Hackers have recently exploited a zero-day vulnerability within the Ivanti endpoint management software, that allowed for remote code execution while bypassing the need for authentication to highly sensitive Norwegian government systems. It is believed that this vulnerability was first identified during the attack on the Norwegian government, and has since been patched by Ivanti, though the overall extent of this incident is still under investigation.
Multiple ransomware groups claim Estee Lauder breach
Officials for the cosmetics giant, Estee Lauder, have confirmed that their internal network had been infiltrated by some unauthorized actors, resulting in a significant data breach. To make matters worse, both the Clop ransomware group and the Alphv/BlackCat ransomware group are both claiming responsibility for the attack and both publishing Estee Lauder data troves to their respective leak sites. At this point in the investigation, it is still unclear if this attack was a part of the MOVEit data transfer incident or a separate attack.
LockBit targets Langlade County, Wisconsin
Several government agencies in Langlade County, Wisconsin have been dealing with the fallout of a ransomware attack by the LockBit group, that has forced many of their systems offline. The threat actors behind the LockBit ransomware group have posted a countdown on their leak site, that gives Langlade County until August 1st to pay the demanded ransom before their data is published. While the ransom amount has not been revealed, Langlade County only has 20,000 residents, and likely doesn’t have the funds to pay an astronomical ransom.
Clop posts MOVEit stolen data to public Internet leak page
Researchers have discovered a shift in ransomware groups from posting stolen data to dark web pages, which are much harder to access and take down, to creating clear web websites which make any leaked data much easier to find and use for extortion. The Clop ransomware group began using clear web leak sites after the success of the MOVEit file transfer attacks, which claimed more than 450 victim organizations, and typically display little more than a list of download links for the company’s data. While these sites are easier for victims to access and put additional pressure on them to pay the ransom, they are also much easier for law enforcement to take down.
Data breach at Tampa General Hospital compromises 1.2 million patients
Nearly 2 months after detecting unusual activity on their internal network, officials for the Tampa General Hospital (TGH) have confirmed that they had fallen victim to a data breach, which could affect more than 1.2 million patients. The breach lasted for almost 2 weeks before being identified, and by then the threat actors had compromised a significant amount of personally identifiable information (PII), leaving millions of patients vulnerable to identity theft and other phishing frauds.
