US government hit by Russia's Clop in MOVEit mass attack.Third MOVEit bug fixed a day after PoC exploit made public.Boris Johnson pleads ignorance, which just might work.Dublin Airport staff pay data 'compromised' by criminals.
Progress Software declined to comment on how many organizations have been affected by the MOVEit bugs. Once it's released online, it becomes available to the global community of cyber-miscreants to use in BEC schemes, identity fraud, etc." "And it's not only how Cl0p may misuse the information that's a concern. "To make matters worse, the potential for misuse of the stolen information is significant," Emsisoft added. Progress Software is facing multiple lawsuits claiming poor security led to the MOVEit bug – at least 13, according to The Wall Street Journal. "The costs will be absolutely massive, including credit monitoring for millions and lawsuits out the wazoo." "While this may not be in the same league as the SolarWinds incident, it's nonetheless one of the most significant hacks of recent years," Emsisoft Threat Analyst Brett Callow told The Register. So it's likely that the total number of victims will keep growing. That one-to-many impact is a very attractive thing for hackers, and that is what makes supply chain threats so sinisterĬase in point: Clop exploited a deployment of MOVEit used by payroll services provider Zellis whose customers include British Airways, the BBC, and the Boots pharmacy chain in the UK, among others, and as a result these companies all saw their employees' records stolen by the Russian gang via the software flaw.Īnd, as Emsisoft reports, another MOVEit user – the National Student Clearinghouse – partners with more than 3,500 schools in the US and processes information belonging to 17.1 million students. As of July 19, 383 organizations and over 20 million individuals have been compromised, according to cybersecurity outfit Emsisoft, which sourced its figures from breach notifications, SEC filings, other public data, and Clop's leak site.īut, as the infosec team notes, some of the companies whose MOVEit installations were breached provide services to many other organizations.
0 kommentar(er)
