<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 1/4/2024

SHARE

Breaches

Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service

Transformative Healthcare is informing more than 900,000 individuals that their personal information was stolen in a data breach at now-defunct subsidiary Fallon Ambulance Service. The incident, Transformative says in a notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General's Office, was detected on April 23, 2023, roughly four months after the Boston-based Fallon Ambulance Service ceased operations. READ MORE...


4.5 Million Individuals Affected by Data Breach at HealthEC

Health technology company HealthEC has disclosed a data breach impacting close to 4.5 million customers of its business partners. HealthEC provides population health management services, delivering analytics and insights to help healthcare organizations improve patient outcomes. In an incident notice published on its website just before December, the company explained that an unauthorized actor accessed certain systems and exfiltrated files entrusted to HealthEC by its business partners. READ MORE...

Hacking

Freight giant Estes refuses to deliver ransom, says personal data opened and stolen

One of America's biggest private freight shippers, Estes Express Lines, has told more than 20,000 customers that criminals stole their personal information. "As you may be aware, on October 1, 2023, Estes discovered that an unauthorized threat actor had gained access to a portion of the company's IT network and deployed ransomware," it said in a letter mailed to 21,184 people [PDF]. "In accordance with the standard recommendation of the FBI and financial regulators, Estes did not pay the ransom." READ MORE...

Malware

'everything' blocks devs from removing their own npm packages

Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. The package is quite aptly named as downloading "everything" will gradually pull in every single npm package that's ever been published to the npmjs.com registry onto your computer, potentially making it run out of storage. But, that's just the tip of the iceberg. READ MORE...


'Black Basta Buster' Exploits Ransomware Bug for File Recovery

Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting firm SRLabs released the tool -appropriately named Black Basta Buster - which exploits a vulnerability in the encryption algorithm of a Black Basta ransomware strain used by the group around April last year. READ MORE...

Exploits/Vulnerabilities

Nearly 11 million SSH servers vulnerable to new Terrapin attacks

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany. It manipulates sequence numbers during the handshake process to compromise the integrity of the SSH channel. READ MORE...

On This Date

  • ...in 1853, Solomon Northup regains his freedom after being kidnapped and sold into slavery. His memoir "Twelve Years a Slave" became an Best Picture Oscar-winning film in 2013.
  • ...in 1936, Billboard Magazine publishes its first pop music charts.
  • ...in 2004, the NASA Spirit rover successfully lands on Mars.
  • ...in 2016, IUPAC and IUPAP announced the discovery of four new elements, completing the 7th row of the periodic table.