Round 2: Change Healthcare targeted in second ransomware attack – HealthLeaders Media
Round 2: Change Healthcare targeted in second ransomware attack HealthLeaders Media
Tag Archive for: media
MarineMax confirms data breach | SC Media
MarineMax has disclosed having employee and customer data stolen from its systems following a cyberattack last month, BleepingComputer reports.
“…[O]ur ongoing investigation has identified that this organization exfiltrated limited data from this environment that includes some customer and employee information, including personally identifiable information,” said the major U.S. global recreational boat, yacht, and superyacht retailer in an updated filing with the U.S. Securities and Exchange Commission.
No additional details regarding the perpetrator of the breach have been provided but the Rhysida ransomware-as-a-service operation already laid claim on the incident, demanding more than $1 million worth of bitcoin as ransom for financial documents and other data, which MarineMax denied.
MarineMax’s confirmation comes nearly a month after Rhysida leaked all of the data it purportedly stole from Chicago-based Lurie Children’s Hospital after it refused to pay the ransom. Sony-owned video game developer Insomniac Games also had 1.67 TB of files exposed by the ransomware gang as a result of not paying the $2 million ransom.
Hackers steal database of Russian convicts to avenge Navalny’s death – media
After Russian opposition leader Alexei Navalny died in prison, a group of anti-Kremlin hackers gained access to the computer network run by the Federal Penitentiary Service (FSVP of Russia) and claimed they had snatched data on hundreds of thousands of prisoners.
This was reported by CNN, Ukrinform reports.
According to hackers, they got hold of the agency’s database, which contains information on approximately 800,000 Russian prisoners, their families and contacts, including data on prisoners held in the colony where Navalny died on February 16.
Hackers posted a photo of the politician alongside his wife Yulia at a political rally on the penitentiary service’s website.
The hackers, who claim to be of various ethnic backgrounds, including Russian expatriates and Ukrainians, are sharing the data “in the hope that somebody can contact them and help understand what happened to Navalny,” a hacker claiming to be involved in the breach told CNN.
An analysis by CNN found several duplicate entries in the database, but it still contains information on hundreds of thousands of people. CNN was able to match several names seen in the snapshots shared by hackers with people currently in a Russian prison as per public records.
The group also gained access to the prison’s online store, where families of convicts can purchase food for them, and changed the prices of some goods to just one ruble. This is evidenced by screenshots and videos published by hackers.
The group also posted Navalny’s photo on the store’s website. They sent a warning to the administrators of the prison’s online store not to remove the image and went on to destroy one of the servers when the admins failed to heed to the warning.
The hackers “clearly had full blown access to get it all,” says Tom Hegel, who is principal threat researcher at U.S. cybersecurity company SentinelOne. “The amount of images captured and data provided is quite thorough.”
Zero-day exploitation spikes | SC Media
Threat actors actively exploited 97 zero-day vulnerabilities last year, which is more than 50% higher than in 2022 but lower than in 2021, reports BleepingComputer.
Most of the abused zero-days impacted operating systems, mobile devices, and other end-user platforms, according to a joint Google Threat Analysis Group and Mandiant report. While most state-sponsored attacks leveraging the security bugs were attributed to China, nearly half of all identified zero-days were exploited by commercial spyware vendors.
Among the notable spyware actors involved in zero-day exploits were the Intellexa Consortium behind the Predator spyware, the NSO Group behind the Pegasus spyware, and Variston associated with the Heliconia framework.
“Private sector firms have been involved in discovering and selling exploits for many years, but we have observed a notable increase in exploitation driven by these actors over the past several years,” said researchers.
Such a report comes weeks after sanctions have been imposed by the Treasury Department’s Office of Foreign Assets Control against Intellexa founder Tal Jonathan Dilian.