Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label U.S. Firm. Show all posts

Hackers Siphon 340,000 Social Security Numbers From U.S. Consulting Firm

 

Greylock McKinnon Associates (GMA) has discovered a data breach in which hackers gained access to 341,650 Social Security numbers. 

The data breach was disclosed last week on Friday on Maine's government website, where the state issues data breach notifications. In its data breach warning mailed to impacted individuals, GMA stated that it was targeted by an undisclosed cyberattack in May 2023 and "promptly took steps to mitigate the incident." 

GMA provides economic and litigation support to companies and government agencies in the United States, including the Department of Justice, that are involved in civil action. According to their data breach notification, GMA informed affected individuals that their personal information "was obtained by the U.S. Department of Justice ("DOJ") as part of a civil litigation matter" supported by GMA.

The purpose and target of the DOJ's civil litigation are unknown. A Justice Department representative did not return a request for comment. 

GMA stated that individuals that were notified of the data breach are "not the subject of this investigation or the associated litigation matters," adding that the cyberattack "does not impact your current Medicare benefits or coverage.” 

“We consulted with third-party cybersecurity specialists to assist with our response to the incident, and we notified law enforcement and the DOJ. We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024,” the firm noted. 

GMA notified victims that "your private and Medicare data was likely affected in this incident," which included names, dates of birth, home addresses, some medical and health insurance information, and Medicare claim numbers, including Social Security numbers.

It remains unknown why GMA took nine months to discover the scope of the incident and notify victims. GMA and its outside legal counsel, Linn Freedman of Robinson & Cole LLP, did not immediately respond to a request for comment.

VMware Patches Authentication Bypass in Carbon Black App Control

 

VMware, the California-based cloud computing and virtualization technology firm has patched an authentication bypass vulnerability in its Carbon Black App Control (AppC) management server. According to VMware’s advisory, the authentication-bypass vulnerability affected AppC versions 8.0.x, 8.1.x, 8.5.x, and 8.6.x. 

The flaw tracked as CVE-2021-21998, falls into a highly critical range with a maximum CVSSv3 base score of 9.4 out of 10.A malicious actor with network access to the VMware Carbon Black App Control management server might be able to gain administrative privileges to the application without the need to authenticate, VMware explained. 

However, even if the attacker doesn’t need valid credentials for the target application, they would still have to first gain network access to the VMware Carbon Black App Control management server for the attack to succeed, VMware explains in an advisory.

AppC is designed to strengthen the security of servers and to prevent unauthorized changes in the face of cyber-attacks and ensure compliance with regulatory mandates such as PCI-DSS, HIPAA, GDPR, SOX, FISMA, and NERC. 

Besides the authentication-bypass patch, VMware also patched a local privilege escalation flaw affecting VMware Tools for Windows, VMware Remote Console for Windows (VMRC for Windows), and VMware App Volumes that could allow an attacker to implement arbitrary code on compromised systems. 

At this point, the flaw doesn’t have a severity score from the National Institute of Standards and Technology (NIST), but VMware evaluated it at 7.8 (high severity). The flaw, CVE-2021-21999, is a local privilege-escalation vulnerability.

"An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as 'openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges," VMware noted. 

The flaw in AppC is only the latest severe problem that VMware has patched. In February, VMware fixed three bugs in its virtual machine infrastructure for data centers, including a remote code execution (RCE) flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of an enterprise data center or leverage backdoors already installed on a system, to discover other vulnerable points of network entry to take over affected systems.