A breach notification letter filed with the Office of the California Attorney General said the Cl0p ransomware gang gained access to its MOVEit managed file transfer (MFT) server on May 30 and stole files containing personally identifiable information (PII).

Clearinghouse is a nonprofit that provides educational reporting, data exchange, verification, and research services to approximately 22,000 high schools and 3,600 colleges and universities, which make up roughly 97% of students in public and private institutions, according to Bleeping Computer.

“On May 31, 2023, the Clearinghouse was informed by our third-party software provider, Progress Software, of a cybersecurity issue involving the provider’s MOVEit Transfer solution,” NSC wrote in the letter. “After learning of the issue, we promptly initiated an investigation with the support of leading cybersecurity experts. We have also coordinated with law enforcement.”

The stolen PII contained names, birth dates, contact information, Social Security numbers, student ID numbers and other school-related records. NSC said it has implemented patches to the MOVEit software and additional monitoring measures to further protect its systems and customers’ data. It is also offering identity monitoring services at no cost for two years.

In late May, the Cl0p ransomware gang began exploiting an SQL injection vulnerability in the MOVEit Transfer platform, leveraging a zero-day security flaw and gaining access to an underlying database, reports Help Net Security. Starting June 15, the cybercriminals started extorting organizations that fell victim to the attacks, exposing names on its dark web data leak site.

In late June, NSC notified the impacted schools about the breach but did not provide many details as the investigation was ongoing. At that time, Databreachnet.com reported that NCS’s name had been removed from Cl0p’s leak site, “which is often an indication that a victim paid.”

The breach has affected many organizations across the globe, including governments, financial institutions, pension systems, and other public and private entities. Among the victims are multiple U.S. federal agencies and two U.S. Department of Energy entities.

Coveware, a cyber extortion incident response firm, estimates the gang will collect around $75-100 million in payment due to high ransom requests.

Another version of this article originally appeared on our sister-site Campus Safety on September 25, 2023. It has since been updated for My TechDecisions’ audience.

The post Nearly 900 Schools Impacted by National Student Clearinghouse Data Breach appeared first on My TechDecisions.

The attack was discovered Friday when the email system and website stopped functioning properly, according to WCJS News. An IT investigation determined the network had been compromised and file servers were locked.

During an emergency meeting Saturday, IVCC’s board authorized administrators to secure a contract with consulting firm Rehmann to unlock servers and conduct a forensic audit. Rehmann had previously completed a security audit for the school back in 2018.

On Monday, IVCC informed the FBI and the Illinois Attorney General’s Office of the breach.

Related: Ransomware Attackers Vow to Not Strike Healthcare During COVID-19 Pandemic

IVCC President Jerry Corcoran said the Blackboard servers professors are using for distance learning during the coronavirus pandemic were not affected. School officials also said they do not believe any sensitive information has been exposed.

“It sure made things more difficult for people communicating with email and all that — I couldn’t begin to emphasize that point,” said Corcoran. “We’re all susceptible, even a college like IVCC, that we had just been through a security audit.”

The school set up an alternative email server for students to communicate with professors and classmates. Ferrilli Higher Education Technology Consultants will also assist in restoring IVCC’s administrative software system, Colleague.

Cheryl Roelfsema, IVCC’s vice president of business services and finance, said the school will attempt to move the system to the cloud by July 1 to protect the network from future attacks.

Although it has not yet been determined what led to the breach, researchers have found hackers are increasingly targeting university students and staff members through phishing emails during the coronavirus crisis.

According to software company Abnormal Security, hackers are taking advantage of the fact that “students and staff are likely highly attuned to any news about a university’s response to the outbreak, and thus are more likely to engage with an email about it.”

This post premiered on our sister site, Campus Safety. 

The post Illinois Valley Community College Servers Shut Down by Ransomware appeared first on My TechDecisions.

“From receptionists to the C-Suite, every employee should be treated as an important chess piece when it comes to cybersecurity. But cybersec training and tools should be based on equity, not equality, and tailored to each department and role because exposure to outside threats and access to certain types of information varies greatly inside every company,” says Oliver Noble, a cybersecurity expert at NordLocker.

According to Oliver, these departments are most at risk of being hacked; and here’s why:

The Marketing Department

With marketers being the company’s outward-facing voice, they are some of the easiest targets for cybercriminals, according to Noble. More often than not, the email addresses and other contact information of marketers are out in public and easily accessible, which makes them a low-hanging fruit for hackers to leverage in their next phishing attack.

People working in marketing are also much more likely to fall for a phishing attack by clicking that malicious link or downloading the suspicious attachment. Because marketing departments are very likely to work with third-party vendors, receiving emails from outside sources is often a part of their routine, making it easier for a phishing email to blend in. And it only takes one slipup for malware to make its way into the network.

The C-Suite

The highest-ranking executives are an obvious choice for cybercriminals. They are usually the ones to have unrestricted access to the most sensitive company files, which if accessed by a person with bad intentions, could spell doom for the company’s future.

However, most often, it is not the executives themselves that let malware into the network, because their access points and contact details are protected by additional threat mitigation measures compared to the average employee. That cannot, however, be said about people in their closest circle, such as their assistants, which often have similar, if not the same, access credentials to internal documents but lack the same cybersecurity measures as their boss.

The IT Department

The IT department often has wider access to the most critical business data when compared to other branches, including important credentials, and encryption keys, which makes them exceptionally lucrative targets for cybercriminals. Apart from that, people working in IT are responsible for handling the entire company’s digital infrastructure, which if exposed to hackers, could shut the entire company down and hold it hostage in a matter of minute.

Download: Creating a Ransomware Response Plan

How to safeguard your business from a cyberattack

According to Noble, people can avoid many data breaches by following these steps to improve cybersecurity:

1. Encourage cybersecurity training. Investing into your employee’s knowledge is one of the fastest ways to prevent a cyberattack from happening in the first place. It should be organized regularly and have a holistic approach that covers every single employee.
2. Adopt zero-trust network access. The mindset of “trust none, verify all” is based on the zero-trust paradigm and is applied through identity authentication to access work equipment and resources, network segmentation and access control management.
3. Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution.
4. Enable multi-factor authentication. Known as MFA, it serves as an extra layer of security. It is an authentication method that uses two or more mechanisms to validate the user’s identity – these can be separate apps, security keys, devices, or biometric data.

The post These 3 Departments Pose the Highest Risk of Being Hacked appeared first on My TechDecisions.

The implications of these security breaches are significant; they threaten not only health data integrity, but patient confidence in the healthcare system overall. One survey found that about half of consumer respondents were more likely to trust companies that reacted quickly to breaches or disclosed hacks of data to the public.

As a result, healthcare systems and companies becoming more proactive in safeguarding the data of their patients will be vital to the future of healthcare.

The Need to Prioritize Data Security

From patient data becoming more complex to security breaches becoming easier to conduct, it is paramount for healthcare executives to prioritize data security. Healthcare systems and companies possess data with an abundance of details on patients’ protected health history information, personally-identifying information and financial information.

This data alone makes healthcare systems especially susceptible to targeting. Furthermore, cyberattacks have gradually become easier to execute through tools such as malware-as-a-service, botnets and distributed denial of service.

Related: Hacker Used Malware to Delete 69,000 Patient Files at San Juan Regional

The accessibility of malware is only further facilitated by an increase in hospitals’ third-party partnerships, which serve as an additional entry path to data.

Lastly, the aftermath of cyberattacks poses a tremendous financial burden on healthcare systems and organizations. According to IBM Security’s 2020 data breach cost report, the average data breach cost healthcare organizations $7.13 million.

The impact of these breaches also extends to patient care; on average, a data breach at a non-federal acute-care inpatient hospital was associated with an additional 23-36 deaths per 10,000 acute myocardial infarction discharges per year.

Security Strategies to Take into Consideration

Fortunately, there are several measures can consider when implementing a security strategy that will prevent these pernicious attacks.

First, healthcare systems can ensure that their partner third-party healthcare organizations have protective measures against current cyber threats through trusted programs.

AICPA and HITRUST’s collaborative assurance program known as SOC 2 + HITRUST, for example, is a more reliable assessment than compliance with one or the other. Achieving this standard demonstrates an organization’s prioritization of the security, integrity, confidentiality, and privacy of the data it possesses.

Information Security Executives can also work to confirm that information technology suppliers are fully compliant with the HIPAA and HITECH laws, which establish provisions for securing confidential medical information.

Second, many healthcare systems use obsolete software that exacerbate their vulnerabilities to cyberattacks. By adopting and investing in modern Health Information Technology infrastructure, systems can minimize the potential for significant damage.

This also involves implementing more general data security measures, including encryption of all healthcare data stored, data recovery mechanisms, two-factor login authentication, and comprehensive workforce security training programs.

Formulating a complete security incident response plan with steps to identify, stop and evaluate a threat is also imperative to containing an imminent breach.

The Future of Healthcare Depends on Improved Data Security

Admittedly, organizations cannot be 100% protected from security threats. However, by prioritizing modern software and suppliers that share a zeal for information security, health systems can minimize their vulnerability relative to their competitors.

Although this may take a significant investment of resources, these investments also carry a significant ROI in terms of both dollars and improvement of the general public’s trust in healthcare systems.

The post Why Healthcare Needs Better Data Security appeared first on My TechDecisions.

A study by NordPass reveals 3 out of 7 companies admitted it keeps passwords in Word, Excel, or other plain text documents that were not password protected. Before adopting a company-wide password manager, none of the companies had a unified password-management solution.

One company that NordPass interviewed said it used the same password for everything. Employees are also using their personal password managers with their business passwords. They also admit to sharing passwords with colleagues typically via message, email, a shared document or other unsecure way.

Why is Storing Passwords in Word, Excel Dangerous?

Passwords are simply the first line of defense. Weak, reused, or compromised passwords are frequently responsible for the majority of data breaches, according to NordPass.

Related: We Aren’t Getting Much Better At Password Security

Cybercrime, while costly for any company, is extremely damaging for small businesses— 60% of SMBs go out of business within six months of a cyber attack. Yet many companies still choose to operate without a password manager. On average, 59% of businesses use a password manager, according to a study by NordLocker.

In addition to poor password-keeping practices, research reveals that some of the largest businesses still use easy-to-guess passwords such as “123456” or “password.”

“When it comes to passwords, people are fatigued. No one wants to think of a complex, lengthy password, and, even worse, remember it. It’s best to generate passwords using an online or in-app generator. This way, we make sure that we eliminate uncreative and weak passwords, such as ‘123456,’” says Chad Hammond, a security expert at NordPass.

Organizations can leverage single sign-on (SSO) and password synchronization. With SSO, employees are less likely to revert to bad password practices, such as creating common passwords or writing them down.

The post Why You Shouldn’t Save Your Passwords in a Word Doc appeared first on My TechDecisions.

Although Adobe ended support for Magento 1 in June of 2020, many companies are still using it.

Attackers used a combination of SQL injection (SQLi) and PHP Object Injection (POI) to gain control of the Magento store.

According to Sansec, a leak in the Quickview plugin led attackers to run code directly on the server. Attackers abused the customer_eav_attribute

The added validation rule is a result of UNHEX:

This POI payload is used to trick the host application into crafting a malicious object. In this case Zend_Memory_Manager and Zend_CodeGenerator_Php_File are used to create a file called api_1.php with a simple backdoor eval($_POST[‘z’]).

Adding the malicious code to the database does not do anything, according to Sansec. However, the cleverness of the attack comes into fruition by using the validation rules for new customers, the attacker can trigger an unserialize by using the Magento sign up page, as illustrated by this request:

45.72.31.112    2022-01-28T15:12:02Z “GET /customer/account/create/ HTTP/1.1”

45.72.31.112    2022-01-28T15:12:08Z “GET /api_1.php HTTP/1.1”

Attackers can now run any PHP code via the API under score one period PHP backdoor.

Threat actors are capable of leaving at least 19 backdoors open on the system. IT admins should eliminate all the open back doors.

Leaving one open means the system will be hit again, warns Sansec.

In a series of Tweets, Sansec detailed how hundreds of stores were hit within a single day.

More than 350 ecommerce stores infected with malware in a single day.

Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js.

— Sansec (@sansecio) January 25, 2022

For more information on the attack, including indicators of compromise, read Sansec’s research. 

The post Sansec Finds Mass Breach Of Stores Running On Magento 1 E-Commerce Platform appeared first on My TechDecisions.

In a notice on its website, Sennheiser acknowledges being notified in October that some company data was displayed on the web. The company says it took immediate action to close the security gap.

According to the company, a cloud folder used for a temporary backup left some customer contact information exposed to the web.

At that time, the company says, it had been under the impression that no personal data was involved. However, the company has since learned that contact information was included.

Sennheiser’s Response

The statement reads, in part, as follows:

To our great regret, however, we learned in the meantime that contact information for some of our customers was accessible on the Internet in a cloud folder that was used for temporary data backup. This contact information (first and last name, address, and e-mail addresses as well as telephone numbers) was originally provided to register for our newsletter and for participation in online competitions.

At the end of last week, we therefore immediately complied with our duty to inform the data security authority of the state of Lower Saxony.

Although as of today we have no indication that the data from the cloud folder was accessed by third parties, we are working hard to reconstruct all details of the incident and notify potentially affected customers as soon as possible.

The statement is in response to a report from cybersecurity researchers with vpnMentor that states the data is from a cloud account dormant since 2018. It contained the contact data of over 28,000 customers.

vpnMentor says the issue was a misconfigured AWS S3 bucket, leading to more than 407,000 files and 55GB of data being exposed online. However, there is no evidence that the data was accessed or leaked, researchers say, as only the bucket’s owners know.

The vpnMentor research team discovered Sennheiser’s data vulnerability as part of a huge web-mapping project. Researchers use large-scale web scanners to search for unsecured data stores containing information that shouldn’t be exposed. They then examine each data store for any data being leaked.

Sennheiser was notified of the issue on Oct. 28 and closed the security gap on Nov. 1, according to vpnMentor.

The Data Exposed

As noted, some of the data exposed included full names, email addresses, phone numbers and home addresses. Other vulnerable information included names of companies requesting samples and number of employees of requesting companies.

According to the security researchers, the S3 bucket also contained a 4GB database backup, but it was protected.

The data was of customers and suppliers around the globe, but the majority of those exposed are based in North America and Europe, researchers say.

While the data itself will likely not lead to widespread cyberattacks or identity theft, hackers can use that data and piece it together with other available information to build a victim profile. That then can be leveraged in complex phishing campaigns designed to trick victims into providing more sensitive information, such as social security numbers, bank account details and more.

This article originally appeared on our sister site Commercial Integrator. It has been updated to reflect changes in the company’s statement.

The post Sennheiser Responds After Customer Data from 2018 Was Exposed Online appeared first on My TechDecisions.

In a statement, the company reported around 310 customers’ personal information, such as name, date of birth, and zip codes were exposed with a subset of around ten customers having more extensive account details revealed, although it did not disclose what the details were.

Following the breach, the unauthorized party demanded an extortion payment. Robinhood informed law enforcement and is continuing to investigate the incident with an outsourced security firm. The company did not disclose how much the hackers demanded.

“As a Safety First company, we owe it to our customers to be transparent and act with integrity,” said Robinhood’s Chief Security Officer Caleb Sima, in a statement. “Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do.”

Robinhood says it is in the process of making disclosures to those affected, and added that no social security numbers, bank account numbers, or debit card numbers were exposed. According to the company, there has been no financial loss to any customers as a result of the incident.

To avoid being a victim of an attack like this, the Cyber Security Infrastructure Security Agency (CISA) recommends being suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information.

If an unknown individual claims to be from a legitimate organization, CISA recommends verifying his or her identity directly with the company and to never provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.

The post Robinhood Data Breach: Hacker Tricked Customer Support Employee By Phone appeared first on My TechDecisions.

The personal information for affected customers is varied, according to a statement from the company. Compromised details may have included information such as payment card numbers, expiration dates (without CVV numbers), virtual giftcard numbers (without PINS), usernames, passwords, security questions and answers associated with Neimen Marcus accounts.

According to the company, approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid. No active Neiman Marcus-branded credit cards were impacted.

Related: Report: Pandemic Led to More Expensive Data Breaches

NMG is requiring an online account password reset for affected customer who have not changed their passwords since May of 2020. NMG has set up a call center and webpage for those impacted by the data breach.

“At Neiman Marcus Group, customers are our top priority,” said Geoffroy van Raemdonck, Chief executive officer in a statement. “We are working hard to support our customers and answer questions about their online accounts. We will continue to take actions to enhance our system security and safeguard information.”

Martin Jartelius, CSO, Outpost24, told IT Pro, “According to the information, not only have credit card numbers leaked which means that the company has been storing credit card numbers in a readable format, but also that 85% of those would have expired meaning that the organization had little to no justification to keep processing and storing those cards. While the breach notification is good, the lack of hygiene, in this case, is considerable,” he said.

This incident comes in the wake of certain industry groups worrying about forthcoming legislation when it comes to disclosing breached data and other cyber threats.

The post Niemen Marcus Data Breach Affects 4.6M Customers appeared first on My TechDecisions.

For IT administrators struggling to keep pace with the rapid changes in cybersecurity, the reports provide some useful insight into exactly what you’re up against.

The cybersecurity provider’s mid-year reports found that there were 12,723 disclosed vulnerabilities in the first half of 2021, a 2.8% increase compared to the same period last year despite pandemic-induced business disruptions.

Of those vulnerabilities, an alarming 2,274 are remotely exploitable, but the majority (1,425) have a mitigating solution. However, the remaining 849 do not.

“If organizational workflows are already strained from patching vulnerabilities that have known solutions, then adding these vulnerabilities into the mix makes it near impossible for security teams to fully judge risk and secure their assets,” the company’s vulnerability report says.

Meanwhile, data breaches in most parts of the world are declining, with 1,767 reported breaches over the first half of the year representing a 24% decline compared to the same period in 2020.

However, that decline in disclosures comes primarily from outside the U.S., where the number of reported breaches actually increased slightly by 1.5%.

Nearly 19 billion records have been exposed this year, but that’s still a 32% dip from the 27.8 billion records exposed at this point last year.

Read Next: Patch These Heavily Exploited Vulnerabilities Now

However, the company cautions that this could simply be attributed to the pandemic’s impact on businesses.

“Information on Q2 2021 continues to develop as of the publication of this report,” the report says.  “If the pace of disclosure continues at the current level, we anticipate Q2 2021 will equal or surpass the number of breaches reported in Q2 2020.”

The vast majority (1,201) of those breaches were unauthorized access into systems, and the healthcare industry remains the most targeted by cybercriminals, as the sector accounted for 238 data breaches over the first half of 2021.

The report also noted that retail data breaches are dropping off as ransomware gains in popularity and impacts the manufacturing sector, which has been more targeted than retail since the first half of 2020.

What you should take away from these reports

Patch Management. Reported vulnerabilities are increasing, but there aren’t always fixes available. But when they are, you need to patch immediately to prevent the bad guys from exploiting them.

Shifts in threat landscape. Healthcare is unfortunately still the most targeted sector, but the growing popularity of ransomware as a moneymaker is changing the threat landscape and putting manufacturing and other industries in the crosshairs. Every business is now at risk.

The post What You Need To Know About Vulnerabilities and Data Breaches in 2021 appeared first on My TechDecisions.