December 2, 2024 at 10:04PM A massive data breach linked to the MOVEit file transfer tool has exposed personal data of hundreds of thousands of employees from major corporations, including Xerox and Bank of America. The hacker “Nam3L3ss” leaked employee details such as names, contact information, and job titles, raising concerns over potential social engineering … Read more
November 12, 2024 at 06:56AM Amazon has confirmed that employee data was compromised due to a MOVEit hack that occurred last year. This incident highlights vulnerabilities associated with data security and the risks of cyberattacks on large organizations. **Meeting Notes Takeaways:** 1. **Incident Confirmation**: Amazon has acknowledged that certain employee data was compromised due to … Read more
November 11, 2024 at 02:11PM Amazon confirmed a data breach involving over 2.8 million employee records, leaked by a threat actor named Nam3L3ss. The data, stolen from a third-party vendor, included work contact information but no sensitive details. The breach is tied to the MOVEit attacks that affected numerous organizations globally in May 2023. ### … Read more
August 26, 2024 at 09:12AM TDECU notified over 500,000 individuals of a data breach in the MOVEit campaign by the Cl0p ransomware group. Up to 96 million people and 2,700 organizations may have been affected. The compromised information includes sensitive data, but TDECU has not observed identity or financial fraud. Impacted individuals are being offered … Read more
June 27, 2024 at 01:42PM Attackers have intensified attacks on Progress Software’s MOVEit file transfer application by exploiting new vulnerabilities, posing a significant threat to affected organizations. Despite available patches, organizations face challenges in quickly applying them due to the potential for adversaries to target their systems. A proof-of-concept exploit is in the wild, highlighting … Read more
June 26, 2024 at 09:35AM Progress Software revealed new vulnerabilities affecting MOVEit Transfer and Gateway, including critical authentication bypass-style flaws with a severity score of 9.1. Last year’s breaches affected 2,773 organizations, prompting an embargo on the information until June 25 to allow for patching. The vulnerabilities could lead to file-less attacks and should be … Read more
May 3, 2024 at 06:38PM CISO Corner offers articles for security leaders. This issue highlights Verizon DBIR findings, workplace exclusion in cybersecurity, DMARC adoption, Muddling Meerkat’s DNS activities, shadow APIs risk, and a cybersecurity checklist for M&A deals. Also, a new podcast “Dark Reading Confidential” will feature firsthand stories from cybersecurity practitioners. Follow on Spotify, … Read more
December 15, 2023 at 02:06PM Delta Dental of California and its affiliates are notifying 6.9 million patients of a data breach due to a vulnerability in MOVEit Transfer software. The breach resulted in unauthorized access, with stolen data including names, financial account numbers, and credit/debit card numbers. The company is offering 24 months of free … Read more
December 15, 2023 at 10:01AM Delta Dental of California has notified almost seven million patients of a data breach. The breach involved unauthorized access through MOVEit software, leading to the exposure of personal data, including names, financial account numbers, and credit/debit card details. Impacted customers are offered 24 months of free credit monitoring and identity … Read more
November 21, 2023 at 05:39PM AutoZone’s CISO, Doug Baldwin, reported a data breach to the state of Maine affecting 184,995 individuals, with 293 residents affected. The breach, discovered this month but occurring on May 28, involved a threat actor exploiting a vulnerability in the MOVEit application. AutoZone has disabled the application, conducted an investigation, and … Read more