Cyber Security Today, August 25, 2023 – FBI warning about Barracuda ESG gateways and thousands of more US MOVEit victims

Share post:

FBI warning about Barracuda ESG gateways and thousands of more US MOVEit victims.

Welcome to Cyber Security Today. It’s Friday, August 25th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 Hackers are still exploiting vulnerable Barracuda Networks Email Security Gateways, warns the FBI. While Barracuda has released patches, all of these devices are still open to compromise. Threat actors from China appear to be the main attackers. The FBI strongly urges IT administrators that all affected ESG appliances be replaced immediately, and all networks scanned for indicators of compromise. The earliest evidence of the exploitation of Barracuda ESG appliances goes back to last October.

More American organizations victimized by the MOVEit server vulnerability are coming forward. Among the latest is Sovos Compliance, a Massachusetts firm supplying tax compliance services to companies. It is notifying over 215,000 people that their data was copied by a hacker when Sovos’ MOVEit server was compromised.

Another victim is Data Media Associates of the state of Georgia, which is notifying over 74,000 people their data was stolen when the company’s MOVEit file transfer server was hacked. The company makes patient billing solutions for doctors and hospitals. Data stolen included individuals’ names, addresses, and high-level medical or health insurance information, as well as health insurance ID numbers — which could be identical to Social Security numbers.

Dow Credit Union of Michigan is notifying over 29,000 members that data it sent to an unnamed service provider was compromised when that supplier’s MOVEit server was hacked. Data copied included people’s names, mailing addresses, Social Security numbers, date of birth, account number and account balance.

ClearResult Consulting of Texas, an energy management consulting firm, is notifying over 12,000 people that its MOVEit file transfer server was hacked at the end of May. Information copied included names, financial account or credit and debit card numbers and passwords or PIN numbers for accounts.

What are crooks doing with all the personal data they steal? A number of them are creating synthetic identities to fraudulently borrow money. That’s according to a report by credit monitoring service TransUnion. Phony identification is increasingly being used to trick American lending companies, the report says, in the auto finance sector. In the first half of this year U.S. auto lenders were tricked into giving out or recieved applications for US$1.8 billion in loans from people with synthetic identity documents. That’s a 38 per cent rise over the same period last year. The crooks use the money to buy vehicles and default on the loans. I would guess the vehicles are re-sold for a tidy profit or shipped to another country for resale. Phony IDs are also used to get bank and retail store credit cards for fraudulent purchases. The point of the report is businesses have to watch more closely for fake ID.

Later today the Week in Review will be available. Host Jim Love of IT World Canada and guest commentator Terry Cutler of Cyology Labs will discuss zero trust and the theft of data from Tesla by former employees.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, August 25, 2023 – FBI warning about Barracuda ESG gateways and thousands of more US MOVEit victims first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

White house official tells insurance companies to stop paying ransoms. Cyber Security Today for Wednesday, October 9, 2024

White House urges end to insurance-funded ransomware payments, Comcast reveals a major data loss, Chinese hackers use a back...

AI pioneers Geoffrey Hinton and John Hopfield awarded Nobel prize in physics. Hashtag Trending for Wednesday, October 9, 2024

AI pioneers Geoffrey Hinton and John Hopfield get a Nobel prize in physics, Google is tracking your location...

Did tech companies jump the gun reducing their staff? Hashtag Trending for Tuesday, October 8, 2024

Did companies move too quickly to reduce their development staff? Have we reached the point where it’s impossible...

Cloudflare punches back and we all benefit: Hashtag Trending for Monday, October 7, 2024

WordPress blogging software leads to lawsuits, Cloudflare defeats patent troll in court and Eric Schmidt says keep building...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways