ransomware

185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone 

by

November 22, 2023 at 09:06AM AutoZone, the car parts retailer, has informed nearly 185,000 individuals that their personal information was compromised in the MOVEit hacking campaign. Cybercriminals exploited a vulnerability in the MOVEit Transfer application to steal information, including social security numbers. AutoZone has temporarily disabled the application, patched the vulnerability, and rebuilt the affected … Read more

Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’

by

November 22, 2023 at 07:12AM The Kansas court system experienced a sophisticated cyberattack in which sensitive data was stolen and a ransomware attack was carried out. The attack disrupted access to records for over five weeks, affecting the state’s appellate courts and causing attorneys to resort to paper filings. The stolen data includes district court … Read more

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

by

November 22, 2023 at 12:36AM LockBit ransomware affiliates are actively exploiting a critical security flaw in Citrix NetScaler appliances to gain initial access to target environments. The flaw, known as Citrix Bleed, allows threat actors to bypass password requirements and multifactor authentication, enabling session hijacking and unauthorized access to data. The vulnerability, tracked as CVE-2023-4966, … Read more

Citrix Bleed Bug Inflicts Mounting Wounds, CISA Warns

by

November 21, 2023 at 05:39PM LockBit 3.0 ransomware affiliates are targeting the “Citrix Bleed” security vulnerability, prompting warnings from CISA and Citrix. The bug allows authentication bypass, giving threat actors access to user sessions and credentials. Citrix’s patch is not sufficient to protect against compromise. Organizations are advised to upgrade immediately and assess vulnerability. Thousands … Read more

Auto parts giant AutoZone warns of MOVEit data breach

by

November 21, 2023 at 01:09PM AutoZone, the leading automotive spare parts retailer in the US, has suffered a data breach as part of the Clop MOVEit file transfer attacks. Approximately 185,000 people were affected by the breach, which occurred on May 28, 2023. While the specific data compromised has not been disclosed, identity theft protection … Read more

Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals

by

November 21, 2023 at 09:00AM The ransomware strain Play is now available as a service for other threat actors, according to cybersecurity company Adlumin. Affiliates who purchase the ransomware follow step-by-step instructions from playbooks delivered with it, resulting in attacks with minimal variations. Play, also known as Balloonfly and PlayCrypt, has previously targeted networks through … Read more

Canadian Military, Police Impacted by Data Breach at Moving Companies

by

November 21, 2023 at 08:39AM The Canadian government has reported a data breach involving two moving and relocation services firms contracted by the government. The breach exposed personal information of present and former public service employees, as well as members of the Canadian Armed Forces and Royal Canadian Mounted Police. The government is offering credit … Read more

MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people’s data stolen

by

November 20, 2023 at 03:50PM Progress Software’s MOVEit file transfer application has been exploited by the Russian ransomware group Clop, impacting 2,620 organizations and over 77 million individuals. Avast, the antivirus company, is among the victims, with 3 million customers’ information reportedly leaked on a hacking forum. Welltok, a patient communication services provider, has also … Read more

CISA Launches Pilot Program to Address Critical Infrastructure Threats

by

November 20, 2023 at 03:27PM CISA has introduced a pilot program to offer cybersecurity services to critical infrastructure entities facing increasing cyberattacks. The program includes deploying Protective Domain Name System to participating organizations and hosting roundtables to understand their needs. Initially, the program targets healthcare, water, and K-12 education, with plans to expand to 100 … Read more

Canadian government discloses data breach after contractor hacks

by

November 20, 2023 at 12:27PM The Canadian government has reported that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, were hacked, resulting in the exposure of sensitive information belonging to government employees. The breach, reportedly attributed to the LockBit ransomware gang, has affected data dating back to … Read more