Posted just in case you are paywalled.

Summary

At a glance.

• Victims sue US healthcare network for breach of patient data.
• Multiple blanks impacted in MOVEit data breaches.
• A closer look at Cl0p.

A closer look at Cl0p.

The Cl0p ransomware group has been making recent headlines for its role in the mass-hack of a recently discovered vulnerability in the widely-used MOVEit file transfer application. As victims continue to disclose data breaches tied to the bug and Cl0p adds names to its hack list, ZeroFox offers a detailed analysis of the threat group’s activities. Analysts found that Cl0p typically engages in very low levels of activity for a period of several months, then carries out a series of high tempo attacks for several weeks.

As with the MOVEit hacks, Cl0p’s attacks often coincide with the discovery of critical vulnerabilities, allowing the cybercriminals to target multiple high-profile victims simultaneously. Rather than encrypting the infiltrated software, the group’s typical modus operandi is to exfiltrate data and then issue ransom demands. The researchers could find no pattern in the timing of Cl0p’s attacks, likely because they correlate with the unpredictable detection of zero-day vulnerabilities. That said, in the case of the MOVEit attacks, reports suggest group members identified the bug as early as March 2023 and delayed exploitation until the US’s celebration of Memorial Day, when security teams would likely be less vigilant.

Multiple blanks impacted in MOVEit data breaches.

Speaking of the MOVEit attacks, several additional victims have surfaced in recent days. CPO Magazine reports that German multinational investment bank Deutsche Bank shared customer data with a third-party vendor impacted in the MOVEit hacks. A Deutsche Bank spokesperson stated, “We have been notified of a security incident at one of our external service providers, which operates our account switching service in Germany.” Although the bank has chosen not to disclose the identity of the vendor, sources say it’s Majorel Germany, which provides account switching services for several German banks and has confirmed it suffered a MOVEit attack. A Majorel spokesperson explained, “The attack took place before the software’s vulnerability became public and only affected a single system running MOVEit software in Germany.” The compromised Deutsche Bank data include customer names and International Banking Account Numbers for individual German customers, and although the stolen info could not give the attackers access to the customers’ accounts, it could be used to carry out unauthorized direct debits. German banks ING Bank, Postbank, and Comdirect have also disclosed they experienced customer data leaks linked to the MOVEit hack.

Stateside, JDSupra reports that PlainsCapital Bank has also confirmed that one of its vendors was impacted by the MOVEit vulnerability. The Texas-based financial services institution posted a notice on its website explaining that an unauthorized party gained access to sensitive customer data including Social Security numbers and bank account numbers. The unidentified third-party vendor, who uses MOVEit for file transfer activities, disclosed the breach to PlainsCapital on June 27th, and the bank began notifying all compromised individuals on July 14.

Victims sue US healthcare network for breach of patient data.

HCA Healthcare, a medical facilities operator based in the US state of Tennessee, has been hit with at least five lawsuits connected to a massive data breach disclosed earlier this month. HCA explained that the attacker exfiltrated data from an external storage location, and then posted the stolen info online. Becker’s Hospital Review reports that the incident impacted up to 11 million patients across nineteen states, and complaints have been filed by victims in Tennessee, California, Florida and Texas. Attorney Tricia Herzfeld is representing a patient from Nashville, Tennessee says the purpose of her complaint is to "be able to take on a big corporation like HCA and say, 'No, we're not going to take this, and you do have obligations to safeguard our information, and we're going to band together, all 11 million of us in this class, to make sure you know that." After learning of the lawsuits, HCA stated, "Our commitment to our patients is unwavering and is not affected by any class-action lawsuits or other legal proceedings. We will respond to any lawsuits or proceedings, in the appropriate forums and ordinary course."

Selected Reading

HCA now faces at least 5 lawsuits in huge data breach (Becker's Hospital Review) At least five patients in four states are taking legal action against HCA Healthcare after a massive data breach.

MOVEit Data Breach Leaks Deutsche Bank, ING, Postbank, and Comdirect’s Customer Data (CPO Magazine) Deutsche Bank AG has confirmed leaking customer data via a third-party service provider impacted by a MOVEit data breach.

PlainsCapital Bank Announces Data Breach Involving Vendor’s Use of MOVEit (JD Supra) On July 14, 2023, PlainsCapital Bank filed a “Notice of Data Event” with the Attorney General of Montana after discovering that one of the bank’s vendors experienced a data breach related to the vendor’s use of the file-transfer program MOVEit.

FIA World Endurance Championship driver passports leaked (Security Affairs) Le Mans Endurance Management, operating the FIA World Endurance Championship’s website, exposed the data of hundreds of drivers by leaking their IDs and drivers’ licenses, the Cybernews research team has discovered. On June 16th, our researchers came across two misconfigured, meaning publicly exposed, Google Cloud Storage buckets. Both combined, they contained over 1.1 million files. […]

BlackCat and Clop gangs both claim cyber attack on Estée Lauder (ComputerWeekly.com) Cosmetics conglomerate Estée Lauder is experiencing operational disruption in the wake of a cyber attack that seems to involve two different cyber crime gangs.

BlackCat, Clop claim ransomware attack on cosmetics maker Estee Lauder (Record) U.S. cosmetics manufacturer Estee Lauder has suffered a cyberattack, the company confirmed on Tuesday.

Estee Lauder Hit by Cyber Attack, With Some Business Operations Disrupted (Insurance Journal) Cosmetics maker Estee Lauder on Tuesday said a hacker had obtained some data from its systems, with the cyber incident causing, and expected to further

There are Rapid Security Responses for the latest versions of macOS Ventura 13.4.1, iOS 16.5.1 and iPadOS 16.5.1.

For the older supported versions macOS Big Sur and macOS Monterey, there’s an old-style system update that just patches Safari, which will show up as Safari 16.5.2 after the update.

So far, however [2023-07-10T23:00:00Z], there are no updates for any other Apple platforms, even though it’s possible that that iOS 15, still officially supported on older iPhones and iPads, is affected too, along with Apple Watches and TVs.

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems.

Exposed and unpatched solar power monitoring systems have been exploited by both amateurs and professionals, including Mirai botnet hackers.

Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.

New ongoing campaign hitting banks for months

Personal information of 5,745 pilots of American Airlines and 3,009 pilots from Southwest Airlines has been leaked due to the incident.