MongoDB warns breach of internal systems exposed customer contact info
PLUS: Cancer patients get ransom notes for Christmas, Delta Dental is the latest MOVEit victim, and critical vulns
Infosec in brief MongoDB on Saturday issued an alert warning of "a security incident involving unauthorized access to certain MongoDB corporate systems, which includes exposure of customer account metadata and contact information."
At the time of posting, the NoSQL pioneer advised it was "not aware of any exposure to the data that customers store in MongoDB Atlas." Atlas is the provider's multi-cloud database-as-a-service offering.
MongoDB nonetheless recommended customers "be vigilant for social engineering and phishing attacks, activate phishing-resistant multi-factor authentication (MFA), and regularly rotate their MongoDB Atlas passwords."
That advice appears to have been heeded: an update to MongoDB's advisory warned customers of "a spike in login attempts resulting in issues for customers attempting to log in to Atlas and our Support Portal." That spike was unrelated to the security incident, and customers were asked to "try again in a few minutes if you are still having trouble logging in." – Simon Sharwood
Critical vulnerabilities: The not-patch-Tuesday list
As is usually the case this time of month, the most pressing vulnerabilities of recent days were revealed/patched in Patch Tuesday releases. That said, there's still a few critical vulnerabilities to mention in the ICS world – they've gotta have a patch day too, right?
- CVSS 9.8 – So many CVEs: Siemens SIMATIC S7-1500 CPU PLCs have a whopping 404 vulnerabilities in all versions of their software prior to 3.1.0 that can lead to information disclosure, tampering and DoS. Best patch ASAP.
- CVSS 9.8 – CVE-2023-6448: Unitronics Vision Series PLCs running VisiLogic prior to v9.9.00 are all coded with default administrator passwords, which could let an attacker take control with ease.
- CVSS 9.1 – Multiple CVEs: Siemens SCALANCE M-800 and S615 family ICS switches contain a number of vulnerabilities that could allow an attacker to inject code or spawn a system root shell.
- CVSS 8.1 – Multiple CVEs: Siemens's SINEC industrial network management software contains a number of vulnerabilities that could allow an attacker to trigger DoS, intercept credentials and escalate privileges.
Cancer patients gifted holiday data ransom letters
Patients at Seattle's Fred Hutchinson Cancer Center have begun receiving ransom letters demanding $50 to keep data exposed in a November security breach from being sold on the dark web.
The breach, which Hutchinson acknowledged publicly on December 1, warned that the facility's clinical network was breached by an unknown attacker.
The relatively new Hunters International ransomware gang has since claimed responsibility, claimed it stole 533GB of files from the Cancer Center, and added the org to its list of victims.
Hunters international also claimed responsibility for hacking systems belonging to a US plastic surgeon's clinic and leaking patient photographs to extort a ransom payment in October.
Seattle news sources reported last week that numerous patients have received ransom letters with "some pretty specific information" in them, according to one patient. Hutchinson's page addressing the breach doesn't indicate what data was compromised, but the ransom notes sent to patients indicate names, social security numbers, addresses, phone numbers, medical history, lab results and insurance information were stolen.
- 23andMe responds to breach with new suit-limiting user terms
- EU lawmakers finalize cyber security rules that panicked open source devs
- Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media
- Your password hygiene remains atrocious, says NordPass
What's worse than getting teeth pulled? Getting your dental data stolen
US dental insurance group Delta Dental has waited a while to fess up to being a victim of attacks on MOVEit. Consider this your notice: If you're a Delta patient there's a good chance your data - including financial account numbers, credit/debit card numbers and PINs - were lifted along with nearly seven million other patients.
Delta last week informed the Maine Attorney General that it was another victim of the MOVEit file transfer app attack. While only three Mainers were affected, 6,928,932 folks around the US had their data lifted.
Delta said it didn't spot the breach until July, and said that, along with the aforementioned financial information, drivers license numbers, social security numbers, addresses, health insurance info and health information was also lifted.
As has been the case in other breaches, including MOVEit leaks, Delta is offering free credit monitoring services and a sincere apology to the millions of people who are only now being notified that they need to think about changing their PINs or getting new credit cards.
According to the latest updates from antimalware vendor Emsisoft, which has monitored the MOVEit massacre, Delta and other recently-admitted breaches have brought the total number of organizational victims to 2,686, with nearly 91 million individuals having been affected. ®