FlagThis

Ascension Health, a large healthcare organization, experienced a ransomware attack by Black Basta, exposing the data of 5.6 million patients. The attack disrupted operations across 140 hospitals, starting with a phishing email. This is one of the largest healthcare data breaches this year.

BeyondTrust has experienced a security incident where hackers breached their Remote Support SaaS instances by exploiting an API key, allowing for account password resets. Two critical vulnerabilities were discovered and patched, namely command injection (CVE-2024-12356) and escalation of privilege (CVE-2024-12686). This incident highlights the risks associated with API key compromise and the importance of proper security measures for SaaS platforms and privileged access management solutions.

The Play ransomware group has claimed responsibility for the cyberattack on Krispy Kreme, which disrupted online ordering systems. The attackers have threatened to release sensitive company data if their demands are not met. The initial unauthorized activity was detected on November 29, 2024, and the attackers claim to have exfiltrated significant data.

Microsoft’s new AI feature ‘Recall’ for Copilot+ PCs stores screenshots of sensitive data, including credit cards and social security numbers, even when a ‘sensitive information’ filter is enabled. This has raised serious privacy and security concerns among users. This feature takes continuous screenshots of everything a user does. The data is stored locally but sent off to Microsoft’s LLM for analysis. This has prompted an investigation by the UK Information Commissioner’s Office. This incident highlights the potential risks of AI-powered surveillance features and the importance of user privacy.

A sophisticated phishing campaign has compromised approximately 20,000 Microsoft Azure accounts in Europe, primarily targeting manufacturing companies. The attackers used HubSpot’s Free Form Builder to create deceptive forms and DocuSign files, which were used in phishing emails to steal Microsoft Azure login credentials. This operation spanned from June to September 2024 and mainly affected firms in the automotive, chemical, and industrial sectors in Germany and the UK. The attackers aimed for long-term presence in the Azure cloud environments.

The Irish Data Protection Commission (DPC) has fined Meta €251 million (approximately $263 million) for General Data Protection Regulation (GDPR) violations. The fine stems from a 2018 data breach that compromised the personal information of 29 million Facebook accounts. The breach underscores the importance of robust security measures to protect user data and highlights the potential financial repercussions of non-compliance with GDPR regulations. The penalty is one of many such penalties faced by tech giants in recent years, showing a trend of increased enforcement of EU privacy laws.

UnitedHealthcare’s Optum had an AI chatbot used by employees exposed to the internet. This chatbot, designed for employees to inquire about claims, was accessible publicly. The exposure raises concerns about the security of sensitive data and the potential for unauthorized access. This incident highlights the risks associated with deploying AI tools without adequate security measures. The AI chatbot exposure occurred amid broader scrutiny of UnitedHealthcare for its use of AI in claims denials.

ConnectOnCall, a healthcare communication platform, suffered a significant data breach that exposed the personal information of approximately 900,000 patients and healthcare providers. The breach occurred in May 2024 and involved the compromise of sensitive data, potentially including names, contact information, and medical details. The attackers exploited a vulnerability that allowed them to gain unauthorized access to the platform’s systems. This incident highlights the critical need for robust security measures in healthcare communication platforms to protect patient data and ensure privacy, given that these breaches can have serious consequences for affected individuals, including potential identity theft and misuse of personal health information.

Multiple reports indicate that the state of Rhode Island experienced a significant cyberattack that has compromised the personal data of hundreds of thousands of residents. The data breach targeted the state’s online portal for social services, possibly exposing Social Security numbers and bank account details. This has led to demands for ransom and a shutdown of the affected systems, leading to a potential crisis in public services.

The Clop ransomware group has claimed responsibility for exploiting zero-day vulnerabilities in Cleo’s managed file transfer platforms (Cleo Harmony, VLTrader, and LexiCom). The attackers used these vulnerabilities to breach corporate networks, steal data, and gain unauthorized access. The vulnerabilities include an autorun directory feature and an arbitrary file-write flaw which allows the execution of malicious files and establishing persistent access using webshells. The attack has impacted businesses across various sectors, including consumer products, food, and shipping, with most incidents occurring in the United States.

The threat actor known as IntelBroker has claimed to have breached Cisco systems, exfiltrating 4.5TB of data including source code and other sensitive information. The breach occurred due to an accidental misconfiguration by Cisco, which left its systems open. This incident highlights the risks of misconfigured systems and the potential for sensitive data exposure. The attackers are now offering this data on various cybercrime forums. It’s important for Cisco to investigate this issue and protect their clients as well as their own data.

Over 300,000 Prometheus monitoring servers and exporters are exposed to various attacks, including information disclosure, denial-of-service (DoS), and potential remote code execution. These vulnerabilities stem from improper authentication and insecure configurations, allowing attackers to steal sensitive information such as credentials and API keys. The widespread exposure highlights the need for better security practices in Prometheus deployments and the critical nature of securing monitoring infrastructure.

Byte Federal, a major Bitcoin ATM operator, has experienced a significant data breach which exposed the personal data of approximately 58,000 users. The breach occurred on November 18, 2024, and the unauthorized access was gained through a vulnerability in GitLab, a third-party software platform. This incident underscores the risks associated with third-party software vulnerabilities and the challenges in securing sensitive customer data. The compromised data includes names, addresses, and other personally identifiable information.