Data breach at New Mexico healthcare business impacts 62,000 state residents
The personally identifiable information of more than 62,000 US citizens may have been compromised following a cyber-attack against a New Mexico-based healthcare insurer.
True Health New Mexico offers a range of health insurance services to small and large employers across the southwestern US state.
In a recent security alert, the company said an authorized third party gained access to the organization’s IT systems in early October.
“Security professionals determined that impacted files may have contained information about current and former True Health New Mexico members, select providers, and some former members of New Mexico Health Connections,” reads the breach notification.
GoDaddy Breach Widens to Include Reseller Subsidiaries
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.
The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected.
The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost.
The world’s largest domain registrar confirmed to researchers at Wordfence that several of these brands’ customers were affected by the security incident (and Wordfence provided breach-notification notices from two of them in a Tuesday posting)
Report: Digital Marketing Agency Exposed 92 Million Records Online Including Employee and Client Data.
Security Researcher Jeremiah Fowler in cooperation with the WebsitePlanet research team discovered a non-password protected database that contained 92 million records. Upon further investigation it appeared to belong to the Cronin digital marketing agency. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. These records included internal data such as employee and client information. Also included in the dataset was a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from.
WiFi software management firm exposed millions of users’ data
Brazil-based WiFi management software firm WSpot exposed extensive details of high-profile firms and millions of customers.
WSpot provides software to let businesses secure their on-premise WiFi networks and offer password-free online access to their clients. Some of the notable clients of WSpot include Sicredi, Pizza Hut, and Unimed.
According to WSpot, 5% of its customer base got impacted by this leak. However, it maintains that financial information is never collected from the clients, so financial data isn’t included in the leak.
Python Packages Stealing Discord Tokens and More
Researchers have discovered 11 malicious Python packages stealing Discord tokens and installing shells. These malicious packages, in the Python Package Index (PyPI) repository, were downloaded by developers more than 41,000 times.
The malicious packages could be exploited to steal Discord access tokens and passwords, along with carrying out dependency confusion attacks.
Two packages (10Cent10 and importantpackage) were discovered obtaining a reverse shell on the targeted system to gain full control over an infected system.
Two other packages (ipboards and trrfab) were disguised as genuine dependencies and were created to automatically import by using a technique named dependency confusion or namespace confusion.
The dependency (importantpackage) was using a unique exfiltration mechanism to avoid network-based detection, which included the use of Fastly’s CDN to mask communications with the attacker’s server.
The other packages (ipboards and pptest) were using DNS tunneling as a data exfiltration method by using DNS requests as a communication channel between a victim machine and remote server.
GoDaddy says data breach exposed over a million user accounts
Web hosting giant GoDaddy has reported a data breach, and warns that data on 1.2 million customers may have been accessed.
In a filing with the Securities and Exchange Commission, GoDaddy’s chief information security officer Demetrius Comes said the company detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers. WordPress is a web-based content management system used by millions to set up blogs or websites. GoDaddy lets customers host their own WordPress installs on their servers.
GoDaddy said the unauthorized person used a compromised password to get access to GoDaddy’s systems around September 6. GoDaddy said it discovered the breach last week on November 17. It’s not clear if the compromised password was protected with two-factor authentication.
The filing said that the breach affects 1.2 million active and inactive managed WordPress users, who had their email addresses and customer numbers exposed. GoDaddy said this exposure could put users at greater risk of phishing attacks. The web host also said that the original WordPress admin password created when WordPress was first installed, which could be used to access a customer’s WordPress server, was also exposed.
Hackers used this software flaw to steal credit card details from thousands of online retailers
Over 4,000 online retailers have been warned that their websites had been hacked by cybercriminals trying to steal customers’ payment information and other personal information.
In total, the National Cyber Security Centre (NCSC) has identified a total of 4,151 retailers that had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details. They alerted the retailers to the breaches over the past 18 months.
The majority of the online shops that cybercriminals exploited for payment-skimming attacks were compromised by known vulnerabilities in the e-commerce platform Magento. Most of those affected and alerted to the compromises and vulnerabilities are small and medium-sized businesses.
Iran’s Mahan Air Says Hit by Cyberattack
„Mahan Air’s computer system has suffered a new attack,“ the company said in a statement.
„It has already been the target on several occasions due to its important position in the country’s aviation industry.“
All of its flights were on schedule, the statement added, but the company’s website was down.
„Our internet security team is thwarting the cyberattack,“ spokesman Amir-Hossein Zolanvari told state television.
According to Mehr news agency, some Mahan customers had received text messages that said: „Cyberattack against Mahan for complicity in the crimes committed by the terrorist Guardians Corps“ – a reference to Iran’s elite Revolutionary Guards.
Mahan Air is Iran’s main private airline and the second biggest after the national carrier Iran Air.
It has been on the blacklist of Iranian companies targeted by US sanctions since 2011.
Leaks and Breaches
|Department for Infrastructure and Transport (Australia)||mySA GOV customer accounts were accessed by a third party. Affected customers are advised to change their driver’s licence number and asked to change their passwords.||2,601|
|JEV Plastic Surgery and Medical Aesthetics (US)||An unauthorised actor had access to company systems between April 30th and June 14th, 2021. The actor may have viewed or acquired patient data. Potentially compromised information includes names, dates of birth, consultation notes, medical history, and surgical operative notes.||Unknown|
|Machon Mor (Israel)||Black Shadow leaked the medical institute’s data following the attack against Cyberserve. The compromised data reportedly contains the personal information of patients, as well as medical records.||290,000|
|Docket (US)||A security bug in the health app exposed personal information of residents in New Jersey and Utah that have been vaccinated against COVID-19. Potentially compromised information includes names, dates of birth, and vaccination status.||Unknown|
|King’s Seafood Company (US)||A cyberattack against the company began on June 4th, 2021, in which an unauthorised individual gained access to personally identifiable information stored in company directories. Potentially compromised information includes names, driver’s license information, payment card information, medical cards, telephone numbers, and partially redacted Social Security numbers.||Unknown|
|QRS Inc (US)||A cyberattack was discovered on August 26th, 2021. The attacker accessed a dedicated patient portal server and may have stolen data stored there. Potentially compromised information includes names, addresses, dates of birth, Social Security numbers, and more.||Unknown|
|New York Psychotherapy and Counseling Center (US)||An unauthorised third-party gained access to one of the company’s servers. Possibly exposed patient information includes names, dates of services, addresses, Medicaid IDs, and dates of birth.||Unknown|
|Desert Pain Institute (US)||The company suffered a data security incident on September 13th, 2021, that may have involved unauthorised access to sensitive personal information of former and current patients and employees. Potentially exposed information includes names, addresses, dates of birth, Social Security numbers, tax identification numbers, driver’s licenses, and more.||Unknown|
|Electronic Warfare Associates (US)||A data breach occured on August 2nd, 2021, after attackers hacked the company’s email system and stole files. Compromised data includes names, Social Security numbers, and driver’s licenses.||Unknown|
|Nationwide Laboratory Services (US)||Personal health information on patients may have been accessed in a ransomware attack on May 19th, 2021. Possibly compromised information includes names, dates of birth, lab test results, medical record numbers, Medicare numbers, and health insurance information, and Social Security numbers.||33,437|
Here’s the top 10 list of CVEs released by Microsoft for October 2021:
|CVE-2021-42292||Microsoft Excel Security Feature Bypass Vulnerability||Important||7.8||No||Yes||SFB|
|CVE-2021-42321||Microsoft Exchange Server Remote Code Execution Vulnerability||Important||8.8||No||Yes||RCE|
|CVE-2021-43208||3D Viewer Remote Code Execution Vulnerability||Important||7.8||Yes||No||RCE|
|CVE-2021-43209||3D Viewer Remote Code Execution Vulnerability||Important||7.8||Yes||No||RCE|
|CVE-2021-38631||Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability||Important||4.4||Yes||No||Info|
|CVE-2021-41371||Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability||Important||4.4||Yes||No||Info|
|CVE-2021-42279||Chakra Scripting Engine Memory Corruption Vulnerability||Critical||4.2||No||No||RCE|
|CVE-2021-42298||Microsoft Defender Remote Code Execution Vulnerability||Critical||7.8||No||No||RCE|
|CVE-2021-42316||Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability||Critical||8.7||No||No||RCE|
|CVE-2021-26443||Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability||Critical||9||No||No||RCE|
Trending Vulnerable Products
Attack type mentions in the Education Industry