company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

HIATUSRAT

DVR

loading..
loading..
loading..

FBI Alerts: HiatusRAT Malware Targets Vulnerable Web Cameras & DVRs!

FBI warns of HiatusRAT malware targeting vulnerable web cameras and DVRs, exploiting outdated devices and weak passwords for cyberattacks.

18-Dec-2024
6 min read

Related Articles

loading..

Healthcare

Ascension

Ascension Healthcare suffers massive data breach impacting 5.6 million patients....

**Ascension**, one of the largest private healthcare networks in the U.S., has confirmed that nearly **5.6 million patients and employees** have been affected by a **Black Basta ransomware attack**. The breach, which occurred in **May 2023**, compromised highly sensitive personal and health-related information, sparking alarm across the healthcare industry. ### **What Happened? The Black Basta Cyberattack Explained** On **May 8, 2023**, Ascension detected unauthorized activity on its systems, which triggered an immediate investigation. According to official reports, the cyberattack resulted from an employee mistakenly downloading a malicious file onto a company device, thereby enabling the ransomware attack. While Ascension was quick to respond, the attack crippled its **MyChart electronic health records system**, halting operations and forcing the healthcare system to temporarily switch to manual records. Some **non-emergent procedures, tests, and appointments** were paused, and emergency medical services had to be redirected to prevent triage delays. --- ## **Critical Data Compromised: Personal, Medical, and Financial Information Exposed** The cyberattack has exposed a wide range of sensitive information, affecting nearly **5.6 million individuals**. The compromised data includes: - **Medical information**: Record numbers, service dates, and procedure codes - **Payment details**: Credit card and bank account information - **Insurance data**: Medicaid/Medicare IDs, policy numbers, and claims - **Government IDs**: Social Security numbers, tax IDs, driver’s licenses, and passports - **Personal information**: Names, addresses, and dates of birth This data breach represents a significant threat to personal security, making affected individuals vulnerable to identity theft, financial fraud, and medical identity theft. --- ## **Ascension’s Response: Free Identity Theft Protection and More** In a bid to mitigate the damage, Ascension is offering **24 months of free identity theft protection services** to the 5.6 million affected individuals. The company has partnered with **IDX**, a leading identity theft protection service, which will provide **CyberScan monitoring** and a **$1 million insurance reimbursement policy**. ### **Law Enforcement Involvement: CISA, FBI, and Cybersecurity Experts Engaged** Ascension promptly notified key **law enforcement** agencies, including the **FBI** and **CISA**, about the breach. The company’s internal investigation, supported by top cybersecurity experts, revealed the depth of the compromise, confirming the involvement of **Black Basta**, a notorious ransomware group that has accelerated attacks against the healthcare sector. --- ## **Black Basta Cybercrime Gang: Who They Really Are?** Black Basta, which first emerged in **April 2022**, has rapidly become one of the most dangerous and profitable ransomware operations. Known for targeting high-profile organizations worldwide, this cybercrime group has successfully breached several major companies, including: - **Rheinmetall** (German defense contractor) - **Capita** (UK-based outsourcing giant) - **ABB** (U.S. government contractor) - **Toronto Public Library** According to joint research from **Elliptic** and **Corvus Insurance**, Black Basta has raked in over **$100 million** from more than 90 victims until November 2023, and it continues to pose a significant threat to the healthcare sector. ## **A Staggering Healthcare Crisis** This breach highlights the escalating **cybersecurity risks** faced by healthcare systems, which store massive amounts of personal and sensitive data. Experts warn that the **Black Basta ransomware group** could target more healthcare institutions, amplifying the need for enhanced cybersecurity measures across the sector. As ransomware gangs like **Black Basta** continue to evolve and target healthcare networks, institutions must prioritize **cyber resilience** and data protection protocols to safeguard patient and employee data from future attacks. ### **What’s Next for Ascension?** While Ascension has already started notifying affected individuals and offering identity protection, the road to recovery will be long. The healthcare system has vowed to bolster its cybersecurity defenses to prevent future breaches and protect its vast network of patients and employees.

loading..   20-Dec-2024
loading..   3 min read
loading..

Cisco

Explore the shocking details of the Cisco data breach, where hackers exposed 2.9...

Hackers exposed a significant CISCO data breach, raising alarms across the threat landscape. The breach disrupted Cisco’s operations, forcing the company to redirect resources toward damage control and remediation. Industry leaders reacted with concern, emphasizing the breach's implications for supply chain security and trust in enterprise cybersecurity solutions. The incident not only tarnished Cisco’s reputation as a leader in cybersecurity but also highlighted systemic vulnerabilities within the industry, sparking widespread discussions on the need for more robust defenses. IntelBroker, a well-known figure in the cybercrime underworld, released 2.9GB of sensitive Cisco data on Breach Forums. This release is only the tip of the iceberg, with hackers claiming to have accessed a staggering 4.5TB of data due to an exposed and unprotected Cisco DevHub resource. ### **About the Breach: What We Know** The leaked 2.9GB of data reportedly includes sensitive information from key Cisco services and products. This type of data could be exploited by attackers to gain unauthorized access, disrupt services, or even launch sophisticated phishing attacks targeting Cisco’s clients and partners. Such data is critical because it provides attackers with a blueprint to potentially exploit Cisco’s infrastructure, disrupt its services, or compromise its clients’ systems. For instance, attackers could use the leaked information to identify vulnerabilities, create more effective malware, or launch phishing campaigns tailored to Cisco’s partners and customers. - **Cisco ISE (Identity Services Engine):** A platform for secure network access control and identity management. - **Cisco SASE (Secure Access Service Edge):** A cloud-delivered solution merging networking and security for remote access. - **Cisco Webex:** A popular collaboration platform for video conferencing and team messaging. - **Cisco Umbrella:** A DNS security solution to prevent access to malicious domains. - **Cisco IOS XE & XR:** Network operating systems powering Cisco’s advanced routers and switches. - **Cisco C9800-SW-iosxe-wlc.16.11.01:** Software for managing wireless networks on Cisco Catalyst 9800 platforms. ### **Timeline of the Incident** - **October 2024:** Hackers reportedly exploited a misconfigured, publicly accessible DevHub resource to download 4.5TB of Cisco’s sensitive data. - **October 14, 2024:** Hackread.com broke the story, revealing IntelBroker’s attempts to sell the stolen data, which allegedly included information from Verizon, AT&T, Microsoft, and others. - **October 18, 2024:** Cisco denied any compromise of its core systems, attributing the incident to an exposed JFrog token used in the DevHub. - **December 16, 2024:** IntelBroker released 2.9GB of the data on Breach Forums as proof of the breach’s legitimacy. ### **Hacker’s Motivation** IntelBroker’s move to leak this partial dataset is strategic, aimed at demonstrating the authenticity of the breach to potential buyers for the remaining 4.5TB dataset. Authenticity is vital in the cybercrime marketplace, as it establishes the credibility of stolen data, ensuring trust from potential buyers and enhancing the perceived value of the dataset. Hackers often use partial leaks to establish trust and build their reputation among potential customers. In the cybercrime marketplace, establishing credibility is crucial for hackers to attract serious buyers, as it ensures the stolen data's reliability and value. “Hopefully, this proves the legitimacy of the breach to others wanting to buy the full version,” stated IntelBroker on Breach Forums. ### **Cisco’s Response** Cisco continues to deny any compromise of core systems, maintaining that the breach stemmed from a misconfigured public-facing resource. Such misconfigurations often occur due to oversight during deployment, lack of robust access controls, or inadequate testing processes. For instance, a study by Gartner in 2023 revealed that over 25% of cloud security incidents resulted from misconfigurations, underscoring a critical challenge for businesses in the tech sector. Such vulnerabilities not only increase the risk of breaches but also highlight the urgent need for rigorous security protocols and preventive measures. For example, a 2023 report by IBM Security found that nearly 20% of all data breaches involved misconfigured cloud resources, highlighting the prevalence of this issue. They can be prevented by implementing thorough security audits, automated configuration management tools, and strict access policies. However, the leak’s content paints a different picture, raising questions about the effectiveness of Cisco’s internal security measures. ### **Involvement of IntelBroker** IntelBroker is no stranger to high-profile breaches. Their past exploits include: - **June 2024:** Claimed breach of Apple’s internal tools. - **May 2024:** Europol confirmed a breach of its systems. - **Other Notable Targets:** AMD, Space-Eyes, Tech in Asia, Facebook Marketplace, and Home Depot. The Cisco breach is part of a broader trend of exploiting misconfigured systems. Notable examples include incidents where ShinyHunters targeted unsecured S3 buckets, compromising millions of user records from platforms like Wishbone and Zoosk, and Nemesis exploited public-facing servers to access corporate databases. These breaches, similar to the Cisco incident, exposed critical data at a large scale, causing severe financial and reputational damage to the affected companies. They underscore the widespread consequences of overlooked vulnerabilities in public-facing resources, drawing direct parallels to the systemic issues revealed in the Cisco breach. These parallels highlight how vulnerabilities similar to Cisco's can have far-reaching consequences. These cases underline the widespread nature of such vulnerabilities and the critical need for proactive security measures. These incidents highlight the critical need for organizations to adopt stringent security practices to prevent such breaches.

loading..   19-Dec-2024
loading..   5 min read
loading..

Deloitte

Healthcare

Rhode Island's social services and health data breach exposes personal details o...

On **December 13, 2024**, the state of **Rhode Island** was struck by a significant **cybersecurity breach** affecting its social services and health insurance systems. The breach compromised the personal data of potentially **hundreds of thousands of residents** who used the state's online portal, **RIBridges**, to apply for various assistance programs. This attack, attributed to an **international cybercriminal group**, has raised concerns about the safety of government systems handling sensitive personal information. In this article, we will provide a detailed examination of the breach, its impact, and the ongoing efforts to mitigate the damage, offering insights into the breach's technical aspects, response measures, and the security lessons it underscores. Rhode Island’s **RIBridges system**, which facilitates access to various public assistance programs, was recently subjected to a **cyberattack** by an international hacker group. The breach led to the compromise of personal data, including **Social Security numbers**, **banking information**, and other sensitive details, putting the state’s residents at significant risk. This attack is a stark reminder of the vulnerabilities present in government-run digital platforms and the escalating threats posed by cybercriminals. ### About the Breach The breach was first discovered on **December 5, 2024**, when **Deloitte**, the vendor operating the RIBridges system, alerted the state of a potential security threat. However, it wasn’t until **December 13, 2024**, that the breach was confirmed, with Deloitte identifying malicious code within the system and the likelihood that **personally identifiable information (PII)** had been stolen. --- ## What Happened? On **December 13, 2024**, **Governor Dan McKee** confirmed that the cyberattack, conducted by an international cybercriminal group, had compromised the RIBridges portal. The hackers gained unauthorized access to sensitive data, including **Social Security numbers**, **banking information**, and other **personally identifiable information** (PII) stored within the system. **RIBridges** is a crucial system used by Rhode Island residents to apply for and manage a variety of government assistance programs, including Medicaid, food stamps, and child care support. The breach raised alarm bells as it impacted potentially hundreds of thousands of individuals who had applied for or received these benefits since **2016**. The cyberattack was part of a growing trend where cybercriminal groups target governmental systems to steal sensitive data and demand a ransom. The attackers reportedly threatened to release the stolen data unless they received a payment. --- ## Programs Affected The following programs, which are managed through the **RIBridges system**, were directly impacted by the breach: - **Medicaid** – Health insurance coverage for low-income individuals and families. - **SNAP (Supplemental Nutrition Assistance Program)** – Food assistance for low-income families. - **TANF (Temporary Assistance for Needy Families)** – Financial aid for families in need. - **CCAP (Child Care Assistance Program)** – Financial assistance for child care. - **Health Coverage via HealthSource RI** – Insurance coverage purchased through the state’s marketplace. - **Rhode Island Works (RIW)** – Cash assistance for low-income residents. - **Long-Term Services and Supports (LTSS)** – Support for individuals with disabilities. - **General Public Assistance (GPA)** – Aid for low-income Rhode Islanders. Anyone who has interacted with these services since 2016 could be at risk of having their personal information exposed. --- ## Details of the Data Breach The breach involved **malicious code** that allowed unauthorized access to sensitive files, which were likely downloaded by the attackers. The data compromised in the breach includes: - **Full names** - **Social Security numbers** - **Addresses** - **Dates of birth** - **Bank account numbers and other financial data** At this stage, the exact scope of the breach is still being assessed, but the compromised data is of high concern due to the presence of **financial information** and **identifiable personal details**. --- ## How the Attack Was Detected The breach was first detected by **Deloitte**, the vendor operating the RIBridges system, on **December 5, 2024**. Initial reports indicated a potential threat, but it was unclear whether any sensitive information had been exposed. - **December 5, 2024**: Deloitte notified the state of a possible breach. - **December 10, 2024**: Deloitte confirmed the breach after hackers sent screenshots of the stolen files. - **December 11, 2024**: Deloitte identified that the compromised files contained personal identifiable information (PII). - **December 13, 2024**: The breach was confirmed, and the system was taken offline to prevent further damage. --- ## Impact on Residents The breach has potentially affected **hundreds of thousands of residents** who have applied for or received benefits through the RIBridges system. While the investigation is ongoing, the following individuals are most likely impacted: - **Individuals who have applied for or received benefits through Medicaid, SNAP, TANF, or other programs since 2016.** - **Those who have used HealthSource RI to purchase health insurance.** The stolen data may include highly sensitive personal information, including **Social Security numbers** and **banking information**, which can lead to identity theft and financial fraud if misused. --- ## State's Response to the Breach The state of Rhode Island, along with its vendor **Deloitte**, has taken swift action to address the breach. The **RIBridges system** has been taken offline to prevent further unauthorized access. The following measures are being implemented: 1. **Investigation and Remediation**: Deloitte and state authorities are working together to assess the full scope of the breach and secure the system. 2. **Notification to Affected Individuals**: All impacted individuals will receive a **notification letter** offering free credit monitoring services. 3. **Dedicated Call Center**: A call center has been set up to assist affected residents and guide them on the next steps. 4. **Law Enforcement Involvement**: The **Rhode Island State Police** and **federal law enforcement** agencies are involved in the investigation. --- ## Preventive Actions for Affected Individuals Residents whose data has been compromised should take the following preventive measures: 1. **Freeze Credit**: Consider placing a freeze on your credit with all three major credit bureaus (Experian, Equifax, and TransUnion). 2. **Fraud Alerts**: Place a fraud alert on your credit report to prevent unauthorized use. 3. **Monitor Accounts**: Regularly check your bank and credit card statements for any unusual or unauthorized activity. 4. **Password Updates**: Change passwords on accounts that use the same credentials as the breached services. Use strong, unique passwords. 5. **Credit Monitoring**: Take advantage of the **free credit monitoring** offered by the state to detect fraudulent activity early.

loading..   17-Dec-2024
loading..   6 min read
Company Logo
logo

Secure Blink automates the web application and API security for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

LinkedIn Logo
Twitter Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303