MongoDB issues weekend warning of breach The Register

Critical vulnerabilities: The not-patch-Tuesday list.
As is usually the case this time of month, the most pressing vulnerabilities of recent days were revealed/patched in Patch Tuesday releases.
CVSS 9.8 - So many CVEs: Siemens SIMATIC S7-1500 CPU PLCs have a whopping 404 vulnerabilities in all versions of their software prior to 3.1.0 that can lead to information disclosure, tampering and DoS. Best patch ASAP. CVSS 9.8 - CVE-2023-6448: Unitronics Vision Series PLCs running VisiLogic prior to v9.9.00 are all coded with default administrator passwords, which could let an attacker take control with ease.
CVSS 9.1 - Multiple CVEs: Siemens SCALANCE M-800 and S615 family ICS switches contain a number of vulnerabilities that could allow an attacker to inject code or spawn a system root shell.
CVSS 8.1 - Multiple CVEs: Siemens's SINEC industrial network management software contains a number of vulnerabilities that could allow an attacker to trigger DoS, intercept credentials and escalate privileges.
Patients at Seattle's Fred Hutchinson Cancer Center have begun receiving ransom letters demanding $50 to keep data exposed in a November security breach from being sold on the dark web.
The breach, which Hutchinson acknowledged publicly on December 1, warned that the facility's clinical network was breached by an unknown attacker.
The relatively new Hunters International ransomware gang has since claimed responsibility, claimed it stole 533GB of files from the Cancer Center, and added the org to its list of victims.
Hunters international also claimed responsibility for hacking systems belonging to a US plastic surgeon's clinic and leaking patient photographs to extort a ransom payment in October.
Hutchinson's page addressing the breach doesn't indicate what data was compromised, but the ransom notes sent to patients indicate names, social security numbers, addresses, phone numbers, medical history, lab results and insurance information were stolen.
US dental insurance group Delta Dental has waited a while to fess up to being a victim of attacks on MOVEit.
Consider this your notice: If you're a Delta patient there's a good chance your data - including financial account numbers, credit/debit card numbers and PINs - were lifted along with nearly seven million other patients.
Delta last week informed the Maine Attorney General that it was another victim of the MOVEit file transfer app attack.
While only three Mainers were affected, 6,928,932 folks around the US had their data lifted.
Delta said it didn't spot the breach until July, and said that, along with the aforementioned financial information, drivers license numbers, social security numbers, addresses, health insurance info and health information was also lifted.
As has been the case in other breaches, including MOVEit leaks, Delta is offering free credit monitoring services and a sincere apology to the millions of people who are only now being notified that they need to think about changing their PINs or getting new credit cards.
According to the latest updates from antimalware vendor Emsisoft, which has monitored the MOVEit massacre, Delta and other recently-admitted breaches have brought the total number of organizational victims to 2,686, with nearly 91 million individuals having been affected.


This Cyber News was published on go.theregister.com. Publication date: Mon, 18 Dec 2023 02:43:05 +0000


Cyber News related to MongoDB issues weekend warning of breach The Register

CVE-2021-46976 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
MongoDB Cyber Attack, Customer Data Exposed - MongoDB has experienced a security incident in which unauthorized access to its corporate systems was identified. The company confirmed that there was no evidence of access to any customer's system logs. MongoDB is currently investigating the ...
10 months ago Cybersecuritynews.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
MongoDB confirms customer data was exposed in a cyberattack - MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week. In emails sent to MongoDB customers from CISO Lena Smart, the company says they ...
10 months ago Bleepingcomputer.com
MongoDB says customer data was exposed in a cyberattack - MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week. In emails sent to MongoDB customers from CISO Lena Smart, the company says they ...
10 months ago Bleepingcomputer.com
CVE-2021-32050 - Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are ...
1 year ago
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
11 months ago Bleepingcomputer.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
5 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 weeks ago Tenable.com
MongoDB says hackers accessed corporate systems containing customer info - Hackers infiltrated the systems of billion-dollar software giant MongoDB and accessed customer information during a recent cybersecurity incident, the company said over the weekend. MongoDB is one of the largest database software companies currently ...
10 months ago Therecord.media
MongoDB Investigates Customer Account Data Breach - Database provider MongoDB has alerted customers to a data breach in which some account and contact information was compromised. An email from MongoDB CISO, Lena Smart, sent to customers late last week was republished on X by the vx-underground ...
10 months ago Infosecurity-magazine.com
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
10 months ago Securityboulevard.com
CVE-2020-7922 - X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the ...
1 month ago
CVE-2024-7553 - Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of ...
1 month ago
Ubisoft says it's investigating reports of a new security breach - Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, ...
10 months ago Bleepingcomputer.com
Ubisoft says it's investigating reports of a new security breach - Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, ...
10 months ago Bleepingcomputer.com
MongoDB issues weekend warning of breach The Register - Critical vulnerabilities: The not-patch-Tuesday list. As is usually the case this time of month, the most pressing vulnerabilities of recent days were revealed/patched in Patch Tuesday releases. CVSS 9.8 - So many CVEs: Siemens SIMATIC S7-1500 CPU ...
10 months ago Go.theregister.com
Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
10 months ago Bleepingcomputer.com
Delta Dental of California data breach exposed info of 7 million people - Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental of California is a dental insurance provider ...
10 months ago Bleepingcomputer.com
Data breach at French healthcare services firm puts millions at risk - French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country. Though the company's website remains offline at the time of writing, an announcement was posted on ...
9 months ago Bleepingcomputer.com
23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
9 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)