Our mission is to provide unbiased product reviews and timely reporting of technological advancements. Covering all latest reviews and advances in the technology industry, our editorial team strives to make every click count. We aim to provide fair and unbiased information about the latest technological advances.
Communications regulator Ofcom says data on workers and controlled communications corporations was stolen by the Clop gang
By
Alex Scroxton, Security Editor
Published: 12 Jun 2023 16:06
UK communications regulator Ofcom has revealed it’s among the many organisations to have been compromised by the Russian-speaking Clop cyber crime gang following its exploit of a SQL injection vulnerability in Progress Software’s MOVEit Transfer managed file switch service.
Ofcom confirmed earlier at this time {that a} “limited amount” of details about corporations it regulates – a few of it confidential – alongside the private data of 412 of its personal workers, was downloaded in the attack.
“The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously,” an Ofcom spokesperson mentioned.
“We took fast motion to forestall additional use of the MOVEit service and to implement the really useful safety measures. We additionally swiftly alerted all affected Ofcom-regulated corporations, and we proceed to supply help and help to our colleagues.
“No Ofcom systems were compromised during the attack,” they added.
NordVPN chief know-how officer Marijus Briedis commented: “Stealing private and firm data from underneath the nostril of the UK’s media regulator will likely be one other feather in the cap of the cyber criminals behind the MOVEit hack.
“The giant scale of the attack and high-profile victims just like the BBC, British Airways and now Ofcom suggests this was meticulously deliberate….
“Stealing personal and company data from under the nose of the UK’s media regulator will be another feather in the cap of the cyber criminals behind the MOVEit hack” Marijus Briedis, NordVPN
Briedis added: “This significant data heist will raise the attackers’ profile within the competitive ransomware-for-hire market that exists on the dark web. It also shows the ongoing risk of supply chain attacks on the UK, with opportunistic hackers looking to prey upon third-party services as a path to landing a big fish further down the line.”
As the clock ticks nearer to Clop’s deadline for victims to contact it – lest they discover their data leaked on-line – particulars of extra victims proceed to emerge.
ADVERTISEMENT
Ireland’s Health Service Executive (HSE) – beforehand the sufferer of a significant ransomware attack by the Conti cyber crime syndicate – is amongst these to have disclosed a breach following the attack.
Like a variety of different victims, the HSE was compromised in a so-called provide chain attack by way of the methods of an exterior service supplier that used MOVEit Transfer, in this case skilled companies agency EY.
Progress Software’s woes proceed
Prior to the weekend, Progress Software, the corporate behind MOVEit, disclosed one other vulnerability in the product, uncovered with the assistance of third-party researchers, which can have an identical impression.
A patch for this vulnerability was launched on 9 June. MOVEit Transfer customers can discover extra particulars in regards to the vulnerability right here.
Read extra on Data breach incident administration and restoration
Progress Software releases patch for second MOVEit Transfer vulnerability
By: Alex Scroxton
Extreme Networks emerges as sufferer of Clop MOVEit attack
By: Alex Scroxton
Barracuda ESG customers instructed to throw away their {hardware}
By: Alex Scroxton
Risk & Repeat: Moveit Transfer flaw triggers data breaches
Denial of responsibility!tech-news.info
is an automatic aggregator around the global media. All the content are
available free on Internet. We have just arranged it in one platform for
educational purpose only. In each content, the hyperlink to the primary
source is specified. All trademarks belong to their rightful owners, all
materials to their authors. If you are the owner of the content and do not
want us to publish your materials on our website, please contact us by email
– [email protected].
The content will be deleted within 24 hours.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy. I Agree