TennCare breached, impacts 3,300 members, Hades ransomware gang targets Trucking giant Forward Air, and more

Originally published at: https://cloudsek.com/threatintel/tenncare-breached-impacts-3300-members-hades-ransomware-gang-targets-trucking-giant-forward-air-and-more/

Round Up of Major Breaches and Scams

TennCare announces privacy breach impacting 3,300 members

TennCare, Gainwell Technologies LLC, and Axis Direct, Inc. announced a privacy breach impacting certain TennCare members in a joint statement on Monday. According to the statement, around 3,300 Medicaid members in the state of Tennessee have been notified of a privacy issue that may have impacted their health information. Gainwell, which runs the Medicaid Management Information System (MMIS) for the state, notified TennCare of the issue on October 23.

Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat

A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge. Breakups can be traumatic in all sorts of ways. Now we know they can pose a serious cybersecurity threat too. A new survey found that an alarming number of people are still accessing their exes’ accounts without their knowledge — a handful for malicious reasons. The survey conducted during November for Reboot Digital PR Agency found that 70 percent of exes polled have logged into their former partner’s Instagram account in the past week.

Round Up of Major Malware and Ransomware Incidents

Huntsville City School warns parents that personal info may have been stolen in ransomware attack

On December 1, Huntsville City Schools shut down classes for the day due to a ransomware threat. Now, after three weeks of investigating the situation, the district is warning parents about personal information being compromised in the attack. Megan Reyna of WAAY31 reports: School leaders say it is possible social security numbers and email addresses could be part of the information that was accessed by cybercriminals.

Trucking giant Forward Air hit by new Hades ransomware gang

Trucking and freight logistics company Forward Air has suffered a ransomware attack by a new ransomware gang that has impacted the company’s business operations. Sources have told BleepingComputer today that Forward Air suffered a cyberattack by a new ransomware operation known as Hades. The Hades ransomware gang began attacking victims about a week ago in human-operated attacks against the enterprise.

Partial lists of organizations infected with Sunburst malware released online

Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware. The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers. The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.

Round Up of Major Vulnerabilities and Patches

Dell Wyse ThinOS flaws allow hacking thin clients

Multiple Dell Wyse thin client models are affected by critical vulnerabilities that could be exploited by a remote attacker to take over the devices. Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several Dell Wyse thin client models that could be exploited by a remote attacker to execute malicious code and gain access to arbitrary files. In computer networking, a thin client is a simple (low-performance) computer that has been optimized for establishing a remote connection with a server-based computing environment.

Smart Doorbell Disaster: Many Brands Vulnerable to Attack

Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from hardcoded credentials, authentication issues and devices shipping with unpatched and longstanding critical bugs.

Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack

The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE. Four nation-state-backed advanced persistent threats (APTs) hacked Al Jazeera journalists, producers, anchors and executives, in an espionage attack leveraging a zero-day exploit for Apple iPhone, researchers said. The attack, carried out in July and August, compromised 36 personal phones belonging to the victims, according to Citizen Lab.

SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two second-stage payloads.

1 Like