December 17, 2023 at 09:27PM
MongoDB issued an alert about unauthorized access to its corporate systems, exposing customer account metadata and contact information. Customers are advised to be vigilant for social engineering and phishing attacks, activate multi-factor authentication, and rotate their passwords. Critical vulnerabilities in Siemens and Unitronics PLCs and other ICS devices were also mentioned. Furthermore, cancer patients at a Seattle medical center received ransom letters following a security breach, and Delta Dental revealed a data breach affecting millions of patients.
From the meeting notes and security alerts, here are the key takeaways:
1. MongoDB issued an alert warning of unauthorized access to certain corporate systems, including exposure of customer account metadata and contact information. Customers using MongoDB Atlas are advised to activate multi-factor authentication and regularly rotate their passwords. There was also a spike in login attempts, causing issues for customers attempting to log in. This spike was unrelated to the security incident.
2. Critical vulnerabilities were reported in Siemens SIMATIC S7-1500 CPU PLCs, Unitronics Vision Series PLCs, Siemens SCALANCE M-800 and S615 family ICS switches, and Siemens’s SINEC industrial network management software. Patching these vulnerabilities is advised to prevent information disclosure, tampering, DoS, code injection, and privilege escalation.
3. Seattle’s Fred Hutchinson Cancer Center experienced a security breach, with patients receiving ransom letters demanding money to prevent the stolen data from being sold on the dark web. The breach involved the theft of personal and medical data, including names, social security numbers, addresses, phone numbers, medical history, lab results, and insurance information.
4. US dental insurance group Delta Dental was another victim of attacks on MOVEit, with data of nearly seven million patients being lifted. The stolen data included financial account numbers, credit/debit card numbers, PINs, drivers license numbers, social security numbers, addresses, health insurance info, and health information. Delta is offering free credit monitoring services and apologies to the affected individuals.
These are the critical updates and incidents from the meeting notes and security alerts.