntu has released security updates to address two vulnerabilities in OpenVPN, a popular open-source VPN application. The flaws, tracked as CVE-2023-29360 and CVE-2023-29361, could allow remote attackers to cause denial of service (DoS) conditions. CVE-2023-29360 is a buffer overflow vulnerability that exists in the OpenVPN client. It can be triggered by sending a specially crafted packet to the client, potentially leading to a crash or arbitrary code execution. CVE-2023-29361 is a NULL pointer dereference vulnerability in the OpenVPN server. It can be triggered by sending a specially crafted packet to the server, potentially leading to a crash. Both vulnerabilities affect OpenVPN versions prior to 2.6.0 and have been patched in the latest release.
?
?
?